312-39 Online Practice Questions and Answers

Which one of the following is the correct flow for Setting Up a Computer Forensics Lab?

A. Planning and budgeting

Identify the attack when an attacker by several trial and error can read the contents of a password file present in the restricted etc folder just by manipulating the URL in the browser as shown: http://www.terabytes.com/process.php./../../../../etc/passwd

A. Directory Traversal Attack

B. SQL Injection Attack

C. Denial-of-Service Attack

D. Form Tampering Attack

Which of the following event detection techniques uses User and Entity Behavior Analytics (UEBA)?

A. Rule-based detection

B. Heuristic-based detection

C. Anomaly-based detection

D. Signature-based detection

Which of the following threat intelligence is used by a SIEM for supplying the analysts with context and "situational awareness" by using threat actor TTPs, malware campaigns, tools used by threat actors.

1.

Strategic threat intelligence

2.

Tactical threat intelligence

3.

Operational threat intelligence

4.

Technical threat intelligence

A. 2 and 3

B. 1 and 3

C. 3 and 4

D. 1 and 2

According to the Risk Matrix table, what will be the risk level when the probability of an attack is very high, and the impact of that attack is major? NOTE: It is mandatory to answer the question before proceeding to the next one.

A. High

B. Extreme

C. Low

D. Medium

John, a threat analyst at GreenTech Solutions, wants to gather information about specific threats against the organization. He started collecting information from various sources, such as humans, social media, chat room, and so on, and created a report that contains malicious activity.

Which of the following types of threat intelligence did he use?

A. Strategic Threat Intelligence

B. Technical Threat Intelligence

C. Tactical Threat Intelligence

D. Operational Threat Intelligence

John, SOC analyst wants to monitor the attempt of process creation activities from any of their Windows endpoints. Which of following Splunk query will help him to fetch related logs associated with process creation?

A. index=windows LogName=Security EventCode=4678 NOT (Account_Name=*$) .. .. ... ..

B. index=windows LogName=Security EventCode=4688 NOT (Account_Name=*$) .. .. ..

C. index=windows LogName=Security EventCode=3688 NOT (Account_Name=*$) .. .. ..

D. index=windows LogName=Security EventCode=5688 NOT (Account_Name=*$) ... ... ...

In which log collection mechanism, the system or application sends log records either on the local disk or over the network.

A. rule-based

B. pull-based

C. push-based

D. signature-based

Which of the following data source will a SOC Analyst use to monitor connections to the insecure ports?

A. Netstat Data

B. DNS Data

C. IIS Data

D. DHCP Data

Which of the following technique protects from flooding attacks originated from the valid prefixes (IP addresses) so that they can be traced to its true source?

A. Rate Limiting

B. Egress Filtering

C. Ingress Filtering

D. Throttling