
[Oct-2021] 212-89 Dumps Full Questions - ECIH Certification Exam Study Guide
Exam Questions and Answers for 212-89 Study Guide
NEW QUESTION 69
The open source TCP/IP network intrusion prevention and detection system (IDS/IPS), uses a rule-driven
language, performs real-time traffic analysis and packet logging is known as:
- A. Snort
- B. SAINT
- C. Nessus
- D. Wireshark
Answer: A
Explanation:
Explanation
NEW QUESTION 70
What is correct about Quantitative Risk Analysis:
- A. Easily automated
- B. It is Subjective but faster than Qualitative Risk Analysis
- C. Better than Qualitative Risk Analysis
- D. Uses levels and descriptive expressions
Answer: A
NEW QUESTION 71
Which of the following is NOT a digital forensic analysis tool:
- A. Access Data FTK
- B. Guidance Software EnCase Forensic
- C. EAR/ Pilar
- D. Helix
Answer: C
NEW QUESTION 72
ADAM, an employee from a multinational company, uses his company's accounts to send e-mails to a third party with their spoofed mail address. How can you categorize this type of account?
- A. Inappropriate usage incident
- B. Network intrusion incident
- C. Unauthorized access incident
- D. Denial of Service incident
Answer: A
NEW QUESTION 73
Organizations or incident response teams need to protect the evidence for any future legal actions that may be taken against perpetrators that intentionally attacked the computer system. EVIDENCE PROTECTION is also required to meet legal compliance issues. Which of the following documents helps in protecting evidence from physical or logical damage:
- A. Network and host log records
- B. Chain-of-Custody
- C. Chain-of-Precedence
- D. Forensic analysis report
Answer: B
NEW QUESTION 74
The correct sequence of Incident Response and Handling is:
- A. Incident Identification, communication, recording, initial response and containment
- B. Incident Identification, recording, initial response, containment and communication
- C. Incident Identification, initial response, communication, recording and containment
- D. Incident Identification, recording, initial response, communication and containment
Answer: D
NEW QUESTION 75
An access control policy authorized a group of users to perform a set of actions on a set of resources. Access to resources is based on necessity and if a particular job role requires the use of those resources. Which of the following is NOT a fundamental element of access control policy
- A. Action group: group of actions performed by the users on resources
- B. Access group: group of users to which the policy applies
- C. Development group: group of persons who develop the policy
- D. Resource group: resources controlled by the policy
Answer: C
NEW QUESTION 76
The type of relationship between CSIRT and its constituency have an impact on the services provided by the CSIRT. Identify the level of the authority that enables members of CSIRT to undertake any necessary actions on behalf of their constituency?
- A. Mid-level authority
- B. Half-level authority
- C. Full-level authority
- D. Shared-level authority
Answer: C
NEW QUESTION 77
The main difference between viruses and worms is:
- A. Viruses require a host file to propagate while Worms don't
- B. Viruses don't require user interaction; they are self-replicating malware
- C. Worms require a host file to propagate while viruses don't
- D. Viruses and worms are common names for the same malware
Answer: A
NEW QUESTION 78
Keyloggers do NOT:
- A. Secretly records URLs visited in browser, keystrokes, chat conversations, ...etc
- B. Run in the background
- C. Alter system files
- D. Send log file to attacker's email or upload it to an ftp server
Answer: C
NEW QUESTION 79
A malware code that infects computer files, corrupts or deletes the data in them and requires a host file to propagate is called:
- A. Worm
- B. Trojan
- C. Virus
- D. RootKit
Answer: C
NEW QUESTION 80
Any information of probative value that is either stored or transmitted in a digital form during a computer crime is called:
- A. Computer Emails
- B. Digital evidence
- C. Digital investigation
- D. Digital Forensic Examiner
Answer: B
NEW QUESTION 81
The policy that defines which set of events needs to be logged in order to capture and review the important
data in a timely manner is known as:
- A. Audit trail policy
- B. Documentation policy
- C. Logging policy
- D. Evidence Collection policy
Answer: C
NEW QUESTION 82
Agencies do NOT report an information security incident is because of:
- A. Do not want to pay the additional cost of reporting an incident
- B. Have full knowledge about how to handle the attack internally
- C. All the above
- D. Afraid of negative publicity
Answer: D
NEW QUESTION 83
Business Continuity provides a planning methodology that allows continuity in business operations:
- A. Before a disaster
- B. Before and after a disaster
- C. Before, during and after a disaster
- D. During and after a disaster
Answer: C
NEW QUESTION 84
Which of the following is NOT one of the techniques used to respond to insider threats:
- A. Disabling the computer systems from network connection
- B. Preventing malicious users from accessing unclassified information
- C. Blocking malicious user accounts
- D. Placing malicious users in quarantine network, so that attack cannot be spread
Answer: B
NEW QUESTION 85
Which is the incorrect statement about Anti-keyloggers scanners:
- A. Run in stealthy mode to record victims online activity
- B. Software tools
- C. Detect already installed Keyloggers in victim machines
Answer: A
NEW QUESTION 86
Which of the following terms may be defined as "a measure of possible inability to achieve a goal, objective, or target within a defined security, cost plan and technical limitations that adversely affects the organization's operation and revenues?
- A. Threat
- B. Incident Response
- C. Risk
- D. Vulnerability
Answer: C
NEW QUESTION 87
In the Control Analysis stage of the NIST's risk assessment methodology, technical and none technical control
methods are classified into two categories. What are these two control categories?
- A. Predictive and Detective controls
- B. Detective and Disguised controls
- C. Preventive and Detective controls
- D. Preventive and predictive controls
Answer: C
NEW QUESTION 88
An incident recovery plan is a statement of actions that should be taken before, during or after an incident.
Identify which of the following is NOT an objective of the incident recovery plan?
- A. Providing assurance that systems are reliable
- B. Providing a standard for testing the recovery plan
- C. Creating new business processes to maintain profitability after incident
- D. Avoiding the legal liabilities arising due to incident
Answer: C
Explanation:
Explanation/Reference:
NEW QUESTION 89
The program that helps to train people to be better prepared to respond to emergency situations in their communities is known as:
- A. Security Incident Response Team (SIRT)
- B. All the above
- C. Community Emergency Response Team (CERT)
- D. Incident Response Team (IRT)
Answer: C
NEW QUESTION 90
What command does a Digital Forensic Examiner use to display the list of all open ports and the associated IP addresses on a victim computer to identify the established connections on it:
- A. "arp" command
- B. "ifconfig" command
- C. "netstat -an" command
- D. "dd" command
Answer: C
NEW QUESTION 91
......
EC Council Certified Incident Handler (ECIH v2) Exam Free Update With 100% Exam Passing Guarantee: https://www.fast2test.com/212-89-premium-file.html
Real Exam Questions & Answers - EC-COUNCIL 212-89 Dump is Ready: https://drive.google.com/open?id=1iqhbfIUujHTvCX815uvDdbdt5DrNPuNH