Question 1

Jane, a security analyst, while analyzing IDS logs, detected an event matching Regex /((\<)|<)((\i)|i|(\

I))((\m)|m|(\M))((\g)|g|(\G))[^\n]+((\>)|>)/|.

What does this event log indicate?

Options :

A : Directory Traversal Attack

B : Parameter Tampering Attack

C : XSS Attack

D : SQL Injection Attack

Answer: C

Question 2

Jony, a security analyst, while monitoring IIS logs, identified events shown in the figure below

What does this event log indicate?

Options :

A : Parameter Tampering Attack

B : XSS Attack

C : Directory Traversal Attack

D : SQL Injection Attack

Answer: A

Question 3

According to the forensics investigation process, what is the next step carried out right after collecting the

evidence?

Options :

A : Create a Chain of Custody Document

B : Send it to the nearby police station

C : Set a Forensic lab

D : Call Organizational Disciplinary Team

Answer: A

Question 4

Which of the following command is used to view iptables logs on Ubuntu and Debian distributions?

Options :

A : $ tailf /var/log/sys/kern.log

B : $ tailf /var/log/kern.log

C : # tailf /var/log/messages

D : # tailf /var/log/sys/messages

Answer: B

Question 5

John as a SOC analyst is worried about the amount of Tor traffic hitting the network. He wants to prepare a

dashboard in the SIEM to get a graph to identify the locations from where the TOR traffic is coming.

Which of the following data source will he use to prepare the dashboard?

Options :

A : DHCP/Logs capable of maintaining IP addresses or hostnames with IPtoName resolution

B : IIS/Web Server logs with IP addresses and user agent IPtouseragent resolution.

C : DNS/ Web Server logs with IP addresses.

D : Apache/ Web Server logs with IP addresses and Host Name

Answer: D

Higher Test Marks with Free Online 312-39 Exam Practice