PDF Download Free of 212-89 Valid Practice Test Questions

212-89 Test Engine files, 212-89 Dumps PDF

NEW QUESTION # 20
Unusual logins, accessing sensitive information not used for the job role, and the use of personal external storage drives on company assets are all signs of which of the following?

• A. Security breach
• B. Lack of job rotation
• C. Insider threat
• D. Over-working

Answer: C

NEW QUESTION # 21
A Host is infected by worms that propagates through a vulnerable service; the sign(s) of the presence of the worm include:

• A. Decrease in network usage
• B. All the above
• C. Established connection attempts targeted at the vulnerable services
• D. System becomes instable or crashes

Answer: D

NEW QUESTION # 22
The ability of an agency to continue to function even after a disastrous event, accomplished through the deployment of redundant hardware and software, the use of fault tolerant systems, as well as a solid backup and recovery strategy is known as:

• A. Business Continuity
• B. Disaster Planning
• C. Contingency Planning
• D. Business Continuity Plan

Answer: A

NEW QUESTION # 23
Mr.Smith is a lead incident responder of a small financial enterprise, which has a few branches in Australia. Recently, the company suffered a massive attack, losing$5M through an inter-banking system After an in-depth investigation, it was found that the incident occurred because the attackers penetrated the network through a minor vulnerability 6 months ago and maintained access without being detected by any user. They then tried to delete user fingerprints and performed a lateral movement to the computer of a person with privileges in the inter-banking system. The attackers finally gained access and performed fraudulent transactions.
In the above scenario, which of the following most accurately describes the type of attack?

• A. Phishing
• B. APT attack
• C. Denial-of-service attack
• D. Ransom ware attack

Answer: B

NEW QUESTION # 24
Which of the following is a standard framework that provides recommendations for implementing information security controls for organizations that initiate, implement, or maintain information security management systems (ISMSs)?

• A. ISO/IEC 27002
• B. PCI DSS
• C. RFC 219G
• D. ISO/IEC 27035

Answer: A

Explanation:
ISO/IEC 27002 is a standard that provides best practice recommendations on information security controls for use by those responsible for initiating, implementing, or maintaining information security management systems (ISMSs). It covers areas such as risk assessment, human resource security, operational security, and communications security, among others, providing a framework for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an ISMS. ISO/IEC 27035 pertains to information security incident management, PCI DSS (Payment Card Industry Data Security Standard) deals with the security of cardholder data, and RFC 2196 is a guide for computer security incident response teams (CSIRTs), not a standard for implementing ISMSs.References:The ECIH v3 curriculum includes the study of various standards and frameworks that support information security management and governance, including ISO/IEC 27002, highlighting its role in guiding organizations in implementing effective security controls.

NEW QUESTION # 25
Sam, an employee of a multinational company, sends emails to third-party organizations with a spoofed email address of his organization.
How can you categorize this type of incident?

• A. Denial-of-service incident
• B. Unauthorized access incident
• C. Inappropriate usage incident
• D. Network intrusion incident

Answer: C

NEW QUESTION # 26
Multiple component incidents consist of a combination of two or more attacks in a system. Which of the
following is not a multiple component incident?

• A. An insider intentionally deleting files from a workstation
• B. An attacker redirecting user to a malicious website and infects his system with Trojan
• C. An attacker infecting a machine to launch a DDoS attack
• D. An attacker using email with malicious code to infect internal workstation

Answer: A

NEW QUESTION # 27
A colleague wants to minimize their security responsibility because they are in a small organization. They are evaluating a new application that is offered in different forms. Which form would result in the least amount of responsibility for the colleague?

• A. saaS
• B. PaaS
• C. On-prom installation
• D. laaS

Answer: A

NEW QUESTION # 28
Which among the following CERTs is an Internet provider to higher education institutions and various other research institutions in the Netherlands and deals with all cases related to computer security incidents in which a customer is involved either as a victim or as a suspect?

• A. SURFnet-CERT
• B. DFN-CERT
• C. Funet CERT
• D. NET-CERT

Answer: A

NEW QUESTION # 29
An organization's customers are experiencing either slower network communication or unavailability of services. In addition, network administrators are receiving alerts from security tools such as IDS/IPS and firewalls about a possible DoS/DDoS attack. In result, the organization requests the incident handling and response (IH&R) team further investigates the incident. The IH&R team decides to use manual techniques to detect DoS/DDoS attack.
Which of the following commands helps the IH&R team to manually detect DoS/DDoS attack?

• A. nbtstat /c
• B. netstat -r
• C. nbtstat/S
• D. netstat an

Answer: C

NEW QUESTION # 30
Which of the following encoding techniques replaces unusual ASCII characters with "%" followed by the character's two-digit ASCII code expressed in hexadecimal?

