最新の312-39学習ガイド2022年最新の- 提供するのはテストエンジンとPDF [Q53-Q78]

Share

最新の312-39学習ガイド2022年最新の- 提供するのはテストエンジンとPDF

最新版を今すぐ試そう312-39練習テスト問題解答が待ってます


EC-COUNCIL 312-39 認定試験の出題範囲:

トピック出題範囲
トピック 1
  • SIEM展開全体で広く使用されているユースケースを学ぶ
  • インシデント対応プロセスの知識を得る
トピック 2
  • セキュリティイベントとログの収集、監視、分析を実行できる
  • SIEMソリューションの管理に関する知識を得る
トピック 3
  • SIEMユースケース開発プロセスの実践的な経験を積む
  • 企業における脅威の監視と分析を計画、整理、実行する
トピック 4
  • アラートトリアージプロセスの実践的な経験を積む
  • 分析方法と結果のブリーフィングとレポートを作成できる
トピック 5
  • 脅威インテリジェンスをSIEMに統合する知識を習得する
  • 攻撃者のツール、戦術、および手順を認識できる

 

質問 53
Which of the following attack can be eradicated by disabling of "allow_url_fopen and allow_url_include" in the php.ini file?

  • A. Command Injection Attacks
  • B. File Injection Attacks
  • C. URL Injection Attacks
  • D. LDAP Injection Attacks

正解: C

 

質問 54
Which of the following steps of incident handling and response process focus on limiting the scope and extent of an incident?

  • A. Data Collection
  • B. Identification
  • C. Containment
  • D. Eradication

正解: C

 

質問 55
Which of the following stage executed after identifying the required event sources?

  • A. Identifying the monitoring Requirements
  • B. Implementing and Testing the Use Case
  • C. Validating the event source against monitoring requirement
  • D. Defining Rule for the Use Case

正解: C

 

質問 56
InfoSystem LLC, a US-based company, is establishing an in-house SOC. John has been given the responsibility to finalize strategy, policies, and procedures for the SOC.
Identify the job role of John.

  • A. Security Engineer
  • B. Security Analyst - L2
  • C. Security Analyst - L1
  • D. Chief Information Security Officer (CISO)

正解: D

 

質問 57
Which of the following framework describes the essential characteristics of an organization's security engineering process that must exist to ensure good security engineering?

  • A. COBIT
  • B. SOC-CMM
  • C. ITIL
  • D. SSE-CMM

正解: D

 

質問 58
An attacker exploits the logic validation mechanisms of an e-commerce website. He successfully purchases a product worth $100 for $10 by modifying the URL exchanged between the client and the server.
Original
URL: http://www.buyonline.com/product.aspx?profile=12
&debit=100
Modified URL: http://www.buyonline.com/product.aspx?profile=12
&debit=10
Identify the attack depicted in the above scenario.

  • A. Parameter Tampering Attack
  • B. Session Fixation Attack
  • C. Denial-of-Service Attack
  • D. SQL Injection Attack

正解: B

 

質問 59
If the SIEM generates the following four alerts at the same time:
I.Firewall blocking traffic from getting into the network alerts
II.SQL injection attempt alerts
III.Data deletion attempt alerts
IV.Brute-force attempt alerts
Which alert should be given least priority as per effective alert triaging?

  • A. III
  • B. II
  • C. IV
  • D. I

正解: D

 

質問 60
Which of the following Windows Event Id will help you monitors file sharing across the network?

  • A. 0
  • B. 1
  • C. 2
  • D. 3

正解: D

 

質問 61
Which of the following contains the performance measures, and proper project and time management details?

  • A. Incident Response Process
  • B. Incident Response Policy
  • C. Incident Response Tactics
  • D. Incident Response Procedures

正解: D

 

質問 62
Charline is working as an L2 SOC Analyst. One day, an L1 SOC Analyst escalated an incident to her for further investigation and confirmation. Charline, after a thorough investigation, confirmed the incident and assigned it with an initial priority.
What would be her next action according to the SOC workflow?

  • A. She should communicate this incident to the media immediately
  • B. She should formally raise a ticket and forward it to the IRT
  • C. She should immediately escalate this issue to the management
  • D. She should immediately contact the network administrator to solve the problem

正解: D

 

質問 63
Identify the attack, where an attacker tries to discover all the possible information about a target network before launching a further attack.

  • A. Ransomware Attack
  • B. Reconnaissance Attack
  • C. Man-In-Middle Attack
  • D. DoS Attack

正解: B

 

質問 64
An organization is implementing and deploying the SIEM with following capabilities.

What kind of SIEM deployment architecture the organization is planning to implement?

  • A. Cloud, MSSP Managed
  • B. Self-hosted, Jointly Managed
  • C. Self-hosted, Self-Managed
  • D. Self-hosted, MSSP Managed

正解: A

 

質問 65
Which of the following is a report writing tool that will help incident handlers to generate efficient reports on detected incidents during incident response process?

