Cisco®
CompTIA
Checkpoint
ISC
EC-Council
EXIN
Fortinet
ITIL®
Juniper
Microsoft
VMware
Avaya
SAP
Google
Salesforce
Amazon
Palo Alto Networks
ISC2
All Vendors
  2. Home
  3. Exams
  4. EC-Council
  5. 312-39v2

Free EC-Council 312-39v2 Exam Questions (page: 3)

Page 3 of 21
PDF with 100 Questions

A Security Operations Center (SOC) analyst receives a high-priority alert indicating unusual user activity. An employee account is attempting to access company resources from a different country and outside of their normal working hours. This behavior raises concerns about potential account compromise or unauthorized access to automate the initial response and quickly restrict access while further investigating the incident, which SOAR Playbook would be relevant to adapt and implement?

  1. Deprovisioning Users SOAR Playbook
  2. Phishing Investigations SOAR Playbook
  3. Alert Enrichment SOAR Playbook
  4. Malware Containment SOAR Playbook

Answer(s): A

Explanation:

The Deprovisioning Users SOAR Playbook is designed to automatically respond to suspicious account activity, such as unusual logins or potential account compromise. It can restrict or disable access quickly while initiating further investigation, making it the appropriate playbook for this scenario.



A government agency responsible for protecting sensitive information needs to monitor its network for unusual data exfiltration attempts. Since traditional log data alone is insufficient to identify suspicious traffic patterns, the SIEM team decides to integrate traffic flow data into their system. This data will help detect anomalies, such as large data transfers to unauthorized destinations or unexpected traffic spikes. The team must choose the appropriate protocol to collect IP traffic information from network devices like routers and switches.
Which protocol should be used to collect this data?

  1. Syslog
  2. SNMP (Simple Network Management Protocol)
  3. IPFIX (IP Flow Information Export)
  4. Net Flow (RFC 3954)

Answer(s): C

Explanation:

IPFIX (IP Flow Information Export) is a protocol designed to collect and export IP traffic flow information from network devices. It provides detailed traffic data that SIEM systems can use to detect anomalies such as unusual data exfiltration, large transfers, or unexpected traffic patterns, making it suitable for monitoring sensitive government networks.



SecureTech Solutions, a managed security service provider (MSSP), is optimizing its log management architecture to enhance log storage, retrieval, and analysis efficiency. The SOC team needs to ensure that security logs are stored in a structured or semi-structured format, allowing for easy parsing, querying, and correlation of security events. To achieve this, they decide to implement a log storage format that organizes data in a text file in tabular structure, ensuring each log entry is stored in rows and columns. Additionally, they require a format that supports easy export to databases or spreadsheet-based analysis while maintaining readability.
Which log format should the SOC team choose to store logs in a structured or semi structured format for efficient analysis?

  1. Syslog Format
  2. Cloud Storage
  3. Comma-Separated Values (CSV) Format
  4. Database

Answer(s): C

Explanation:

Comma-Separated Values (CSV) format organizes log data in a tabular structure with rows and columns, making it both human-readable and easy to parse, query, or export to databases and spreadsheets. This structured format supports efficient analysis and correlation of security events, aligning with the SOC team's requirements.



A large web hosting service provider Web4Everyone is responsible for hosting multiple major websites, social media platforms and more. You are working here as a L1 SOC analyst responsible for investigating web server logs for potential malicious activity. Recently, your team detected multiple failed login attempts and unusual traffic patterns targeting the company's web application. To efficiently analyze the logs and identify key details such as the remote host, username, timestamp, requested resource, and HTTP status code, and user-agent you need a structured log format that ensures quick and accurate parsing.
Which standardized log format will you choose for this scenario?

  1. Extended Log Format (ELF)
  2. Tab-Separated Format
  3. Common Log Format (CLF)
  4. JSON Format

Answer(s): A

Explanation:

The Extended Log Format (ELF) enhances the Common Log Format by including additional fields such as user-agent, referrer, and other custom data. This structured format allows SOC analysts to efficiently parse and analyze web server logs, making it ideal for investigating failed logins and unusual traffic patterns in web applications.



At 10:30 AM, during routine monitoring, SOC's Tier-1 Jennifer detects unusual network traffic and confirms an active LockBit ransomware infection targeting systems in the finance department. She escalates the issue to the SOC lead, Sarah, who activates the Incident Response Team (IRT) and instructs the network team to isolate the finance department's VLAN to prevent further spread across the network.
Which phase of the Incident Response process is currently being implemented?

  1. Notification
  2. Evidence Gathering and Forensic Analysis
  3. Eradication
  4. Containment

Answer(s): D

Explanation:

The Containment phase of the Incident Response process focuses on limiting the impact of an active security incident. In this scenario, isolating the finance department's VLAN to prevent the ransomware from spreading is a clear example of containment actions.



Viewing page 3 of 21
Viewing questions 11 - 15 out of 100 questions



Post your Comments and Discuss EC-Council 312-39v2 exam prep with other Community members:

312-39v2 Exam Discussions & Posts