Free EC-Council 312-39 Exam Questions (page: 15)

Which of the following command is used to view iptables logs on Ubuntu and Debian distributions?

  1. $ tailf /var/log/sys/kern.log
  2. $ tailf /var/log/kern.log
  3. # tailf /var/log/messages
  4. # tailf /var/log/sys/messages

Answer(s): B


Reference:

https://tecadmin.net/enable-logging-in-iptables-on-linux/



Which of the following technique involves scanning the headers of IP packets leaving a network to make sure that the unauthorized or malicious traffic never leaves the internal network?

  1. Egress Filtering
  2. Throttling
  3. Rate Limiting
  4. Ingress Filtering

Answer(s): A


Reference:

https://grokdesigns.com/wp-content/uploads/2018/04/CEH-v9-Notes.pdf (99)



Which of the following formula is used to calculate the EPS of the organization?

  1. EPS = average number of correlated events / time in seconds
  2. EPS = number of normalized events / time in seconds
  3. EPS = number of security events / time in seconds
  4. EPS = number of correlated events / time in seconds

Answer(s): A



Juliea a SOC analyst, while monitoring logs, noticed large TXT, NULL payloads. What does this indicate?

  1. Concurrent VPN Connections Attempt
  2. DNS Exfiltration Attempt
  3. Covering Tracks Attempt
  4. DHCP Starvation Attempt

Answer(s): B


Reference:

https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&ved=2ahUKEwj8gZaKq_PuAhWGi1wKHfQTC0oQFjAAegQIARAD&url=https%3A%2F%2Fconf.splunk.com%2Fsession%2F2014%2Fconf2014_FredWilmotSanfordOwings_Splunk_Security.pdf&usg=AOvVaw3ZLfzGqM-VUG7xKtze67ac



Viewing page 15 of 26



Post your Comments and Discuss EC-Council 312-39 exam prep with other Community members:

312-39 Exam Discussions & Posts