New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: cramtick70

312-39 Certified SOC Analyst (CSA) Questions and Answers

Questions 4

In which of the following incident handling and response stages, the root cause of the incident must be found from the forensic results?

Options:

A.

Evidence Gathering

B.

Evidence Handling

C.

Eradication

D.

Systems Recovery

Buy Now
Questions 5

Juliea a SOC analyst, while monitoring logs, noticed large TXT, NULL payloads.

What does this indicate?

Options:

A.

Concurrent VPN Connections Attempt

B.

DNS Exfiltration Attempt

C.

Covering Tracks Attempt

D.

DHCP Starvation Attempt

Buy Now
Questions 6

John, SOC analyst wants to monitor the attempt of process creation activities from any of their Windows endpoints.

Which of following Splunk query will help him to fetch related logs associated with process creation?

Options:

A.

index=windows LogName=Security EventCode=4678 NOT (Account_Name=*$) .. .. ... ..

B.

index=windows LogName=Security EventCode=4688 NOT (Account_Name=*$) .. .. ..

C.

index=windows LogName=Security EventCode=3688 NOT (Account_Name=*$) .. .. ..

D.

index=windows LogName=Security EventCode=5688 NOT (Account_Name=*$) ... ... ...

Buy Now
Questions 7

Which of the following technique protects from flooding attacks originated from the valid prefixes (IP addresses) so that they can be traced to its true source?

Options:

A.

Rate Limiting

B.

Egress Filtering

C.

Ingress Filtering

D.

Throttling

Buy Now
Questions 8

Which of the following can help you eliminate the burden of investigating false positives?

Options:

A.

Keeping default rules

B.

Not trusting the security devices

C.

Treating every alert as high level

D.

Ingesting the context data

Buy Now
Questions 9

An attacker exploits the logic validation mechanisms of an e-commerce website. He successfully purchases a product worth $100 for $10 by modifying the URL exchanged between the client and the server.

Original URL: http://www.buyonline.com/product.aspx?profile=12 &debit=100 Modified URL: http://www.buyonline.com/product.aspx?profile=12 &debit=10

Identify the attack depicted in the above scenario.

Options:

A.

Denial-of-Service Attack

B.

SQL Injection Attack

C.

Parameter Tampering Attack

D.

Session Fixation Attack

Buy Now
Questions 10

An organization is implementing and deploying the SIEM with following capabilities.

What kind of SIEM deployment architecture the organization is planning to implement?

Options:

A.

Cloud, MSSP Managed

B.

Self-hosted, Jointly Managed

C.

Self-hosted, Self-Managed

D.

Self-hosted, MSSP Managed

Buy Now
Questions 11

Which of the following framework describes the essential characteristics of an organization's security engineering process that must exist to ensure good security engineering?

Options:

A.

COBIT

B.

ITIL

C.

SSE-CMM

D.

SOC-CMM

Buy Now
Questions 12

Which of the following formula represents the risk levels?

Options:

A.

Level of risk = Consequence × Severity

B.

Level of risk = Consequence × Impact

C.

Level of risk = Consequence × Likelihood

D.

Level of risk = Consequence × Asset Value

Buy Now
Questions 13

Which of the following threat intelligence helps cyber security professionals such as security operations managers, network operations center and incident responders to understand how the adversaries are expected to perform the attack on the organization, and the technical capabilities and goals of the attackers along with the attack vectors?

Options:

A.

Analytical Threat Intelligence

B.

Operational Threat Intelligence

C.

Strategic Threat Intelligence

D.

Tactical Threat Intelligence

Buy Now
Questions 14

Which of the following is a default directory in a Mac OS X that stores security-related logs?

Options:

A.

/private/var/log

B.

/Library/Logs/Sync

C.

/var/log/cups/access_log

D.

~/Library/Logs

Buy Now
Questions 15

Jony, a security analyst, while monitoring IIS logs, identified events shown in the figure below.

What does this event log indicate?

Options:

A.

Parameter Tampering Attack

B.

XSS Attack

C.

Directory Traversal Attack

D.

SQL Injection Attack

Buy Now
Questions 16

Bonney's system has been compromised by a gruesome malware.

What is the primary step that is advisable to Bonney in order to contain the malware incident from spreading?

Options:

A.

Complaint to police in a formal way regarding the incident

B.

Turn off the infected machine

C.

Leave it to the network administrators to handle

D.

Call the legal department in the organization and inform about the incident

Buy Now
Questions 17

Identify the event severity level in Windows logs for the events that are not necessarily significant, but may indicate a possible future problem.

Options:

A.

