EC-COUNCIL Certified SOC Analyst (CSA) - 312-39 Exam Practice Test
Identify the attack when an attacker by several trial and error can read the contents of a password file present in the restricted etc folder just by manipulating the URL in the browser as shown:
http://www.terabytes.com/process.php./../../../../etc/passwd
http://www.terabytes.com/process.php./../../../../etc/passwd
Correct Answer: C
Vote an answer
Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).
A rapidly growing e-commerce company wants to implement a SIEM solution to improve its security posture and comply with PCI DSS requirements. They need a solution that offers both the necessary technological features and the expertise to manage the system effectively. They also need continuous compliance support and data security assistance. Which SIEM solution is appropriate for this company?
Correct Answer: B
Vote an answer
Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).
Chloe, a SOC analyst with Jake Tech, is checking Linux systems logs. She is investigating files at /var/log/ wtmp.
What Chloe is looking at?
What Chloe is looking at?
Correct Answer: C
Vote an answer
Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).
In which log collection mechanism, the system or application sends log records either on the local disk or over the network.
Correct Answer: C
Vote an answer
Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).
Emmanuel is working as a SOC analyst in a company named Tobey Tech. The manager of Tobey Tech recently recruited an Incident Response Team (IRT) for his company. In the process of collaboration with the IRT, Emmanueljust escalated an incident to the IRT.
What is the first step that the IRT will do to the incident escalated by Emmanuel?
What is the first step that the IRT will do to the incident escalated by Emmanuel?
Correct Answer: D
Vote an answer
Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).
Sam, a security analyst with INFOSOL INC., while monitoring and analyzing IIS logs, detected an event matching regex /\\w*((\%27)|(\'))((\%6F)|o|(\%4F))((\%72)|r|(\%52))/ix.
What does this event log indicate?
What does this event log indicate?
Correct Answer: B
Vote an answer
Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).
NationalHealth, a government agency responsible for managing sensitive patient health records, is subject to strict data sovereignty regulations requiring all data to be stored and processed within the country's borders.
Leadership is concerned about outsourcing security operations and needs complete control over patient data handling. The agency faces increasing cyber threats and requires 24/7 security monitoring. They have a large budget and can hire many security professionals. Which SOC model is most suitable?
Leadership is concerned about outsourcing security operations and needs complete control over patient data handling. The agency faces increasing cyber threats and requires 24/7 security monitoring. They have a large budget and can hire many security professionals. Which SOC model is most suitable?
Correct Answer: C
Vote an answer
Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).
The SOC team is investigating a phishing attack that targeted multiple employees. During the Containment Phase, they need to determine how users interacted with the malicious email: whether they opened it, clicked links, downloaded attachments, or entered credentials. This information is critical to assessing impact and preventing further compromise. Which specific activity helps the SOC team understand user interactions with the phishing email?
Correct Answer: D
Vote an answer
Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).
The Security Operations Center (SOC) team is investigating a suspected malware incident during the Analysis Phase of their incident response process. Their primary goal is to validate the initial detection, ensure the threat is real, and gather critical intelligence to understand the scope of the attack. Which action should the SOC team take to confirm initial findings and eliminate false alarms?
Correct Answer: B
Vote an answer
Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).
You are a Level 1 SOC analyst at a critical infrastructure provider. Threat actors infiltrated the network and exfiltrated sensitive system blueprints. Before detection, they executed commands that altered system logs, wiped forensic artifacts, and modified timestamps to mimic normal activity. They also manipulated security monitoring tools to prevent unusual login events from being recorded. Which APT lifecycle phase does this represent?
Correct Answer: A
Vote an answer
Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).
Which of the following is a Threat Intelligence Platform?
Correct Answer: D
Vote an answer
Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).
InfoSystem LLC, a US-based company, is establishing an in-house SOC. John has been given the responsibility to finalize strategy, policies, and procedures for the SOC.
Identify the job role of John.
Identify the job role of John.
Correct Answer: B
Vote an answer
What does the HTTP status codes 1XX represents?
Correct Answer: D
Vote an answer
Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).
Which of the following formula is used to calculate the EPS of the organization?
Correct Answer: C
Vote an answer
Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).
Which of the following threat intelligence helps cyber securityprofessionals such as security operations managers, network operations center and incident responders to understand how the adversaries are expected to perform the attack on the organization, and the technical capabilities and goals of the attackers along with the attack vectors?
Correct Answer: B
Vote an answer
Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).