[2023] Pass 312-39 Exam - Real Questions & Answers [Q16-Q39] : Actual Test Materials : http://blog.actualtests4sure.com

NEW QUESTION 16
John as a SOC analyst is worried about the amount of Tor traffic hitting the network. He wants to prepare a dashboard in the SIEM to get a graph to identify the locations from where the TOR traffic is coming.
Which of the following data source will he use to prepare the dashboard?

DHCP/Logs capable of maintaining IP addresses or hostnames with IPtoName resolution.

IIS/Web Server logs with IP addresses and user agent IPtouseragent resolution.

DNS/ Web Server logs with IP addresses.

Apache/ Web Server logs with IP addresses and Host Name.

NEW QUESTION 17
Which of the following security technology is used to attract and trap people who attempt unauthorized or illicit utilization of the host system?

De-Militarized Zone (DMZ)

Firewall

Honeypot

Intrusion Detection System

NEW QUESTION 18
Which of the following service provides phishing protection and content filtering to manage the Internet experience on and off your network with the acceptable use or compliance policies?

Apility.io

Malstrom

OpenDNS

I-Blocklist

NEW QUESTION 19
What is the correct sequence of SOC Workflow?

Collect, Ingest, Validate, Document, Report, Respond

Collect, Ingest, Document, Validate, Report, Respond

Collect, Respond, Validate, Ingest, Report, Document

Collect, Ingest, Validate, Report, Respond, Document

NEW QUESTION 20
Which of the following attack can be eradicated by filtering improper XML syntax?

CAPTCHA Attacks

SQL Injection Attacks

Insufficient Logging and Monitoring Attacks

Web Services Attacks

NEW QUESTION 21
Which of the following contains the performance measures, and proper project and time management details?

Incident Response Policy

Incident Response Tactics

Incident Response Process

Incident Response Procedures

NEW QUESTION 22
According to the forensics investigation process, what is the next step carried out right after collecting the evidence?

Create a Chain of Custody Document

Send it to the nearby police station

Set a Forensic lab

Call Organizational Disciplinary Team

NEW QUESTION 23
Which of the following can help you eliminate the burden of investigating false positives?

Keeping default rules

Not trusting the security devices

Treating every alert as high level

Ingesting the context data

NEW QUESTION 24
InfoSystem LLC, a US-based company, is establishing an in-house SOC. John has been given the responsibility to finalize strategy, policies, and procedures for the SOC.
Identify the job role of John.

Security Analyst – L1

Chief Information Security Officer (CISO)

Security Engineer

Security Analyst – L2

NEW QUESTION 25
Daniel is a member of an IRT, which was started recently in a company named Mesh Tech. He wanted to find the purpose and scope of the planned incident response capabilities.
What is he looking for?

Incident Response Intelligence

Incident Response Mission

Incident Response Vision

Incident Response Resources

NEW QUESTION 26
David is a SOC analyst in Karen Tech. One day an attack is initiated by the intruders but David was not able to find any suspicious events.
This type of incident is categorized into?

True Positive Incidents

False positive Incidents

True Negative Incidents

False Negative Incidents

NEW QUESTION 27
In which log collection mechanism, the system or application sends log records either on the local disk or over the network.

rule-based

pull-based

push-based

signature-based

NEW QUESTION 28
According to the Risk Matrix table, what will be the risk level when the probability of an attack is very low and the impact of that attack is major?

High

Extreme

Low

Medium

NEW QUESTION 29
An organization is implementing and deploying the SIEM with following capabilities.

What kind of SIEM deployment architecture the organization is planning to implement?

Cloud, MSSP Managed

Self-hosted, Jointly Managed

Self-hosted, Self-Managed

Self-hosted, MSSP Managed

NEW QUESTION 30
Sam, a security analyst with INFOSOL INC., while monitoring and analyzing IIS logs, detected an event matching regex /w*((%27)|(‘))((%6F)|o|(%4F))((%72)|r|(%52))/ix.
What does this event log indicate?

SQL Injection Attack

Parameter Tampering Attack

XSS Attack

Directory Traversal Attack

NEW QUESTION 31
Properly applied cyber threat intelligence to the SOC team help them in discovering TTPs.
What does these TTPs refer to?

Tactics, Techniques, and Procedures

Tactics, Threats, and Procedures

Targets, Threats, and Process

Tactics, Targets, and Process

NEW QUESTION 32
Which of the log storage method arranges event logs in the form of a circular buffer?

FIFO

LIFO

non-wrapping

wrapping

NEW QUESTION 33
Which of the following Windows event is logged every time when a user tries to access the “Registry” key?

4656

4663

4660

4657

NEW QUESTION 34
What does Windows event ID 4740 indicate?

A user account was locked out.

A user account was disabled.

A user account was enabled.

A user account was created.

NEW QUESTION 35
Which of the following command is used to enable logging in iptables?

$ iptables -B INPUT -j LOG

$ iptables -A OUTPUT -j LOG

$ iptables -A INPUT -j LOG

$ iptables -B OUTPUT -j LOG

NEW QUESTION 36
What is the correct sequence of SOC Workflow?

Collect, Ingest, Validate, Document, Report, Respond

Collect, Ingest, Document, Validate, Report, Respond

Collect, Respond, Validate, Ingest, Report, Document

Collect, Ingest, Validate, Report, Respond, Document

NEW QUESTION 37
Which of the following tool is used to recover from web application incident?

CrowdStrike FalconTM Orchestrator

Symantec Secure Web Gateway

Smoothwall SWG

Proxy Workbench

NEW QUESTION 38
Rinni, SOC analyst, while monitoring IDS logs detected events shown in the figure below.

What does this event log indicate?