• A. Unicode encoding
• B. URL encoding
• C. HTML encoding
• D. Base 64 encoding

Answer: B

NEW QUESTION # 31
The individual who recovers, analyzes, and preserves computer and related materials to be presented as evidence in a court of law and identifies the evidence, estimates the potential impact of the malicious activity on the victim, and assesses the intent and identity of the perpetrator is called:

• A. Computer Hacking Forensic Investigator
• B. Digital Forensic Examiner
• C. All the above
• D. Computer Forensic Investigator

Answer: C

NEW QUESTION # 32
Adam is an incident handler who intends to use DBCC LOG command to analyze a database and retrieve the active transaction log files for the specified database. The syntax of DBCC LOG command is DBCC LOG(, ), where the output parameter specifies the level of information an incident handler wants to retrieve. If Adam wants to retrieve the full information on each operation along with the hex dump of a current transaction row, which of the following output parameters should Adam use?

• A. 0
• B. 1
• C. 2
• D. 3

Answer: A

Explanation:
The DBCC LOG command is used in SQL Server environments to analyze the transaction log files of a database. It provides insights into the transactions that have occurred, which is crucial for forensic analysis in the event of an incident. The syntaxDBCC LOG(<database_name>, <output_level>)allows an incident handler to specify the level of detail they wish to retrieve from the log files. When an incident handler like Adam requires the full information on each operation along with the hex dump of the current transaction row, the output parameter should be set to 4. This level of output is the most verbose, providing comprehensive details about each transaction, including a hex dump which is essential for a deep forensic analysis. It helps in understanding the exact changes made by transactions, which can be pivotal in investigating incidents involving data manipulation or other unauthorized database activities.
References:EC-Council's Certified Incident Handler (ECIH v3) program emphasizes the importance of understanding and utilizing various tools and commands for forensic analysis, including how to use the DBCC LOG command for transaction log analysis in SQL Server environments.

NEW QUESTION # 33
Which one of the following is the correct sequence of flow of the stages in an incident response:

• A. Identification - Preparation - Containment - Recovery - Follow-up - Eradication
• B. Containment - Identification - Preparation - Recovery - Follow-up - Eradication
• C. Preparation - Identification - Containment - Eradication - Recovery - Follow-upà
• D. Eradication - Containment - Identification - Preparation - Recovery - Follow-up

Answer: C

NEW QUESTION # 34
Qual Tech Solutions is a leading security services enterprise. Dickson, who works as an incident responder with this firm, is performing a vulnerability assessment to identify the security problems in the network by using automated tools for identifying the hosts, services, and vulnerabilities in the enterprise network.
In the above scenario, which of the following types of vulnerability assessment is Dickson performing?

• A. Passive assessment
• B. Active assessment
• C. Internal assessment
• D. External assessment

Answer: B

NEW QUESTION # 35
A computer virus hoax is a message warning the recipient of non-existent computer virus. The message is usually a chain e-mail that tells the recipient to forward it to every one they know. Which of the following is NOT a symptom of virus hoax message?

• A. The message prompts the end user to forward it to his / her e-mail contact list and gain monetary benefits in doing so
• B. The message prompts the user to install Anti-Virus
• C. The message warns to delete certain files if the user does not take appropriate action
• D. The message from a known email id is caught by SPAM filters due to change of filter settings

Answer: A

NEW QUESTION # 36
An estimation of the expected losses after an incident helps organization in prioritizing and formulating their incident response. The cost of an incident can be categorized as a tangible and intangible cost. Identify the tangible cost associated with virus outbreak?

• A. Lost productivity damage
• B. Damage to corporate reputation
• C. Psychological damage
• D. Loss of goodwill

Answer: A

NEW QUESTION # 37
Rossi san incident manager (IM) and his team provides support to all users in the organization that are affected by the threat or attack. David, who is the organizational internal auditor, is also part of the Ross's incident response team.
Among the following duties, identify one of the responsibilities of David.

• A. Configure information security controls
• B. Identify and report security loopholes to management for necessary action
• C. Coordinate incident containment activities with the information security officer (ISO)
• D. Preform the necessary action required to block the network traffic from the suspected intruder

Answer: B

NEW QUESTION # 38
Which of the following does NOT reduce the success rate of SQL injection?

• A. Limit the length of the input field.
• B. Constrain legitimate characters to exclude special characters.
• C. Close unnecessary application services and ports on the server.
• D. Automatically lock a user account at era predefined number of invalid login attempts within a predefined interval

Answer: C

NEW QUESTION # 39
A threat source does not present a risk if NO vulnerability that can be exercised for a particular threat source. Identify the step in which different threat sources are defined:

• A. System characterization
• B. Threat identification
• C. Control analysis
• D. Identification Vulnerabilities

Answer: B

NEW QUESTION # 40
......

Pass Your ECIH Certification 212-89 Exam on Oct 20, 2024 with 170 Questions: https://examtorrent.vce4dumps.com/212-89-latest-dumps.html