312-39 Online Practice Questions and Answers

Shawn is a security manager working at Lee Inc Solution. His organization wants to develop threat intelligent strategy plan. As a part of threat intelligent strategy plan, he suggested various components, such as threat intelligence requirement analysis, intelligence and collection planning, asset identification, threat reports, and intelligence buy-in.

Which one of the following components he should include in the above threat intelligent strategy plan to make it effective?

A. Threat pivoting

B. Threat trending

C. Threat buy-in

D. Threat boosting

Which of the following can help you eliminate the burden of investigating false positives?

A. Keeping default rules

B. Not trusting the security devices

C. Treating every alert as high level

D. Ingesting the context data

Which of the following event detection techniques uses User and Entity Behavior Analytics (UEBA)?

A. Rule-based detection

B. Heuristic-based detection

C. Anomaly-based detection

D. Signature-based detection

Which of the following framework describes the essential characteristics of an organization's security engineering process that must exist to ensure good security engineering?

A. COBIT

B. ITIL

C. SSE-CMM

D. SOC-CMM

Which of the following threat intelligence is used by a SIEM for supplying the analysts with context and "situational awareness" by using threat actor TTPs, malware campaigns, tools used by threat actors.

1.

Strategic threat intelligence

2.

Tactical threat intelligence

3.

Operational threat intelligence

4.

Technical threat intelligence

A. 2 and 3

B. 1 and 3

C. 3 and 4

D. 1 and 2

Jason, a SOC Analyst with Maximus Tech, was investigating Cisco ASA Firewall logs and came across the following log entry:

May 06 2018 21:27:27 asa 1: %ASA -5

Which of the following is a correct flow of the stages in an incident handling and response (IHandR) process?

A. Containment

In which log collection mechanism, the system or application sends log records either on the local disk or over the network.

A. rule-based

B. pull-based

C. push-based

D. signature-based

Which of the following technique protects from flooding attacks originated from the valid prefixes (IP addresses) so that they can be traced to its true source?

A. Rate Limiting

B. Egress Filtering

C. Ingress Filtering

D. Throttling

David is a SOC analyst in Karen Tech. One day an attack is initiated by the intruders but David was not able to find any suspicious events. This type of incident is categorized into __________?

A. True Positive Incidents

B. False positive Incidents

C. True Negative Incidents

D. False Negative Incidents