Attention please! Here is the shortcut to pass your 312-39 exam! Get yourself well prepared for the CSA 312-39 Certified SOC Analyst (CSA) exam is really a hard job. But don’t worry! We We, provides the most update latest 312-39 dumps. With We latest 312-39 exam questions, you’ll pass the CSA 312-39 Certified SOC Analyst (CSA) exam in an easy way
Visit our site to get more 312-39 Q and As:https://www.itexambus.com/312-39.html (100 QAs Dumps)
Question 1:
Bonney\’s system has been compromised by a gruesome malware.
What is the primary step that is advisable to Bonney in order to contain the malware incident from spreading?
A. Complaint to police in a formal way regarding the incident
B. Turn off the infected machine
C. Leave it to the network administrators to handle
D. Call the legal department in the organization and inform about the incident
Correct Answer: B
Question 2:
According to the forensics investigation process, what is the next step carried out right after collecting the evidence?
A. Create a Chain of Custody Document
B. Send it to the nearby police station
C. Set a Forensic lab
D. Call Organizational Disciplinary Team
Correct Answer: A
Question 3:
Which one of the following is the correct flow for Setting Up a Computer Forensics Lab?
A. Planning and budgeting
Correct Answer: A
Reference: https://info-savvy.com/setting-up-a-computer-forensics-lab/
Question 4:
Which of the following directory will contain logs related to printer access?
A. /var/log/cups/Printer_log file
B. /var/log/cups/access_log file
C. /var/log/cups/accesslog file
D. /var/log/cups/Printeraccess_log file
Correct Answer: A
Question 5:
Which of the following command is used to enable logging in iptables?
A. $ iptables -B INPUT -j LOG
B. $ iptables -A OUTPUT -j LOG
C. $ iptables -A INPUT -j LOG
D. $ iptables -B OUTPUT -j LOG
Correct Answer: B
Reference: https://tecadmin.net/enable-logging-in-iptables-on-linux/
Question 6:
Ray is a SOC analyst in a company named Queens Tech. One Day, Queens Tech is affected by a DoS/DDoS attack. For the containment of this incident, Ray and his team are trying to provide additional bandwidth to the network devices and increasing the capacity of the servers.
What is Ray and his team doing?
A. Blocking the Attacks
B. Diverting the Traffic
C. Degrading the services
D. Absorbing the Attack
Correct Answer: D
Question 7:
Identify the attack when an attacker by several trial and error can read the contents of a password file present in the restricted etc folder just by manipulating the URL in the browser as shown: http://www.terabytes.com/process.php./../../../../etc/passwd
A. Directory Traversal Attack
B. SQL Injection Attack
C. Denial-of-Service Attack
D. Form Tampering Attack
Correct Answer: B
Reference: https://doc.lagout.org/security/SQL Injection Attacks and Defense.pdf
Question 8:
Which of the following formula represents the risk?
A. Risk = Likelihood × Severity × Asset Value
B. Risk = Likelihood × Consequence × Severity
C. Risk = Likelihood × Impact × Severity
D. Risk = Likelihood × Impact × Asset Value
Correct Answer: B
Question 9:
The Syslog message severity levels are labelled from level 0 to level 7. What does level 0 indicate?
A. Alert
B. Notification
C. Emergency
D. Debugging
Correct Answer: B
Question 10:
Where will you find the reputation IP database, if you want to monitor traffic from known bad IP reputation using OSSIM SIEM?
A. /etc/ossim/reputation
B. /etc/ossim/siem/server/reputation/data
C. /etc/siem/ossim/server/reputation.data
D. /etc/ossim/server/reputation.data
Correct Answer: A
Question 11:
According to the Risk Matrix table, what will be the risk level when the probability of an attack is very low and the impact of that attack is major?
A. High
B. Extreme
C. Low
D. Medium
Correct Answer: C
Reference: https://www.moheri.gov.om/userupload/Policy/IT Risk Management Framework.pdf (17)
Question 12:
Juliea a SOC analyst, while monitoring logs, noticed large TXT, NULL payloads. What does this indicate?
A. Concurrent VPN Connections Attempt
B. DNS Exfiltration Attempt
C. Covering Tracks Attempt
D. DHCP Starvation Attempt
Correct Answer: B
Reference: https://www.google.com/url?sa=tandrct=jandq=andesrc=sandsource=webandcd=andved=2ahUKEwj8gZaKq_PuAhWGi1wKHfQTC0oQFjAAegQIARADandurl=https://conf.splunk.com/session/2014% 2Fconf2014_FredWilmotSanfordOwings_Splunk_Security.pdfandusg=AOvVaw3ZLfzGqM-VUG7xKtze67ac
Question 13:
An organization is implementing and deploying the SIEM with following capabilities.
What kind of SIEM deployment architecture the organization is planning to implement?
A. Cloud, MSSP Managed
B. Self-hosted, Jointly Managed C. Self-hosted, Self-Managed
D. Self-hosted, MSSP Managed
Correct Answer: A
Question 14:
What is the process of monitoring and capturing all data packets passing through a given network using different tools?
A. Network Scanning
B. DNS Footprinting
C. Network Sniffing
D. Port Scanning
Correct Answer: C
Reference: https://www.greycampus.com/opencampus/ethical-hacking/sniffing-and-its-types
Question 15:
Which of the following Windows features is used to enable Security Auditing in Windows?
A. Bitlocker
B. Windows Firewall
C. Local Group Policy Editor
D. Windows Defender
Correct Answer: C
Reference: https://resources.infosecinstitute.com/topic/how-to-audit-windows-10-application-logs/
Visit our site to get more 312-39 Q and As:https://www.itexambus.com/312-39.html (100 QAs Dumps)