Cisco®
CompTIA
Checkpoint
ISC
EC-Council
EXIN
Fortinet
ITIL®
Juniper
Microsoft
VMware
Avaya
SAP
Google
Salesforce
Amazon
Palo Alto Networks
ISC2
All Vendors
  2. Home
  3. Exams
  4. EC-Council
  5. 312-39v2

Free EC-Council 312-39v2 Exam Questions (page: 11)

Page 4 of 21
PDF with 100 Questions

A SOC analyst is responsible for designing a security dashboard that provides real-time monitoring of security threats. The organization wants to avoid overwhelming analysts with excessive information and focus on the most critical security alerts to ensure timely responses to potential threats.
Which principle should guide the design of the dashboard?

  1. Restrict dashboard access to only network administrators
  2. Prioritize critical information and remove unnecessary details
  3. Include as much data as possible to ensure complete visibility
  4. Use only historical data to avoid real-time inconsistencies

Answer(s): B

Explanation:

The principle of prioritizing critical information and removing unnecessary details ensures that the dashboard highlights the most important security alerts. This approach helps SOC analysts focus on actionable threats, reduces alert fatigue, and enables timely response to potential security incidents.



The Security Operations Center (SOC) team at Rapid Response Group, a leading cybersecurity firm, is facing challenges in managing security incidents efficiently. With an increasing volume of alerts and security events being generated daily in their Microsoft Sentinel environment, the team is struggling to respond to threats quickly and consistently. To enhance their incident response capabilities, they aim to automate routine security tasks, such as log collection, alert triaging, remediation steps, and notifications to stakeholders. By implementing automated workflows, they seek to reduce response times, eliminate manual intervention for repetitive actions, and ensure a standardized approach to handling security threats across the organization.
Which component of Microsoft Sentinel should they utilize to create these automated workflows for incident response?

  1. Playbooks
  2. Community
  3. Workspace
  4. Analytics

Answer(s): A

Explanation:

In Microsoft Sentinel, Playbooks are automated workflows built using Azure Logic Apps. They enable the SOC team to automate routine tasks such as alert triaging, remediation, log collection, and notifications.
Implementing Playbooks helps standardize incident response, reduce manual effort, and improve response times.



The SOC team found a suspicious document file on a user's workstation. Upon initial inspection, the document appears benign, but deeper analysis reveals an embedded PowerShell script. The team suspects the script is designed to download and execute a malicious payload. They need to understand the script's functionality without triggering it.
Which malware analysis technique would be recommended technique for the SOC team to understand the PowerShell script's functionality without executing it?

  1. Automated behavioral analysis
  2. Network traffic analysis
  3. Dynamic analysis
  4. Static analysis

Answer(s): D

Explanation:

Static analysis involves examining the code or content of a file without executing it. By analyzing the embedded PowerShell script statically, the SOC team can understand its functionality, detect malicious commands, and identify potential payloads without risking system compromise, making it the recommended approach in this scenario.



A major financial institution has strict policies preventing unauthorized data transfers. As a SOC analyst, you are conducting routine log analysis when you detect an anomaly ­ an employee's workstation is initiating large file transfers outside of business hours. The files in question contain highly sensitive customer financial records. Upon further investigation, you discover that the employee has been remotely accessing the system from an unfamiliar IP address. Security logs also flag an unauthorized USB device connected to the workstation, violating corporate policy. Given the nature of the data involved and the possibility of data exfiltration, you need to act swiftly.
What will be your first step in responding to this incident?

  1. Isolate employee's workstation and revoke remote access
  2. Conduct a full forensic analysis first
  3. Inform employee's department and wait for evidence
  4. Disable corporate VPN entirely

Answer(s): A

Explanation:

The first step in responding to a potential data exfiltration incident is to contain the threat. Isolating the employee's workstation and revoking remote access prevents further unauthorized data transfer, limits potential damage, and preserves evidence for subsequent investigation, ensuring immediate mitigation of risk.



Jannet works in a multinational corporation that operates multiple data centers, cloud environments, and on- premises systems as a SOC analyst, she notices that security incidents are taking too long to detect and investigate. After analyzing this, she discovers that logs from firewalls, endpoint security solutions, authentication servers, and cloud applications are scattered across different systems in various formats hence her team has to manually convert logs into a readable format before investigating incidents.
What approach should she implement to enable accepting the logs from heterogeneous sources with different formats and converting them into common format and improving incident detection and response time?

  1. Log normalization
  2. Log transformation
  3. Log collection
  4. Log correlation

Answer(s): A

Explanation:

Log normalization is the process of converting logs from heterogeneous sources into a common, standardized format. This enables the SOC team to efficiently parse, analyze, and correlate data across different systems, improving incident detection, investigation speed, and response time.



Viewing page 11 of 21
Viewing questions 51 - 55 out of 100 questions



Post your Comments and Discuss EC-Council 312-39v2 exam prep with other Community members:

312-39v2 Exam Discussions & Posts