312-39 Certified SOC Analyst (CSA) Exam
Exam Information
The CSA exam (312-39) is available at the ECC Exam Centre.
CSA Exam Details
Duration 3 Hours
Questions 100
Clause: Age Requirements and Policies Concerning Minors
The age requirement for attending the training or the exam is restricted to any candidate that is permitted by his/her country of origin/residency.
If the candidate is under the legal age as permitted by his/her country of origin/residency, they are not eligible to attend the official training or eligible to attempt the certification exam unless they provide the accredited training center/EC-Council a written consent/indemnity of their parent/legal guardian and a supporting letter from their institution of higher learning. Only candidates from a nationally accredited institution of higher learning shall be considered.
Disclaimer: EC-Council reserves the right to impose additional restriction to comply with the policy. Failure to act in accordance with this clause shall render the authorized training center in violation of their agreement with EC-Council. EC-Council reserves the right to revoke the certification of any person in breach of this requirement.
Overview
On this accelerated EC-Council Certified SOC Analyst (CSA) course, you’ll learn to identify, monitor and analyse cyber-attacks, and use the information to quickly respond to security incidents.
In just 2 days, you’ll build the skill-set you need to work effectively within a security operations centre (SOC). You’ll also learn about security information and event management (SIEM), deployment and architecture.
At the end of your course, you’ll sit Exam 312-39 and return to the office an EC-Council Certified SOC Analyst (CSA).
On this accelerated course, you’ll learn how to:
Recognise attacker tools, behaviours, tools and procedures
Use the Centralised Log Management (CLM) process
Make use of constantly changing threat information
If you’re an aspiring SOC analyst or already are one at a Tier 1 and Tier 2 level, this course is ideal for you.
This course is also designed for security professionals who handle and manage network security operations, like network and security administrators or engineers, or network security operators.
You’ll train at twice the speed with Firebrand’s unique Lecture | Lab | Review methodology. Learn in a distraction-free environment and become an EC-Council Certified SOC Analyst (CSA) in just 2 days.
Seven reasons why you should sit your course with Firebrand Training
Two options of training. Choose between residential classroom-based, or online EC-Council CSA courses
You’ll be EC-Council CSA certified in just 2 days. With us, you’ll be EC-Council CSA trained in record time
Our EC-Council CSA course is all-inclusive. A one-off fee covers all course materials, exams, accommodation and meals. No hidden extras
Pass EC-Council CSA first time or train again for free. This is our guarantee. We’re confident you’ll pass your course first time. But if not, come back within a year and only pay for accommodation, exams and incidental costs
You’ll learn more. A day with a traditional training provider generally runs from 9am – 5pm, with a nice long break for lunch. With Firebrand Training you’ll get at least 12 hours/day quality learning time, with your instructor
You’ll learn EC-Council CSA faster. Chances are, you’ll have a different learning style to those around you. We combine visual, auditory and tactile styles to deliver the material in a way that ensures you will learn faster and more easily
You’ll be studying EC-Council CSA with the best. We’ve been named in Training Industry’s “Top 20 IT Training Companies of the Year” every year since 2010. As well as winning many more awards, we’ve trained and certified 101358 professionals, and we’re partners with all of the big names in the business
Think you are ready for the course? Take a FREE practice test to assess your knowledge!
