Eccouncil 312-39 Exam - Topic 7 Question 4 Discussion

Actual exam question for Eccouncil's 312-39 exam

Question #: 4
Topic #: 7

John as a SOC analyst is worried about the amount of Tor traffic hitting the network. He wants to prepare a dashboard in the SIEM to get a graph to identify the locations from where the TOR traffic is coming.

Which of the following data source will he use to prepare the dashboard?

ADHCP/Logs capable of maintaining IP addresses or hostnames with IPtoName resolution.

BIIS/Web Server logs with IP addresses and user agent IPtouseragent resolution.

CDNS/ Web Server logs with IP addresses.

DApache/ Web Server logs with IP addresses and Host Name.

Show Suggested Answer

Suggested Answer: D

by Joanna at May 05, 2022, 12:04 PM

Limited Time Offer

25%

Off

Get Premium 312-39 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Josephine

4 months ago

I’d go with Apache logs, they give a lot of detail on traffic sources.

upvoted 0 times

...

Edwin

4 months ago

Surprised that Tor traffic is a concern, isn't it usually encrypted?

upvoted 0 times

...

Glenn

4 months ago

Not so sure about that, DNS logs could also provide useful info.

upvoted 0 times

...

Oliva

4 months ago

Totally agree, DHCP logs are key for IP resolution!

upvoted 0 times

...

Micaela

5 months ago

I think DHCP logs would be the best choice for tracking IPs.

upvoted 0 times

...

Linn

5 months ago

I vaguely recall that Apache logs provide good information about IP addresses, but I’m not sure if they would help pinpoint Tor traffic specifically.

upvoted 0 times

...

Jenise

5 months ago

I feel like DNS logs might be relevant too, especially since they can show requests made to known Tor exit nodes.

upvoted 0 times

...

Elinore

5 months ago

I think IIS logs could be useful since they include user agent info, but I’m not entirely confident if that’s the best choice for identifying Tor traffic.

upvoted 0 times

...

Cordelia

5 months ago

I remember we discussed how DHCP logs can help track IP addresses, but I'm not sure if they would give enough detail for Tor traffic specifically.

upvoted 0 times

...

Ariel

5 months ago

This seems like a pretty straightforward question. I'd go with Custom Vision object detection - it's designed for identifying objects in images, which is exactly what we need here.

upvoted 0 times

...

Sheron

5 months ago

Okay, let me see if I can break this down. The key is to identify the step that is NOT required. Based on my understanding, comparing the original use of personal data to post-merger use is a crucial part of the diligence process, so I don't think that's the answer. I'm leaning towards C as the correct choice.

upvoted 0 times

...

Noel

5 months ago

I'm pretty confident that consensus leasing and synchronous leasing are the two correct answers here. Those scenarios definitely require node manager, but I'm not as sure about the other options.

upvoted 0 times

...

Sabrina

5 months ago

Okay, I think I've got a handle on this. The key is to focus on the svcprop command and what it can tell us about the system's configuration.

upvoted 0 times

...

Fletcher

5 months ago

Okay, let me think this through step-by-step. HIPAA is about protecting personal health information, so it makes sense that it would cover more than just paper records. I'll go with D - All of the above.

upvoted 0 times

...