
312-39 Certification - The Ultimate Guide [Updated 2022]
312-39 Practice Exam and Study Guides - Verified By TestsDumps
Prerequisites
The target candidates for this certification exam include SOC analysts, cybersecurity analysts, network security specialists, network defense analysts, and network security operators, among others. EC-Council 312-39 requires that the learners have at least one year of practical work experience within the domain of Network Security or Network Administration. They must provide proof of work experience when applying for this test. For those individuals who do not possess the required experience, they can make up for this by taking the official course. It can be accessed through the official center at one of the accredited training centers, through the approved academic institution, or the iClass platform.
NEW QUESTION 21
The threat intelligence, which will help you, understand adversary intent and make informed decision to ensure appropriate security in alignment with risk.
What kind of threat intelligence described above?
- A. Tactical Threat Intelligence
- B. Functional Threat Intelligence
- C. Operational Threat Intelligence
- D. Strategic Threat Intelligence
Answer: D
NEW QUESTION 22
Which of the following stage executed after identifying the required event sources?
- A. Implementing and Testing the Use Case
- B. Identifying the monitoring Requirements
- C. Defining Rule for the Use Case
- D. Validating the event source against monitoring requirement
Answer: D
NEW QUESTION 23
Jane, a security analyst, while analyzing IDS logs, detected an event matching Regex
/((\%3C)|<)((\%69)|i|(\% 49))((\%6D)|m|(\%4D))((\%67)|g|(\%47))[^\n]+((\%3E)|>)/|.
What does this event log indicate?
- A. Directory Traversal Attack
- B. XSS Attack
- C. SQL Injection Attack
- D. Parameter Tampering Attack
Answer: B
NEW QUESTION 24
Which of the following Windows Event Id will help you monitors file sharing across the network?
- A. 0
- B. 1
- C. 2
- D. 3
Answer: D
NEW QUESTION 25
Which of the following technique protects from flooding attacks originated from the valid prefixes (IP addresses) so that they can be traced to its true source?
- A. Throttling
- B. Egress Filtering
- C. Ingress Filtering
- D. Rate Limiting
Answer: C
NEW QUESTION 26
Identify the attack when an attacker by several trial and error can read the contents of a password file present in the restricted etc folder just by manipulating the URL in the browser as shown:
http://www.terabytes.com/process.php./../../../../etc/passwd
- A. Denial-of-Service Attack
- B. Form Tampering Attack
- C. Directory Traversal Attack
- D. SQL Injection Attack
Answer: D
NEW QUESTION 27
Identify the password cracking attempt involving a precomputed dictionary of plaintext passwords and their corresponding hash values to crack the password.
- A. Syllable Attack
- B. Dictionary Attack
- C. Rainbow Table Attack
- D. Bruteforce Attack
Answer: B
NEW QUESTION 28
Peter, a SOC analyst with Spade Systems, is monitoring and analyzing the router logs of the company and wanted to check the logs that are generated by access control list numbered 210.
What filter should Peter add to the 'show logging' command to get the required output?
- A. show logging | access 210
- B. show logging | include 210
- C. show logging | route 210
- D. show logging | forward 210
Answer: B
NEW QUESTION 29
An attacker exploits the logic validation mechanisms of an e-commerce website. He successfully purchases a product worth $100 for $10 by modifying the URL exchanged between the client and the server.
Original
URL: http://www.buyonline.com/product.aspx?profile=12
&debit=100
Modified URL: http://www.buyonline.com/product.aspx?profile=12
&debit=10
Identify the attack depicted in the above scenario.
- A. Denial-of-Service Attack
- B. SQL Injection Attack
- C. Parameter Tampering Attack
- D. Session Fixation Attack
Answer: D
NEW QUESTION 30
Which of the following data source will a SOC Analyst use to monitor connections to the insecure ports?
- A. IIS Data
- B. Netstat Data
- C. DNS Data
- D. DHCP Data
Answer: B
NEW QUESTION 31
Which of the following attack can be eradicated by filtering improper XML syntax?
- A. Insufficient Logging and Monitoring Attacks
- B. CAPTCHA Attacks
- C. SQL Injection Attacks
- D. Web Services Attacks
Answer: C
NEW QUESTION 32
In which log collection mechanism, the system or application sends log records either on the local disk or over the network.
- A. signature-based
- B. rule-based
- C. pull-based
- D. push-based
Answer: B
NEW QUESTION 33
What does Windows event ID 4740 indicate?
- A. A user account was enabled.
- B. A user account was created.
- C. A user account was locked out.
- D. A user account was disabled.
Answer: C
NEW QUESTION 34
Which of the following Windows event is logged every time when a user tries to access the "Registry" key?
- A. 0
- B. 1
- C. 2
- D. 3
Answer: D
NEW QUESTION 35
In which phase of Lockheed Martin's - Cyber Kill Chain Methodology, adversary creates a deliverable malicious payload using an exploit and a backdoor?
- A. Reconnaissance
- B. Exploitation
- C. Weaponization
- D. Delivery
Answer: D
NEW QUESTION 36
What does the Security Log Event ID 4624 of Windows 10 indicate?
- A. An account was successfully logged on
- B. New process executed
- C. A share was assessed
- D. Service added to the endpoint
Answer: A
NEW QUESTION 37
Which of the following command is used to enable logging in iptables?
- A. $ iptables -A OUTPUT -j LOG
- B. $ iptables -A INPUT -j LOG
- C. $ iptables -B OUTPUT -j LOG
- D. $ iptables -B INPUT -j LOG
Answer: A
NEW QUESTION 38
An organization wants to implement a SIEM deployment architecture. However, they have the capability to do only log collection and the rest of the SIEM functions must be managed by an MSSP.
Which SIEM deployment architecture will the organization adopt?
- A. Cloud, MSSP Managed
- B. Self-hosted, Self-Managed
- C. Self-hosted, Jointly Managed
- D. Self-hosted, MSSP Managed
Answer: D
NEW QUESTION 39
......
Ultimate Guide to the 312-39 - Latest Edition Available Now: https://actualanswers.testsdumps.com/312-39_real-exam-dumps.html
