06 December, 2021

A Review Of Download 212-89 Test Engine

Want to know Ucertify 212-89 Exam practice test features? Want to lear more about EC-Council EC Council Certified Incident Handler (ECIH v2) certification experience? Study 100% Correct EC-Council 212-89 answers to Replace 212-89 questions at Ucertify. Gat a success with an absolute guarantee to pass EC-Council 212-89 (EC Council Certified Incident Handler (ECIH v2)) test on your first attempt.

Online 212-89 free questions and answers of New Version:

Page: 1 / 13

Total 163 questions Full Exam Access

Question 1

Which of the following is a correct statement about incident management, handling and response:

Incident response is on the functions provided by incident handling

Incident handling is on the functions provided by incident response

Triage is one of the services provided by incident response

Incident response is one of the services provided by triage

Question 2

In which of the steps of NIST’s risk assessment methodology are the boundary of the IT system, along with the resources and the information that constitute the system identified?

Likelihood Determination

Control recommendation

System characterization

Control analysis

Question 3

Which of the following is an appropriate flow of the incident recovery steps?

System Operation-System Restoration-System Validation-System Monitoring

System Validation-System Operation-System Restoration-System Monitoring

System Restoration-System Monitoring-System Validation-System Operations

System Restoration-System Validation-System Operations-System Monitoring

Question 4

The IDS and IPS system logs indicating an unusual deviation from typical network traffic flows; this is called:

A Precursor

An Indication

A Proactive

A Reactive

Question 5

According to the Fourth Amendment of USA PATRIOT Act of 2001; if a search does NOT violate a person’s “reasonable” or “legitimate” expectation of privacy then it is considered:

Constitutional/ Legitimate

Illegal/ illegitimate

Unethical

None of the above

Question 6

Which of the following service(s) is provided by the CSIRT:

Vulnerability handling

Technology watch

Development of security tools

All the above

Question 7

ADAM, an employee from a multinational company, uses his company’s accounts to send e-mails to a third party with their spoofed mail address. How can you categorize this type of account?

Inappropriate usage incident

Unauthorized access incident

Network intrusion incident

Denial of Service incident

Question 8

The network perimeter should be configured in such a way that it denies all incoming and outgoing traffic/ services that are not required. Which service listed below, if blocked, can help in preventing Denial of Service attack?

SAM service

POP3 service

SMTP service

Echo service

Question 9

Agencies do NOT report an information security incident is because of:

Afraid of negative publicity

Have full knowledge about how to handle the attack internally

Do not want to pay the additional cost of reporting an incident

All the above

Question 10

An incident is analyzed for its nature, intensity and its effects on the network and systems. Which stage of the incident response and handling process involves auditing the system and network log files?

Incident recording

Reporting

Containment

Identification

Question 11

An active vulnerability scanner featuring high speed discovery, configuration auditing, asset profiling, sensitive data discovery, and vulnerability analysis is called:

Nessus

CyberCop

EtherApe

nmap

Question 12

The state of incident response preparedness that enables an organization to maximize its potential to use digital evidence while minimizing the cost of an investigation is called:

Computer Forensics

Digital Forensic Analysis

Forensic Readiness

Digital Forensic Policy

Question 13

If the loss anticipated is greater than the agreed upon threshold; the organization will:

Accept the risk

Mitigate the risk

Accept the risk but after management approval

Do nothing

Question 14

The correct sequence of Incident Response and Handling is:

Incident Identification, recording, initial response, communication and containment

Incident Identification, initial response, communication, recording and containment

Incident Identification, communication, recording, initial response and containment

Incident Identification, recording, initial response, containment and communication

Question 15

Except for some common roles, the roles in an IRT are distinct for every organization. Which among the following is the role played by the Incident Coordinator of an IRT?

Links the appropriate technology to the incident to ensure that the foundation’s offices are returned to normal operations as quickly as possible

Links the groups that are affected by the incidents, such as legal, human resources, different business areas and management

Applies the appropriate technology and tries to eradicate and recover from the incident

Focuses on the incident and handles it from management and technical point of view

Question 16

Insiders understand corporate business functions. What is the correct sequence of activities performed by Insiders to damage company assets:

Gain privileged access, install malware then activate

Install malware, gain privileged access, then activate

Gain privileged access, activate and install malware

Activate malware, gain privileged access then install malware

Question 17

They type of attack that prevents the authorized users to access networks, systems, or applications by exhausting the network resources and sending illegal requests to an application is known as:

Session Hijacking attack

Denial of Service attack

Man in the Middle attack

SQL injection attack

Question 18

An adversary attacks the information resources to gain undue advantage is called:

Defensive Information Warfare

Offensive Information Warfare

Electronic Warfare

Conventional Warfare

Page: 1 / 13

Total 163 questions Full Exam Access