312-39
Free trial
Verified
Question 1
Bonney's system has been compromised by a gruesome malware.
What is the primary step that is advisable to Bonney in order to contain the malware incident from spreading?
- A: Complaint to police in a formal way regarding the incident
- B: Turn off the infected machine
- C: Leave it to the network administrators to handle
- D: Call the legal department in the organization and inform about the incident
Question 2
The Syslog message severity levels are labelled from level 0 to level 7.
What does level 0 indicate?
- A: Alert
- B: Notification
- C: Emergency
- D: Debugging
Question 3
Which of the following attack can be eradicated by converting all non-alphanumeric characters to HTML character entities before displaying the user input in search engines and forums?
- A: Broken Access Control Attacks
- B: Web Services Attacks
- C: XSS Attacks
- D: Session Management Attacks
Question 4
Where will you find the reputation IP database, if you want to monitor traffic from known bad IP reputation using OSSIM SIEM?
- A: /etc/ossim/reputation
- B: /etc/ossim/siem/server/reputation/data
- C: /etc/siem/ossim/server/reputation.data
- D: /etc/ossim/server/reputation.data
Question 5
According to the Risk Matrix table, what will be the risk level when the probability of an attack is very low and the impact of that attack is major?
- A: High
- B: Extreme
- C: Low
- D: Medium
Question 6
Which of the following command is used to view iptables logs on Ubuntu and Debian distributions?
- A: $ tailf /var/log/sys/kern.log
- B: $ tailf /var/log/kern.log
- C: # tailf /var/log/messages
- D: # tailf /var/log/sys/messages
Question 7
Which of the following technique involves scanning the headers of IP packets leaving a network to make sure that the unauthorized or malicious traffic never leaves the internal network?
- A: Egress Filtering
- B: Throttling
- C: Rate Limiting
- D: Ingress Filtering
Question 8
Which of the following formula is used to calculate the EPS of the organization?
- A: EPS = average number of correlated events / time in seconds
- B: EPS = number of normalized events / time in seconds
- C: EPS = number of security events / time in seconds
- D: EPS = number of correlated events / time in seconds
Question 9
Juliea a SOC analyst, while monitoring logs, noticed large TXT, NULL payloads.
What does this indicate?
- A: Concurrent VPN Connections Attempt
- B: DNS Exfiltration Attempt
- C: Covering Tracks Attempt
- D: DHCP Starvation Attempt
Question 10
An organization is implementing and deploying the SIEM with following capabilities.
What kind of SIEM deployment architecture the organization is planning to implement?
- A: Cloud, MSSP Managed
- B: Self-hosted, Jointly Managed
- C: Self-hosted, Self-Managed
- D: Self-hosted, MSSP Managed
Question 11
What is the process of monitoring and capturing all data packets passing through a given network using different tools?
- A: Network Scanning
- B: DNS Footprinting
- C: Network Sniffing
- D: Port Scanning
Question 12
Which of the following is a report writing tool that will help incident handlers to generate efficient reports on detected incidents during incident response process?
- A: threat_note
- B: MagicTree
- C: IntelMQ
- D: Malstrom
Question 13
According to the forensics investigation process, what is the next step carried out right after collecting the evidence?
- A: Create a Chain of Custody Document
- B: Send it to the nearby police station
- C: Set a Forensic lab
- D: Call Organizational Disciplinary Team
Question 14
Which of the following Windows features is used to enable Security Auditing in Windows?
- A: Bitlocker
- B: Windows Firewall
- C: Local Group Policy Editor
- D: Windows Defender
Question 15
Which of the following attack can be eradicated by filtering improper XML syntax?
- A: CAPTCHA Attacks
- B: SQL Injection Attacks
- C: Insufficient Logging and Monitoring Attacks
- D: Web Services Attacks
Question 16
Which of the following attack can be eradicated by using a safe API to avoid the use of the interpreter entirely?
- A: Command Injection Attacks
- B: SQL Injection Attacks
- C: File Injection Attacks
- D: LDAP Injection Attacks
Question 17
Shawn is a security manager working at Lee Inc Solution. His organization wants to develop threat intelligent strategy plan. As a part of threat intelligent strategy plan, he suggested various components, such as threat intelligence requirement analysis, intelligence and collection planning, asset identification, threat reports, and intelligence buy-in.
Which one of the following components he should include in the above threat intelligent strategy plan to make it effective?
- A: Threat pivoting
- B: Threat trending
- C: Threat buy-in
- D: Threat boosting
Question 18
Which of the following can help you eliminate the burden of investigating false positives?
- A: Keeping default rules
- B: Not trusting the security devices
- C: Treating every alert as high level
- D: Ingesting the context data
Question 19
Which of the following event detection techniques uses User and Entity Behavior Analytics (UEBA)?
- A: Rule-based detection
- B: Heuristic-based detection
- C: Anomaly-based detection
- D: Signature-based detection
Question 20
Identify the password cracking attempt involving a precomputed dictionary of plaintext passwords and their corresponding hash values to crack the password.
- A: Dictionary Attack
- B: Rainbow Table Attack
- C: Bruteforce Attack
- D: Syllable Attack
That’s the end of your free questions
You’ve reached the preview limit for 312-39Consider upgrading to gain full access!
Free preview mode
Enjoy the free questions and consider upgrading to gain full access!