312-39 Exam, Free Questions and Answers, Page 1

Question 1

Bonney's system has been compromised by a gruesome malware.
What is the primary step that is advisable to Bonney in order to contain the malware incident from
spreading?

A. Complaint to police in a formal way regarding the incident
B. Turn off the infected machine
C. Leave it to the network administrators to handle
D. Call the legal department in the organization and inform about the incident

Answer:

B

User Votes:

A

50%

B

50%

C

50%

D

50%

Discussions

vote your answer:

A

B

C

D

0 / 1000

Question 2

According to the forensics investigation process, what is the next step carried out right after
collecting the evidence?

A. Create a Chain of Custody Document
B. Send it to the nearby police station
C. Set a Forensic lab
D. Call Organizational Disciplinary Team

Answer:

A

User Votes:

A

50%

B

50%

C

50%

D

50%

Discussions

vote your answer:

A

B

C

D

0 / 1000

Question 3

Which one of the following is the correct flow for Setting Up a Computer Forensics Lab?

A. Planning and budgeting > Physical location and structural design considerations > Work area considerations > Human resource considerations > Physical security recommendations > Forensics lab licensing
B. Planning and budgeting > Physical location and structural design considerations> Forensics lab licensing > Human resource considerations > Work area considerations > Physical security recommendations
C. Planning and budgeting > Forensics lab licensing > Physical location and structural design considerations > Work area considerations > Physical security recommendations > Human resource considerations
D. Planning and budgeting > Physical location and structural design considerations > Forensics lab licensing >Work area considerations > Human resource considerations > Physical security recommendations

Answer:

A

User Votes:

A

50%

B

50%

C

50%

D

50%

Reference:
https://info-savvy.com/setting-up-a-computer-forensics-lab/

Discussions

vote your answer:

A

B

C

D

0 / 1000

Question 4

Which of the following directory will contain logs related to printer access?

A. /var/log/cups/Printer_log file
B. /var/log/cups/access_log file
C. /var/log/cups/accesslog file
D. /var/log/cups/Printeraccess_log file

Answer:

A

User Votes:

A

50%

B

50%

C

50%

D

50%

Discussions

vote your answer:

A

B

C

D

0 / 1000

Question 5

Which
of the following command is used to enable logging in iptables?

A. $ iptables -B INPUT -j LOG
B. $ iptables -A OUTPUT -j LOG
C. $ iptables -A INPUT -j LOG
D. $ iptables -B OUTPUT -j LOG

Answer:

B

User Votes:

A

50%

B

50%

C

50%

D

50%

Reference:
https://tecadmin.net/enable-logging-in-iptables-on-linux/

Discussions

vote your answer:

A

B

C

D

0 / 1000

Question 6

Ray
is a SOC analyst in a company named Queens Tech. One Day, Queens Tech is affected by a DoS/DDoS
attack. For the containment of this incident, Ray and his team are trying to provide additional
bandwidth to the network devices and increasing the capacity of the servers.
What is Ray and his team doing?

A. Blocking the Attacks
B. Diverting the Traffic
C. Degrading the services
D. Absorbing the Attack

Answer:

D

User Votes:

A

50%

B

50%

C

50%

D

50%

Discussions

vote your answer:

A

B

C

D

0 / 1000

Question 7

Identify the attack when an attacker by several trial and error can read the contents of a password
file present in the restricted etc folder just by manipulating the URL in the browser as shown:
http://www.terabytes.com/process.php./../../../../etc/passwd

A. Directory Traversal Attack
B. SQL Injection Attack
C. Denial-of-Service Attack
D. Form Tampering Attack

Answer:

B

User Votes:

A

50%

B

50%

C

50%

D

50%

Reference:
https://doc.lagout.org/security/SQL%20Injection%20Attacks%20and%20Defense.pdf

Discussions

vote your answer:

A

B

C

D

0 / 1000

Question 8

Which encoding replaces unusual ASCII characters with "%" followed by the characters two-digit
ASCII code expressed in hexadecimal?

