[2024年06月08日] 合格率取得する秘訣は312-39認定試験エンジンPDF [Q57-Q82]

Share

[2024年06月08日] 合格率取得する秘訣は312-39認定試験エンジンPDF

312-39試験問題集合格できるには更新された2024年06月テスト問題集

質問 # 57
Which of the log storage method arranges event logs in the form of a circular buffer?

  • A. non-wrapping
  • B. wrapping
  • C. LIFO
  • D. FIFO

正解:B

解説:


質問 # 58
Harley is working as a SOC analyst with Powell Tech. Powell Inc. is using Internet Information Service (IIS) version 7.0 to host their website.
Where will Harley find the web server logs, if he wants to investigate them for any anomalies?

  • A. SystemDrive%\inetpub\logs\LogFiles\W3SVCN
  • B. %SystemDrive%\LogFiles\logs\W3SVCN
  • C. SystemDrive%\LogFiles\inetpub\logs\W3SVCN
  • D. SystemDrive%\ inetpub\LogFiles\logs\W3SVCN

正解:C


質問 # 59
Rinni, SOC analyst, while monitoring IDS logs detected events shown in the figure below.

What does this event log indicate?

  • A. XSS Attack
  • B. Directory Traversal Attack
  • C. SQL Injection Attack
  • D. Parameter Tampering Attack

正解:D


質問 # 60
Which of the following contains the performance measures, and proper project and time management details?

  • A. Incident Response Procedures
  • B. Incident Response Tactics
  • C. Incident Response Process
  • D. Incident Response Policy

正解:A


質問 # 61
In which phase of Lockheed Martin's - Cyber Kill Chain Methodology, adversary creates a deliverable malicious payload using an exploit and a backdoor?

  • A. Delivery
  • B. Weaponization
  • C. Exploitation
  • D. Reconnaissance

正解:B

解説:


質問 # 62
Shawn is a security manager working at Lee Inc Solution. His organization wants to develop threat intelligent strategy plan. As a part of threat intelligent strategy plan, he suggested various components, such as threat intelligence requirement analysis, intelligence and collection planning, asset identification, threat reports, and intelligence buy-in.
Which one of the following components he should include in the above threat intelligent strategy plan to make it effective?

  • A. Threat buy-in
  • B. Threat boosting
  • C. Threat pivoting
  • D. Threat trending

正解:D

解説:
In the context of a threat intelligence strategy plan, 'threat trending' is a critical component that should be included to make the plan effective. Threat trending involves analyzing data over time to identify patterns and trends in cyber threats. This allows an organization to anticipate potential future attacks and prepare accordingly. It is an essential part of a proactive threat intelligence program, enabling the organization to stay ahead of threats rather than just reacting to them.
The other options, while they may be relevant in certain contexts, are not as central to the development of a threat intelligence strategy plan as 'threat trending' is. 'Threat pivoting' refers to the process of using one piece of data to uncover more data (e.g., using an IP address to find related domains). 'Threat buy-in' is not a standard term in threat intelligence, but it could refer to gaining organizational support for threat intelligence efforts. 'Threat boosting' is not a recognized term in the field of cybersecurity.
References: The answer is derived from the components of a threat intelligence strategy as outlined in the EC-Council's Certified SOC Analyst (CSA) training and certification program, which emphasizes the importance of understanding and implementing a threat intelligence-driven SOC12. The CSA program also covers the use of threat intelligence for enhanced incident detection1. The EC-Council materials highlight the need for SOC analysts to understand various types of cyber threats and the importance of threat intelligence in detecting and responding to these threats2.


質問 # 63
Which of the following command is used to view iptables logs on Ubuntu and Debian distributions?