  • A. threat_note
  • B. Malstrom
  • C. MagicTree
  • D. IntelMQ

正解: D

 

質問 66
Which of the following tool can be used to filter web requests associated with the SQL Injection attack?

  • A. Nmap
  • B. ZAP proxy
  • C. UrlScan
  • D. Hydra

正解: C

 

質問 67
Bonney's system has been compromised by a gruesome malware.
What is the primary step that is advisable to Bonney in order to contain the malware incident from spreading?

  • A. Complaint to police in a formal way regarding the incident
  • B. Turn off the infected machine
  • C. Leave it to the network administrators to handle
  • D. Call the legal department in the organization and inform about the incident

正解: B

 

質問 68
Which of the following attack can be eradicated by using a safe API to avoid the use of the interpreter entirely?

  • A. Command Injection Attacks
  • B. File Injection Attacks
  • C. LDAP Injection Attacks
  • D. SQL Injection Attacks

正解: D

 

質問 69
Harley is working as a SOC analyst with Powell Tech. Powell Inc. is using Internet Information Service (IIS) version 7.0 to host their website.
Where will Harley find the web server logs, if he wants to investigate them for any anomalies?

  • A. SystemDrive%\LogFiles\inetpub\logs\W3SVCN
  • B. SystemDrive%\ inetpub\LogFiles\logs\W3SVCN
  • C. %SystemDrive%\LogFiles\logs\W3SVCN
  • D. SystemDrive%\inetpub\logs\LogFiles\W3SVCN

正解: A

 

質問 70
Where will you find the reputation IP database, if you want to monitor traffic from known bad IP reputation using OSSIM SIEM?

  • A. /etc/ossim/server/reputation.data
  • B. /etc/ossim/siem/server/reputation/data
  • C. /etc/siem/ossim/server/reputation.data
  • D. /etc/ossim/reputation

正解: D

 

質問 71
Jony, a security analyst, while monitoring IIS logs, identified events shown in the figure below.

What does this event log indicate?

  • A. Parameter Tampering Attack
  • B. Directory Traversal Attack
  • C. SQL Injection Attack
  • D. XSS Attack

正解: A

 

質問 72
Which of the following are the responsibilities of SIEM Agents?
1.Collecting data received from various devices sending data to SIEM before forwarding it to the central engine.
2.Normalizing data received from various devices sending data to SIEM before forwarding it to the central engine.
3.Co-relating data received from various devices sending data to SIEM before forwarding it to the central engine.
4.Visualizing data received from various devices sending data to SIEM before forwarding it to the central engine.

  • A. 1 and 2
  • B. 1 and 4
  • C. 3 and 1
  • D. 2 and 3

正解: B

 

質問 73
Which of the following attacks causes sudden changes in file extensions or increase in file renames at rapid speed?

  • A. Ransomware Attack
  • B. File Injection Attack
  • C. DoS Attack
  • D. DHCP starvation Attack

正解: A

 

質問 74
What does the HTTP status codes 1XX represents?

  • A. Redirection
  • B. Client error
  • C. Success
  • D. Informational message

正解: D

 

質問 75
Which of the following can help you eliminate the burden of investigating false positives?

  • A. Keeping default rules
  • B. Treating every alert as high level
  • C. Not trusting the security devices
  • D. Ingesting the context data

正解: A

 

質問 76
Which one of the following is the correct flow for Setting Up a Computer Forensics Lab?

  • A. Planning and budgeting -> Physical location and structural design considerations -> Forensics lab licensing ->Work area considerations -> Human resource considerations -> Physical security recommendations
  • B. Planning and budgeting -> Physical location and structural design considerations-> Forensics lab licensing -> Human resource considerations -> Work area considerations -> Physical security recommendations
  • C. Planning and budgeting -> Forensics lab licensing -> Physical location and structural design considerations -> Work area considerations -> Physical security recommendations -> Human resource considerations
  • D. Planning and budgeting -> Physical location and structural design considerations -> Work area considerations -> Human resource considerations -> Physical security recommendations -> Forensics lab licensing

正解: D

 

質問 77
Which of the following data source will a SOC Analyst use to monitor connections to the insecure ports?

  • A. DHCP Data
  • B. IIS Data
  • C. DNS Data
  • D. Netstat Data

正解: D

 

質問 78
......

312-39問題集と試験テストエンジン:https://jp.fast2test.com/312-39-premium-file.html

EC-COUNCIL 312-39問題集にはリアル試験問題解答:https://drive.google.com/open?id=1wEcx3MNdxfIzAjUW0uetusMkj1KtPth-


弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

我々の働いている時間: ( GMT 0:00-15:00 )
月曜日から土曜日まで

サポート: 現在連絡 

English Deutsch 繁体中文 한국어