EC-Council 312-39v2 Exam Practice Questions (P. 2)

A Security Operations Center (SOC) analyst receives a high-priority alert indicating unusual user activity. An employee account is attempting to access company resources from a different country and outside of their normal working hours. This behavior raises concerns about potential account compromise or unauthorized access to automate the initial response and quickly restrict access while further investigating the incident, which SOAR Playbook would be relevant to adapt and implement?

A government agency responsible for protecting sensitive information needs to monitor its network for unusual data exfiltration attempts. Since traditional log data alone is insufficient to identify suspicious traffic patterns, the SIEM team decides to integrate traffic flow data into their system. This data will help detect anomalies, such as large data transfers to unauthorized destinations or unexpected traffic spikes. The team must choose the appropriate protocol to collect IP traffic information from network devices like routers and switches. Which protocol should be used to collect this data?

SecureTech Solutions, a managed security service provider (MSSP), is optimizing its log management architecture to enhance log storage, retrieval, and analysis efficiency. The SOC team needs to ensure that security logs are stored in a structured or semi-structured format, allowing for easy parsing, querying, and correlation of security events. To achieve this, they decide to implement a log storage format that organizes data in a text file in tabular structure, ensuring each log entry is stored in rows and columns. Additionally, they require a format that supports easy export to databases or spreadsheet-based analysis while maintaining readability. Which log format should the SOC team choose to store logs in a structured or semi structured format for efficient analysis?

A large web hosting service provider Web4Everyone is responsible for hosting multiple major websites, social media platforms and more. You are working here as a L1 SOC analyst responsible for investigating web server logs for potential malicious activity. Recently, your team detected multiple failed login attempts and unusual traffic patterns targeting the company’s web application. To efficiently analyze the logs and identify key details such as the remote host, username, timestamp, requested resource, and HTTP status code, and user-agent you need a structured log format that ensures quick and accurate parsing. Which standardized log format will you choose for this scenario?

At 10:30 AM, during routine monitoring, SOC’s Tier-1 Jennifer detects unusual network traffic and confirms an active LockBit ransomware infection targeting systems in the finance department. She escalates the issue to the SOC lead, Sarah, who activates the Incident Response Team (IRT) and instructs the network team to isolate the finance department’s VLAN to prevent further spread across the network. Which phase of the Incident Response process is currently being implemented?