Which of the following data source will a SOC Analyst use to monitor connections to the insecure ports?

• A.Netstat Data
• B.DHCP Data
• C.IIS Data
• D.DNS Data

Comment: *

Name: *

Email: *

Verification: *

John, a SOC analyst, while monitoring and analyzing Apache web server logs, identified an event log matching Regex /(\.|(%|%25)2E)(\.|(%|%25)2E)(\/|(%|%25)2F|\\|(%|%25)5C)/i.
What does this event log indicate?

• A.XSS Attack
• B.SQL injection Attack
• C.Directory Traversal Attack
• D.Parameter Tampering Attack

Correct Answer: C

Comment: *

Name: *

Email: *

Verification: *

David is a SOC analyst in Karen Tech. One day an attack is initiated by the intruders but David was not able to find any suspicious events.
This type of incident is categorized into?

• A.False positive Incidents
• B.True Negative Incidents
• C.False Negative Incidents
• D.True Positive Incidents

Comment: *

Name: *

Email: *

Verification: *

Which of the following data source can be used to detect the traffic associated with Bad Bot User-Agents?

• A.Switch Logs
• B.Router Logs
• C.Web Server Logs
• D.Windows Event Log

Comment: *

Name: *

Email: *

Verification: *

In which log collection mechanism, the system or application sends log records either on the local disk or over the network.

• A.rule-based
• B.pull-based
• C.push-based
• D.signature-based

Correct Answer: C

Comment: *

Name: *

Email: *

Verification: *