
212-89 Actual Questions Answers Pass With Real 212-89 Exam Dumps
212-89 Dumps Prepare Your Exam With 205 Questions
The EC-Council 212-89 is an entrance exam to the field of incident handling. It recognizes the skills needed to not only identify hazards but also correct and prevent future incidents. Thus, this test will qualify you for the Certified Incident Handler certification from the EC-Council, denoted the ECIH certificate. In general, most of the candidates who register for this exam possess one of the following titles:
- Vulnerability assessment auditors;
- System engineers;
- Penetration testers;
- Risk assessment administrators;
NEW QUESTION # 38
The person who offers his formal opinion as a testimony about a computer crime incident in the court of law is known as:
- A. Incident Responder
- B. Evidence Documenter
- C. Expert Witness
- D. Incident Analyzer
Answer: C
NEW QUESTION # 39
Which of the following is an attack that attempts to prevent the use of systems, networks, or applications by the intended users?
- A. Unauthorized access
- B. Denial of service (DoS) attack
- C. Fraud and theft
- D. Malicious code or insider threat attack
Answer: B
NEW QUESTION # 40
Bran is an incident handler who is assessing the network of the organization. He wants to detect ping sweep attempts on the network using Wire shark.
Which of the following W re shark filters would Bran use to accomplish this task?
- A. icmp.redir_gw
- B. icmp.seq
- C. icmp.type== 8
- D. icmp.ident
Answer: C
NEW QUESTION # 41
Incident handling and response steps help you to detect, identify, respond and manage an incident. Which of
the following steps focus on limiting the scope and extent of an incident?
- A. Containment
- B. Eradication
- C. Data collection
- D. Identification
Answer: A
NEW QUESTION # 42
Keyloggers do NOT:
- A. Alter system files
- B. Secretly records URLs visited in browser, keystrokes, chat conversations, ...etc
- C. Send log file to attacker's email or upload it to an ftp server
- D. Run in the background
Answer: A
NEW QUESTION # 43
Identify the malicious program that is masked as a genuine harmless program and gives the attacker unrestricted access to the users information and system. These programs may unleash dangerous programs that may erase the unsuspecting user's disk and send the victim's credit card numbers and passwords to a stranger.
- A. Virus
- B. Adware
- C. Trojan
- D. Worm
Answer: C
NEW QUESTION # 44
Which of the following is a correct statement about incident management, handling and response:
- A. Incident response is on the functions provided by incident handling
- B. Incident handling is on the functions provided by incident response
- C. Triage is one of the services provided by incident response
- D. Incident response is one of the services provided by triage
Answer: A
NEW QUESTION # 45
An organization implemented an encoding technique to eradicate SQL injection attacks. In this technique, if a user submits a request using single-quote and some values, the encoding technique will convert it into numeric digits and letters ranging from "a" to "f". This prevents the user request from performing a SQL injection attempt on the web application.
Identify the encoding technique used by the organization.
- A. Unicode encoding
- B. Hex encoding
- C. Base 64 encoding
- D. URL encoding
Answer: B
NEW QUESTION # 46
A computer Risk Policy is a set of ideas to be implemented to overcome the risk associated with computer security incidents. Identify the procedure that is NOT part of the computer risk policy?
- A. Procedure to identify security funds to hedge risk
- B. Procedure to monitor the efficiency of security controls
- C. Procedure for the ongoing training of employees authorized to access the system
- D. Provisions for continuing support if there is an interruption in the system or if the system crashes
Answer: C
NEW QUESTION # 47
Which of the following risk mitigation strategies involves the execution of controls to reduce the risk factor and bring it to an acceptable level, or accepts the potential risk and continues operating the IT system?
- A. Risk planning
- B. Risk assumption
- C. Risk avoidance
- D. Risk transference
Answer: B
NEW QUESTION # 48
___________________ record(s) user's typing.
- A. Virus
- B. adware
- C. Spyware
- D. Malware
Answer: C
NEW QUESTION # 49
Alexis an incident handler for Tech-o-Tech Inc. and is tasked to identify any possible insider threats within his organization.
