New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: Board70

Free 312-39 ECCouncil Updates

Page: 4 / 7
Question 16

Which of the following is a default directory in a Mac OS X that stores security-related logs?

Options:

A.

/private/var/log

B.

/Library/Logs/Sync

C.

/var/log/cups/access_log

D.

~/Library/Logs

Question 17

If the SIEM generates the following four alerts at the same time:

I.Firewall blocking traffic from getting into the network alerts

II.SQL injection attempt alerts

III.Data deletion attempt alerts

IV.Brute-force attempt alerts

Which alert should be given least priority as per effective alert triaging?

Options:

A.

III

B.

IV

C.

II

D.

I

Question 18

John as a SOC analyst is worried about the amount of Tor traffic hitting the network. He wants to prepare a dashboard in the SIEM to get a graph to identify the locations from where the TOR traffic is coming.

Which of the following data source will he use to prepare the dashboard?

Options:

A.

DHCP/Logs capable of maintaining IP addresses or hostnames with IPtoName resolution.

B.

IIS/Web Server logs with IP addresses and user agent IPtouseragent resolution.

C.

DNS/ Web Server logs with IP addresses.

D.

Apache/ Web Server logs with IP addresses and Host Name.

Question 19

Which of the following can help you eliminate the burden of investigating false positives?

Options:

A.

Keeping default rules

B.

Not trusting the security devices

C.

Treating every alert as high level

D.

Ingesting the context data

Page: 4 / 7
Exam Code: 312-39
Exam Name: Certified SOC Analyst (CSA)
Last Update: Dec 28, 2024
Questions: 100
312-39 pdf

312-39 PDF

$25.5  $84.99
312-39 Engine

312-39 Testing Engine

$28.5  $94.99
312-39 PDF + Engine

312-39 PDF + Testing Engine

$40.5  $134.99