  • A. $ tailf /var/log/sys/kern.log
  • B. # tailf /var/log/sys/messages
  • C. # tailf /var/log/messages
  • D. $ tailf /var/log/kern.log

正解:D

解説:
In Ubuntu and Debian distributions, the command to view iptables logs is $ tailf /var/log/kern.log. This command allows you to follow the end of the kernel log file in real-time. It is useful for monitoring the logs as they are updated. The tailf command is similar to tail -f, and it displays the last ten lines of the file by default and then outputs appended data as the file grows.
References:The answer is verified according to the EC-Council's Certified SOC Analyst (CSA) course materials and study guides, which cover the practical aspects of security operations and incident handling, including the monitoring of systems and logs123.


質問 # 64
An attacker, in an attempt to exploit the vulnerability in the dynamically generated welcome page, inserted code at the end of the company's URL as follows:
http://technosoft.com.com/<script>alert("WARNING: The application has encountered an error");</script>.
Identify the attack demonstrated in the above scenario.

  • A. Cross-site Scripting Attack
  • B. SQL Injection Attack
  • C. Denial-of-Service Attack
  • D. Session Attack

正解:D


質問 # 65
Which of the following is a set of standard guidelines for ongoing development, enhancement, storage, dissemination and implementation of security standards for account data protection?

  • A. HIPAA
  • B. DARPA
  • C. PCI-DSS
  • D. FISMA

正解:C


質問 # 66
Which of the following is a default directory in a Mac OS X that stores security-related logs?

  • A. /var/log/cups/access_log
  • B. /Library/Logs/Sync
  • C. /private/var/log
  • D. ~/Library/Logs

正解:C

解説:


質問 # 67
Which of the following formula is used to calculate the EPS of the organization?

  • A. EPS = number of correlated events / time in seconds
  • B. EPS = average number of correlated events / time in seconds
  • C. EPS = number of normalized events / time in seconds
  • D. EPS = number of security events / time in seconds

正解:D

解説:


質問 # 68
Which of the following attack can be eradicated by converting all non-alphanumeric characters to HTML character entities before displaying the user input in search engines and forums?

  • A. Web Services Attacks
  • B. Broken Access Control Attacks
  • C. Session Management Attacks
  • D. XSS Attacks

正解:D


質問 # 69
A type of threat intelligent that find out the information about the attacker by misleading them is known as
.

  • A. Threat trending Intelligence
  • B. Operational Intelligence
  • C. Detection Threat Intelligence
  • D. Counter Intelligence

正解:B


質問 # 70
Which of the following Windows event is logged every time when a user tries to access the "Registry" key?

  • A. 0
  • B. 1
  • C. 2
  • D. 3

正解:C

解説:
The Windows event that is logged when a user tries to access a "Registry" key is identified by the event ID
4657. This event ID corresponds to the modification of a registry value. Here's how the process is tracked and logged:
* Detection: The system monitors access to registry keys and values.
* Logging: If a user accesses a registry key, and the key's audit policy is set to log such events, the event is logged.
* Event ID 4657: This specific event ID is used to denote that a registry value was modified, which includes creation, modification, and deletion of registry values.
* Audit Policy: For the event to be logged, "Set Value" auditing must be enabled in the registry key's System Access Control List (SACL).
References: The EC-Council SOC Analyst course materials and study guides detail the various Windows event IDs and their significance in monitoring and analyzing security events. Event ID 4657 is specifically covered as part of the curriculum that deals with registry access monitoring and logging1. Additionally, Microsoft's official documentation provides comprehensive information on this event ID and its role in security auditing2.


質問 # 71
Jason, a SOC Analyst with Maximus Tech, was investigating Cisco ASA Firewall logs and came across the following log entry:
May 06 2018 21:27:27 asa 1: %ASA -5 - 11008: User 'enable_15' executed the 'configure term' command What does the security level in the above log indicates?

  • A. Warning condition message
  • B. Informational message
  • C. Critical condition message
  • D. Normal but significant message

正解:D

解説:


質問 # 72
An organization is implementing and deploying the SIEM with following capabilities.

What kind of SIEM deployment architecture the organization is planning to implement?

