[Aug 26, 2022] PassCollection 312-39 dumps & EC-COUNCIL CSA sure practice dumps [Q54-Q75]

[Aug 26, 2022] PassCollection 312-39 dumps & EC-COUNCIL CSA sure practice dumps

EC-COUNCIL 312-39 Actual Questions and Braindumps

NEW QUESTION 54
John as a SOC analyst is worried about the amount of Tor traffic hitting the network. He wants to prepare a dashboard in the SIEM to get a graph to identify the locations from where the TOR traffic is coming.
Which of the following data source will he use to prepare the dashboard?

• A. DNS/ Web Server logs with IP addresses.
• B. IIS/Web Server logs with IP addresses and user agent IPtouseragent resolution.
• C. DHCP/Logs capable of maintaining IP addresses or hostnames with IPtoName resolution.
• D. Apache/ Web Server logs with IP addresses and Host Name.

Answer: D

 

NEW QUESTION 55
What is the process of monitoring and capturing all data packets passing through a given network using different tools?

• A. Network Scanning
• B. Network Sniffing
• C. DNS Footprinting
• D. Port Scanning

Answer: B

 

NEW QUESTION 56
Which of the following technique involves scanning the headers of IP packets leaving a network to make sure that the unauthorized or malicious traffic never leaves the internal network?

• A. Egress Filtering
• B. Ingress Filtering
• C. Rate Limiting
• D. Throttling

Answer: A

 

NEW QUESTION 57
Which of the following is a correct flow of the stages in an incident handling and response (IH&R) process?

• A. Preparation -> Incident Recording -> Incident Triage -> Containment -> Eradication -> Recovery -> Post-Incident Activities
• B. Incident Triage -> Eradication -> Containment -> Incident Recording -> Preparation -> Recovery -> Post-Incident Activities
• C. Containment -> Incident Recording -> Incident Triage -> Preparation -> Recovery -> Eradication -> Post-Incident Activities
• D. Incident Recording -> Preparation -> Containment -> Incident Triage -> Recovery -> Eradication -> Post-Incident Activities

Answer: A

 

NEW QUESTION 58
What does HTTPS Status code 403 represents?

• A. Unauthorized Error
• B. Forbidden Error
• C. Internal Server Error
• D. Not Found Error

Answer: B

 

NEW QUESTION 59
What type of event is recorded when an application driver loads successfully in Windows?

• A. Information
• B. Warning
• C. Success Audit
• D. Error

Answer: A

 

NEW QUESTION 60
John, a threat analyst at GreenTech Solutions, wants to gather information about specific threats against the organization. He started collecting information from various sources, such as humans, social media, chat room, and so on, and created a report that contains malicious activity.
Which of the following types of threat intelligence did he use?

• A. Tactical Threat Intelligence
• B. Strategic Threat Intelligence
• C. Operational Threat Intelligence
• D. Technical Threat Intelligence

Answer: C

 

NEW QUESTION 61
Jason, a SOC Analyst with Maximus Tech, was investigating Cisco ASA Firewall logs and came across the following log entry:
May 06 2018 21:27:27 asa 1: %ASA -5 - 11008: User 'enable_15' executed the 'configure term' command What does the security level in the above log indicates?

• A. Informational message
• B. Normal but significant message
• C. Critical condition message
• D. Warning condition message

Answer: D

 

NEW QUESTION 62
An attacker exploits the logic validation mechanisms of an e-commerce website. He successfully purchases a product worth $100 for $10 by modifying the URL exchanged between the client and the server.
Original
URL: http://www.buyonline.com/product.aspx?profile=12
&debit=100
Modified URL: http://www.buyonline.com/product.aspx?profile=12
&debit=10
Identify the attack depicted in the above scenario.

• A. Session Fixation Attack
• B. SQL Injection Attack
• C. Denial-of-Service Attack
• D. Parameter Tampering Attack

Answer: A

 

NEW QUESTION 63
Which attack works like a dictionary attack, but adds some numbers and symbols to the words from the dictionary and tries to crack the password?

• A. Hybrid Attack
• B. Birthday Attack
• C. Bruteforce Attack
• D. Rainbow Table Attack

Answer: C

 

NEW QUESTION 64
Which of the following Windows event is logged every time when a user tries to access the "Registry" key?

• A. 0
• B. 1
• C. 2
• D. 3

Answer: C

 

NEW QUESTION 65
According to the forensics investigation process, what is the next step carried out right after collecting the evidence?

• A. Create a Chain of Custody Document
• B. Set a Forensic lab
• C. Call Organizational Disciplinary Team
• D. Send it to the nearby police station

Answer: A

 

NEW QUESTION 66
Which of the following is a report writing tool that will help incident handlers to generate efficient reports on detected incidents during incident response process?

• A. IntelMQ
• B. Malstrom
• C. MagicTree
• D. threat_note

Answer: A

 

NEW QUESTION 67
Which of the following directory will contain logs related to printer access?

• A. /var/log/cups/Printer_log file
• B. /var/log/cups/accesslog file
• C. /var/log/cups/Printeraccess_log file
• D. /var/log/cups/access_log file

Answer: A

 

NEW QUESTION 68
Charline is working as an L2 SOC Analyst. One day, an L1 SOC Analyst escalated an incident to her for further investigation and confirmation. Charline, after a thorough investigation, confirmed the incident and assigned it with an initial priority.
What would be her next action according to the SOC workflow?

• A. She should immediately escalate this issue to the management
• B. She should immediately contact the network administrator to solve the problem
• C. She should communicate this incident to the media immediately
• D. She should formally raise a ticket and forward it to the IRT

Answer: B

 

NEW QUESTION 69
Which of the following attack can be eradicated by using a safe API to avoid the use of the interpreter entirely?

• A. Command Injection Attacks
• B. File Injection Attacks
• C. LDAP Injection Attacks
• D. SQL Injection Attacks

Answer: D

 

NEW QUESTION 70
According to the Risk Matrix table, what will be the risk level when the probability of an attack is very high, and the impact of that attack is major?
NOTE: It is mandatory to answer the question before proceeding to the next one.

• A. Extreme
• B. Medium
• C. Low
• D. High

Answer: D

 

NEW QUESTION 71
What does the HTTP status codes 1XX represents?

• A. Success
• B. Informational message
• C. Client error
• D. Redirection

Answer: B

 

NEW QUESTION 72
Which of the following tool is used to recover from web application incident?

• A. Proxy Workbench
• B. Symantec Secure Web Gateway
• C. CrowdStrike FalconTM Orchestrator
• D. Smoothwall SWG

Answer: B

 

NEW QUESTION 73
Which encoding replaces unusual ASCII characters with "%" followed by the character's two-digit ASCII code expressed in hexadecimal?

• A. Unicode Encoding
• B. Base64 Encoding
• C. URL Encoding
• D. UTF Encoding

Answer: C

 

NEW QUESTION 74
Which of the following is a default directory in a Mac OS X that stores security-related logs?

• A. /private/var/log
• B. /var/log/cups/access_log
• C. ~/Library/Logs
• D. /Library/Logs/Sync

Answer: C

 

NEW QUESTION 75
......

Latest 312-39 Pass Guaranteed Exam Dumps with Accurate & Updated Questions: https://www.passcollection.com/312-39_real-exams.html

Pass 312-39 Exam with Updated 312-39 Exam Dumps PDF 2022: https://drive.google.com/open?id=1VvzAdJtQm2im2HnerBeQgZM8bIgrqFVs