312-39 Free Practice Test

Which of the following is a report writing tool that will help incident handlers to generate efficient reports on detected incidents during incident response process?

1. A. threat_note
2. B. MagicTree
3. C. IntelMQ
4. D. Malstrom

Correct Answer: C

Where will you find the reputation IP database, if you want to monitor traffic from known bad IP reputation using OSSIM SIEM?

1. A. /etc/ossim/reputation
2. B. /etc/ossim/siem/server/reputation/data
3. C. /etc/siem/ossim/server/reputation.data
4. D. /etc/ossim/server/reputation.data

Correct Answer: A

Which of the following security technology is used to attract and trap people who attempt unauthorized or illicit utilization of the host system?

1. A. De-Militarized Zone (DMZ)
2. B. Firewall
3. C. Honeypot
4. D. Intrusion Detection System

Correct Answer: C

Ray is a SOC analyst in a company named Queens Tech. One Day, Queens Tech is affected by a DoS/DDoS attack. For the containment of this incident, Ray and his team are trying to provide additional bandwidth to the network devices and increasing the capacity of the servers.
What is Ray and his team doing?

1. A. Blocking the Attacks
2. B. Diverting the Traffic
3. C. Degrading the services
4. D. Absorbing the Attack

Correct Answer: D

Which of the following are the responsibilities of SIEM Agents?
* 1. Collecting data received from various devices sending data to SIEM before forwarding it to the central engine.
* 2. Normalizing data received from various devices sending data to SIEM before forwarding it to the central engine.
* 3. Co-relating data received from various devices sending data to SIEM before forwarding it to the central engine.
* 4. Visualizing data received from various devices sending data to SIEM before forwarding it to the central engine.

1. A. 1 and 2
2. B. 2 and 3
3. C. 1 and 4
4. D. 3 and 1

Correct Answer: C