[Q45-Q67] Free Sample Questions to Practice 212-89 Certification Test Engine [Jul-2023]

Free Sample Questions to Practice 212-89 Certification Test Engine [Jul-2023]

2023 Valid 212-89 Real Exam Questions, practice ECIH Certification

The EC-Council Certified Incident Handler certification is recognized globally and is highly respected in the industry. It is designed to validate the skills and knowledge of individuals in incident handling and response. EC Council Certified Incident Handler (ECIH v2) certification exam covers a wide range of topics, including incident handling fundamentals, network security threats, incident reporting and documentation, and incident recovery.

The EC-Council Certified Incident Handler (ECIH) certification is a globally recognized accreditation that validates an individual's ability to handle and respond to various types of cybersecurity incidents. The ECIH certification is designed to teach individuals the basic principles of incident handling and response, along with the necessary skills to effectively analyze and respond to security incidents.

 

NEW QUESTION # 45
CSIRT can be implemented at:

• A. National, government and military level
• B. Internal enterprise level
• C. Vendor level
• D. All the above

Answer: D

NEW QUESTION # 46
Jason is an incident handler dealing with malware incidents. He was asked to perform a memory dump analysis in order to collect the information about the basic functionality of any program. As apart of his assignment, he needs to perform string search analysis to search for the malicious string that could determine the harmful actions that a program can perform.
Which of the following string-searching tools does Jason need to use to perform the intended task?

• A. Bin Text
• B. PE View
• C. Dependency Walker Information about the resource is in the response body.
• D. Process Explorer

Answer: A

NEW QUESTION # 47
In a qualitative risk analysis, risk is calculated in terms of:

• A. Asset criticality assessment - (Risks and Associated Risk Levels)
• B. Probability of Loss X Loss
• C. (Countermeasures + Magnitude of Impact) - (Reports from prior risk assessments)
• D. (Attack Success + Criticality ) -(Countermeasures)

Answer: B

NEW QUESTION # 48
Which of the following is not a countermeasure to eradicate inappropriate usage incidents?

• A. Installing firewall and IDS/IPS to block services that violate the organization's policy
• B. Avoiding VPN and other secure network channels
• C. Always storing the sensitive data in far located servers and restricting its access
• D. Registering user activity logs and keep monitoring them regularly

Answer: B

NEW QUESTION # 49
Alice is a disgruntled employee. She decided to acquire critical information from her organization for financial benefit.
To accomplish this, Alice started running a virtual machine on the same physical host as her victim's virtual machine and took advantage of shared physical resources (processor cache) to steal data (cryptographic key/plaintext secrets) from the victim machine. Identify the type of attack Alice is performing in the above scenario.

• A. SQL injection attack
• B. Man-in-the-cloud attack
• C. Service hijacking
• D. Side channel attack

Answer: D

NEW QUESTION # 50
Alexis an incident handler for Tech-o-Tech Inc. and is tasked to identify any possible insider threats within his organization.
Which of the following insider threat detection techniques can be used by Alex to detect insider threats based on the behavior of a suspicious employee, both individually and in a group?

• A. Profiling
• B. Mole detection
• C. Behavioral analysis
• D. Physical detection

Answer: C

NEW QUESTION # 51
Contingency planning enables organizations to develop and maintain effective methods to handle emergencies. Every organization will have its own specific requirements that the planning should address. There are five major components of the IT contingency plan, namely supporting information, notification activation, recovery and reconstitution and plan appendices. What is the main purpose of the reconstitution plan?

• A. To provide the introduction and detailed concept of the contingency plan
• B. To define the notification procedures, damage assessments and offers the plan activation
• C. To provide a sequence of recovery activities with the help of recovery procedures
• D. To restore the original site, tests systems to prevent the incident and terminates operations

Answer: D

NEW QUESTION # 52
Miko was hired as an incident handler in XYZ company. His first task was to identify the PING sweep attempts inside the network. For this purpose, he used Wire shark to analyze the traffic.
What filter did he use to identify ICMP ping sweep attempts?

• A. udp.type== 7
• B. icmp.type ==8 or icmp.type== 0
• C. icmp.type==icmp
• D. tcp.type==icmp

Answer: B

NEW QUESTION # 53
Ikeo Corp.hired an incident response team to assess the enterprise security. As part of the incident handling and response process, the IR team is reviewing the current se cunty policies implemented by the enterprise. The IR team finds that employees of the organization do not have any restrictions on Internet access: they are allowed to visit any site, download any appl cation, and access a computer or network from a remote location. Considering this as the main security threat, the IR team plans to change this policy as it can be easily exploited by attackers.
Which of the following security policies is the IR team planning to modify?

• A. Promiscuous policy
• B. Paranoid policy
• C. Prudent policy
• D. Permissive policy

Answer: A

NEW QUESTION # 54
Chandler is a professional hacker who is targeting an organization called Technote. He wants to obtain important organizational information that is being transmitted between different hierarchies. In the process, he is sniff ng the data packets transmitted through the network and then analyzing them to gather packet details such as network, ports, protocols, devices, issues in network transmission, and other network specifications.
Which of the following tools would Chandler employ to perform packet analysis?

