CERTIFICATIONS

We provide the latest IT certification practice exams in a variety of formats and

for all types of IT professionals. Our commitment to get you certified in the
shortest and easiest way is evident in the quality of our products.
Our state-of-the-art Test Engine Software simulates the real exam environment
and are available for: Windows (.EXE), Android App (.APK) and eReader (eBook)
formats. These questions and answers will help you pass your certification exam
on your first try or we refund your MONEY in full.

Xcerts Certifications
[email protected] | http://Xcerts.com
 ECCouncil
312-39
Certified SOC Analyst Exam
 312-39

QUESTION: 1
Bonney's system has been compromised by a gruesome malware.
What is the primary step that is advisable to Bonney in order to contain the malware incident
from spreading?

A. Complaint to police in a formal way regarding the incident

B. Turn off the infected machine
C. Leave it to the network administrators to handle
D. Call the legal department in the organization and inform about the incident

Answer(s): B

QUESTION: 2
According to the forensics investigation process, what is the next step carried out right after
collecting the evidence?

A. Create a Chain of Custody Document

B. Send it to the nearby police station
C. Set a Forensic lab
D. Call Organizational Disciplinary Team

Answer(s): A

QUESTION: 3
Which one of the following is the correct flow for Setting Up a Computer Forensics Lab?

A. Planning and budgeting –> Physical location and structural design considerations –> Work
area considerations –> Human resource considerations –> Physical security recommendations
–> Forensics lab licensing
B. Planning and budgeting –> Physical location and structural design considerations–>
Forensics lab licensing –> Human resource considerations –> Work area considerations –>
Physical security recommendations
C. Planning and budgeting –> Forensics lab licensing –> Physical location and structural design
considerations –> Work area considerations –> Physical security recommendations –> Human
resource considerations
D. Planning and budgeting –> Physical location and structural design considerations –>
Forensics lab licensing –>Work area considerations –> Human resource considerations –>
Physical security recommendations

Answer(s): A
Reference:
https://info-savvy.com/setting-up-a-computer-forensics-lab/

QUESTION: 4

https://Xcerts.com 2
 312-39

Which of the following directory will contain logs related to printer access?

A. /var/log/cups/Printer_log file
B. /var/log/cups/access_log file
C. /var/log/cups/accesslog file
D. /var/log/cups/Printeraccess_log file

Answer(s): A

QUESTION: 5
Which of the following command is used to enable logging in iptables?

A. $ iptables -B INPUT -j LOG

B. $ iptables -A OUTPUT -j LOG
C. $ iptables -A INPUT -j LOG
D. $ iptables -B OUTPUT -j LOG

Answer(s): B
Reference:
https://tecadmin.net/enable-logging-in-iptables-on-linux/

QUESTION: 6
Ray is a SOC analyst in a company named Queens Tech. One Day, Queens Tech is affected
by a DoS/DDoS attack. For the containment of this incident, Ray and his team are trying to
provide additional bandwidth to the network devices and increasing the capacity of the servers.

What is Ray and his team doing?

A. Blocking the Attacks

B. Diverting the Traffic
C. Degrading the services
D. Absorbing the Attack

Answer(s): D

QUESTION: 7
Identify the attack when an attacker by several trial and error can read the contents of a
password file present in the restricted etc folder just by manipulating the URL in the browser as
shown:

http://www.terabytes.com/process.php./../../../../etc/passwd

A. Directory Traversal Attack

B. SQL Injection Attack

https://Xcerts.com 3