EC-COUNCIL Certified SOC Analyst (CSA) - 312-39무료 덤프문제 풀어보기
Which of the following formula represents the risk levels?
정답: D
설명: (Fast2test 회원만 볼 수 있음)
According to the Risk Matrix table, what will be the risk level when the probability of an attack is very low and the impact of that attack is major?
정답: B
설명: (Fast2test 회원만 볼 수 있음)
Which of the following Windows Event Id will help you monitors file sharing across the network?
정답: C
설명: (Fast2test 회원만 볼 수 있음)
John, SOC analyst wants to monitor the attempt of process creation activities from any of their Windows endpoints.
Which of following Splunk query will help him to fetch related logs associated with process creation?
Which of following Splunk query will help him to fetch related logs associated with process creation?
정답: C
설명: (Fast2test 회원만 볼 수 있음)
A threat hunter analyzing an infected endpoint finds that malicious processes keep reappearing even after termination, making traditional remediation ineffective. The user reports slowdowns, abnormal pop-ups, and unauthorized application launches. Deeper inspection reveals multiple scheduled tasks executing unknown scripts at intervals, along with suspicious registry modifications enabling automatic execution on startup. The endpoint makes intermittent encrypted outbound connections to an unclassified external server. The organization also observed multiple failed privileged logins from the same subnet. Which signs should the threat hunter look for to confirm and mitigate the threat?
정답: D
설명: (Fast2test 회원만 볼 수 있음)
In which phase of Lockheed Martin's - Cyber Kill Chain Methodology, adversary creates a deliverable malicious payload using an exploit and a backdoor?
정답: D
설명: (Fast2test 회원만 볼 수 있음)
The SOC team at CyberSecure Corp is conducting a security review to identify anomalous log entries from firewall logs. The team needs to extract patterns such as email addresses, IP addresses, and URLs to detect unauthorized access attempts, phishing activities, and suspicious external communications. The SOC analyst applies various regular expressions (regex) patterns to filter and analyze logs efficiently. For example, they use \b\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}\b to match IPv4 addresses. Which regex pattern should the SOC analyst use to extract all hexadecimal color codes found in the logs?
정답: A
설명: (Fast2test 회원만 볼 수 있음)
You are a SOC analyst on duty during a high-severity incident involving a DDoS attack targeting your organization's e-commerce platform. The attack disrupts online transactions. Using SIEM tools and packet capture systems, you identify unusual traffic patterns and trace activity back to command-and-control (C2) servers directing a botnet. Your goal is to recommend an eradication strategy that will sever the attackers' control over infected devices and halt the attack. Which strategy should your team implement?
정답: D
설명: (Fast2test 회원만 볼 수 있음)
An organization with a complex IT infrastructure is planning to implement a SIEM solution to improve its threat detection and response capabilities. Due to the scale and complexity of its systems, the organization opts for a phased deployment approach to ensure a smooth implementation and reduce potential risks. Which of the following should be the first phase in their SIEM deployment strategy?
정답: A
설명: (Fast2test 회원만 볼 수 있음)
Jannet works in a multinational corporation that operates multiple data centers, cloud environments, and on- premises systems. As a SOC analyst, she notices that security incidents are taking too long to detect and investigate. After analyzing this, she discovers that logs from firewalls, endpoint security solutions, authentication servers, and cloud applications are scattered across different systems in various formats. Her team has to manually convert logs into a readable format before investigating incidents. What approach should she implement to accept logs from heterogeneous sources with different formats, convert them into a common format, and improve incident detection and response time?
정답: D
설명: (Fast2test 회원만 볼 수 있음)
Daniel Clark is a cybersecurity specialist in the Cloud SOC for a government agency. His team needs a security solution that can enforce access policies to prevent unauthorized access to cloud-based applications, monitor and restrict data sharing within SaaS, PaaS, and IaaS environments, ensure compliance with government regulations for data security and privacy, and apply security controls to prevent sensitive data exposure in the cloud. Which Cloud SOC technology is his team using?
정답: A
설명: (Fast2test 회원만 볼 수 있음)
Jane, a security analyst, while analyzing IDS logs, detected an event matching Regex /((\%3C)|<)((\%69)|i|(\%
49))((\%6D)|m|(\%4D))((\%67)|g|(\%47))[^\n]+((\%3E)|>)/|.
What does this event log indicate?
49))((\%6D)|m|(\%4D))((\%67)|g|(\%47))[^\n]+((\%3E)|>)/|.
What does this event log indicate?
정답: A
설명: (Fast2test 회원만 볼 수 있음)