• A. Sharp
• B. Omni peek
• C. BeEf
• D. IDA Pro

Answer: B

NEW QUESTION # 55
Malicious software programs that infect computers and com up to r delete the data on them.
The above-mentioned statement defines which of the following terms?

• A. Worm
• B. Trojan
• C. Spyware
• D. Virus

Answer: D

NEW QUESTION # 56
Adam is an attacker who along with his team launched multiple attacks on target organization for financial benefits. Worried about getting caught, he decided to forge his identity. To do so, he created a new identity by obtaining information from different victims.
Identify the type of identity theft Adam has performed.

• A. Tax identity theft
• B. Medical identity theft
• C. Synthetic identity theft
• D. Social identity theft

Answer: C

NEW QUESTION # 57
Rica works as an incident handler for an international company. As part of her role, she must review the present security policy implemented. Upon inspection, Rica finds that the policy is wide open, and only known dangerous services/attacks or behaviors are blocked.
Which of the following is the current policy that Rica identified?

• A. Permissive policy
• B. Promiscuous policy
• C. Paranoid policy
• D. Prudent policy

Answer: A

NEW QUESTION # 58
The individual who recovers, analyzes, and preserves computer and related materials to be presented as evidence in a court of law and identifies the evidence, estimates the potential impact of the malicious activity on the victim, and assesses the intent and identity of the perpetrator is called:

• A. Digital Forensic Examiner
• B. Computer Forensic Investigator
• C. All the above
• D. Computer Hacking Forensic Investigator

Answer: C

NEW QUESTION # 59
US-CERT and Federal civilian agencies use the reporting timeframe criteria in the federal agency reporting
categorization. What is the timeframe required to report an incident under the CAT 4 Federal Agency category?

• A. Weekly
• B. Monthly
• C. Within two (2) hours of discovery/detection
• D. Within four (4) hours of discovery/detection if the successful attack is still ongoing and agency is unable to
  successfully mitigate activity

Answer: A

NEW QUESTION # 60
Francis received a spoof email asking for his bank information. He decided to use a tool to analyze the email headers.
Which of the following should he use?

• A. Mx Toolbox
• B. Email Checker
• C. Polite Mail
• D. EventLog Analyzer

Answer: A

NEW QUESTION # 61
Which of the following is a written or textual record of an event that usually includes a timestamp, responsible party, and action?

• A. Log
• B. Network hunt
• C. Boolean expression
• D. Packet capture

Answer: A

NEW QUESTION # 62
An organization named Sam Morison Inc. decided to use cloud-based services to reduce the cost of their maintenance. They first identified various risks and threats associated with cloud service adoption and migrating critical business data to third party systems. Hence, the organization decided to deploy cloud-based security tools to prevent upcoming threats.
Which of the following tools would help the organization to secure cloud resources and services?

• A. Burp Suite
• B. Wire shark
• C. Alert Logic
• D. Nmap

Answer: C

NEW QUESTION # 63
Contingency planning enables organizations to develop and maintain effective methods to handle
emergencies. Every organization will have its own specific requirements that the planning should address.
There are five major components of the IT contingency plan, namely supporting information, notification
activation, recovery and reconstitution and plan appendices. What is the main purpose of the reconstitution
plan?

• A. To provide the introduction and detailed concept of the contingency plan
• B. To define the notification procedures, damage assessments and offers the plan activation
• C. To provide a sequence of recovery activities with the help of recovery procedures
• D. To restore the original site, tests systems to prevent the incident and terminates operations

Answer: D

NEW QUESTION # 64
ADAM, an employee from a multinational company, uses his company's accounts to send e-mails to a third
party with their spoofed mail address. How can you categorize this type of account?

• A. Unauthorized access incident
• B. Network intrusion incident
• C. Denial of Service incident
• D. Inappropriate usage incident

Answer: D

NEW QUESTION # 65
Attackers or insiders create a backdoor into a trusted network by installing an unsecured access point inside a firewall. They then use any software or hardware access point to perform an attack.
Which of the following is this type of attack?

• A. Malware attack
• B. Rogue access point attack
• C. Password-based attack
• D. Email infection

Answer: B

NEW QUESTION # 66
The data on the affected system must be backed up so that it can be retrieved if it is damaged during incident response. The system backup can also be used for further investigations of the incident. Identify the stage of the incident response and handling process in which complete backup of the infected system is carried out?

• A. Incident investigation
• B. Eradication
• C. Incident recording
• D. Containment

Answer: D

NEW QUESTION # 67
......

Genuine 212-89 Exam Dumps Free Demo Valid QA's: https://www.exam4docs.com/212-89-study-questions.html

Latest Success Metrics For Actual 212-89 Exam (Updated 205 Questions): https://drive.google.com/open?id=1Zmz0wnxN5gLMVz18WzTgsfabjnPTG1la