312-39 : Certified SOC Analyst : Part 02

  1. Which of the following attack can be eradicated by filtering improper XML syntax?

    • CAPTCHA Attacks
    • SQL Injection Attacks
    • Insufficient Logging and Monitoring Attacks
    • Web Services Attacks
  2. Which of the following attack can be eradicated by using a safe API to avoid the use of the interpreter entirely?

    • Command Injection Attacks
    • SQL Injection Attacks
    • File Injection Attacks
    • LDAP Injection Attacks
  3. Shawn is a security manager working at Lee Inc Solution. His organization wants to develop threat intelligent strategy plan. As a part of threat intelligent strategy plan, he suggested various components, such as threat intelligence requirement analysis, intelligence and collection planning, asset identification, threat reports, and intelligence buy-in.

    Which one of the following components he should include in the above threat intelligent strategy plan to make it effective?

    • Threat pivoting
    • Threat trending
    • Threat buy-in
    • Threat boosting
  4. Which of the following can help you eliminate the burden of investigating false positives?

    • Keeping default rules
    • Not trusting the security devices
    • Treating every alert as high level
    • Ingesting the context data
  5. Which of the following event detection techniques uses User and Entity Behavior Analytics (UEBA)?

    • Rule-based detection
    • Heuristic-based detection
    • Anomaly-based detection
    • Signature-based detection
  6. Identify the password cracking attempt involving a precomputed dictionary of plaintext passwords and their corresponding hash values to crack the password.

    • Dictionary Attack
    • Rainbow Table Attack
    • Bruteforce Attack
    • Syllable Attack
  7. Which of the log storage method arranges event logs in the form of a circular buffer?

    • FIFO
    • LIFO
    • non-wrapping
    • wrapping
  8. An organization wants to implement a SIEM deployment architecture. However, they have the capability to do only log collection and the rest of the SIEM functions must be managed by an MSSP.

    Which SIEM deployment architecture will the organization adopt?

    • Cloud, MSSP Managed
    • Self-hosted, Jointly Managed
    • Self-hosted, MSSP Managed
    • Self-hosted, Self-Managed
  9. Banter is a threat analyst in Christine Group of Industries. As a part of the job, he is currently formatting and structuring the raw data.

    He is at which stage of the threat intelligence life cycle?

    • Dissemination and Integration
    • Processing and Exploitation
    • Collection
    • Analysis and Production
  10. Which of the following attacks causes sudden changes in file extensions or increase in file renames at rapid speed?

    • Ransomware Attack
    • DoS Attack
    • DHCP starvation Attack
    • File Injection Attack
  11. Which of the following security technology is used to attract and trap people who attempt unauthorized or illicit utilization of the host system?

    • De-Militarized Zone (DMZ)
    • Firewall
    • Honeypot
    • Intrusion Detection System
  12. Identify the event severity level in Windows logs for the events that are not necessarily significant, but may indicate a possible future problem.

    • Failure Audit
    • Warning
    • Error
    • Information
  13. Which of the following factors determine the choice of SIEM architecture?

    • SMTP Configuration
    • DHCP Configuration
    • DNS Configuration
    • Network Topology
  14. What does HTTPS Status code 403 represents?

    • Unauthorized Error
    • Not Found Error
    • Internal Server Error
    • Forbidden Error
  15. Which of the following Windows event is logged every time when a user tries to access the “Registry” key?

    • 4656
    • 4663
    • 4660
    • 4657
  16. Which of the following are the responsibilities of SIEM Agents?

    1. Collecting data received from various devices sending data to SIEM before forwarding it to the central engine.
    2. Normalizing data received from various devices sending data to SIEM before forwarding it to the central engine.
    3. Co-relating data received from various devices sending data to SIEM before forwarding it to the central engine.
    4. Visualizing data received from various devices sending data to SIEM before forwarding it to the central engine.

    • 1 and 2
    • 2 and 3
    • 1 and 4
    • 3 and 1
  17. Sam, a security analyst with INFOSOL INC., while monitoring and analyzing IIS logs, detected an event matching regex /\\w*((\%27)|(\’))((\%6F)|o|(\%4F))((\%72)|r|(\%52))/ix.

    What does this event log indicate?

    • SQL Injection Attack
    • Parameter Tampering Attack
    • XSS Attack
    • Directory Traversal Attack
  18. Which of the following framework describes the essential characteristics of an organization’s security engineering process that must exist to ensure good security engineering?

    • COBIT
    • ITIL
    • SSE-CMM
    • SOC-CMM
  19. What does Windows event ID 4740 indicate?

    • A user account was locked out.
    • A user account was disabled.
    • A user account was enabled.
    • A user account was created.
  20. Which of the following is a Threat Intelligence Platform?

    • SolarWinds MS
    • TC Complete
    • Keepnote
    • Apility.io