Benefits of Training with Firebrand
Two options of training – Residential classroom-based, or online courses
A purpose-built training centre – get access to dedicated Pearson VUE Select facilities
Certification Guarantee – pass first time or train again free (just pay for accommodation, exams and incidental costs)
Everything you need to certify – you’ll sit your exam at the earliest available opportunity after the course – either immediately after your classroom course, or as soon as there are slots available, if you’ve taken it online
No hidden extras – one cost covers everything you need to certify
Curriculum
Module 1: Security operations and management
Understand the SOC Fundamentals
Discuss the components of SOC: People, processes and technology
Understand the implementation of SOC
Module 2: Understanding cyber threats, IoCs, and attack methodology
2.1 Describe the term cyber threats and attacks
2.2 Understand the Network Level attacks
2.3 Understand the Host Level attacks
2.4 Understand the Application Level attacks
2.5 Understand the Indicators of Compromise (IoCs)
2.6 Discuss the attacker’s Hacking Methodology
Module 3: Incidents, events and logging
3.1 Understand the fundamentals of incidents, events, and logging
3.2 Explain the concepts of local logging
3.3 Explain the concepts of centralised logging
Module 4: Incident detection with Security Information and Event Management (SIEM)
4.1 Understand the basic concepts of Security Information and Event Management (SIEM)
4.2 Discuss the different SIEM Solutions
4.3 Understand the SIEM Deployment
4.4 Learn different use case examples for Application Level Incident Detection
4.5 Learn different use case examples for Insider Incident Detection
4.6 Learn different use case examples for Network Level Incident Detection
4.7 Learn different use case examples for Host Level Incident Detection
4.8 Learn different use case examples for Compliance
4.9 Understand the concept of handling alert triaging and analysis
Module 5: Enhanced incident detection with threat intelligence
5.1 Learn fundamental concepts on threat intelligence
5.2 Learn different types of threat intelligence
5.3 Understand how threat intelligence strategy is developed
5.4 Learn different threat intelligence sources from which intelligence can be obtained
5.5 Learn different Threat Intelligence Platform (TIP)
5.6 Understand the need of threat intelligence-driven SOC
Module 6: Incident response
6.1 Understand the fundamental concepts of incident response
6.2 Learn various phases in Incident Response Process
6.3 Learn how to respond to Network Security Incidents
6.4 Learn how to respond to Application Security Incidents
6.5 Learn how to respond to Email Security Incidents
6.6 Learn how to respond to Insider Incidents
6.7 Learn how to respond to Malware Incidents
Exam Track
You’ll sit the following exam at the Firebrand Training centre, covered by your Certification Guarantee:
EC-Council Certified SOC Analyst (CSA) – Exam 312-39
Exam format: Multiple-choice
Exam duration: 120 minutes
Number of questions: 100
Passing score: 70%
Language: English
Domains:
1: Security operations and management (5%)
2: Understanding cyber threats, IoCs, and attack methodology (11%)
3: Incidents, events and logging (21%)
4: Incident detection with Security Information and Event Management (SIEM) (26%)
5: Enhanced incident detection with threat intelligence (8%)
6: Incident response (29%)
What’s Included
Your accelerated course includes:
Accommodation *
Meals, unlimited snacks, beverages, tea and coffee *
On-site exams **
Exam vouchers **
Practice tests **
Certification Guarantee ***
Courseware
Up-to 12 hours of instructor-led training each day
24-hour lab access
Digital courseware **
QUESTION 1
Bonney’s system has been compromised by a gruesome malware.
What is the primary step that is advisable to Bonney in order to contain the malware incident from spreading?
A. Complaint to police in a formal way regarding the incident
B. Turn off the infected machine
C. Leave it to the network administrators to handle
D. Call the legal department in the organization and inform about the incident
Correct Answer: B
QUESTION 2
According to the forensics investigation process, what is the next step carried out right after collecting the evidence?
A. Create a Chain of Custody Document
B. Send it to the nearby police station
C. Set a Forensic lab
D. Call Organizational Disciplinary Team
Correct Answer: A
QUESTION 3
Which one of the following is the correct flow for Setting Up a Computer Forensics Lab?
A. Planning and budgeting –> Physical location and structural design considerations –> Work area
considerations –> Human resource considerations –> Physical security recommendations –> Forensics lab licensing
B. Planning and budgeting –> Physical location and structural design considerations–> Forensics lab
licensing –> Human resource considerations –> Work area considerations –> Physical security recommendations
C. Planning and budgeting –> Forensics lab licensing –> Physical location and structural design
considerations –> Work area considerations –> Physical security recommendations –> Human resource considerations
D. Planning and budgeting –> Physical location and structural design considerations –> Forensics lab
licensing –>Work area considerations –> Human resource considerations –> Physical security recommendations
Correct Answer: A
Examkingdom ECCouncil 312-39 Exam pdf, Certkingdom ECCouncil 312-39 PDF
Best ECCouncil 312-39 Certification, ECCouncil 312-39 Training at certkingdom.com
Tagged with: Certkingdom EC-Council 312-39 Exam, Certkingdom PDF EC-Council 312-39, EC-Council 312-39 Dumps, ECCouncil CSA, Exam EC-Council 312-39 ebooks, Exam EC-Council 312-39 labs, Exam EC-Council 312-39 online training, Exam EC-Council 312-39 PDF, Exam EC-Council 312-39 Q&A, Exam EC-Council 312-39 Study Guide, Exam EC-Council 312-39 testing engine, Exam EC-Council 312-39 videos