A. Unicode Encoding
B. UTF Encoding
C. Base64 Encoding
D. URL Encoding

Answer:

D

User Votes:

A

50%

B

50%

C

50%

D

50%

Reference:
https://ktflash.gitbooks.io/ceh_v9/content/125_countermeasures.html

Discussions

vote your answer:

A

B

C

D

0 / 1000

Question 9

Which of the following formula represents the risk?

A. Risk = Likelihood × Severity × Asset Value
B. Risk = Likelihood × Consequence × Severity
C. Risk = Likelihood × Impact × Severity
D. Risk = Likelihood × Impact × Asset Value

Answer:

B

User Votes:

A

50%

B

50%

C

50%

D

50%

Discussions

vote your answer:

A

B

C

D

0 / 1000

Question 10

The Syslog message severity levels are labelled from level 0 to level 7.
What does level 0 indicate?

A. Alert
B. Notification
C. Emergency
D. Debugging

Answer:

B

User Votes:

A

50%

B

50%

C

50%

D

50%

Discussions

vote your answer:

A

B

C

D

0 / 1000

Question 11

Where will you find the reputation IP database, if you want to monitor traffic from known bad IP
reputation using OSSIM SIEM?

A. /etc/ossim/reputation
B. /etc/ossim/siem/server/reputation/data
C. /etc/siem/ossim/server/reputation.data
D. /etc/ossim/server/reputation.data

Answer:

A

User Votes:

A

50%

B

50%

C

50%

D

50%

Discussions

vote your answer:

A

B

C

D

0 / 1000

Question 12

According to the Risk Matrix table, what will be the risk level when the probability of an attack is very
low and the impact of that attack is major?

A. High
B. Extreme
C. Low
D. Medium

Answer:

C

User Votes:

A

50%

B

50%

C

50%

D

50%

Reference:
https://www.moheri.gov.om/userupload/Policy/IT%20Risk%20Management%20Framework.pdf
(17)

Discussions

vote your answer:

A

B

C

D

0 / 1000

Question 13

Which of the following command is used to view iptables logs on Ubuntu and Debian distributions?

A. $ tailf /var/log/sys/kern.log
B. $ tailf /var/log/kern.log
C. # tailf /var/log/messages
D. # tailf /var/log/sys/messages

Answer:

B

User Votes:

A

50%

B

50%

C

50%

D

50%

Reference:
https://tecadmin.net/enable-logging-in-iptables-on-linux/

Discussions

vote your answer:

A

B

C

D

0 / 1000

Question 14

Which of the following technique involves scanning the headers of IP packets leaving a network to
make sure
that the unauthorized or malicious traffic never leaves the internal network?

A. Egress Filtering
B. Throttling
C. Rate Limiting
D. Ingress Filtering

Answer:

A

User Votes:

A

50%

B

50%

C

50%

D

50%

Reference:
https://grokdesigns.com/wp-content/uploads/2018/04/CEH-v9-Notes.pdf
(99)

Discussions

vote your answer:

A

B

C

D

0 / 1000

Question 15

Which of the following formula is used to calculate the EPS of the organization?

A. EPS = average number of correlated events / time in seconds
B. EPS = number of normalized events / time in seconds
C. EPS = number of security events / time in seconds
D. EPS = number of correlated events / time in seconds

Answer:

A

User Votes:

A

50%

B

50%

C

50%

D

50%

Discussions

vote your answer:

A

B

C

D

0 / 1000

Eccouncil 312-39 Exam Questions

Page 1 out of 7. Viewing questions 1-15 out of 100

Question 1

Answer:

User Votes:

Question 2

Answer:

User Votes:

Question 3

Answer:

User Votes:

Question 4

Answer:

User Votes:

Question 5

Answer:

User Votes:

Question 6

Answer:

User Votes:

Question 7

Answer:

User Votes:

Question 8

Answer:

User Votes:

Question 9

Answer:

User Votes:

Question 10

Answer:

User Votes:

Question 11

Answer:

User Votes:

Question 12

Answer:

User Votes:

Question 13

Answer:

User Votes:

Question 14

Answer:

User Votes:

Question 15

Answer:

User Votes: