New Year Special Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: mxmas70

Home > ECCouncil > CSA > 312-39

312-39 Certified SOC Analyst (CSA) Question and Answers

Question # 4

What is the process of monitoring and capturing all data packets passing through a given network using different tools?

A.

Network Scanning

B.

DNS Footprinting

C.

Network Sniffing

D.

Port Scanning

Full Access
Question # 5

Identify the attack, where an attacker tries to discover all the possible information about a target network before launching a further attack.

A.

DoS Attack

B.

Man-In-Middle Attack

C.

Ransomware Attack

D.

Reconnaissance Attack

Full Access
Question # 6

Which of the following stage executed after identifying the required event sources?

A.

Identifying the monitoring Requirements

B.

Defining Rule for the Use Case

C.

Implementing and Testing the Use Case

D.

Validating the event source against monitoring requirement

Full Access
Question # 7

Chloe, a SOC analyst with Jake Tech, is checking Linux systems logs. She is investigating files at /var/log/ wtmp.

What Chloe is looking at?

A.

Error log

B.

System boot log

C.

General message and system-related stuff

D.

Login records

Full Access
Question # 8

Which of the following attack can be eradicated by disabling of "allow_url_fopen and allow_url_include" in the php.ini file?

A.

File Injection Attacks

B.

URL Injection Attacks

C.

LDAP Injection Attacks

D.

Command Injection Attacks

Full Access
Question # 9

Which of the following fields in Windows logs defines the type of event occurred, such as Correlation Hint, Response Time, SQM, WDI Context, and so on?

A.

Keywords

B.

Task Category

C.

Level

D.

Source

Full Access
Question # 10

Which of the following technique protects from flooding attacks originated from the valid prefixes (IP addresses) so that they can be traced to its true source?

A.

Rate Limiting

B.

Egress Filtering

C.

Ingress Filtering

D.

Throttling

Full Access
Question # 11

The threat intelligence, which will help you, understand adversary intent and make informed decision to ensure appropriate security in alignment with risk.

What kind of threat intelligence described above?

A.

Tactical Threat Intelligence

B.

Strategic Threat Intelligence

C.

Functional Threat Intelligence

D.

Operational Threat Intelligence

Full Access
Question # 12

Which of the following tool can be used to filter web requests associated with the SQL Injection attack?

A.

Nmap

B.

UrlScan

C.

ZAP proxy

D.

Hydra

Full Access
Question # 13

John as a SOC analyst is worried about the amount of Tor traffic hitting the network. He wants to prepare a dashboard in the SIEM to get a graph to identify the locations from where the TOR traffic is coming.

Which of the following data source will he use to prepare the dashboard?

A.

DHCP/Logs capable of maintaining IP addresses or hostnames with IPtoName resolution.

B.

IIS/Web Server logs with IP addresses and user agent IPtouseragent resolution.

C.

DNS/ Web Server logs with IP addresses.

D.

Apache/ Web Server logs with IP addresses and Host Name.

Full Access
Question # 14

Identify the attack when an attacker by several trial and error can read the contents of a password file present in the restricted etc folder just by manipulating the URL in the browser as shown:

http://www.terabytes.com/process.php./../../../../etc/passwd

A.

Directory Traversal Attack

B.

SQL Injection Attack

C.

Denial-of-Service Attack

D.

Form Tampering Attack

Full Access
Question # 15

Identify the type of attack, an attacker is attempting on www.example.com website.

A.

Cross-site Scripting Attack

B.

Session Attack

C.

Denial-of-Service Attack

D.

SQL Injection Attack

Full Access
Question # 16

Which of the following formula is used to calculate the EPS of the organization?

A.

EPS = average number of correlated events / time in seconds

B.

EPS = number of normalized events / time in seconds

C.

EPS = number of security events / time in seconds

D.

EPS = number of correlated events / time in seconds

Full Access
Question # 17

Wesley is an incident handler in a company named Maddison Tech. One day, he was learning techniques for eradicating the insecure deserialization attacks.

What among the following should Wesley avoid from considering?

A.

Deserialization of trusted data must cross a trust boundary

B.

Understand the security permissions given to serialization and deserialization

C.

Allow serialization for security-sensitive classes

D.

Validate untrusted input, which is to be serialized to ensure that serialized data contain only trusted classes

Full Access
Question # 18

An attacker, in an attempt to exploit the vulnerability in the dynamically generated welcome page, inserted code at the end of the company’s URL as follows:

http://technosoft.com.com/ . Identify the attack demonstrated in the above scenario.

A.

Cross-site Scripting Attack

B.

SQL Injection Attack

C.

Denial-of-Service Attack

D.

Session Attack

Full Access