Is this exam completely free?

ExamCademy offers a free preview for every exam, covering around 20% of the total questions. Full access to all questions is available for free by signing up for an account. Optional supporters unlock AstroTutor (AI tutor) and advanced study modes.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! ExamCademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our practice questions are community-created and moderator-reviewed to align with realistic exam objectives, style, and difficulty.

312-39 by EC-Council - Page 1 | ExamCademy

Mode Selection

Question 1

Question 2

Question 3

Which of the following attack can be eradicated by converting all non-alphanumeric characters to HTML character entities before displaying the user input in search engines and forums?

A Broken Access Control Attacks
B Web Services Attacks
C XSS Attacks
D Session Management Attacks

Question 4

Where will you find the reputation IP database, if you want to monitor traffic from known bad IP reputation using OSSIM SIEM?

A /etc/ossim/reputation
B /etc/ossim/siem/server/reputation/data
C /etc/siem/ossim/server/reputation.data
D /etc/ossim/server/reputation.data

Question 5

According to the Risk Matrix table, what will be the risk level when the probability of an attack is very low and the impact of that attack is major?

A High
B Extreme
C Low
D Medium

Question 6

Which of the following command is used to view iptables logs on Ubuntu and Debian distributions?

A $ tailf /var/log/sys/kern.log
B $ tailf /var/log/kern.log
C
tailf /var/log/messages
D
tailf /var/log/sys/messages

Question 7

Which of the following technique involves scanning the headers of IP packets leaving a network to make sure that the unauthorized or malicious traffic never leaves the internal network?

A Egress Filtering
B Throttling
C Rate Limiting
D Ingress Filtering

Question 8

Which of the following formula is used to calculate the EPS of the organization?

A EPS = average number of correlated events / time in seconds
B EPS = number of normalized events / time in seconds
C EPS = number of security events / time in seconds
D EPS = number of correlated events / time in seconds

Question 9

Juliea a SOC analyst, while monitoring logs, noticed large TXT, NULL payloads.
What does this indicate?

A Concurrent VPN Connections Attempt
B DNS Exfiltration Attempt
C Covering Tracks Attempt
D DHCP Starvation Attempt

Question 10

An organization is implementing and deploying the SIEM with following capabilities.

Question 11

What is the process of monitoring and capturing all data packets passing through a given network using different tools?

A Network Scanning
B DNS Footprinting
C Network Sniffing
D Port Scanning

Question 12

Which of the following is a report writing tool that will help incident handlers to generate efficient reports on detected incidents during incident response process?

A threat_note
B MagicTree
C IntelMQ
D Malstrom

Question 13

According to the forensics investigation process, what is the next step carried out right after collecting the evidence?

A Create a Chain of Custody Document
B Send it to the nearby police station
C Set a Forensic lab
D Call Organizational Disciplinary Team

Question 14

Which of the following Windows features is used to enable Security Auditing in Windows?

A Bitlocker
B Windows Firewall
C Local Group Policy Editor
D Windows Defender

Question 15

Which of the following attack can be eradicated by filtering improper XML syntax?

A CAPTCHA Attacks
B SQL Injection Attacks
C Insufficient Logging and Monitoring Attacks
D Web Services Attacks

Question 16

Which of the following attack can be eradicated by using a safe API to avoid the use of the interpreter entirely?

A Command Injection Attacks
B SQL Injection Attacks
C File Injection Attacks
D LDAP Injection Attacks

Question 17

Shawn is a security manager working at Lee Inc Solution. His organization wants to develop threat intelligent strategy plan. As a part of threat intelligent strategy plan, he suggested various components, such as threat intelligence requirement analysis, intelligence and collection planning, asset identification, threat reports, and intelligence buy-in.
Which one of the following components he should include in the above threat intelligent strategy plan to make it effective?

A Threat pivoting
B Threat trending
C Threat buy-in
D Threat boosting

Question 18

Which of the following can help you eliminate the burden of investigating false positives?

A Keeping default rules
B Not trusting the security devices
C Treating every alert as high level
D Ingesting the context data

Question 19

Which of the following event detection techniques uses User and Entity Behavior Analytics (UEBA)?

A Rule-based detection
B Heuristic-based detection
C Anomaly-based detection
D Signature-based detection

Question 20

Identify the password cracking attempt involving a precomputed dictionary of plaintext passwords and their corresponding hash values to crack the password.

A Dictionary Attack
B Rainbow Table Attack
C Bruteforce Attack
D Syllable Attack

That's the end of the Preview

Create a free account to unlock all questions for this exam.

Log In / Sign Up

Page 1 of 4 • Questions 1-25 of 98

1 2 3 4

→

Know a question that should be here? Contribute to this exam

Bonney's system has been compromised by a gruesome malware.
What is the primary step that is advisable to Bonney in order to contain the malware incident from spreading?

A Complaint to police in a formal way regarding the incident
B Turn off the infected machine
C Leave it to the network administrators to handle
D Call the legal department in the organization and inform about the incident

The Syslog message severity levels are labelled from level 0 to level 7.
What does level 0 indicate?

A Alert
B Notification
C Emergency
D Debugging

What kind of SIEM deployment architecture the organization is planning to implement?

A Cloud, MSSP Managed
B Self-hosted, Jointly Managed
C Self-hosted, Self-Managed
D Self-hosted, MSSP Managed