最新的EC-COUNCIL Certified SOC Analyst (CSA) - 312-39免費考試真題
問題1
A newly hired SOC analyst at a fast-growing multinational organization must quickly assess the company's external exposure and identify potential security risks. Techniques considered include analyzing publicly available information, scanning exposed services, reviewing DNS records, and gathering external intelligence.
Due to the scale across subsidiaries, cloud environments, and third-party integrations, some methods may not scale well and may lead to delays or incomplete insights. Which technique is less practical for handling large or diverse data sets in this scenario?
Due to the scale across subsidiaries, cloud environments, and third-party integrations, some methods may not scale well and may lead to delays or incomplete insights. Which technique is less practical for handling large or diverse data sets in this scenario?
正確答案: C
說明:(僅 VCESoft 成員可見)
問題2
An attacker attempts to gain unauthorized access to a secure network by repeatedly guessing login credentials.
The SIEM is configured to generate an alert after detecting 10 consecutive failed login attempts within a short timeframe. However, the attacker successfully logs in on the 9th attempt, just before the threshold is reached, bypassing the alert mechanism. The security team only becomes aware of the incident after detecting suspicious activity post-login, highlighting a gap in the SIEM's detection rules. What type of alert classification does this represent?
The SIEM is configured to generate an alert after detecting 10 consecutive failed login attempts within a short timeframe. However, the attacker successfully logs in on the 9th attempt, just before the threshold is reached, bypassing the alert mechanism. The security team only becomes aware of the incident after detecting suspicious activity post-login, highlighting a gap in the SIEM's detection rules. What type of alert classification does this represent?
正確答案: C
說明:(僅 VCESoft 成員可見)
問題3
Which of the following process refers to the discarding of the packets at the routing level without informing the source that the data did not reach its intended recipient?
正確答案: D
說明:(僅 VCESoft 成員可見)
問題4
David Reynolds, a SOC analyst at a healthcare organization, is investigating suspicious login attempts flagged by the SIEM. To mitigate brute-force risk on targeted endpoints, he collaborates with IT to implement an automatic account lockout policy that temporarily disables accounts after multiple failed login attempts.
Within the SOC's eradication strategy, which category of measures does this action align with?
Within the SOC's eradication strategy, which category of measures does this action align with?
正確答案: D
說明:(僅 VCESoft 成員可見)
問題5
Jony, a security analyst, while monitoring IIS logs, identified events shown in the figure below.

What does this event log indicate?

What does this event log indicate?
正確答案: D
說明:(僅 VCESoft 成員可見)
問題6
The SOC analyst at a national cybersecurity agency detected unusual system behavior on critical infrastructure servers. Initial scans flagged potential malware activity. Due to the sophisticated nature of the suspected attack, including registry modifications, process injection, and unauthorized tasks, the case was escalated to the forensic team. The forensic team suspects the malware is designed for stealthy data exfiltration. To assess the compromise, they captured system snapshots before and after suspected infection to identify unauthorized changes and anomalies. Which process are they following by capturing and comparing system snapshots to detect unauthorized changes?
正確答案: B
說明:(僅 VCESoft 成員可見)
問題7
In a large corporation, the HR department receives an urgent email from someone impersonating a high-level executive, requesting immediate transfer of sensitive employee data. The email includes an official-looking document and a phone number for verification. Feeling pressured, the HR manager calls the number and
"confirms" the request, then transfers the data. Investigation later confirms the email was fraudulent and the executive had no knowledge of the request. What type of attack did the HR department face?
"confirms" the request, then transfers the data. Investigation later confirms the email was fraudulent and the executive had no knowledge of the request. What type of attack did the HR department face?
正確答案: D
說明:(僅 VCESoft 成員可見)
問題8
Which of the following is a report writing tool that will help incident handlers to generate efficientreports on detected incidents during incident response process?
正確答案: B
說明:(僅 VCESoft 成員可見)
問題9
A SIEM alert is triggered due to unusual network traffic involving NetBIOS. The system log shows: "The TCP/IP NetBIOS Helper service entered the running state." Concurrently, Windows Security Event ID 4624 ("An account was successfully logged on") appears for multiple machines within a short time frame. The logon type is 3 (Network logon). Which of the following security incidents is the SIEM detecting?
正確答案: A
說明:(僅 VCESoft 成員可見)
問題10
You are a Threat Hunter in an IT company's security team working to enhance threat hunting capabilities.
You observed that relying solely on traditional security alerts often results in missed detections of sophisticated threats. To strengthen your approach, you decide to incorporate multiple data sources, including external threat intelligence feeds, internal security logs, network traffic data, and endpoint telemetry. To efficiently process this vast amount of data, you implement a new tool that can aggregate, normalize, and correlate threat intelligence with internal telemetry to gain a more holistic understanding of emerging threats and enhance detection accuracy. What key threat detection capability is being leveraged in this scenario?
You observed that relying solely on traditional security alerts often results in missed detections of sophisticated threats. To strengthen your approach, you decide to incorporate multiple data sources, including external threat intelligence feeds, internal security logs, network traffic data, and endpoint telemetry. To efficiently process this vast amount of data, you implement a new tool that can aggregate, normalize, and correlate threat intelligence with internal telemetry to gain a more holistic understanding of emerging threats and enhance detection accuracy. What key threat detection capability is being leveraged in this scenario?
正確答案: D
說明:(僅 VCESoft 成員可見)

