Question 1

John as a SOC analyst is worried about the amount of Tor traffic hitting the network. He wants to prepare a

dashboard in the SIEM to get a graph to identify the locations from where the TOR traffic is coming.

Which of the following data source will he use to prepare the dashboard?

Options :

A : DHCP/Logs capable of maintaining IP addresses or hostnames with IPtoName resolution

B : IIS/Web Server logs with IP addresses and user agent IPtouseragent resolution.

C : DNS/ Web Server logs with IP addresses.

D : Apache/ Web Server logs with IP addresses and Host Name

Answer: D

Question 2

Rinni, SOC analyst, while monitoring IDS logs detected events shown in the figure below

What does this event log indicate?

Options :

A : Directory Traversal Attack

B : XSS Attack

C : SQL Injection Attack

D : Parameter Tampering Attack

Answer: D

Question 3

According to the forensics investigation process, what is the next step carried out right after collecting the

evidence?

Options :

A : Create a Chain of Custody Document

B : Send it to the nearby police station

C : Set a Forensic lab

D : Call Organizational Disciplinary Team

Answer: A

Question 4

What does HTTPS Status code 403 represents?

Options :

A : Unauthorized Error

B : Not Found Error

C : Internal Server Error

D : Forbidden Error

Answer: D

Question 5

Which of the following can help you eliminate the burden of investigating false positives?

Options :

A : Keeping default rules

B : Not trusting the security devices

C : Treating every alert as high level

D : Ingesting the context data

Answer: A

Smartly Prepare Exam with Free Online 312-39 Practice Test