
2022 212-89 exam torrent 212-89 Study Guide
Easily pass 212-89 Exam with our Dumps & PDF Test Engine
ECCouncil 212-89 Practice Test Questions, ECCouncil 212-89 Exam Practice Test Questions
The EC-Council 212-89 exam is a mandatory requirement for obtaining the EC-Council Certified Incident Handler (ECIH) certification. This test is designed to validate the candidates’ skills related to handling and responding to computer security incidents within an information system.
The 212-89 certification exam is intended for a wide audience of the IT practitioners, including risk assessment administrators, venerability assessment auditors, firewall administrators, system engineers, system administrators, penetration testers, incident handlers, network managers, cyber forensic investigators, IT managers. The test is also suitable for anyone involved in incident handling and response.
The EC-Council 212-89 exam measures the knowledge and competence of the candidates in identifying, analyzing, and rectifying hazards to prevent any future reoccurrences. The interested individuals who pass this certification test will gain the fundamental skills in responding and handling computer security incidents within an information system. A certified applicant is a skilled professional with the ability to handle different incident types, risk assessment methodologies, as well as different policies and laws associated with incident handling. So, if you want to become one of these experts, you will need to know a lot of details.
Prerequisites
The target candidates for the EC-Council 212-89 exam are the risk assessment administrators, penetration testers, cyber forensic investigators, incident handlers, venerability assessment auditors, firewall administrators, system engineers, network managers, system administrators, IT managers, and other IT professionals looking to gain validation for their skills in incident handling & response.
Please note that you are required to fulfill one prerequisite before going for the exam. You need to complete the ECIH training course, which can be taken as the instructor-led option, academia studying, or online learning. Those candidates who opt for self-study must possess at least one year of practical work experience in the domain of information security. Also, you are required to submit a completed eligibility form to get approval to take the test.
NEW QUESTION 20
ADAM, an employee from a multinational company, uses his company's accounts to send e-mails to a third party with their spoofed mail address. How can you categorize this type of account?
- A. Network intrusion incident
- B. Denial of Service incident
- C. Inappropriate usage incident
- D. Unauthorized access incident
Answer: C
NEW QUESTION 21
The state of incident response preparedness that enables an organization to maximize its potential to use digital evidence while minimizing the cost of an investigation is called:
- A. Digital Forensic Policy
- B. Computer Forensics
- C. Digital Forensic Analysis
- D. Forensic Readiness
Answer: D
NEW QUESTION 22
Which one of the following is the correct sequence of flow of the stages in an incident response:
- A. Preparation - Identification - Containment - Eradication - Recovery - Follow-upà
- B. Containment - Identification - Preparation - Recovery - Follow-up - Eradication
- C. Eradication - Containment - Identification - Preparation - Recovery - Follow-up
- D. Identification - Preparation - Containment - Recovery - Follow-up - Eradication
Answer: A
NEW QUESTION 23
Business Continuity planning includes other plans such as:
- A. Business recovery and resumption plans
- B. Incident/disaster recovery plan
- C. Contingency plan
- D. All the above
Answer: D
NEW QUESTION 24
Computer Forensics is the branch of forensic science in which legal evidence is found in any computer or any digital media device. Of the following, who is responsible for examining the evidence acquired and separating the useful evidence?
- A. Evidence Examiner/ Investigator
- B. Evidence Manager
- C. Evidence Supervisor
- D. Evidence Documenter
Answer: A
NEW QUESTION 25
The policy that defines which set of events needs to be logged in order to capture and review the important data in a timely manner is known as:
- A. Logging policy
- B. Documentation policy
- C. Evidence Collection policy
- D. Audit trail policy
Answer: A
NEW QUESTION 26
The ability of an agency to continue to function even after a disastrous event, accomplished through the
deployment of redundant hardware and software, the use of fault tolerant systems, as well as a solid backup
and recovery strategy is known as:
- A. Business Continuity Plan
- B. Disaster Planning
- C. Business Continuity
- D. Contingency Planning
Answer: C
NEW QUESTION 27
Digital evidence plays a major role in prosecuting cyber criminals. John is a cyber-crime investigator, is asked to investigate a child pornography case. The personal computer of the criminal in question was confiscated by the county police. Which of the following evidence will lead John in his investigation?
