Free 312-39 Practice Test Questions 2026

Jane, a security analyst, while analyzing IDS logs, detected an event matching Regex
/((\%3C)|<)((\%69)|i|(\% 49))((\%6D)|m|(\%4D))((\%67)|g|(\%47))[^\n]+((\%3E)|>)/|.
What does this event log indicate?

A.

Directory Traversal Attack

B.

Parameter Tampering Attack

C.

XSS Attack

D.

SQL Injection Attack

Harley is working as a SOC analyst with Powell Tech. Powell Inc. is using Internet
Information Service (IIS) version 7.0 to host their website.
Where will Harley find the web server logs, if he wants to investigate them for any
anomalies?

A.

SystemDrive%\inetpub\logs\LogFiles\W3SVCN

B.

SystemDrive%\LogFiles\inetpub\logs\W3SVCN

C.

%SystemDrive%\LogFiles\logs\W3SVCN

D.

SystemDrive%\ inetpub\LogFiles\logs\W3SVCN

In which of the following incident handling and response stages, the root cause of the incident must be found from the forensic results?

A.

Evidence Gathering

B.

Evidence Handling

C.

Eradication

D.

Systems Recovery

Which of the following data source can be used to detect the traffic associated with Bad Bot User-Agents?

A.

Windows Event Log

B.

Web Server Logs

C.

Router Logs

D.

Switch Logs

Emmanuel is working as a SOC analyst in a company named Tobey Tech. The manager of Tobey Tech recently recruited an Incident Response Team (IRT) for his company. In the process of collaboration with the IRT, Emmanuel just escalated an incident to the IRT. What is the first step that the IRT will do to the incident escalated by Emmanuel?

A.

Incident Analysis and Validation

B.

Incident Recording

C.

Incident Classification

D.

Incident Prioritization

In which phase of Lockheed Martin's – Cyber Kill Chain Methodology, adversary creates a deliverable malicious payload using an exploit and a backdoor?

A.

Reconnaissance

B.

Delivery

C.

Weaponization

D.

Exploitation

Which of the following tool can be used to filter web requests associated with the SQL Injection attack?

A.

Nmap

B.

UrlScan

C.

ZAP proxy

D.

Hydra

Which of the following threat intelligence helps cyber security professionals such as
security operations managers, network operations center and incident responders to
understand how the adversaries are expected to perform the attack on the organization,
and the technical capabilities and goals of the attackers along with the attack vectors?

A.

Analytical Threat Intelligence

B.

Operational Threat Intelligence

C.

Strategic Threat Intelligence

D.

Tactical Threat Intelligence

Banter is a threat analyst in Christine Group of Industries. As a part of the job, he is currently formatting and structuring the raw data.
He is at which stage of the threat intelligence life cycle?

A.

Dissemination and Integration

B.

Processing and Exploitation

C.

Collection

D.

Analysis and Production

John, a SOC analyst, while monitoring and analyzing Apache web server logs, identified an event log matching Regex /(\.|(%|%25)2E)(\.|(%|%25)2E)(\/|(%|%25)2F|\\|(%|%25)5C)/i.
What does this event log indicate?

A.

XSS Attack

B.

SQL injection Attack

C.

Directory Traversal Attack

D.

Parameter Tampering Attack

Properly applied cyber threat intelligence to the SOC team help them in discovering TTPs. What does these TTPs refer to?

A.

Tactics, Techniques, and Procedures

B.

Tactics, Threats, and Procedures

C.

Targets, Threats, and Process

D.

Tactics, Targets, and Process

David is a SOC analyst in Karen Tech. One day an attack is initiated by the intruders but David was not able to find any suspicious events. This type of incident is categorized into?

A.

True Positive Incidents

B.

False positive Incidents

C.

True Negative Incidents

D.

False Negative Incidents