Exam2pass
0 items Sign In or Register
  • Home
  • IT Exams
  • Guarantee
  • FAQs
  • Reviews
  • Contact Us
  • Demo
Exam2pass > EC-COUNCIL > EC-COUNCIL Certifications > 312-39 > 312-39 Online Practice Questions and Answers

312-39 Online Practice Questions and Answers

Questions 4

Identify the attack when an attacker by several trial and error can read the contents of a password file present in the restricted etc folder just by manipulating the URL in the browser as shown: http://www.terabytes.com/process.php./../../../../etc/passwd

A. Directory Traversal Attack

B. SQL Injection Attack

C. Denial-of-Service Attack

D. Form Tampering Attack

Buy Now

Correct Answer: B

Reference: https://doc.lagout.org/security/SQL%20Injection%20Attacks%20and%20Defense.pdf

Questions 5

Which of the following command is used to view iptables logs on Ubuntu and Debian distributions?

A. $ tailf /var/log/sys/kern.log

B. $ tailf /var/log/kern.log

C. # tailf /var/log/messages

D. # tailf /var/log/sys/messages

Buy Now

Correct Answer: B

Reference: https://tecadmin.net/enable-logging-in-iptables-on-linux/

Questions 6

Which of the following event detection techniques uses User and Entity Behavior Analytics (UEBA)?

A. Rule-based detection

B. Heuristic-based detection

C. Anomaly-based detection

D. Signature-based detection

Buy Now

Correct Answer: C

Questions 7

Properly applied cyber threat intelligence to the SOC team help them in discovering TTPs. What does these TTPs refer to?

A. Tactics, Techniques, and Procedures

B. Tactics, Threats, and Procedures

C. Targets, Threats, and Process

D. Tactics, Targets, and Process

Buy Now

Correct Answer: A

Reference: https://www.crest-approved.org/wp-content/uploads/CREST-Cyber-Threat-Intelligence.pdf

Questions 8

Which of the following data source can be used to detect the traffic associated with Bad Bot User-Agents?

A. Windows Event Log

B. Web Server Logs

C. Router Logs

D. Switch Logs

Buy Now

Correct Answer: B

Questions 9

According to the Risk Matrix table, what will be the risk level when the probability of an attack is very high, and the impact of that attack is major? NOTE: It is mandatory to answer the question before proceeding to the next one.

A. High

B. Extreme

C. Low

D. Medium

Buy Now

Correct Answer: A

Reference: https://onlinelibrary.wiley.com/page/journal/15396924/homepage/special_issue__simple_characterisations_and_communication_of_risks.htm

Questions 10

John, SOC analyst wants to monitor the attempt of process creation activities from any of their Windows endpoints. Which of following Splunk query will help him to fetch related logs associated with process creation?

A. index=windows LogName=Security EventCode=4678 NOT (Account_Name=*$) .. .. ... ..

B. index=windows LogName=Security EventCode=4688 NOT (Account_Name=*$) .. .. ..

C. index=windows LogName=Security EventCode=3688 NOT (Account_Name=*$) .. .. ..

D. index=windows LogName=Security EventCode=5688 NOT (Account_Name=*$) ... ... ...

Buy Now

Correct Answer: B

Reference: https://static1.squarespace.com/static/552092d5e4b0661088167e5c/t/5a3187b4419202f0fb8b2dd1/1513195444728/Windows+Splunk+Logging+Cheat+Sheet+v2.2.pdf

Questions 11

What does [-n] in the following checkpoint firewall log syntax represents?

fw log [-f [-t]] [-n] [-l] [-o] [-c action] [-h host] [-s starttime] [-e endtime] [-b starttime endtime] [-u unification_scheme_file] [-m unification_mode(initial|semi|raw)] [-a] [-k (alert name|all)] [-g] [logfile]

A. Speed up the process by not performing IP addresses DNS resolution in the Log files

B. Display both the date and the time for each log record

C. Display account log records only

D. Display detailed log chains (all the log segments a log record consists of)

Buy Now

Correct Answer: A

Reference: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=andsolutionid=sk25532

Questions 12

Which of the following attack can be eradicated by disabling of "allow_url_fopen and allow_url_include" in the php.ini file?

A. File Injection Attacks

B. URL Injection Attacks

C. LDAP Injection Attacks

D. Command Injection Attacks

Buy Now

Correct Answer: B

Questions 13

Which of the following contains the performance measures, and proper project and time management details?

A. Incident Response Policy

B. Incident Response Tactics

C. Incident Response Process

D. Incident Response Procedures

Buy Now

Correct Answer: D

Exam Code: 312-39
Exam Name: EC-Council Certified SOC Analyst (CSA)
Last Update: Jul 01, 2026
Questions: 100

PDF (Q&A)

$45.99
ADD TO CART

VCE

$49.99
ADD TO CART

PDF + VCE

$59.99
ADD TO CART

Exam2Pass----The Most Reliable Exam Preparation Assistance

There are tens of thousands of certification exam dumps provided on the internet. And how to choose the most reliable one among them is the first problem one certification candidate should face. Exam2Pass provide a shot cut to pass the exam and get the certification. If you need help on any questions or any Exam2Pass exam PDF and VCE simulators, customer support team is ready to help at any time when required.

Home | Guarantee & Policy |  Privacy & Policy |  Terms & Conditions |  How to buy |  FAQs |  About Us |  Contact Us |  Demo |  Reviews

2026 Copyright @ exam2pass.com All trademarks are the property of their respective vendors. We are not associated with any of them.