  • A. Self-hosted, Jointly Managed
  • B. Cloud, MSSP Managed
  • C. Self-hosted, Self-Managed
  • D. Self-hosted, MSSP Managed

正解:B


質問 # 73
Mike is an incident handler for PNP Infosystems Inc. One day, there was a ticket raised regarding a critical incident and Mike was assigned to handle the incident. During the process of incident handling, at one stage, he has performed incident analysis and validation to check whether the incident is a true incident or a false positive.
Identify the stage in which he is currently in.

  • A. Post-Incident Activities
  • B. Incident Disclosure
  • C. Incident Recording and Assignment
  • D. Incident Triage

正解:D

解説:


質問 # 74
Which of the following command is used to enable logging in iptables?

  • A. $ iptables -B INPUT -j LOG
  • B. $ iptables -A OUTPUT -j LOG
  • C. $ iptables -A INPUT -j LOG
  • D. $ iptables -B OUTPUT -j LOG

正解:B


質問 # 75
An organization is implementing and deploying the SIEM with following capabilities.

What kind of SIEM deployment architecture the organization is planning to implement?

  • A. Cloud, MSSP Managed
  • B. Self-hosted, Jointly Managed
  • C. Self-hosted, Self-Managed
  • D. Self-hosted, MSSP Managed

正解:C

解説:


質問 # 76
What does the HTTP status codes 1XX represents?

  • A. Redirection
  • B. Client error
  • C. Success
  • D. Informational message

正解:D

解説:
The HTTP status codes that fall within the range of 1XX represent informational messages. These are provisional responses that indicate the initial part of a request has been received and has not yet been rejected by the server. The server is informing the client that it has received the header of the request and the client should continue to send the request body if it has not already done so. These status codes are used to provide an interim response to the client while the server processes the full request.
References: The EC-Council's Certified SOC Analyst (C|SA) program includes the study of HTTP status codes as part of understanding web server logs and troubleshooting web server issues. The informational responses (1XX status codes) are covered in the curriculum and can be found in the official EC-Council SOC Analyst study guides and courses. The information is also consistent with the standard definitions provided by the Internet Engineering Task Force (IETF) in RFC 9110, as well as other reputable sources such as MDN Web Docs1 and Wikipedia2.


質問 # 77
Which of the following attack can be eradicated by using a safe API to avoid the use of the interpreter entirely?

  • A. Command Injection Attacks
  • B. SQL Injection Attacks
  • C. File Injection Attacks
  • D. LDAP Injection Attacks

正解:B


質問 # 78
What type of event is recorded when an application driver loads successfully in Windows?

  • A. Information
  • B. Error
  • C. Warning
  • D. Success Audit

正解:A

解説:
In Windows, when an application driver loads successfully, it is recorded as an "Information" event in the Event Viewer. This type of event indicates the successful operation of an application or system component, which in this case is the loading of a driver. Information events are typically used to log the normal operations of software and hardware, providing a record that can be useful for troubleshooting and monitoring system activity.
References: The EC-Council's Certified SOC Analyst (C|SA) program covers the types of events recorded in Windows systems, including the significance of Information events. This knowledge is essential for SOC analysts who monitor and analyze logs as part of their role in identifying and responding to security incidents. The details about event types and their implications are included in the official EC-Council SOC Analyst study guides and courses1234.


質問 # 79
An attacker exploits the logic validation mechanisms of an e-commerce website. He successfully purchases a product worth $100 for $10 by modifying the URL exchanged between the client and the server.
Original
URL: http://www.buyonline.com/product.aspx?profile=12
&debit=100
Modified URL: http://www.buyonline.com/product.aspx?profile=12
&debit=10
Identify the attack depicted in the above scenario.

