312-39 Certified SOC Analyst (CSA) exam is a hot EC-Council certification exam, Exam4Training offers you the latest free online 312-39 dumps to practice. You can get online training in the following questions, all these questions are verified by EC-Council experts. If this exam changed, we will share new update questions.
Which of the following command is used to view iptables logs on Ubuntu and Debian distributions?
A . $ tailf /var/log/sys/kern.log
B . $ tailf /var/log/kern.log
C . # tailf /var/log/messages
D . # tailf /var/log/sys/messages
Answer: B
Explanation:
Reference: https://tecadmin.net/enable-logging-in-iptables-on-linux/
Which of the following threat intelligence helps cyber security professionals such as security operations managers, network operations center and incident responders to understand how the adversaries are expected to perform the attack on the organization, and the technical capabilities and goals of the attackers along with the attack vectors?
A . Analytical Threat Intelligence
B . Operational Threat Intelligence
C . Strategic Threat Intelligence
D . Tactical Threat Intelligence
Answer: D
Explanation:
Reference: https://info-savvy.com/types-of-threat-intelligence/
What does the HTTP status codes 1XX represents?
A . Informational message
B . Client error
C . Success
D . Redirection
Answer: A
Explanation:
Reference: https://en.wikipedia.org/wiki/List_of_HTTP_status_codes#:~:text=1xx%20informational%20response%20C%20the%20request,syntax%20or%20cannot%20be%20fulfilled
Harley is working as a SOC analyst with Powell Tech. Powell Inc. is using Internet Information Service (IIS) version 7.0 to host their website.
Where will Harley find the web server logs, if he wants to investigate them for any anomalies?
A . SystemDrive%inetpublogsLogFilesW3SVCN
B . SystemDrive%LogFilesinetpublogsW3SVCN
C . %SystemDrive%LogFileslogsW3SVCN
D . SystemDrive% inetpubLogFileslogsW3SVCN
Answer: A
Bonney’s system has been compromised by a gruesome malware.
What is the primary step that is advisable to Bonney in order to contain the malware incident from spreading?
A . Complaint to police in a formal way regarding the incident
B . Turn off the infected machine
C . Leave it to the network administrators to handle
D . Call the legal department in the organization and inform about the incident
Answer: B
Properly applied cyber threat intelligence to the SOC team help them in discovering TTPs.
What does these TTPs refer to?
A . Tactics, Techniques, and Procedures
B . Tactics, Threats, and Procedures
C . Targets, Threats, and Process
D . Tactics, Targets, and Process
Answer: A
Explanation:
Reference: https://www.crest-approved.org/wp-content/uploads/CREST-Cyber-Threat-Intelligence.pdf
Rinni, SOC analyst, while monitoring IDS logs detected events shown in the figure below.
What does this event log indicate?
A . Directory Traversal Attack
B . XSS Attack
C . SQL Injection Attack
D . Parameter Tampering Attack
Answer: D
Explanation:
Reference: https://infosecwriteups.com/what-is-parameter-tampering-5b1beb12c5ba
Which of the following fields in Windows logs defines the type of event occurred, such as Correlation Hint, Response Time, SQM, WDI Context, and so on?
A . Keywords
B . Task Category
C . Level
D . Source
Answer: A
Which of the following is a report writing tool that will help incident handlers to generate efficient reports on detected incidents during incident response process?
A . threat_note
B . MagicTree
C . IntelMQ
D . Malstrom
Answer: B
Peter, a SOC analyst with Spade Systems, is monitoring and analyzing the router logs of the company and wanted to check the logs that are generated by access control list numbered 210.
What filter should Peter add to the ‘show logging’ command to get the required output?
A . show logging | access 210
B . show logging | forward 210
C . show logging | include 210
D . show logging | route 210
Answer: C