Question 1

John as a SOC analyst is worried about the amount of Tor traffic hitting the network. He wants to prepare a

dashboard in the SIEM to get a graph to identify the locations from where the TOR traffic is coming.

Which of the following data source will he use to prepare the dashboard?

Options :

A : DHCP/Logs capable of maintaining IP addresses or hostnames with IPtoName resolution

B : IIS/Web Server logs with IP addresses and user agent IPtouseragent resolution.

C : DNS/ Web Server logs with IP addresses.

D : Apache/ Web Server logs with IP addresses and Host Name

Answer: D

Question 2

Which of the following command is used to view iptables logs on Ubuntu and Debian distributions?

Options :

A : $ tailf /var/log/sys/kern.log

B : $ tailf /var/log/kern.log

C : # tailf /var/log/messages

D : # tailf /var/log/sys/messages

Answer: B

Question 3

According to the forensics investigation process, what is the next step carried out right after collecting the

evidence?

Options :

A : Create a Chain of Custody Document

B : Send it to the nearby police station

C : Set a Forensic lab

D : Call Organizational Disciplinary Team

Answer: A

Question 4

What does HTTPS Status code 403 represents?

Options :

A : Unauthorized Error

B : Not Found Error

C : Internal Server Error

D : Forbidden Error

Answer: D

Question 5

Which of the following can help you eliminate the burden of investigating false positives?

Options :

A : Keeping default rules

B : Not trusting the security devices

C : Treating every alert as high level

D : Ingesting the context data

Answer: A

Higher Test Marks with Free Online 312-39 Exam Practice