Download Certified SOC Analyst 312-39 Exam Preparation: Multiple Choice Questions and Answers and more Exams Nursing in PDF only on Docsity!
Certified SOC Analyst 312-39 Exam With Complete
Solutions 100% Verified!!
Which of the following is a set of standard guidelines for ongoing development, enhancement, storage, dissemination and implementation of security standards for account data protection? FISMA
HIPAA PCI-DSS DARPA HIPAA Which in the below stage of Lockheed Martin's - Cyber Kill Chain Methodology, an adversary creates an deliverable malicious payload using an exploit and backdoor?
Reconnaissance
Delivery Weaponization Exploitation Weaponization What is the name of that attack where the attacker tries to learn all the possible information about the target network before furthering an attack?
Reconnaissance DoS Attack
Man-In-Middle Attack Ransomware Attack Reconnaissance Attack Reconnaissance Attack What does [-n] in the following checkpoint firewall log syntax represents?
fw log [-f [-t]] [-n] [-l] [-o] [-c action] [-h host] [-s starttime] [-e endtime] [-b starttime endtime] [-u unification_scheme_file] [-m unification_mode(initial|semi|raw)] [-a] [-k (alert name|all)] [-g] [logfile]
Speed up the process by not performing IP addresses DNS resolution in the Log files
Show both the date and the time for each log record Show only account log records Show detailed log chains (all the log segments a log record consists of) Accelerate the process by not doing DNS resolution of IP addresses in Log files Which of the following attack overloads DHCP servers with fake DHCP requests to consume all the available IP addresses?
DHCP Starvation Attacks DHCP Spoofing Attack DHCP Port Stealing DHCP Cache Poisoning DHCP Starvation Attacks Mike is an incident handler for PNP Infosystems Inc. One day, a ticket was raised regarding a critical incident and the incident was assigned to Mike for handling. During the process of incident handling, at one stage, he has performed incident analysis and validation to check whether the incident is a true incident or a false positive.
Which filter does Peter need to utilize with the 'show logging' command in order to view the output he wants?
show logging | access 210 show logging | forward 210 show logging | include 210 show logging | route 210 show logging | include 210 Which of the following is an attack when an attacker exploits known but yet unpatched public vulnerabilities to take advantage of a target system?
Slow DoS Attack DHCP Starvation Zero-Day Attack DNS Poisoning Attack Zero-Day Attack Log transport in which, the system or application initiates sending log records either on the local disk or across the network. rule-based pull-based push-based signature-based push-based Name the log transport type, by which a system or an application initiates pulling of the log records from any log source? rule-based pull-based push-based signature-based
pull-based Syslog and Simple Network Management Protocol are the two main? rule-based pull-based push-based signature-based push-based protocols Checkpoint provides OPSEC is an exalpe of pull-based Which of the following attack can be eradicated by disabling of "allow_url_fopen and allow_url_include" in the php.ini file?
File Injection Attacks URL Injection Attacks LDAP Injection Attacks Command Injection Attacks File Injection Attacks Which of the following stage executed after identifying the required event sources?
Identifying the monitoring Requirements Defining Rule for the Use Case Implementing and Testing the Use Case Validating the event source against monitoring requirement Defining Rule for the Use Case Which of the following incident handling and response process steps focuses on limiting the scope and extension of an incident? Containment Data Collection
Apache/ Web Server logs with IP addresses and Host Name. Apache/ Web Server logs with IP addresses and Host Name. Which of the following process refers to the discarding of the packets at the routing level without informing the source that the data did not reach its intended recipient?
Load Balancing Rate Limiting Black Hole Filtering Drop Requests Black Hole Filtering Which of the following would be a good option for filtering the web requests that accompany this SQL Injection attack?
Nmap UrlScan ZAP proxy Hydra UrlScan Charline is working as L2 SOC Analyst. One day, the L1 SOC Analyst escalates an incident to her for further investigation and confirmation. Charline, after due investigation, confirmed the incident and gave an initial priority. What would be the next thing she'll do according to SOC workflow?
She should escalate this issue immediately to the management
She should immediately contacts the network administrator in order to solve the problem
She should communicate this incident to the media immediately
She should raise ticket formally and forward to IRT
She should raise ticket formally and forward to IRT Which among the following form of threat intelligence identifies and defines, from a security operation manager to the network operation center, and incident responder how adversaries are expected to conduct the attack on the institution's technical capabilities along with the attackers and goals as well as attack vectors of their assault?
Analytical Threat Intelligence Operational Threat Intelligence Strategic Threat Intelligence Tactical Threat Intelligence Tactical Threat Intelligence If the SIEM generates all of the following four alerts simultaneously, which of the following alerts should be given least priority according to effective alert triaging?
I. Firewall blocking traffic from getting into the network alerts II. SQL injection attempt alerts III. Data deletion attempt alerts IV. Brute-force attempt alerts
III IV II I I. Firewall blocking traffic from getting into the network alerts InfoSystem LLC, a US-based company, is setting up an in-house SOC. John has been assigned the task of finalizing strategy, policies, and procedures for the SOC.
This type of incident is categorized into __________?
True Positive Incidents False positive Incidents True Negative Incidents False Negative Incidents True Positive: An alert raises an alarm when a legitim David works as a SOC analyst in Karen Tech. One day, an attack is not initiated by the intruders.
This type of incident falls into __________?
