1. Home
  2. EC-COUNCIL
  3. 312-39

Certified SOC Analyst (CSA)

Exam Details

  • Exam Code
    :312-39
  • Exam Name
    :Certified SOC Analyst (CSA)
  • Certification
    :Other ECCouncil
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :100 Q&As
  • Last Updated
    :May 08, 2024

EC-COUNCIL Other ECCouncil 312-39 Questions & Answers

  • Question 21:

    Which of the following attack can be eradicated by disabling of "allow_url_fopen and allow_url_include" in the php.ini file?

    A. File Injection Attacks

    B. URL Injection Attacks

    C. LDAP Injection Attacks

    D. Command Injection Attacks

  • Question 22:

    Identify the attack in which the attacker exploits a target system through publicly known but still unpatched vulnerabilities.

    A. Slow DoS Attack

    B. DHCP Starvation

    C. Zero-Day Attack

    D. DNS Poisoning Attack

  • Question 23:

    Peter, a SOC analyst with Spade Systems, is monitoring and analyzing the router logs of the company and wanted to check the logs that are generated by access control list numbered 210.

    What filter should Peter add to the 'show logging' command to get the required output?

    A. show logging | access 210

    B. show logging | forward 210

    C. show logging | include 210

    D. show logging | route 210

  • Question 24:

    Rinni, SOC analyst, while monitoring IDS logs detected events shown in the figure below.

    What does this event log indicate?

    A. Directory Traversal Attack

    B. XSS Attack

    C. SQL Injection Attack

    D. Parameter Tampering Attack

  • Question 25:

    Which of the following is a correct flow of the stages in an incident handling and response (IHandR) process?

    A. Containment –andgt; Incident Recording –andgt; Incident Triage –andgt; Preparation –andgt; Recovery –andgt; Eradication –andgt; Post-Incident Activities

    B. Preparation –andgt; Incident Recording –andgt; Incident Triage –andgt; Containment –andgt; Eradication –andgt; Recovery –andgt; Post-Incident Activities

    C. Incident Triage –andgt; Eradication –andgt; Containment –andgt; Incident Recording –andgt; Preparation –andgt; Recovery –andgt; Post-Incident Activities

    D. Incident Recording –andgt; Preparation –andgt; Containment –andgt; Incident Triage –andgt; Recovery –andgt; Eradication –andgt; Post-Incident Activities

  • Question 26:

    Mike is an incident handler for PNP Infosystems Inc. One day, there was a ticket raised regarding a critical incident and Mike was assigned to handle the incident. During the process of incident handling, at one

    stage, he has performed incident analysis and validation to check whether the incident is a true incident or a false positive.

    Identify the stage in which he is currently in.

    A. Post-Incident Activities

    B. Incident Recording and Assignment

    C. Incident Triage

    D. Incident Disclosure

  • Question 27:

    Which of the following attack inundates DHCP servers with fake DHCP requests to exhaust all available IP addresses?

    A. DHCP Starvation Attacks

    B. DHCP Spoofing Attack

    C. DHCP Port Stealing

    D. DHCP Cache Poisoning

  • Question 28:

    What does [-n] in the following checkpoint firewall log syntax represents?

    fw log [-f [-t]] [-n] [-l] [-o] [-c action] [-h host] [-s starttime] [-e endtime] [-b starttime endtime] [-u unification_scheme_file] [-m unification_mode(initial|semi|raw)] [-a] [-k (alert name|all)] [-g] [logfile]

    A. Speed up the process by not performing IP addresses DNS resolution in the Log files

    B. Display both the date and the time for each log record

    C. Display account log records only

    D. Display detailed log chains (all the log segments a log record consists of)

  • Question 29:

    Identify the attack, where an attacker tries to discover all the possible information about a target network before launching a further attack.

    A. DoS Attack

    B. Man-In-Middle Attack

    C. Ransomware Attack

    D. Reconnaissance Attack

  • Question 30:

    In which phase of Lockheed Martin's – Cyber Kill Chain Methodology, adversary creates a deliverable malicious payload using an exploit and a backdoor?

    A. Reconnaissance

    B. Delivery

    C. Weaponization D. Exploitation

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 312-39 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.