Certified SOC Analyst

Here you have the best EC-Council 312-39 practice exam questions

  • You have 84 total questions to study from
  • Each page has 5 questions, making a total of 17 pages
  • You can navigate through the pages using the buttons at the bottom
  • This questions were last updated on December 1, 2024
Question 1 of 84

Bonney's system has been compromised by a gruesome malware.

What is the primary step that is advisable to Bonney in order to contain the malware incident from spreading?

    Correct Answer: B

    The primary step to contain a malware incident from spreading is to turn off the infected machine. This action isolates the compromised system from the network, preventing the malware from propagating to other devices or accessing further sensitive data. Once the machine is turned off and isolated, additional actions can be taken to investigate and remediate the incident.

Question 2 of 84

According to the forensics investigation process, what is the next step carried out right after collecting the evidence?

    Correct Answer: A

    After collecting the evidence in a forensics investigation process, the next crucial step is to create a Chain of Custody Document. This ensures that there is a detailed and continuous record tracking the evidence from the moment it is collected until it is needed in court or for analysis. Maintaining a proper chain of custody is vital to preserve the integrity and admissibility of the evidence.

Question 3 of 84

Which one of the following is the correct flow for Setting Up a Computer Forensics Lab?

    Correct Answer: A

    The correct flow for setting up a computer forensics lab should begin with planning and budgeting, followed by considering the physical location and structural design. Next, it's essential to address work area considerations to ensure functionality and efficiency. Human resource considerations come next to determine the required staff and their qualifications. Physical security recommendations should then be planned to safeguard the lab's integrity. Finally, obtaining the necessary forensics lab licensing ensures legal compliance and operational permissions.

Question 4 of 84

Which of the following directory will contain logs related to printer access?

    Correct Answer: B

    Logs related to printer access are typically stored in the /var/log/cups directory, specifically in the access_log file. This file keeps track of all access-related events for the Common UNIX Printing System (CUPS). The /var/log/cups/access_log file is the correct location for printer access logs.

Question 5 of 84

Which of the following command is used to enable logging in iptables?

    Correct Answer: C

    To enable logging in iptables, you need to add a rule to the INPUT chain to log incoming packets. The correct command to achieve this is $ iptables -A INPUT -j LOG. This command appends a logging rule to the INPUT chain, allowing you to monitor and log incoming traffic to the system.