312-39 EC-Council Exam Questions and Free Practice Test

Question 19

Which of the following contains the performance measures, and proper project and time management details?

A. Incident Response Policy

B. Incident Response Tactics

C. Incident Response Process

D. Incident Response Procedures

Correct Answer:D

Question 20

Which of the following directory will contain logs related to printer access?

A. /var/log/cups/Printer_log file

B. /var/log/cups/access_log file

C. /var/log/cups/accesslog file

D. /var/log/cups/Printeraccess_log file

Correct Answer:A

Question 21

Which of the following factors determine the choice of SIEM architecture?

A. SMTP Configuration

B. DHCP Configuration

C. DNS Configuration

D. Network Topology

Correct Answer:C

Question 22

Identify the event severity level in Windows logs for the events that are not necessarily significant, but may indicate a possible future problem.

A. Failure Audit

B. Warning

C. Error

D. Information

Correct Answer:B

Question 23

Which of the following attacks causes sudden changes in file extensions or increase in file renames at rapid speed?

A. Ransomware Attack

B. DoS Attack

C. DHCP starvation Attack

D. File Injection Attack

Correct Answer:A

Question 24

John as a SOC analyst is worried about the amount of Tor traffic hitting the network. He wants to prepare a dashboard in the SIEM to get a graph to identify the locations from where the TOR traffic is coming.
Which of the following data source will he use to prepare the dashboard?

A. DHCP/Logs capable of maintaining IP addresses or hostnames with IPtoName resolution.

B. IIS/Web Server logs with IP addresses and user agent IPtouseragent resolution.

C. DNS/ Web Server logs with IP addresses.

D. Apache/ Web Server logs with IP addresses and Host Name.

Correct Answer:D

START 312-39 EXAM