Certified SOC Analyst v1.0 (312-39)

Page:    1 / 7   
Total 100 questions

Robin, a SOC engineer in a multinational company, is planning to implement a SIEM. He realized that his organization is capable of performing only Correlation, Analytics, Reporting, Retention, Alerting, and Visualization required for the SIEM implementation and has to take collection and aggregation services from a Managed Security Services Provider (MSSP).
What kind of SIEM is Robin planning to implement?

  • A. Self-hosted, Self-Managed
  • B. Self-hosted, MSSP Managed
  • C. Hybrid Model, Jointly Managed
  • D. Cloud, Self-Managed


Answer : B

What type of event is recorded when an application driver loads successfully in Windows?

  • A. Error
  • B. Success Audit
  • C. Warning
  • D. Information


Answer : D

Reference: https://www.manageengine.com/network-monitoring/Eventlog_Tutorial_Part_I.html

An attacker exploits the logic validation mechanisms of an e-commerce website. He successfully purchases a product worth $100 for $10 by modifying the URL exchanged between the client and the server.
Original URL: http://www.buyonline.com/product.aspx?profile=12&debit=100
Modified URL: http://www.buyonline.com/product.aspx?profile=12&debit=10
Identify the attack depicted in the above scenario.

  • A. Denial-of-Service Attack
  • B. SQL Injection Attack
  • C. Parameter Tampering Attack
  • D. Session Fixation Attack


Answer : D

John, a threat analyst at GreenTech Solutions, wants to gather information about specific threats against the organization. He started collecting information from various sources, such as humans, social media, chat room, and so on, and created a report that contains malicious activity.
Which of the following types of threat intelligence did he use?

  • A. Strategic Threat Intelligence
  • B. Technical Threat Intelligence
  • C. Tactical Threat Intelligence
  • D. Operational Threat Intelligence


Answer : D

Which of the following is a default directory in a Mac OS X that stores security-related logs?

  • A. /private/var/log
  • B. /Library/Logs/Sync
  • C. /var/log/cups/access_log
  • D. ~/Library/Logs


Answer : D

John, SOC analyst wants to monitor the attempt of process creation activities from any of their Windows endpoints.
Which of following Splunk query will help him to fetch related logs associated with process creation?

  • A. index=windows LogName=Security EventCode=4678 NOT (Account_Name=*$) .. .. ... ..
  • B. index=windows LogName=Security EventCode=4688 NOT (Account_Name=*$) .. .. ..
  • C. index=windows LogName=Security EventCode=3688 NOT (Account_Name=*$) .. .. ..
  • D. index=windows LogName=Security EventCode=5688 NOT (Account_Name=*$) ... ... ...


Answer : B

Reference: https://static1.squarespace.com/static/552092d5e4b0661088167e5c/t/5a3187b4419202f0fb8b2dd1/1513195444728/Windows+Splunk+Logging+Cheat+Sheet+v2.2.pdf

Harley is working as a SOC analyst with Powell Tech. Powell Inc. is using Internet Information Service (IIS) version 7.0 to host their website.
Where will Harley find the web server logs, if he wants to investigate them for any anomalies?

  • A. SystemDrive%\inetpub\logs\LogFiles\W3SVCN
  • B. SystemDrive%\LogFiles\inetpub\logs\W3SVCN
  • C. %SystemDrive%\LogFiles\logs\W3SVCN
  • D. SystemDrive%\ inetpub\LogFiles\logs\W3SVCN


Answer : B

Reference: https://docs.microsoft.com/en-us/iis/configuration/system.applicationhost/sites/sitedefaults/logfile/

What does the Security Log Event ID 4624 of Windows 10 indicate?

  • A. Service added to the endpoint
  • B. A share was assessed
  • C. An account was successfully logged on
  • D. New process executed


Answer : C

Reference: https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4624

Which of the following is a set of standard guidelines for ongoing development, enhancement, storage, dissemination and implementation of security standards for account data protection?

  • A. FISMA
  • B. HIPAA
  • C. PCI-DSS
  • D. DARPA


Answer : C

Reference: https://library.educause.edu/topics/policy-and-law/pci-dss

What does the HTTP status codes 1XX represents?

  • A. Informational message
  • B. Client error
  • C. Success
  • D. Redirection


Answer : A

Reference: https://en.wikipedia.org/wiki/List_of_HTTP_status_codes#:~:text=1xx%20informational%20response%20–%20the%20request,syntax%20or%20cannot%20be%20fulfilled

In which phase of Lockheed Martin's – Cyber Kill Chain Methodology, adversary creates a deliverable malicious payload using an exploit and a backdoor?

  • A. Reconnaissance
  • B. Delivery
  • C. Weaponization
  • D. Exploitation


Answer : C

Identify the attack, where an attacker tries to discover all the possible information about a target network before launching a further attack.

  • A. DoS Attack
  • B. Man-In-Middle Attack
  • C. Ransomware Attack
  • D. Reconnaissance Attack


Answer : D

Reference: https://www2.deloitte.com/content/dam/Deloitte/sg/Documents/risk/sea-risk-cyber-101-july2017.pdf

What does [-n] in the following checkpoint firewall log syntax represents? fw log [-f [-t]] [-n] [-l] [-o] [-c action] [-h host] [-s starttime] [-e endtime] [-b starttime endtime] [-u unification_scheme_file] [-m unification_mode(initial|semi|raw)] [-a] [-k (alert name|all)] [-g] [logfile]

  • A. Speed up the process by not performing IP addresses DNS resolution in the Log files
  • B. Display both the date and the time for each log record
  • C. Display account log records only
  • D. Display detailed log chains (all the log segments a log record consists of)


Answer : A

Reference: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk25532

Which of the following attack inundates DHCP servers with fake DHCP requests to exhaust all available IP addresses?

  • A. DHCP Starvation Attacks
  • B. DHCP Spoofing Attack
  • C. DHCP Port Stealing
  • D. DHCP Cache Poisoning


Answer : A

Reference: https://www.cbtnuggets.com/blog/technology/networking/what-is-a-dhcp-starvation-attack

Mike is an incident handler for PNP Infosystems Inc. One day, there was a ticket raised regarding a critical incident and Mike was assigned to handle the incident. During the process of incident handling, at one stage, he has performed incident analysis and validation to check whether the incident is a true incident or a false positive.
Identify the stage in which he is currently in.

  • A. Post-Incident Activities
  • B. Incident Recording and Assignment
  • C. Incident Triage
  • D. Incident Disclosure


Answer : B

Page:    1 / 7   
Total 100 questions