True Positive Incidents
False positive Incidents True Negative Incidents False Negative Incidents True Negative: An alarm will not raise when there is no detection of the attack. It means non-virus file rejected successfully. Emmanuel works as a SOC analyst in a company named Tobey Tech. Recently, the manager of Tobey Tech hired an Incident Response Team for his company. In the process of collaboration with the IRT, Emmanuel just escalated an incident to the IRT and chose Incident Analysis and Validation.
What the IRT will do to the incident escalated by him is:
Incident Analysis and Validation
Incident Recording Incident Classification Incident Prioritization Incident Analysis and Validation Identify the HTTP status codes that represents the server error.
2XX 4XX 1XX 5XX 5XX Which attack works like a dictionary attack, but adds some numbers and symbols to the words from the dictionary and tries to crack the password?
Hybrid Attack Bruteforce Attack Rainbow Table Attack Birthday Attack Hybrid Attack Which of the following attack can be eradicated by converting all non-alphanumeric characters to HTML character entities before displaying the user input in search engines and forums?
Broken Access Control Attacks
Accepted Which one of the following areas siem replaces an analyst?
Tactical threat intelligence, Operational Threat intelligence What does the HTTP 204 code indicate? No Content What is the name of log security level 2 en Linux? Critical What event ID shows that a user account was modified? 4738 What does the HTTP 502 code indicates? Bad Gateway Which containment tool allows web content filtering? OpenDNS What does the HTTP 504 code indicates? Gateway TImeout Which of the following sources can be used as data source to detect bad bot: Web App Logs, ISS, Apache web server logs, IDS logs, WAF logs, etc This event informs about the actual operation taken by a user on a file.
4663 Tool to do cookie poisoning:
Zed Proxy At what event ID does one notice that a user account is deleted?
How does one find the calculation for EPS?
Security events/second What is returned with the HTTP 401 code?
Unauthorized What is the Event ID of account lockout?
4740 Process-oriented framework that outlines the important properties of security engineering process, which is needed to maintain effective security engineering:
SSE-CMM How to minimize false positives with a high volume?
Contextual Information Event Types Windows not about what is important, but rather what may pose a potential problem in the near future:
Warning Which event ID indicates that an account was locked out?
4725 Threat Intelligence Platform
TC Complete Threat Intelligence Lifecycle:
Source Keywords
Which of the following tool is used to recover from web application incident?
CrowdStrike FalconTM Orchestrator Symantec Secure Web Gateway Smoothwall SWG Proxy Workbench CrowdStrike FalconTM Orchestrator
Robin, a SOC engineer in a multinational company, is planning to implement a SIEM. He assessed that his organization is capable of performing only Correlation, Analytics, Reporting, Retention, Alerting, and Visualization required for the SIEM implementation and has to take collection and aggregation services from a Managed Security Services Provider-MSSP.
What type of SIEM is Robin planning to implement?
Self-hosted, Self-Managed Self-hosted, MSSP Managed Hybrid Model, Jointly Managed Cloud, Self-Managed Cloud, Self-Managed
Robin is a SOC engineer working for a multinational company. He has initiated the plan for implementing a SIEM. He assessed that the MSSP can only do Agregation, Correlation, Analytics, Reporting, Retention, Alerting, and Visualization as required for the SIEM implementation. All the collection services will be taken from the house.
What kind of SIEM will Robin be able to deploy?
A. Self-hosted, Self-Managed B. Self-hosted, MSSP Managed C. Hybrid Model, Jointly Managed D. Cloud, Self-Managed E. Self-hosted, MSSP-managed
Robin, working as a SOC engineer in a multinational company, is going to implement a SIEM. He felt that it would be needed to have MSSP capable of Agregation, Correlation, Analytics, Reporting, Retention, Alerting, and Visualization to accomplish the said implementation of SIEM, and thus he must take the collection, Agregation, Correlation, Analytics, Reporting, Retention, Alerting, and Visualization services from In-house.
What kind of SIEM is Robin planning to implement?
Self-hosted, Self-Managed Self-hosted, MSSP Managed Hybrid Model, Jointly Managed Cloud, Self-Managed Self-Hosted, Jointly Managed
An attacker exploits the logic validation mechanisms of an e-commerce website. He successfully purchases a product worth $100 for $10 by modifying the URL exchanged between the client and the server.
Identify the attack depicted in the above scenario.
Denial-of-Service Attack SQL Injection Attack Parameter Tampering Attack Session Fixation Attack Pameter Tampering Attack
John, the threat analyst with GreenTech Solutions, wanted to capture for the specific threat against his organisation. He started on acquiring information about specific threats targeting various sources and gathered information from humans, social media, a chat room, and so on, that can provide malicious activity reports. Based on the above definition, which Threat Intel did John come up with? Strategic Threat Intelligence Technical Threat Intelligence Tactical Threat Intelligence Operational Threat Intelligence Operation Threat Intelligence
What does the Windows 10 Security Log Event ID 4624 indicate? Service added to the endpoint A share was assessed An account was successfully logged on
New process executed An account was successfully logged on
What does the HTTP status code 1XX represents?
Informational message Client error Success Redirection Informational message
4720 What is the event id of a newly created process?
What data source can be used to detect an increase in TOR traffic to the network?
DHCP/ Logs capable of maintaining IP added or hostnames with IPtoName resolution What event ID shows a user account was enabled?
