Question 1

What does HTTPS Status code 403 represents?

Options :

A : Unauthorized Error

B : Not Found Error

C : Internal Server Error

D : Forbidden Error

Answer: D

Question 2

Jane, a security analyst, while analyzing IDS logs, detected an event matching Regex /((\<)|<)((\i)|i|(\

I))((\m)|m|(\M))((\g)|g|(\G))[^\n]+((\>)|>)/|.

What does this event log indicate?

Options :

A : Directory Traversal Attack

B : Parameter Tampering Attack

C : XSS Attack

D : SQL Injection Attack

Answer: C

Question 3

John, SOC analyst wants to monitor the attempt of process creation activities from any of their Windows

endpoints.

Which of following Splunk query will help him to fetch related logs associated with process creation?

Options :

A : index=windows LogName=Security EventCode=4678 NOT (Account_Name=*$) .. .. ... ..

B : index=windows LogName=Security EventCode=4688 NOT (Account_Name=*$) .. .. ..

C : index=windows LogName=Security EventCode=3688 NOT (Account_Name=*$) .. .. ..

D : index=windows LogName=Security EventCode=5688 NOT (Account_Name=*$) ... ... ...

Answer: B

Question 4

John as a SOC analyst is worried about the amount of Tor traffic hitting the network. He wants to prepare a

dashboard in the SIEM to get a graph to identify the locations from where the TOR traffic is coming.

Which of the following data source will he use to prepare the dashboard?

Options :

A : DHCP/Logs capable of maintaining IP addresses or hostnames with IPtoName resolution

B : IIS/Web Server logs with IP addresses and user agent IPtouseragent resolution.

C : DNS/ Web Server logs with IP addresses.

D : Apache/ Web Server logs with IP addresses and Host Name

Answer: D

Question 5

Which of the following command is used to view iptables logs on Ubuntu and Debian distributions?

Options :

A : $ tailf /var/log/sys/kern.log

B : $ tailf /var/log/kern.log

C : # tailf /var/log/messages

D : # tailf /var/log/sys/messages

Answer: B

Smartly Prepare Exam with Free Online 312-39 Practice Test