EC-Council 312-39 Certified SOC Analyst (CSA) Online Training
EC-Council 312-39 Online Training
The questions for 312-39 were last updated at Dec 23,2024.
- Exam Code: 312-39
- Exam Name: Certified SOC Analyst (CSA)
- Certification Provider: EC-Council
- Latest update: Dec 23,2024
Jane, a security analyst, while analyzing IDS logs, detected an event matching Regex /((%3C)|<)((%69)|i|(% 49))((%6D)|m|(%4D))((%67)|g|(%47))[^n]+((%3E)|>)/|.
What does this event log indicate?
- A . Directory Traversal Attack
- B . Parameter Tampering Attack
- C . XSS Attack
- D . SQL Injection Attack
Harley is working as a SOC analyst with Powell Tech. Powell Inc. is using Internet Information Service (IIS) version 7.0 to host their website.
Where will Harley find the web server logs, if he wants to investigate them for any anomalies?
- A . SystemDrive%inetpublogsLogFilesW3SVCN
- B . SystemDrive%LogFilesinetpublogsW3SVCN
- C . %SystemDrive%LogFileslogsW3SVCN
- D . SystemDrive% inetpubLogFileslogsW3SVCN
In which of the following incident handling and response stages, the root cause of the incident must be found from the forensic results?
- A . Evidence Gathering
- B . Evidence Handling
- C . Eradication
- D . Systems Recovery
Which of the following data source can be used to detect the traffic associated with Bad Bot User-Agents?
- A . Windows Event Log
- B . Web Server Logs
- C . Router Logs
- D . Switch Logs
Emmanuel is working as a SOC analyst in a company named Tobey Tech. The manager of Tobey Tech recently recruited an Incident Response Team (IRT) for his company. In the process of collaboration with the IRT, Emmanuel just escalated an incident to the IRT.
What is the first step that the IRT will do to the incident escalated by Emmanuel?
- A . Incident Analysis and Validation
- B . Incident Recording
- C . Incident Classification
- D . Incident Prioritization
In which phase of Lockheed Martin’s C Cyber Kill Chain Methodology, adversary creates a deliverable malicious payload using an exploit and a backdoor?
- A . Reconnaissance
- B . Delivery
- C . Weaponization
- D . Exploitation
Which of the following tool can be used to filter web requests associated with the SQL Injection attack?
- A . Nmap
- B . UrlScan
- C . ZAP proxy
- D . Hydra
Which of the following threat intelligence helps cyber security professionals such as security operations managers, network operations center and incident responders to understand how the adversaries are expected to perform the attack on the organization, and the technical capabilities and goals of the attackers along with the attack vectors?
- A . Analytical Threat Intelligence
- B . Operational Threat Intelligence
- C . Strategic Threat Intelligence
- D . Tactical Threat Intelligence
Banter is a threat analyst in Christine Group of Industries. As a part of the job, he is currently formatting and structuring the raw data.
He is at which stage of the threat intelligence life cycle?
- A . Dissemination and Integration
- B . Processing and Exploitation
- C . Collection
- D . Analysis and Production
John, a SOC analyst, while monitoring and analyzing Apache web server logs, identified an event log matching Regex /(.|(%|%25)2E)(.|(%|%25)2E)(/|(%|%25)2F|\|(%|%25)5C)/i.
What does this event log indicate?
- A . XSS Attack
- B . SQL injection Attack
- C . Directory Traversal Attack
- D . Parameter Tampering Attack
good