[2023年11月]更新の212-89試験資料EC-COUNCIL学習ガイド [Q107-Q132]

[2023年11月]更新の212-89試験資料EC-COUNCIL学習ガイド

有効な問題最新版を試そう212-89テスト解釈212-89有効な試験ガイド

EC-Council Certified Incident Handler（ECIH v2）認定試験は、コンピューターセキュリティインシデントを検出、対応、解決するための知識とスキルを習得したいITプロフェッショナル向けに設計されています。この認定試験は、国際電子商取引コンサルタント委員会（EC-Council）によって開発され、インシデントハンドリング認定の標準として世界的に認知されています。

EC-Council Certified Incident Handler (ECIH v2) 認定試験は、インシデントの処理と対応に特化した IT プロフェッショナル向けのものです。この認定試験は、セキュリティプロフェッショナル、ネットワーク管理者、システム管理者、およびインシデントの処理と対応においてキャリアアップを目指す IT プロフェッショナルに最適です。

 

質問 # 107
Which of the following is NOT a digital forensic analysis tool:

• A. EAR/ Pilar
• B. Helix
• C. Access Data FTK
• D. Guidance Software EnCase Forensic

正解：A

質問 # 108
Miko was hired as an incident handler in XYZ company. His first task was to identify the PING sweep attempts inside the network. For this purpose, he used Wire shark to analyze the traffic.
What filter did he use to identify ICMP ping sweep attempts?

• A. tcp.type==icmp
• B. icmp.type==icmp
• C. udp.type== 7
• D. icmp.type ==8 or icmp.type== 0

正解：D

質問 # 109
The service organization that provides 24x7 computer security incident response services to any user, company, government agency, or organization is known as:

• A. Security Operations Center SOC
• B. Computer Security Incident Response Team CSIRT
• C. Digital Forensics Examiner
• D. Vulnerability Assessor

正解：B

質問 # 110
An organization implemented an encoding technique to eradicate SQL injection attacks. In this technique, if a user submits a request using single-quote and some values, the encoding technique will convert it into numeric digits and letters ranging from "a" to "f". This prevents the user request from performing a SQL injection attempt on the web application.
Identify the encoding technique used by the organization.

• A. URL encoding
• B. Base 64 encoding
• C. Unicode encoding
• D. Hex encoding

正解：D

質問 # 111
Malicious software programs that infect computers and com up to r delete the data on them.
The above-mentioned statement defines which of the following terms?

• A. Virus
• B. Worm
• C. Spyware
• D. Trojan

正解：A

質問 # 112
Multiple component incidents consist of a combination of two or more attacks in a system. Which of the following is not a multiple component incident?

• A. An attacker using email with malicious code to infect internal workstation
• B. An attacker redirecting user to a malicious website and infects his system with Trojan
• C. An attacker infecting a machine to launch a DDoS attack
• D. An insider intentionally deleting files from a workstation

正解：D

質問 # 113
The most common type(s) of intellectual property is(are):

• A. All the above
• B. Copyrights and Trademarks
• C. Patents
• D. Industrial design rights & Trade secrets

正解：A

質問 # 114
A computer virus hoax is a message warning the recipient of an on-existent computer virus threat. The message is usually a chain e-mail that tells the recipient to forward it to everyone they know.
Which of the following is not a symptom of virus hoax message?

• A. The message prompts the end user to forward it to his/her email contact list and gain monetary benefits in doing so
• B. The message warns to delete certain files if the user does not take appropriate action
• C. The message prompts the user to install Anti-virus
• D. The message from a known email id is caught by SPAM filters due to change in filter settings

正解：D

質問 # 115
Which is the incorrect statement about Anti-keyloggers scanners:

• A. Software tools
• B. Run in stealthy mode to record victims online activity
• C. Detect already installed Keyloggers in victim machines

正解：B

質問 # 116
Malicious Micky has moved from the delivery stage to the exploitation stage of the kill chain. This malware wants to find and report to the command center any useful services on the system.
Which of the following recon attacks is the MOST LIKELY to provide this information?

• A. Packet sniff ng
• B. IP range sweep
• C. Port scan
• D. Session hijack

正解：C

質問 # 117
Incident may be reported using/ by:

• A. All the above
• B. Phone call
• C. Facsimile (Fax)
• D. Email or on-line Web form

正解：A

質問 # 118
Which of the following describes the introduction of malicious programs on to a device connected to a campus network (Trojan horse, email bombs, virus, etc.)?

• A. Unauthorized access
• B. Inappropriate usage
• C. Authorized access
• D. Network access

正解：D

質問 # 119
Which of the following is the BEST method to prevent email incidents?

