[2022年01月]更新の212-89試験問題集合格させるのは2022年最新のEC Council Certified Incident Handler (ECIH v2) Exam [Q67-Q88]

Share

[2022年01月]更新の212-89試験問題集合格させるのは2022年最新のEC Council Certified Incident Handler (ECIH v2) Exam

無料で使える212-89試験問題集で合格させるお手軽に試験合格


EC-COUNCIL 212-89 認定試験の出題範囲:

トピック出題範囲
トピック 1
  • Handling and Responding to Network Security Incidents
  • Handling and Responding to Malware Incidents
トピック 2
  • Handling and Responding to Cloud Security Incidents
  • Incident Handling and Response Process
トピック 3
  • Handling and Responding to Insider Threats
  • Forensic Readiness and First Response
トピック 4
  • Handling and Responding to Email Security Incidents
トピック 5
  • Handling and Responding to Web Application Security Incidents
  • Introduction to Incident Handling and Response

 

質問 67
Spyware tool used to record malicious user's computer activities and keyboard stokes is called:

  • A. Rootkit
  • B. Keylogger
  • C. Firewall
  • D. adware

正解: B

 

質問 68
Incident prioritization must be based on:

  • A. Potential impact
  • B. Criticality of affected systems
  • C. All the above
  • D. Current damage

正解: C

 

質問 69
Identify the network security incident where intended authorized users are prevented from using system,
network, or applications by flooding the network with high volume of traffic that consumes all existing network
resources.

  • A. SQL Injection
  • B. Denial of Service Attack
  • C. XSS Attack
  • D. URL Manipulation

正解: B

 

質問 70
An audit trail policy collects all audit trails such as series of records of computer events, about an operating system, application or user activities. Which of the following statements is NOT true for an audit trail policy:

  • A. It helps in reconstructing the events after a problem has occurred
  • B. It helps calculating intangible losses to the organization due to incident
  • C. It helps tracking individual actions and allows users to be personally accountable for their actions
  • D. It helps in compliance to various regulatory laws, rules,and guidelines

正解: B

 

質問 71
The correct order or sequence of the Computer Forensic processes is:

  • A. Preparation, examination, collection, analysis, and reporting
  • B. Preparation, collection, examination, analysis, and reporting
  • C. Preparation, analysis, examination, collection, and reporting
  • D. Preparation, analysis, collection, examination, and reporting

正解: B

 

質問 72
The correct sequence of incident management process is:

  • A. Prepare, protect, detect, triage and respond
  • B. Prepare, protect, triage, detect and respond
  • C. Prepare, protect, detect, respond and triage
  • D. Prepare, detect, protect, triage and respond

正解: A

 

質問 73
An information security incident is

  • A. Any event that disrupts normal today's business functions
  • B. Any real or suspected adverse event in relation to the security of computer systems or networks
  • C. All of the above
  • D. Any event that breaches the availability of information assets

正解: C

 

質問 74
Business Continuity planning includes other plans such as:

  • A. Incident/disaster recovery plan
  • B. Business recovery and resumption plans
  • C. All the above
  • D. Contingency plan

正解: C

 

質問 75
The free, open source, TCP/IP protocol analyzer, sniffer and packet capturing utility standard across many industries and educational institutions is known as:

  • A. Cain & Able
  • B. nmap
  • C. Wireshark
  • D. Snort

正解: C

 

質問 76
The IDS and IPS system logs indicating an unusual deviation from typical network traffic flows; this is called:

  • A. A Precursor
  • B. A Proactive
  • C. A Reactive
  • D. An Indication

正解: D

 

質問 77
The state of incident response preparedness that enables an organization to maximize its potential to use
digital evidence while minimizing the cost of an investigation is called:

  • A. Digital Forensic Analysis
  • B. Digital Forensic Policy
  • C. Computer Forensics
  • D. Forensic Readiness

正解: D

 

質問 78
The Linux command used to make binary copies of computer media and as a disk imaging tool if given a raw
disk device as its input is:

  • A. "find" command
  • B. "dd" command
  • C. "nslookup" command
  • D. "netstat" command

正解: B

解説:
Explanation/Reference:

 

質問 79
A computer Risk Policy is a set of ideas to be implemented to overcome the risk associated with computer security incidents. Identify the procedure that is NOT part of the computer risk policy?

  • A. Procedure to identify security funds to hedge risk
  • B. Provisions for continuing support if there is an interruption in the system or if the system crashes
  • C. Procedure for the ongoing training of employees authorized to access the system
  • D. Procedure to monitor the efficiency of security controls

正解: C

 

質問 80
What is correct about Quantitative Risk Analysis:

  • A. Better than Qualitative Risk Analysis
  • B. It is Subjective but faster than Qualitative Risk Analysis
  • C. Easily automated
  • D. Uses levels and descriptive expressions

正解: C

 

質問 81
What command does a Digital Forensic Examiner use to display the list of all open ports and the associated IP addresses on a victim computer to identify the established connections on it:

  • A. "arp" command
  • B. "netstat -an" command
  • C. "ifconfig" command
  • D. "dd" command

正解: B

 

質問 82
The correct sequence of Incident Response and Handling is:

  • A. Incident Identification, initial response, communication, recording and containment
  • B. Incident Identification, recording, initial response, containment and communication
  • C. Incident Identification, recording, initial response, communication and containment
  • D. Incident Identification, communication, recording, initial response and containment

正解: C

 

質問 83
To recover, analyze, and preserve computer and related materials in such a way that it can be presented as evidence in a court of law and identify the evidence in short time, estimate the potential impact of the malicious activity on the victim, and assess the intent and identity of the perpetrator is known as:

  • A. Digital Forensic Analysis
  • B. Digital Forensic Examiner
  • C. Forensic Readiness
  • D. Computer Forensics

正解: A

 

質問 84
Which of the following is a correct statement about incident management, handling and response:

  • A. Triage is one of the services provided by incident response
  • B. Incident response is one of the services provided by triage
  • C. Incident response is on the functions provided by incident handling
  • D. Incident handling is on the functions provided by incident response

正解: C

 

質問 85
Which of the following is a characteristic of adware?

  • A. Displaying popups
  • B. Replicating
  • C. Intimidating users
  • D. Gathering information

正解: A

 

質問 86
Based on the some statistics; what is the typical number one top incident?

  • A. Phishing
  • B. Un-authorized access
  • C. Malware
  • D. Policy violation

正解: A

 

質問 87
When an employee is terminated from his or her job, what should be the next immediate step taken by an organization?

  • A. The organization should monitor the activities of the system administrators and privileged users who have permissions to access the sensitive information
  • B. The access requests granted to an employee should be documented and vetted by the supervisor
  • C. All access rights of the employee to physical locations, networks, systems, applications and data should be disabled
  • D. The organization should enforce separation of duties

正解: C

 

質問 88
......

212-89試験問題集、212-89練習テスト問題:https://www.jpntest.com/shiken/212-89-mondaishu

無料212-89学習ガイド試験問題と解答:https://drive.google.com/open?id=1aXX454cymFcT-NiUV8GNuVVkcG-paqJX

弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

オンラインサポート時間:( UTC+9 ) 9:00-24:00
月曜日から土曜日まで

サポート:現在連絡