EC-COUNCIL Certified SOC Analyst (CSA) - 312-39 模擬練習

Sam, a security analyst with INFOSOL INC., while monitoring and analyzing IIS logs, detected an event matching regex /\\w*((\%27)|(\'))((\%6F)|o|(\%4F))((\%72)|r|(\%52))/ix.
What does this event log indicate?

正解: D
解説: (PassTest メンバーにのみ表示されます)
Which of the following can help you eliminate the burden of investigating false positives?

正解: B
解説: (PassTest メンバーにのみ表示されます)
Which of the following data source will a SOC Analyst use to monitor connections to the insecure ports?

正解: A
解説: (PassTest メンバーにのみ表示されます)
Which encoding replaces unusual ASCII characters with "%" followed by the character's two-digit ASCII code expressed in hexadecimal?

正解: A
解説: (PassTest メンバーにのみ表示されます)
A manufacturing company is deploying a SIEM system and wants to improve both security monitoring and regulatory compliance. During planning, the team uses an output-driven approach, starting with use cases that address unauthorized access to production control systems. They configure data sources and alerts specific to this use case, ensuring actionable alerts without excessive false positives. After validating success, they move on to use cases related to supply chain disruptions and malware detection. What is the primary advantage of using an output-driven approach in SIEM deployment?

正解: A
解説: (PassTest メンバーにのみ表示されます)
David Reynolds, a SOC analyst at a healthcare organization, is investigating suspicious login attempts flagged by the SIEM. To mitigate brute-force risk on targeted endpoints, he collaborates with IT to implement an automatic account lockout policy that temporarily disables accounts after multiple failed login attempts.
Within the SOC's eradication strategy, which category of measures does this action align with?

正解: C
解説: (PassTest メンバーにのみ表示されます)
You are a SOC analyst on duty during a high-severity incident involving a DDoS attack targeting your organization's e-commerce platform. The attack disrupts online transactions. Using SIEM tools and packet capture systems, you identify unusual traffic patterns and trace activity back to command-and-control (C2) servers directing a botnet. Your goal is to recommend an eradication strategy that will sever the attackers' control over infected devices and halt the attack. Which strategy should your team implement?

正解: C
解説: (PassTest メンバーにのみ表示されます)
SecureTech Inc. operates critical infrastructure and applications in AWS. The SOC detects suspicious activities such as unexpected API calls, unusual outbound traffic from instances, and DNS requests to potentially malicious domains. They need a fully managed AWS security service that continuously monitors for malicious activity, analyzes CloudTrail logs, VPC Flow Logs, and DNS query logs, leverages machine learning and threat intelligence, and provides actionable findings. Which AWS service best fits?

正解: A
解説: (PassTest メンバーにのみ表示されます)
David is a SOC analyst responsible for monitoring critical infrastructure. He detects unauthorized applications running on a high-privilege Windows server accessible only by a restricted set of users. The applications were not part of approved deployments, and installations occurred outside business hours. Logs indicate potential system configuration changes around the same timeframe. Which log should he examine to determine when and how these installations occurred?

正解: C
解説: (PassTest メンバーにのみ表示されます)
Identify the attack, where an attacker tries to discover all the possible information about a target network before launching a further attack.

正解: D
解説: (PassTest メンバーにのみ表示されます)
Bonney's system has been compromised by a gruesome malware.
What is the primary step that is advisable to Bonney in order to contain the malware incident fromspreading?

正解: D
解説: (PassTest メンバーにのみ表示されます)
What does Windows event ID 4740 indicate?

正解: A
解説: (PassTest メンバーにのみ表示されます)
A large financial institution has identified a sophisticated phishing campaign targeting employees, resulting in unauthorized access to sensitive customer data. The organization already uses a SIEM for log aggregation and alerting, alongside an EDR solution for endpoint visibility. Additionally, they have access to XDR for broader threat detection and XSOAR for security orchestration and automation. As a SOC analyst, you've been asked to recommend an integration strategy to improve real-time threat correlation, streamline incident response workflows, and maximize the use of existing tools. Which integration would meet these goals?

正解: D
解説: (PassTest メンバーにのみ表示されます)
What does [-n] in the following checkpoint firewall log syntax represents?
fw log [-f [-t]] [-n] [-l] [-o] [-c action] [-h host] [-s starttime] [-e endtime] [-b starttime endtime] [-u unification_scheme_file] [-m unification_mode(initial|semi|raw)] [-a] [-k (alert name|all)] [-g] [logfile]

正解: B
解説: (PassTest メンバーにのみ表示されます)