EC-Council 312-39 Certified SOC Analyst (CSA) Online Training
EC-Council 312-39 Online Training
The questions for 312-39 were last updated at Dec 24,2024.
- Exam Code: 312-39
- Exam Name: Certified SOC Analyst (CSA)
- Certification Provider: EC-Council
- Latest update: Dec 24,2024
Which of the following is a report writing tool that will help incident handlers to generate efficient reports on detected incidents during incident response process?
- A . threat_note
- B . MagicTree
- C . IntelMQ
- D . Malstrom
Ray is a SOC analyst in a company named Queens Tech. One Day, Queens Tech is affected by a DoS/DDoS attack. For the containment of this incident, Ray and his team are trying to provide additional bandwidth to the network devices and increasing the capacity of the servers.
What is Ray and his team doing?
- A . Blocking the Attacks
- B . Diverting the Traffic
- C . Degrading the services
- D . Absorbing the Attack
Sam, a security analyst with INFOSOL INC., while monitoring and analyzing IIS logs, detected an event matching regex /\w*((%27)|(’))((%6F)|o|(%4F))((%72)|r|(%52))/ix.
What does this event log indicate?
- A . SQL Injection Attack
- B . Parameter Tampering Attack
- C . XSS Attack
- D . Directory Traversal Attack
Bonney’s system has been compromised by a gruesome malware.
What is the primary step that is advisable to Bonney in order to contain the malware incident from spreading?
- A . Complaint to police in a formal way regarding the incident
- B . Turn off the infected machine
- C . Leave it to the network administrators to handle
- D . Call the legal department in the organization and inform about the incident
Which of the log storage method arranges event logs in the form of a circular buffer?
- A . FIFO
- B . LIFO
- C . non-wrapping
- D . wrapping
According to the Risk Matrix table, what will be the risk level when the probability of an attack is very high, and the impact of that attack is major?
NOTE: It is mandatory to answer the question before proceeding to the next one.
- A . High
- B . Extreme
- C . Low
- D . Medium
Rinni, SOC analyst, while monitoring IDS logs detected events shown in the figure below.
What does this event log indicate?
- A . Directory Traversal Attack
- B . XSS Attack
- C . SQL Injection Attack
- D . Parameter Tampering Attack
The threat intelligence, which will help you, understand adversary intent and make informed decision to ensure appropriate security in alignment with risk.
What kind of threat intelligence described above?
- A . Tactical Threat Intelligence
- B . Strategic Threat Intelligence
- C . Functional Threat Intelligence
- D . Operational Threat Intelligence
An attacker exploits the logic validation mechanisms of an e-commerce website. He successfully purchases a product worth $100 for $10 by modifying the URL exchanged between the client and the server.
Original URL: http://www.buyonline.com/product.aspx?profile=12&debit=100 Modified URL:
http://www.buyonline.com/product.aspx?profile=12&debit=10
Identify the attack depicted in the above scenario.
- A . Denial-of-Service Attack
- B . SQL Injection Attack
- C . Parameter Tampering Attack
- D . Session Fixation Attack
An organization wants to implement a SIEM deployment architecture. However, they have the capability to do only log collection and the rest of the SIEM functions must be managed by an MSSP.
Which SIEM deployment architecture will the organization adopt?
- A . Cloud, MSSP Managed
- B . Self-hosted, Jointly Managed
- C . Self-hosted, MSSP Managed
- D . Self-hosted, Self-Managed
good