EC-COUNCIL 312-39 Actual Free Exam Questions & Community Discussion
A newly hired SOC analyst at a fast-growing multinational organization must quickly assess the company's external exposure and identify potential security risks. Techniques considered include analyzing publicly available information, scanning exposed services, reviewing DNS records, and gathering external intelligence.
Due to the scale across subsidiaries, cloud environments, and third-party integrations, some methods may not scale well and may lead to delays or incomplete insights. Which technique is less practical for handling large or diverse data sets in this scenario?
Due to the scale across subsidiaries, cloud environments, and third-party integrations, some methods may not scale well and may lead to delays or incomplete insights. Which technique is less practical for handling large or diverse data sets in this scenario?
Correct Answer: D
Vote an answer
Explanation: Only visible for EduDump members. You can sign-up / login (it's free).
What does [-n] in the following checkpoint firewall log syntax represents?
fw log [-f [-t]] [-n] [-l] [-o] [-c action] [-h host] [-s starttime] [-e endtime] [-b starttime endtime] [-u unification_scheme_file] [-m unification_mode(initial|semi|raw)] [-a] [-k (alert name|all)] [-g] [logfile]
fw log [-f [-t]] [-n] [-l] [-o] [-c action] [-h host] [-s starttime] [-e endtime] [-b starttime endtime] [-u unification_scheme_file] [-m unification_mode(initial|semi|raw)] [-a] [-k (alert name|all)] [-g] [logfile]
Correct Answer: C
Vote an answer
Explanation: Only visible for EduDump members. You can sign-up / login (it's free).
Which of the log storage method arranges event logs in the form of a circularbuffer?
Correct Answer: D
Vote an answer
Explanation: Only visible for EduDump members. You can sign-up / login (it's free).
Identify the type of attack, an attacker is attempting on www.example.com website.
Correct Answer: D
Vote an answer
Explanation: Only visible for EduDump members. You can sign-up / login (it's free).
InfoSystem LLC, a US-based company, is establishing an in-house SOC. John has been given the responsibility to finalize strategy, policies, and procedures for the SOC.
Identify the job role of John.
Identify the job role of John.
Correct Answer: D
Vote an answer
Explanation: Only visible for EduDump members. You can sign-up / login (it's free).
SecureTech Solutions, a managed security service provider (MSSP), is optimizing its log management architecture to enhance log storage, retrieval, and analysis efficiency. The SOC team needs logs stored in a structured or semi-structured format for easy parsing, querying, and correlation. They choose a format that organizes data in a text file in a tabular structure, where each log entry is stored in rows and columns, and that supports easy export to databases or spreadsheet analysis while maintaining readability. Which log format should they choose?
Correct Answer: C
Vote an answer
Explanation: Only visible for EduDump members. You can sign-up / login (it's free).
At 9:15 AM EST, Marcus Wong, a financial operations analyst, contacts the SOC after noticing Excel spreadsheets automatically encrypting with unusual file extensions (e.g., .locked or .crypt). The Tier 1 analyst logs the incident as ticket #INC-89271 in the SIEM and escalates it to a Tier 2 SOC analyst for investigation.
Which phase of the Incident Response process is currently taking place?
Which phase of the Incident Response process is currently taking place?
Correct Answer: C
Vote an answer
Explanation: Only visible for EduDump members. You can sign-up / login (it's free).
A large financial services company has experienced increasing sophisticated threats targeting critical assets.
The SOC primarily focuses on log collection and basic monitoring, but incidents revealed gaps in detecting and responding to advanced threats proactively. Management decides to adopt the SOC Capability Maturity Model (CMM). The initial assessment indicates the SOC is at Level 1, and the organization aims to reach Level 3 by enhancing incident response procedures, improving threat intelligence integration, establishing KPIs, automating triage, implementing behavior-based analytics, and creating continuous training. Based on the SOC CMM, what should be the first priority in transitioning from Level 1 to Level 3?
The SOC primarily focuses on log collection and basic monitoring, but incidents revealed gaps in detecting and responding to advanced threats proactively. Management decides to adopt the SOC Capability Maturity Model (CMM). The initial assessment indicates the SOC is at Level 1, and the organization aims to reach Level 3 by enhancing incident response procedures, improving threat intelligence integration, establishing KPIs, automating triage, implementing behavior-based analytics, and creating continuous training. Based on the SOC CMM, what should be the first priority in transitioning from Level 1 to Level 3?
Correct Answer: D
Vote an answer
Explanation: Only visible for EduDump members. You can sign-up / login (it's free).
James Rodriguez has recently taken over as the lead SOC manager at GlobalTech Dynamics. The team is deploying a $2M SOC facility, creating incident response playbooks, running tabletop exercises, and training a 15-member incident response team to handle alerts and incidents efficiently. In the Incident Response process flow, which phase best aligns with these activities?
Correct Answer: A
Vote an answer
Explanation: Only visible for EduDump members. You can sign-up / login (it's free).
A mid-sized healthcare organization is facing frequent phishing and ransomware attacks. They lack an internal SOC and want proactive threat detection and response capabilities. Compliance with HIPAA regulations is essential. The organization seeks a solution that includes both monitoring and rapid response to incidents. Which service best meets their needs?
Correct Answer: B
Vote an answer
Explanation: Only visible for EduDump members. You can sign-up / login (it's free).
You are a SOC analyst on duty during a high-severity incident involving a DDoS attack targeting your organization's e-commerce platform. The attack disrupts online transactions. Using SIEM tools and packet capture systems, you identify unusual traffic patterns and trace activity back to command-and-control (C2) servers directing a botnet. Your goal is to recommend an eradication strategy that will sever the attackers' control over infected devices and halt the attack. Which strategy should your team implement?
Correct Answer: D
Vote an answer
Explanation: Only visible for EduDump members. You can sign-up / login (it's free).
Which of the following attack inundates DHCP servers with fake DHCP requests toexhaust all available IP addresses?
Correct Answer: B
Vote an answer
Explanation: Only visible for EduDump members. You can sign-up / login (it's free).
The SOC analyst at a national cybersecurity agency detected unusual system behavior on critical infrastructure servers. Initial scans flagged potential malware activity. Due to the sophisticated nature of the suspected attack, including registry modifications, process injection, and unauthorized tasks, the case was escalated to the forensic team. The forensic team suspects the malware is designed for stealthy data exfiltration. To assess the compromise, they captured system snapshots before and after suspected infection to identify unauthorized changes and anomalies. Which process are they following by capturing and comparing system snapshots to detect unauthorized changes?
Correct Answer: A
Vote an answer
Explanation: Only visible for EduDump members. You can sign-up / login (it's free).
0
0
0
10