Which of the following insider threat detection techniques can be used by Alex to detect insider threats based on the behavior of a suspicious employee, both individually and in a group?
- A. Profiling
- B. Behavioral analysis
- C. Physical detection
- D. Mole detection
Answer: B
NEW QUESTION # 50
An estimation of the expected losses after an incident helps organization in prioritizing and formulating their
incident response. The cost of an incident can be categorized as a tangible and intangible cost. Identify the
tangible cost associated with virus outbreak?
- A. Lost productivity damage
- B. Loss of goodwill
- C. Psychological damage
- D. Damage to corporate reputation
Answer: A
NEW QUESTION # 51
Which of the following is not a countermeasure to eradicate cloud security incidents?
- A. Disabling security options such as two factor authentication and CAPTCHA
- B. Checking for data protection at both design and runtime
- C. Patching the database vulnerabilities and improving the isolation mechanism
- D. Removing the malware files and traces from the affected components
Answer: A
NEW QUESTION # 52
In a DDoS attack, attackers first infect multiple systems, which are then used to attack a particular target directly. Those systems are called:
- A. Zombies
- B. Handlers
- C. Relays
- D. Honey Pots
Answer: A
NEW QUESTION # 53
A payroll system has a vulnerability that cannot be exploited by current technology. Which of the following is correct about this scenario:
- A. The risk must be urgently mitigated
- B. The risk is not present at this time
- C. The risk is accepted
- D. The risk must be transferred immediately
Answer: B
NEW QUESTION # 54
The state of incident response preparedness that enables an organization to maximize its potential to use
digital evidence while minimizing the cost of an investigation is called:
- A. Forensic Readiness
- B. Digital Forensic Policy
- C. Computer Forensics
- D. Digital Forensic Analysis
Answer: A
NEW QUESTION # 55
Which of the following details are included in the evidence bags?
- A. Error messages that contain sensitive information and files containing passwords
- B. Software version information and web application source code
- C. Sensitive directories, personal, and organizational email address
- D. Date and time of seizure, exhibit number, and name of incident responder
Answer: D
NEW QUESTION # 56
Which of the following forensic investigation phases should occur first?
- A. Transport the evidence to the forensic laboratory.
- B. Collect preliminary evidence.
- C. Preform the first responder procedure.
- D. Create two-bitstream copies of the evidence.
Answer: C
NEW QUESTION # 57
A software application in which advertising banners are displayed while the program is running that delivers ads to display pop-up windows or bars that appears on a computer screen or browser is called:
- A. Virus
- B. adware (spelled all lower case)
- C. Worm
- D. RootKit
- E. Trojan
Answer: B
NEW QUESTION # 58
Total cost of disruption of an incident is the sum of
- A. Level Two and Level Three incidents cost
- B. Tangible cost only
- C. Intangible cost only
- D. Tangible and Intangible costs
Answer: D
NEW QUESTION # 59
Which of the following is an attack that occurs when a malicious program causes a user's browser to perform man unwanted action on a trusted site for which the user is currently authenticated?
- A. Cross-site request forgery
- B. Insecure direct object references
- C. Cross-site scripting
- D. SQL injection
Answer: A
NEW QUESTION # 60
What is the name of the type of malicious software or malware designed to deny access to a computer system or data until money is paid?
- A. Ransomware
- B. Virus
- C. Adware
- D. Spyware
Answer: A
NEW QUESTION # 61
Sam, an employee of a multinational company, sends emails to third-party organizations with a spoofed email address of his organization.
How can you categorize this type of incident?
- A. Unauthorized access incident
- B. Denial-of-service incident
- C. Network intrusion incident
- D. Inappropriate usage incident
Answer: D
NEW QUESTION # 62
......
New 212-89 Dumps - Real EC-COUNCIL Exam Questions: https://www.prep4sures.top/212-89-exam-dumps-torrent.html
Dependable 212-89 Exam Dumps to Become EC-COUNCIL Certified: https://drive.google.com/open?id=1_RayitB_7ul57gL3KVQQSgdcz7A6dzIB