Failure Audit

B.

Warning

C.

Error

D.

Information

Buy Now
Questions 18

Sam, a security analyst with INFOSOL INC., while monitoring and analyzing IIS logs, detected an event matching regex /\\w*((\%27)|(\’))((\%6F)|o|(\%4F))((\%72)|r|(\%52))/ix.

What does this event log indicate?

Options:

A.

SQL Injection Attack

B.

Parameter Tampering Attack

C.

XSS Attack

D.

Directory Traversal Attack

Buy Now
Questions 19

If the SIEM generates the following four alerts at the same time:

I.Firewall blocking traffic from getting into the network alerts

II.SQL injection attempt alerts

III.Data deletion attempt alerts

IV.Brute-force attempt alerts

Which alert should be given least priority as per effective alert triaging?

Options:

A.

III

B.

IV

C.

II

D.

I

Buy Now
Questions 20

Daniel is a member of an IRT, which was started recently in a company named Mesh Tech. He wanted to find the purpose and scope of the planned incident response capabilities.

What is he looking for?

Options:

A.

Incident Response Intelligence

B.

Incident Response Mission

C.

Incident Response Vision

D.

Incident Response Resources

Buy Now
Questions 21

Rinni, SOC analyst, while monitoring IDS logs detected events shown in the figure below.

What does this event log indicate?

Options:

A.

Directory Traversal Attack

B.

XSS Attack

C.

SQL Injection Attack

D.

Parameter Tampering Attack

Buy Now
Questions 22

Which of the following attack can be eradicated by converting all non-alphanumeric characters to HTML character entities before displaying the user input in search engines and forums?

Options:

A.

Broken Access Control Attacks

B.

Web Services Attacks

C.

XSS Attacks

D.

Session Management Attacks

Buy Now
Questions 23

Chloe, a SOC analyst with Jake Tech, is checking Linux systems logs. She is investigating files at /var/log/ wtmp.

What Chloe is looking at?

Options:

A.

Error log

B.

System boot log

C.

General message and system-related stuff

D.

Login records

Buy Now
Questions 24

Which of the following is a correct flow of the stages in an incident handling and response (IH&R) process?

Options:

A.

Containment –> Incident Recording –> Incident Triage –> Preparation –> Recovery –> Eradication –> Post-Incident Activities

B.

Preparation –> Incident Recording –> Incident Triage –> Containment –> Eradication –> Recovery –> Post-Incident Activities

C.

Incident Triage –> Eradication –> Containment –> Incident Recording –> Preparation –> Recovery –> Post-Incident Activities

D.

Incident Recording –> Preparation –> Containment –> Incident Triage –> Recovery –> Eradication –> Post-Incident Activities

Buy Now
Questions 25

What does Windows event ID 4740 indicate?

Options:

A.

A user account was locked out.

B.

A user account was disabled.

C.

A user account was enabled.

D.

A user account was created.

Buy Now
Questions 26

Which of the following steps of incident handling and response process focus on limiting the scope and extent of an incident?

Options:

A.

Containment

B.

Data Collection

C.

Eradication

D.

Identification

Buy Now
Questions 27

What is the process of monitoring and capturing all data packets passing through a given network using different tools?

Options:

A.

Network Scanning

B.

DNS Footprinting

C.

Network Sniffing

D.

Port Scanning

Buy Now
Questions 28

Banter is a threat analyst in Christine Group of Industries. As a part of the job, he is currently formatting and structuring the raw data.

He is at which stage of the threat intelligence life cycle?

Options:

A.

Dissemination and Integration

B.

Processing and Exploitation

C.

Collection

D.

Analysis and Production

Buy Now
Questions 29

What is the correct sequence of SOC Workflow?

Options:

A.

Collect, Ingest, Validate, Document, Report, Respond

B.

Collect, Ingest, Document, Validate, Report, Respond

C.

Collect, Respond, Validate, Ingest, Report, Document

D.

Collect, Ingest, Validate, Report, Respond, Document

Buy Now
Questions 30

Identify the type of attack, an attacker is attempting on www.example.com website.

Options:

A.

Cross-site Scripting Attack

B.

Session Attack

C.

Denial-of-Service Attack

D.

SQL Injection Attack

Buy Now
Exam Code: 312-39
Exam Name: Certified SOC Analyst (CSA)
Last Update: Dec 26, 2024
Questions: 100
312-39 pdf

312-39 PDF

$25.5  $84.99
312-39 Engine

312-39 Testing Engine

$30  $99.99
312-39 PDF + Engine

312-39 PDF + Testing Engine

$40.5  $134.99