01. Bonney’s system has been compromised by a gruesome malware. What is the primary step that is advisable to Bonney in order to contain the malware incident from spreading?
a) Complaint to police in a formal way regarding the incident
b) Turn off the infected machine
c) Leave it to the network administrators to handle
d) Call the legal department in the organization and inform about the incident
02. A type of threat intelligent that find out the information about the attacker by misleading them is known as __________.
a) Threat trending Intelligence
b) Detection Threat Intelligence
c) Operational Intelligence
d) Counter Intelligence
03. Where will you find the reputation IP database, if you want to monitor traffic from known bad IP reputation using OSSIM SIEM?
a) /etc/ossim/reputation
b) /etc/ossim/siem/server/reputation/data
c) /etc/siem/ossim/server/reputation.data
d) /etc/ossim/server/reputation.data
04. Emmanuel is working as a SOC analyst in a company named Tobey Tech. The manager of Tobey Tech recently recruited an Incident Response Team (IRT) for his company. In the process of collaboration with the IRT, Emmanuel just escalated an incident to the IRT.
What is the first step that the IRT will do to the incident escalated by Emmanuel?
a) Incident Analysis and Validation
b) Incident Recording
c) Incident Classification
d) Incident Prioritization
05. What does HTTPS Status code 403 represents?
a) Unauthorized Error
b) Not Found Error
c) Internal Server Error
d) Forbidden Error
06. Harley is working as a SOC analyst with Powell Tech. Powell Inc. is using Internet Information Service (IIS) version 7.0 to host their website.
Where will Harley find the web server logs, if he wants to investigate them for any anomalies?
a) SystemDrive%inetpublogsLogFilesW3SVCN
b) SystemDrive%LogFilesinetpublogsW3SVCN
c) %SystemDrive%LogFileslogsW3SVCN
d) SystemDrive% inetpubLogFileslogsW3SVCN
07. According to the forensics investigation process, what is the next step carried out right after collecting the evidence?
a) Create a Chain of Custody Document
b) Send it to the nearby police station
c) Set a Forensic lab
d) Call Organizational Disciplinary Team
08. Banter is a threat analyst in Christine Group of Industries. As a part of the job, he is currently formatting and structuring the raw data. He is at which stage of the threat intelligence life cycle?
a) Dissemination and Integration
b) Processing and Exploitation
c) Collection
d) Analysis and Production
09. Which attack works like a dictionary attack, but adds some numbers and symbols to the words from the dictionary and tries to crack the password?
a) Hybrid Attack
b) Bruteforce Attack
c) Rainbow Table Attack
d) Birthday Attack
10. The threat intelligence, which will help you, understand adversary intent and make informed decision to ensure appropriate security in alignment with risk.
What kind of threat intelligence described above?
a) Strategic Threat Intelligence
b) Tactical Threat Intelligence
c) Functional Threat Intelligence
d) Operational Threat Intelligence
The purpose of this Sample Question Set is to provide you with information about the EC-Council Certified SOC Analyst exam. These sample questions will make you very familiar with both the type and the difficulty level of the questions on the 312-39 certification test. To get familiar with real exam environment, we suggest you try our Sample EC-Council CSA Certification Practice Exam. This sample practice exam gives you the feeling of reality and is a clue to the questions asked in the actual EC-Council Certified SOC Analyst (CSA) certification exam.