Tag - 312-39 exam

Sam, a security analyst with INFOSOL INC., while monitoring and analyzing IIS logs, detected an event matching regex /\w*((%27)|(’))((%6F)|o|(%4F))((%72)|r|(%52))/ix. What does this event log indicate?A . SQL Injection AttackB . Parameter Tampering AttackC . XSS AttackD . Directory Traversal AttackView AnswerAnswer: A Explanation: Reference: https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=001f5e09-88b4-4a9a-b310-4c20578eecf9&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments

An organization is implementing and deploying the SIEM with following capabilities. What kind of SIEM deployment architecture the organization is planning to implement?A . Cloud, MSSP ManagedB . Self-hosted, Jointly ManagedC . Self-hosted, Self-ManagedD . Self-hosted, MSSP ManagedView AnswerAnswer: A

Where will you find the reputation IP database, if you want to monitor traffic from known bad IP reputation using OSSIM SIEM?A . /etc/ossim/reputationB . /etc/ossim/siem/server/reputation/dataC . /etc/siem/ossim/server/reputation.dataD . /etc/ossim/server/reputation.dataView AnswerAnswer: A

Which of the following is a report writing tool that will help incident handlers to generate efficient reports on detected incidents during incident response process?A . threat_noteB . MagicTreeC . IntelMQD . MalstromView AnswerAnswer: C

An attacker exploits the logic validation mechanisms of an e-commerce website. He successfully purchases a product worth $100 for $10 by modifying the URL exchanged between the client and the server. Original URL: http://www.buyonline.com/product.aspx?profile=12&debit=100 Modified URL: http://www.buyonline.com/product.aspx?profile=12&debit=10 Identify the attack depicted in the above scenario.A . Denial-of-Service AttackB . SQL...