  • A. Session Fixation Attack
  • B. SQL Injection Attack
  • C. Denial-of-Service Attack
  • D. Parameter Tampering Attack

正解:D

解説:
The scenario described involves an attacker modifying the URL parameters to alter the price of a product, which is a classic example of a Parameter Tampering attack. This type of attack occurs when an attacker manipulates parameters exchanged between client and server in order to modify application data, such as user credentials, permissions, and price of products, as seen in this case.
The original URL indicates that the product price (debit) is set to $100. The attacker has modified this parameter value to $10 in the modified URL, thus exploiting the logic validation mechanism of the e-commerce website to purchase the product at a lower price. This manipulation of parameters is indicative of a Parameter Tampering attack, which is a form of web-based attack where the properties of a web application are altered to achieve unintended outcomes by the attacker.
References: The EC-Council's Certified SOC Analyst (CSA) course material covers various types of cyber attacks, including Parameter Tampering. The CSA study guides and resources provide detailed information on how to identify and respond to such attacks, emphasizing the importance of validating and sanitizing all inputs and parameters to prevent exploitation.


質問 # 80
Identify the attack, where an attacker tries to discover all the possible information about a target network before launching a further attack.

  • A. Ransomware Attack
  • B. Reconnaissance Attack
  • C. Man-In-Middle Attack
  • D. DoS Attack

正解:B

解説:
A Reconnaissance Attack is a type of cyber attack where the attacker engages in activities to gather information about a target network before launching further attacks. This preliminary phase involves collecting data that could include network infrastructure details, system vulnerabilities, and other critical information that could be exploited in subsequent stages of an attack. Reconnaissance can be both passive, involving information gathering without directly interacting with the target system, or active, which may include more direct methods like port scanning.
References:The concept of Reconnaissance Attacks is detailed in EC-Council's cybersecurity resources, such as the Certified Threat Intelligence Analyst (C|TIA) program and articles on the Cyber Kill Chain, which describe reconnaissance as the first stage in a cyber attack12. These resources outline the methodologies and types of information gathered during reconnaissance, emphasizing its role in identifying potential attack vectors12.


質問 # 81
Which of the following threat intelligence helps cyber security professionals such as security operations managers, network operations center and incident responders to understand how the adversaries are expected to perform the attack on the organization, and the technical capabilities and goals of the attackers along with the attack vectors?

  • A. Strategic Threat Intelligence
  • B. Operational Threat Intelligence
  • C. Analytical Threat Intelligence
  • D. Tactical Threat Intelligence

正解:B

解説:
Operational Threat Intelligence is focused on the specifics of imminent or ongoing attacks. It provides insights into the nature of the threat, the identity of the attackers (if known), their motivation, capabilities, and objectives, as well as the tactics, techniques, and procedures (TTPs) they are likely to use. This type of intelligence is crucial for security operations managers, network operations center personnel, and incident responders because it allows them to understand and anticipate the attackers' moves, prepare specific defenses, and respond effectively to incidents.
References: The EC-Council's Certified Threat Intelligence Analyst (C|TIA) program covers the use of Operational Threat Intelligence within a SOC environment. The program emphasizes the importance of understanding and utilizing threat intelligence to predict and mitigate cyber threats. The Certified SOC Analyst (C|SA) training also discusses the role of threat intelligence in SOC operations, including Operational Threat Intelligence12.


質問 # 82
......


EC-COUNCIL 312-39試験は、認定SOC(セキュリティオペレーションセンター)アナリストになることを目指すプロフェッショナルのスキルと知識を評価するために設計された認定テストです。この認定は世界的に認められ、サイバーセキュリティ業界で高く評価されています。この試験は、候補者のセキュリティインシデントと脅威を検出、分析、対応する能力、およびセキュリティオペレーションセンターを管理および維持する能力をテストするように設計されています。

 

312-39テスト問題練習は2024年最新のに更新された102問あります:https://jp.fast2test.com/312-39-premium-file.html

更新されたプレミアム312-39試験エンジンPDF:https://drive.google.com/open?id=1cvI0HcLZ_onEb9X6rL6o8bInnQStqkOI


弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

我々の働いている時間: ( GMT 0:00-15:00 )
月曜日から土曜日まで

サポート: 現在連絡 

English Deutsch 繁体中文 한국어