Charline is working as an L2 SOC Analyst. One day, an L1 SOC Analyst escalated an incident to her for further investigation and confirmation. Charline, after a thorough investigation, confirmed the incident and assigned it with an initial priority.
What would be her next action according to the SOC workflow?
A. She should immediately escalate this issue to the management
B. She should immediately contact the network administrator to solve the problem
C. She should communicate this incident to the media immediately
D. She should formally raise a ticket and forward it to the IRT
Which of the following tool can be used to filter web requests associated with the SQL Injection attack?
A. Nmap
B. UrlScan
C. ZAP proxy
D. Hydra
Which of the following process refers to the discarding of the packets at the routing level without informing the source that the data did not reach its intended recipient?
A. Load Balancing
B. Rate Limiting
C. Black Hole Filtering
D. Drop Requests
John as a SOC analyst is worried about the amount of Tor traffic hitting the network. He wants to prepare a dashboard in the SIEM to get a graph to identify the locations from where the TOR traffic is coming.
Which of the following data source will he use to prepare the dashboard?
A. DHCP/Logs capable of maintaining IP addresses or hostnames with IPtoName resolution.
B. IIS/Web Server logs with IP addresses and user agent IPtouseragent resolution.
C. DNS/ Web Server logs with IP addresses.
D. Apache/ Web Server logs with IP addresses and Host Name.
Which of the following contains the performance measures, and proper project and time management details?
A. Incident Response Policy
B. Incident Response Tactics
C. Incident Response Process
D. Incident Response Procedures
Which of the following technique protects from flooding attacks originated from the valid prefixes (IP addresses) so that they can be traced to its true source?
A. Rate Limiting
B. Egress Filtering
C. Ingress Filtering
D. Throttling
Which of the following data source will a SOC Analyst use to monitor connections to the insecure ports?
A. Netstat Data
B. DNS Data
C. IIS Data
D. DHCP Data
Which of the following steps of incident handling and response process focus on limiting the scope and extent of an incident?
A. Containment
B. Data Collection
C. Eradication
D. Identification
Which of the following stage executed after identifying the required event sources?
A. Identifying the monitoring Requirements
B. Defining Rule for the Use Case
C. Implementing and Testing the Use Case
D. Validating the event source against monitoring requirement
In which log collection mechanism, the system or application sends log records either on the local disk or over the network.
A. rule-based
B. pull-based
C. push-based
D. signature-based
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 312-39 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.