Question 1

What does HTTPS Status code 403 represents?

Options :

A : Unauthorized Error

B : Not Found Error

C : Internal Server Error

D : Forbidden Error

Answer: D

Question 2

John, SOC analyst wants to monitor the attempt of process creation activities from any of their Windows

endpoints.

Which of following Splunk query will help him to fetch related logs associated with process creation?

Options :

A : index=windows LogName=Security EventCode=4678 NOT (Account_Name=*$) .. .. ... ..

B : index=windows LogName=Security EventCode=4688 NOT (Account_Name=*$) .. .. ..

C : index=windows LogName=Security EventCode=3688 NOT (Account_Name=*$) .. .. ..

D : index=windows LogName=Security EventCode=5688 NOT (Account_Name=*$) ... ... ...

Answer: B

Question 3

Which of the following can help you eliminate the burden of investigating false positives?

Options :

A : Keeping default rules

B : Not trusting the security devices

C : Treating every alert as high level

D : Ingesting the context data

Answer: A

Question 4

Jony, a security analyst, while monitoring IIS logs, identified events shown in the figure below

What does this event log indicate?

Options :

A : Parameter Tampering Attack

B : XSS Attack

C : Directory Traversal Attack

D : SQL Injection Attack

Answer: A

Question 5

Rinni, SOC analyst, while monitoring IDS logs detected events shown in the figure below

What does this event log indicate?

Options :

A : Directory Traversal Attack

B : XSS Attack

C : SQL Injection Attack

D : Parameter Tampering Attack

Answer: D

Higher Test Marks with Free Online 312-39 Exam Practice