EC-COUNCIL 212-89 Real Exam Questions Test Engine Dumps Training With 165 Questions [Q17-Q41]

Share

EC-COUNCIL 212-89 Real Exam Questions Test Engine Dumps Training With 165 Questions

212-89 Actual Questions Answers PDF 100% Cover Real Exam Questions


How can you ready for ECCouncil 212-89 Certification Exam

For ECCouncil 212-89 Certification Exam, there is a study guide

ECCouncil 212-89: Get our quick guide if you don’t have time to read all the page

Incident Controller is a term used to describe the activities of an organization to identify, analyze and correct risks in order to prevent future recurrence. These incidents within a structured organization are typically managed by an Incident Response Team (IRT) or Incident Management Team (IMT). These teams are often appointed in advance or during the event and placed under the control of the organization during incident management to maintain business processes. ECIH certification will provide professionals with greater industry acceptance as an experienced accident manager. In this guide, we will cover Incident Manager Certification certified by the EC Council, ECCouncil Incident Manager Certification Salary and all aspects of the ECCouncil Incident Manager Certification.

 

NEW QUESTION 17
Identify the network security incident where intended authorized users are prevented from using system, network, or applications by flooding the network with high volume of traffic that consumes all existing network resources.

  • A. Denial of Service Attack
  • B. XSS Attack
  • C. URL Manipulation
  • D. SQL Injection

Answer: A

 

NEW QUESTION 18
Insiders may be:

  • A. Ignorant employees
  • B. Disgruntled staff members
  • C. Carless administrators
  • D. All the above

Answer: D

 

NEW QUESTION 19
Incident handling and response steps help you to detect, identify, respond and manage an incident. Which of the following helps in recognizing and separating the infected hosts from the information system?

  • A. Inspecting the process running on the system
  • B. Sending mails to only group of friends
  • C. Browsing particular government websites
  • D. Configuring firewall to default settings

Answer: A

 

NEW QUESTION 20
The network perimeter should be configured in such a way that it denies all incoming and outgoing traffic/
services that are not required. Which service listed below, if blocked, can help in preventing Denial of Service
attack?

  • A. POP3 service
  • B. Echo service
  • C. SMTP service
  • D. SAM service

Answer: B

 

NEW QUESTION 21
Installing a password cracking tool, downloading pornography material, sending emails to colleagues which
irritates them and hosting unauthorized websites on the company's computer are considered:

  • A. Inappropriate usage incidents
  • B. Malware attacks
  • C. Unauthorized access attacks
  • D. Network based attacks

Answer: A

 

NEW QUESTION 22
The state of incident response preparedness that enables an organization to maximize its potential to use
digital evidence while minimizing the cost of an investigation is called:

  • A. Digital Forensic Policy
  • B. Computer Forensics
  • C. Digital Forensic Analysis
  • D. Forensic Readiness

Answer: D

 

NEW QUESTION 23
The Linux command used to make binary copies of computer media and as a disk imaging tool if given a raw
disk device as its input is:

  • A. "netstat" command
  • B. "nslookup" command
  • C. "find" command
  • D. "dd" command

Answer: D

Explanation:
Explanation/Reference:

 

NEW QUESTION 24
What command does a Digital Forensic Examiner use to display the list of all IP addresses and their associated MAC addresses on a victim computer to identify the machines that were communicating with it:

  • A. "dd" command
  • B. "arp" command
  • C. "ifconfig" command
  • D. "netstat -an" command

Answer: B

 

NEW QUESTION 25
Which among the following CERTs is an Internet provider to higher education institutions and various other research institutions in the Netherlands and deals with all cases related to computer security incidents in which a customer is involved either as a victim or as a suspect?

  • A. NET-CERT
  • B. DFN-CERT
  • C. SURFnet-CERT
  • D. Funet CERT

Answer: C

 

NEW QUESTION 26
Which of the following is NOT one of the common techniques used to detect Insider threats:

  • A. Spotting an increase in their performance
  • B. Observing employee tardiness and unexplained absenteeism
  • C. Spotting conflicts with supervisors and coworkers
  • D. Observing employee sick leaves

Answer: A

 

NEW QUESTION 27
The service organization that provides 24x7 computer security incident response services to any user, company, government agency, or organization is known as:

  • A. Digital Forensics Examiner
  • B. Security Operations Center SOC
  • C. Computer Security Incident Response Team CSIRT
  • D. Vulnerability Assessor

Answer: C

 

NEW QUESTION 28
Business continuity is defined as the ability of an organization to continue to function even after a disastrous
event, accomplished through the deployment of redundant hardware and software, the use of fault tolerant
systems, as well as a solid backup and recovery strategy. Identify the plan which is mandatory part of a
business continuity plan?

