Get instant access to 312-39 Practice Tests 2021 Free Updated Today!
Welcome to download the newest PassLeader 312-39 PDF dumps ( 102 Q&As)
NEW QUESTION 25
Jason, a SOC Analyst with Maximus Tech, was investigating Cisco ASA Firewall logs and came across the following log entry:
May 06 2018 21:27:27 asa 1: %ASA -5 - 11008: User 'enable_15' executed the 'configure term' command What does the security level in the above log indicates?
- A. Critical condition message
- B. Normal but significant message
- C. Warning condition message
- D. Informational message
Answer: C
NEW QUESTION 26
David is a SOC analyst in Karen Tech. One day an attack is initiated by the intruders but David was not able to find any suspicious events.
This type of incident is categorized into?
- A. False Negative Incidents
- B. True Positive Incidents
- C. False positive Incidents
- D. True Negative Incidents
Answer: D
NEW QUESTION 27
Which of the following can help you eliminate the burden of investigating false positives?
- A. Keeping default rules
- B. Not trusting the security devices
- C. Treating every alert as high level
- D. Ingesting the context data
Answer: A
NEW QUESTION 28
Which of the following service provides phishing protection and content filtering to manage the Internet experience on and off your network with the acceptable use or compliance policies?
- A. I-Blocklist
- B. Apility.io
- C. OpenDNS
- D. Malstrom
Answer: C
NEW QUESTION 29
Identify the attack when an attacker by several trial and error can read the contents of a password file present in the restricted etc folder just by manipulating the URL in the browser as shown:
http://www.terabytes.com/process.php./../../../../etc/passwd
- A. Denial-of-Service Attack
- B. SQL Injection Attack
- C. Directory Traversal Attack
- D. Form Tampering Attack
Answer: B
NEW QUESTION 30
Which attack works like a dictionary attack, but adds some numbers and symbols to the words from the dictionary and tries to crack the password?
- A. Bruteforce Attack
- B. Hybrid Attack
- C. Birthday Attack
- D. Rainbow Table Attack
Answer: A
NEW QUESTION 31
If the SIEM generates the following four alerts at the same time:
I.Firewall blocking traffic from getting into the network alerts
II.SQL injection attempt alerts
III.Data deletion attempt alerts
IV.Brute-force attempt alerts
Which alert should be given least priority as per effective alert triaging?
- A. III
- B. IV
- C. II
- D. I
Answer: D
NEW QUESTION 32
Peter, a SOC analyst with Spade Systems, is monitoring and analyzing the router logs of the company and wanted to check the logs that are generated by access control list numbered 210.
What filter should Peter add to the 'show logging' command to get the required output?
- A. show logging | access 210
- B. show logging | include 210
- C. show logging | forward 210
- D. show logging | route 210
Answer: B
NEW QUESTION 33
Which of the following event detection techniques uses User and Entity Behavior Analytics (UEBA)?
- A. Signature-based detection
- B. Anomaly-based detection
- C. Rule-based detection
- D. Heuristic-based detection
Answer: B
NEW QUESTION 34
Which of the following is a report writing tool that will help incident handlers to generate efficient reports on detected incidents during incident response process?
- A. threat_note
- B. MagicTree
- C. IntelMQ
- D. Malstrom
Answer: C
NEW QUESTION 35
Which of the following tool can be used to filter web requests associated with the SQL Injection attack?
- A. UrlScan
- B. Nmap
- C. ZAP proxy
- D. Hydra
Answer: A
NEW QUESTION 36
Which of the following data source can be used to detect the traffic associated with Bad Bot User-Agents?
- A. Web Server Logs
- B. Windows Event Log
- C. Switch Logs
- D. Router Logs
Answer: A
NEW QUESTION 37
Which of the following directory will contain logs related to printer access?
- A. /var/log/cups/Printeraccess_log file
- B. /var/log/cups/access_log file
- C. /var/log/cups/accesslog file
- D. /var/log/cups/Printer_log file
Answer: D
NEW QUESTION 38
Which of the log storage method arranges event logs in the form of a circular buffer?
- A. non-wrapping
- B. wrapping
- C. LIFO
- D. FIFO
Answer: D
NEW QUESTION 39
Wesley is an incident handler in a company named Maddison Tech. One day, he was learning techniques for eradicating the insecure deserialization attacks.
What among the following should Wesley avoid from considering?
- A. Deserialization of trusted data must cross a trust boundary
- B. Allow serialization for security-sensitive classes
- C. Understand the security permissions given to serialization and deserialization
- D. Validate untrusted input, which is to be serialized to ensure that serialized data contain only trusted classes
Answer: B
NEW QUESTION 40
What is the correct sequence of SOC Workflow?
- A. Collect, Respond, Validate, Ingest, Report, Document
- B. Collect, Ingest, Validate, Document, Report, Respond
- C. Collect, Ingest, Validate, Report, Respond, Document
- D. Collect, Ingest, Document, Validate, Report, Respond
Answer: B
NEW QUESTION 41
Identify the type of attack, an attacker is attempting on www.example.com website.
- A. SQL Injection Attack
- B. Cross-site Scripting Attack
- C. Denial-of-Service Attack
- D. Session Attack
Answer: B
NEW QUESTION 42
......
Nov-2021 Latest PassReview 312-39 Exam Dumps with PDF and Exam Engine: https://www.passreview.com/312-39_exam-braindumps.html
Premium Quality EC-COUNCIL 312-39 Online dumps: https://drive.google.com/open?id=1UE_qtdHT52PERS-65zbZc9CtiNZq9dzM