Exam Details
Exam Code
:312-39Exam Name
:Certified SOC Analyst (CSA)Certification
:Other ECCouncilVendor
:EC-COUNCILTotal Questions
:100 Q&AsLast Updated
:May 08, 2024
EC-COUNCIL Other ECCouncil 312-39 Questions & Answers
-
Question 41:
Which of the following fields in Windows logs defines the type of event occurred, such as Correlation Hint, Response Time, SQM, WDI Context, and so on?
A. Keywords
B. Task Category
C. Level
D. Source
-
Question 42:
Which of the following tool is used to recover from web application incident?
A. CrowdStrike FalconTM Orchestrator
B. Symantec Secure Web Gateway
C. Smoothwall SWG
D. Proxy Workbench
-
Question 43:
Identify the type of attack, an attacker is attempting on www.example.com website.
A. Cross-site Scripting Attack
B. Session Attack
C. Denial-of-Service Attack
D. SQL Injection Attack
-
Question 44:
The threat intelligence, which will help you, understand adversary intent and make informed decision to ensure appropriate security in alignment with risk.
What kind of threat intelligence described above?
A. Tactical Threat Intelligence
B. Strategic Threat Intelligence
C. Functional Threat Intelligence
D. Operational Threat Intelligence
-
Question 45:
Which of the following Windows Event Id will help you monitors file sharing across the network?
A. 7045
B. 4625
C. 5140
D. 4624
-
Question 46:
Jane, a security analyst, while analyzing IDS logs, detected an event matching Regex /((\%3C)|<)((\%69)|i| (\%49))((\%6D)|m|(\%4D))((\%67)|g|(\%47))[^\n]+((\%3E)|>)/|.
What does this event log indicate?
A. Directory Traversal Attack
B. Parameter Tampering Attack
C. XSS Attack
D. SQL Injection Attack
-
Question 47:
Which of the following formula represents the risk levels?
A. Level of risk = Consequence x Severity
B. Level of risk = Consequence x Impact
C. Level of risk = Consequence x Likelihood
D. Level of risk = Consequence x Asset Value
-
Question 48:
In which of the following incident handling and response stages, the root cause of the incident must be found from the forensic results?
A. Evidence Gathering
B. Evidence Handling
C. Eradication
D. Systems Recovery
-
Question 49:
An attacker, in an attempt to exploit the vulnerability in the dynamically generated welcome page, inserted
code at the end of the company's URL as follows:
http://technosoft.com.com/.
Identify the attack demonstrated in the above scenario.
A. Cross-site Scripting Attack
B. SQL Injection Attack
C. Denial-of-Service Attack
D. Session Attack
-
Question 50:
Wesley is an incident handler in a company named Maddison Tech. One day, he was learning techniques for eradicating the insecure deserialization attacks.
What among the following should Wesley avoid from considering?
A. Deserialization of trusted data must cross a trust boundary
B. Understand the security permissions given to serialization and deserialization
C. Allow serialization for security-sensitive classes
D. Validate untrusted input, which is to be serialized to ensure that serialized data contain only trusted classes
Tips on How to Prepare for the Exams
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 312-39 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.