312-39 Practice Test

Jane, a security analyst, while analyzing IDS logs, detected an event matching Regex
/((\%3C)|<)((\%69)|i|(\% 49))((\%6D)|m|(\%4D))((\%67)|g|(\%47))[^\n]+((\%3E)|>)/|.
What does this event log indicate?

A.

Directory Traversal Attack

B.

Parameter Tampering Attack

C.

XSS Attack

D.

SQL Injection Attack

Harley is working as a SOC analyst with Powell Tech. Powell Inc. is using Internet
Information Service (IIS) version 7.0 to host their website.
Where will Harley find the web server logs, if he wants to investigate them for any
anomalies?

A.

SystemDrive%\inetpub\logs\LogFiles\W3SVCN

B.

SystemDrive%\LogFiles\inetpub\logs\W3SVCN

C.

%SystemDrive%\LogFiles\logs\W3SVCN

D.

SystemDrive%\ inetpub\LogFiles\logs\W3SVCN

In which of the following incident handling and response stages, the root cause of the incident must be found from the forensic results?

A.

Evidence Gathering

B.

Evidence Handling

C.

Eradication

D.

Systems Recovery

Which of the following data source can be used to detect the traffic associated with Bad Bot User-Agents?

A.

Windows Event Log

B.

Web Server Logs

C.

Router Logs

D.

Switch Logs

Emmanuel is working as a SOC analyst in a company named Tobey Tech. The manager of Tobey Tech recently recruited an Incident Response Team (IRT) for his company. In the process of collaboration with the IRT, Emmanuel just escalated an incident to the IRT. What is the first step that the IRT will do to the incident escalated by Emmanuel?

A.

Incident Analysis and Validation

B.

Incident Recording

C.

Incident Classification

D.

Incident Prioritization