• A. End-user training
• B. Installing antivirus rule updates
• C. Disabling HTML in email content fields
• D. Web proxy filtering

正解：A

質問 # 120
Which of the following can be considered synonymous:

• A. Vulnerability and Danger
• B. Precaution and countermeasure
• C. Threat and Threat Agent
• D. Hazard and Threat

正解：D

質問 # 121
What command does a Digital Forensic Examiner use to display the list of all open ports and the associated IP addresses on a victim computer to identify the established connections on it:

• A. "netstat -an" command
• B. "arp" command
• C. "ifconfig" command
• D. "dd" command

正解：A

質問 # 122
Jason is an incident handler dealing with malware incidents. He was asked to perform a memory dump analysis in order to collect the information about the basic functionality of any program. As apart of his assignment, he needs to perform string search analysis to search for the malicious string that could determine the harmful actions that a program can perform.
Which of the following string-searching tools does Jason need to use to perform the intended task?

• A. Dependency Walker Information about the resource is in the response body.
• B. Process Explorer
• C. PE View
• D. Bin Text

正解：D

質問 # 123
Robert is an incident handler working for X security Inc. One day, his organization faced a massive cyberattack and all of the websites related to the organization went offline. Robert was on duty during the incident and he was responsible for handling the incident and maintaining business continuity. He immediately restored the web application service with the help of the existing backups.
According to the scenario, which of the following stages of incident handling and response (IH&R) process did Robert perform?

• A. Not if cation
• B. Evidence gathering and forensics analysis
• C. Eradication
• D. Recovery

正解：D

質問 # 124
Jason is setting up a computer forensics lab and must perform the following steps:
1. physical location and structural design considerations;
2. planning and budgeting;
3. work area considerations;
4. physical security recommendations;
5. forensic lab licensing;
6. human resource considerations.
Arrange these steps in the order of execution.

• A. 2->1->3->6->4->5
• B. 2->3->1->4->6->5
• C. 3->2->1->4->6->5
• D. 5->2->1->3->4->6

正解：A

質問 # 125
A security policy will take the form of a document or a collection of documents, depending on the situation or usage. It can become a point of reference in case a violation occurs that results in dismissal or other penalty. Which of the following is NOT true for a good security policy?

• A. It must clearly define the areas of responsibilities of the users, administrators and management
• B. It must be approved by court of law after verifications of the stated terms and facts
• C. It must be implemented through system administration procedures, publishing of acceptable use guide lines or other appropriate methods
• D. It must be enforceable with security tools where appropriate and with sanctions where actual prevention is not technically feasible

正解：B

質問 # 126
They type of attack that prevents the authorized users to access networks, systems, or applications by
exhausting the network resources and sending illegal requests to an application is known as:

• A. Denial of Service attack
• B. SQL injection attack
• C. Man in the Middle attack
• D. Session Hijacking attack

正解：A

質問 # 127
The program that helps to train people to be better prepared to respond to emergency situations in their communities is known as:

• A. All the above
• B. Security Incident Response Team (SIRT)
• C. Incident Response Team (IRT)
• D. Community Emergency Response Team (CERT)

正解：D

質問 # 128
ADAM, an employee from a multinational company, uses his company's accounts to send e-mails to a third party with their spoofed mail address. How can you categorize this type of account?

• A. Network intrusion incident
• B. Inappropriate usage incident
• C. Denial of Service incident
• D. Unauthorized access incident

正解：B

質問 # 129
In which of the steps of NIST's risk assessment methodology are the boundary of the IT system, along with the resources and the information that constitute the system identified?

• A. System characterization
• B. Likelihood Determination
• C. Control analysis
• D. Control recommendation

正解：A

質問 # 130
The state of incident response preparedness that enables an organization to maximize its potential to use
digital evidence while minimizing the cost of an investigation is called:

• A. Digital Forensic Analysis
• B. Digital Forensic Policy
• C. Forensic Readiness
• D. Computer Forensics

正解：C

質問 # 131
Which one of the following is Inappropriate Usage Incidents?

• A. Insider Threat
• B. Access Control Attack
• C. Reconnaissance Attack
• D. Denial of Service Attack

正解：A

質問 # 132
......

ECIH V2認定試験は、インシデント管理、インシデント分析、コンピューターフォレンジック、ネットワークセキュリティなど、インシデント処理と対応に関連する幅広いトピックをカバーしています。試験は5つのドメインに分かれており、それぞれがインシデント処理と応答の特定の領域をカバーしています。ドメインには、インシデント管理と対応、コンピューターフォレンジックの基礎、ネットワークフォレンジックと分析、インシデントレポートとコミュニケーション、インシデント回復とインテキション後の対応が含まれます。

 

212-89試験問題と解答：https://www.jpntest.com/shiken/212-89-mondaishu