  • A. New business strategy plan
  • B. Forensics Procedure Plan
  • C. Business Recovery Plan
  • D. Sales and Marketing plan

Answer: C

 

NEW QUESTION 29
Insider threats can be detected by observing concerning behaviors exhibited by insiders, such as conflicts with
supervisors and coworkers, decline in performance, tardiness or unexplained absenteeism. Select the
technique that helps in detecting insider threats:

  • A. Protecting computer systems by implementing proper controls
  • B. Making is compulsory for employees to sign a none disclosure agreement
  • C. Correlating known patterns of suspicious and malicious behavior
  • D. Categorizing information according to its sensitivity and access rights

Answer: C

Explanation:
Explanation

 

NEW QUESTION 30
The policy that defines which set of events needs to be logged in order to capture and review the important data in a timely manner is known as:

  • A. Logging policy
  • B. Documentation policy
  • C. Evidence Collection policy
  • D. Audit trail policy

Answer: A

 

NEW QUESTION 31
Which one of the following is the correct sequence of flow of the stages in an incident response:

  • A. Preparation - Identification - Containment - Eradication - Recovery - Follow-upà
  • B. Containment - Identification - Preparation - Recovery - Follow-up - Eradication
  • C. Eradication - Containment - Identification - Preparation - Recovery - Follow-up
  • D. Identification - Preparation - Containment - Recovery - Follow-up - Eradication

Answer: A

 

NEW QUESTION 32
If the loss anticipated is greater than the agreed upon threshold; the organization will:

  • A. Do nothing
  • B. Accept the risk but after management approval
  • C. Accept the risk
  • D. Mitigate the risk

Answer: D

 

NEW QUESTION 33
A software application in which advertising banners are displayed while the program is running that delivers
ads to display pop-up windows or bars that appears on a computer screen or browser is called:

  • A. Worm
  • B. RootKit
  • C. Trojan
  • D. adware (spelled all lower case)
  • E. Virus

Answer: D

 

NEW QUESTION 34
Which of the following can be considered synonymous:

  • A. Vulnerability and Danger
  • B. Threat and Threat Agent
  • C. Precaution and countermeasure
  • D. Hazard and Threat

Answer: D

 

NEW QUESTION 35
The correct sequence of Incident Response and Handling is:

  • A. Incident Identification, communication, recording, initial response and containment
  • B. Incident Identification, recording, initial response, communication and containment
  • C. Incident Identification, initial response, communication, recording and containment
  • D. Incident Identification, recording, initial response, containment and communication

Answer: B

 

NEW QUESTION 36
An incident recovery plan is a statement of actions that should be taken before, during or after an incident.
Identify which of the following is NOT an objective of the incident recovery plan?

  • A. Providing assurance that systems are reliable
  • B. Avoiding the legal liabilities arising due to incident
  • C. Creating new business processes to maintain profitability after incident
  • D. Providing a standard for testing the recovery plan

Answer: C

Explanation:
Explanation/Reference:

 

NEW QUESTION 37
The steps followed to recover computer systems after an incident are:

  • A. System restoration, operation, validation, and monitoring
  • B. System validation, restoration, operation and monitoring
  • C. System restoration, validation, operation and monitoring
  • D. System monitoring, validation, operation and restoration

Answer: C

 

NEW QUESTION 38
The Malicious code that is installed on the computer without user's knowledge to acquire information from the user's machine and send it to the attacker who can access it remotely is called:

  • A. Worm
  • B. Trojan
  • C. Spyware
  • D. Logic Bomb

Answer: C

 

NEW QUESTION 39
The state of incident response preparedness that enables an organization to maximize its potential to use digital evidence while minimizing the cost of an investigation is called:

  • A. Digital Forensic Policy
  • B. Computer Forensics
  • C. Digital Forensic Analysis
  • D. Forensic Readiness

Answer: D

 

NEW QUESTION 40
An incident recovery plan is a statement of actions that should be taken before, during or after an incident. Identify which of the following is NOT an objective of the incident recovery plan?

  • A. Providing assurance that systems are reliable
  • B. Avoiding the legal liabilities arising due to incident
  • C. Creating new business processes to maintain profitability after incident
  • D. Providing a standard for testing the recovery plan

Answer: C

 

NEW QUESTION 41
......

TopExamCollection 212-89  Exam Practice Test Questions : https://www.topexamcollection.com/212-89-vce-collection.html

212-89 Exam questions and answers: https://drive.google.com/open?id=1Bgk_ZrqBvz7j6HyFivAY_xYWO8yd6QwG