- A. SAM file
- B. Web browser history
- C. Routing table list
- D. Web serve log
Answer: B
NEW QUESTION 28
An incident recovery plan is a statement of actions that should be taken before, during or after an incident. Identify which of the following is NOT an objective of the incident recovery plan?
- A. Providing assurance that systems are reliable
- B. Avoiding the legal liabilities arising due to incident
- C. Creating new business processes to maintain profitability after incident
- D. Providing a standard for testing the recovery plan
Answer: C
NEW QUESTION 29
The type of relationship between CSIRT and its constituency have an impact on the services provided by the CSIRT. Identify the level of the authority that enables members of CSIRT to undertake any necessary actions on behalf of their constituency?
- A. Half-level authority
- B. Shared-level authority
- C. Mid-level authority
- D. Full-level authority
Answer: D
NEW QUESTION 30
A US Federal agency network was the target of a DoS attack that prevented and impaired the normal authorized functionality of the networks. According to agency's reporting timeframe guidelines, this incident should be reported within two (2) HOURS of discovery/detection if the successful attack is still ongoing and the agency is unable to successfully mitigate the activity. Which incident category of the US Federal Agency does this incident belong to?
- A. CAT 6
- B. CAT 5
- C. CAT 2
- D. CAT 1
Answer: C
NEW QUESTION 31
Quantitative risk is the numerical determination of the probability of an adverse event and the extent of the
losses due to the event. Quantitative risk is calculated as:
- A. (Probability of Loss) / (Loss)
- B. (Loss) / (Probability of Loss)
- C. (Probability of Loss) X (Loss)
- D. Significant Risks X Probability of Loss X Loss
Answer: C
NEW QUESTION 32
Insiders understand corporate business functions. What is the correct sequence of activities performed by Insiders to damage company assets:
- A. Activate malware, gain privileged access then install malware
- B. Gain privileged access, activate and install malware
- C. Gain privileged access, install malware then activate
- D. Install malware, gain privileged access, then activate
Answer: C
NEW QUESTION 33
A distributed Denial of Service (DDoS) attack is a more common type of DoS Attack, where a single system is
targeted by a large number of infected machines over the Internet. In a DDoS attack, attackers first infect
multiple systems which are known as:
- A. Trojans
- B. Zombies
- C. Worms
- D. Spyware
Answer: B
NEW QUESTION 34
CERT members can provide critical support services to first responders such as:
- A. Organizing spontaneous volunteers at a disaster site
- B. Consolidated automated service process management platform
- C. A + C
- D. Immediate assistance to victims
Answer: C
NEW QUESTION 35
Incident handling and response steps help you to detect, identify, respond and manage an incident. Which of
the following steps focus on limiting the scope and extent of an incident?
- A. Identification
- B. Data collection
- C. Eradication
- D. Containment
Answer: D
NEW QUESTION 36
Multiple component incidents consist of a combination of two or more attacks in a system. Which of the
following is not a multiple component incident?
- A. An attacker redirecting user to a malicious website and infects his system with Trojan
- B. An attacker using email with malicious code to infect internal workstation
- C. An attacker infecting a machine to launch a DDoS attack
- D. An insider intentionally deleting files from a workstation
Answer: D
NEW QUESTION 37
Installing a password cracking tool, downloading pornography material, sending emails to colleagues which irritates them and hosting unauthorized websites on the company's computer are considered:
- A. Inappropriate usage incidents
- B. Malware attacks
- C. Unauthorized access attacks
- D. Network based attacks
Answer: A
NEW QUESTION 38
......
212-89 PDF Pass Leader, 212-89 Latest Real Test: https://www.practicetorrent.com/212-89-practice-exam-torrent.html
Valid 212-89 Test Answers & 212-89 Exam PDF: https://drive.google.com/open?id=1399HwZIIG8CdYwSUFu4RTp2VkFjMJG2P