312-39 Online Practice Questions and Answers

The Syslog message severity levels are labelled from level 0 to level 7. What does level 0 indicate?

A. Alert

B. Notification

C. Emergency

D. Debugging

Juliea a SOC analyst, while monitoring logs, noticed large TXT, NULL payloads. What does this indicate?

A. Concurrent VPN Connections Attempt

B. DNS Exfiltration Attempt

C. Covering Tracks Attempt

D. DHCP Starvation Attempt

According to the Risk Matrix table, what will be the risk level when the probability of an attack is very high, and the impact of that attack is major? NOTE: It is mandatory to answer the question before proceeding to the next one.

A. High

B. Extreme

C. Low

D. Medium

What type of event is recorded when an application driver loads successfully in Windows?

A. Error

B. Success Audit

C. Warning

D. Information

John, SOC analyst wants to monitor the attempt of process creation activities from any of their Windows endpoints. Which of following Splunk query will help him to fetch related logs associated with process creation?

A. index=windows LogName=Security EventCode=4678 NOT (Account_Name=*$) .. .. ... ..

B. index=windows LogName=Security EventCode=4688 NOT (Account_Name=*$) .. .. ..

C. index=windows LogName=Security EventCode=3688 NOT (Account_Name=*$) .. .. ..

D. index=windows LogName=Security EventCode=5688 NOT (Account_Name=*$) ... ... ...

Peter, a SOC analyst with Spade Systems, is monitoring and analyzing the router logs of the company and wanted to check the logs that are generated by access control list numbered 210.

What filter should Peter add to the 'show logging' command to get the required output?

A. show logging | access 210

B. show logging | forward 210

C. show logging | include 210

D. show logging | route 210

In which log collection mechanism, the system or application sends log records either on the local disk or over the network.

A. rule-based

B. pull-based

C. push-based

D. signature-based

John as a SOC analyst is worried about the amount of Tor traffic hitting the network. He wants to prepare a dashboard in the SIEM to get a graph to identify the locations from where the TOR traffic is coming. Which of the following data source will he use to prepare the dashboard?

A. DHCP/Logs capable of maintaining IP addresses or hostnames with IPtoName resolution.

B. IIS/Web Server logs with IP addresses and user agent IPtouseragent resolution.

C. DNS/ Web Server logs with IP addresses.

D. Apache/ Web Server logs with IP addresses and Host Name.

Emmanuel is working as a SOC analyst in a company named Tobey Tech. The manager of Tobey Tech recently recruited an Incident Response Team (IRT) for his company. In the process of collaboration with the IRT, Emmanuel just escalated an incident to the IRT.

What is the first step that the IRT will do to the incident escalated by Emmanuel?

A. Incident Analysis and Validation

B. Incident Recording

C. Incident Classification

D. Incident Prioritization

Which attack works like a dictionary attack, but adds some numbers and symbols to the words from the dictionary and tries to crack the password?

A. Hybrid Attack

B. Bruteforce Attack

C. Rainbow Table Attack

D. Birthday Attack