312-39Preview

Which one of the following is the correct flow for Setting Up a Computer Forensics Lab?

Ray is a SOC analyst in a company named Queens Tech. One Day, Queens Tech is affected by a DoS/DDoS attack. For the containment of this incident, Ray and his team are trying to provide additional bandwidth to the network devices and increasing the capacity of the servers.
What is Ray and his team doing?

Which of the following technique involves scanning the headers of IP packets leaving a network to make sure that the unauthorized or malicious traffic never leaves the internal network?

Juliea a SOC analyst, while monitoring logs, noticed large TXT, NULL payloads.
What does this indicate?

Wesley is an incident handler in a company named Maddison Tech. One day, he was learning techniques for eradicating the insecure deserialization attacks.
What among the following should Wesley avoid from considering?

Mike is an incident handler for PNP Infosystems Inc. One day, there was a ticket raised regarding a critical incident and Mike was assigned to handle the incident. During the process of incident handling, at one stage, he has performed incident analysis and validation to check whether the incident is a true incident or a false positive.
Identify the stage in which he is currently in.

Which of the following Windows features is used to enable Security Auditing in Windows?

Which of the following attacks causes sudden changes in file extensions or increase in file renames at rapid speed?

What does [-n] in the following checkpoint firewall log syntax represents? fw log [-f [-t]] [-n] [-l] [-o] [-c action] [-h host] [-s starttime] [-e endtime] [-b starttime endtime] [-u unification_scheme_file] [-m unification_mode(initial|semi|raw)] [-a] [-k (alert name|all)] [-g] [logfile]

What does Windows event ID 4740 indicate?

Which of the following attack inundates DHCP servers with fake DHCP requests to exhaust all available IP addresses?

Which of the following is a correct flow of the stages in an incident handling and response (IH&R) process?

Chloe, a SOC analyst with Jake Tech, is checking Linux systems logs. She is investigating files at /var/log/wtmp.
What Chloe is looking at?

What does HTTPS Status code 403 represents?

Jane, a security analyst, while analyzing IDS logs, detected an event matching Regex /((%3C)|<)((%69)|i|(%49))((%6D)|m|(%4D))((%67)|g|(%47))[^\n]+((%3E)|>)/|.
What does this event log indicate?

The threat intelligence, which will help you, understand adversary intent and make informed decision to ensure appropriate security in alignment with risk.
What kind of threat intelligence described above?

What type of event is recorded when an application driver loads successfully in Windows?

Identify the type of attack, an attacker is attempting on www.example.com website.

John, a threat analyst at GreenTech Solutions, wants to gather information about specific threats against the organization. He started collecting information from various sources, such as humans, social media, chat room, and so on, and created a report that contains malicious activity.
Which of the following types of threat intelligence did he use?

What does the Security Log Event ID 4624 of Windows 10 indicate?

What does the HTTP status codes 1XX represents?

In which phase of Lockheed Martin's – Cyber Kill Chain Methodology, adversary creates a deliverable malicious payload using an exploit and a backdoor?

Identify the attack, where an attacker tries to discover all the possible information about a target network before launching a further attack.

Peter, a SOC analyst with Spade Systems, is monitoring and analyzing the router logs of the company and wanted to check the logs that are generated by access control list numbered 210.
What filter should Peter add to the 'show logging' command to get the required output?