EC-COUNCIL 312-39 Actual Free Exam Questions & Community Discussion
You are working as a SOC analyst for a cloud-based service provider that relies on PostgreSQL databases to store critical customer data. During a security review, you discover that logs are not being generated for failed authentication attempts, slow queries, or database errors. This lack of visibility is making it difficult to detect threats and investigate suspicious activity. To ensure PostgreSQL captures and stores logs for centralized monitoring and forensic analysis, which configuration parameter should you enable?
Correct Answer: B
Vote an answer
Explanation: Only visible for EduDump members. You can sign-up / login (it's free).
Identify the HTTP status codes that represents the server error.
Correct Answer: A
Vote an answer
Explanation: Only visible for EduDump members. You can sign-up / login (it's free).
A major financial institution has strict policies preventing unauthorized data transfers. As a SOC analyst, during routine log analysis you detect an anomaly: an employee workstation initiates large file transfers outside business hours, involving highly sensitive customer financial records. You discover remote access from an unfamiliar IP address and an unauthorized USB device connection on the workstation. Given the likelihood of data exfiltration, what should be your first step in responding?
Correct Answer: A
Vote an answer
Explanation: Only visible for EduDump members. You can sign-up / login (it's free).
Sarah, a financial analyst at a multinational corporation, is suspected of leaking sensitive financial data to an unauthorized external party. The SOC team observed anomalous data transfer patterns originating from her account, flagged by the SIEM, indicating potential data exfiltration. The incident response team must contain the incident swiftly to minimize data loss and protect critical assets. As a SOC analyst, which should be prioritized as the initial containment measure?
Correct Answer: B
Vote an answer
Explanation: Only visible for EduDump members. You can sign-up / login (it's free).
What type of event is recorded when an application driver loads successfully in Windows?
Correct Answer: C
Vote an answer
Explanation: Only visible for EduDump members. You can sign-up / login (it's free).
A healthcare organization's SIEM detects unusual HTTP requests targeting its patient portal. The requests originate from a foreign IP address and occur during non-business hours. The methods used are primarily TRACE and OPTIONS, which are rarely seen in normal web traffic. The SIEM correlates these with increased reconnaissance activity on other servers within the same subnet. What is the primary security concern with TRACE and OPTIONS requests?
Correct Answer: D
Vote an answer
Explanation: Only visible for EduDump members. You can sign-up / login (it's free).
Identify the attack when an attacker by several trial and error can read the contents of a password file present in the restricted etc folder just by manipulating the URL in the browser as shown:
http://www.terabytes.com/process.php./../../../../etc/passwd
http://www.terabytes.com/process.php./../../../../etc/passwd
Correct Answer: D
Vote an answer
Explanation: Only visible for EduDump members. You can sign-up / login (it's free).
A large financial institution receives thousands of security logs daily from firewalls, IDS systems, and user authentication platforms. The SOC uses an AI-driven SIEM system with Natural Language Processing (NLP) capabilities to streamline threat detection. This enables faster response times, reduces manual rule creation, and helps detect advanced threats that traditional systems might overlook. Which option best illustrates the advantage of NLP in SIEM?
Correct Answer: B
Vote an answer
Explanation: Only visible for EduDump members. You can sign-up / login (it's free).
A health corporation is implementing a SIEM solution to improve detection and response and comply with HIPAA requirements. They need the SIEM to efficiently collect, analyze, and correlate security events from network devices, servers, and security applications, and generate timely alerts for potential HIPAA violations.
Which capability is needed to meet these needs?
Which capability is needed to meet these needs?
Correct Answer: B
Vote an answer
Explanation: Only visible for EduDump members. You can sign-up / login (it's free).
Jennifer, a SOC analyst, initiates an investigation after receiving an alert about potential unauthorized activity on Marcus's workstation. She starts by retrieving EDR logs from the endpoint, analyzing network traffic patterns in the Security Information and Event Management (SIEM) system, and inspecting email gateway logs for signs of malicious attachments. Her objective is to determine whether this alert represents a legitimate security incident. In which phase of the Incident Response process is Jennifer currently operating?
Correct Answer: A
Vote an answer
Explanation: Only visible for EduDump members. You can sign-up / login (it's free).
David Reynolds, a SOC analyst at a healthcare organization, is investigating suspicious login attempts flagged by the SIEM. To mitigate brute-force risk on targeted endpoints, he collaborates with IT to implement an automatic account lockout policy that temporarily disables accounts after multiple failed login attempts.
Within the SOC's eradication strategy, which category of measures does this action align with?
Within the SOC's eradication strategy, which category of measures does this action align with?
Correct Answer: C
Vote an answer
Explanation: Only visible for EduDump members. You can sign-up / login (it's free).
Which of the following factors determine the choice of SIEM architecture?
Correct Answer: D
Vote an answer
Explanation: Only visible for EduDump members. You can sign-up / login (it's free).
InfoSystem LLC, a US-based company, is establishing an in-house SOC. John has been given the responsibility to finalize strategy, policies, and procedures for the SOC.
Identify the job role of John.
Identify the job role of John.
Correct Answer: D
Vote an answer
0
0
0
10
