212-89問題集PDFは最新 [2024年最新] 究極な学習ガイド
212-89試験問題集PDFは更新された問題集でしかも合格保証付き
EC-COUNCIL 212-89 認定試験の出題範囲:
トピック | 出題範囲 |
---|---|
トピック 1 |
|
トピック 2 |
|
トピック 3 |
|
トピック 4 |
|
トピック 5 |
|
質問 # 123
Clark, a professional hacker, successfully exploited the web application of a target organization by tampering the form and parameter values. In result, Clark gained access to the information assets of the organization. Identify the vulnerability in the web application exploited by the attacker.
- A. SQL injection
- B. Broken access control
- C. Security misconfiguration
- D. Sensitive data exposure
正解:A
質問 # 124
An audit trail policy collects all audit trails such as series of records of computer events, about an operating system, application or user activities. Which of the following statements is NOT true for an audit trail policy:
- A. It helps tracking individual actions and allows users to be personally accountable for their actions
- B. It helps calculating intangible losses to the organization due to incident
- C. It helps in compliance to various regulatory laws, rules,and guidelines
- D. It helps in reconstructing the events after a problem has occurred
正解:B
質問 # 125
The main difference between viruses and worms is:
- A. Worms require a host file to propagate while viruses don't
- B. Viruses and worms are common names for the same malware
- C. Viruses don't require user interaction; they are self-replicating malware
- D. Viruses require a host file to propagate while Worms don't
正解:D
質問 # 126
Which of the following forensic investigation phases should occur first?
- A. Preform the first responder procedure.
- B. Collect preliminary evidence.
- C. Create two-bitstream copies of the evidence.
- D. Transport the evidence to the forensic laboratory.
正解:A
質問 # 127
Incident handling and response steps help you to detect, identify, respond and manage an incident. Which of
the following steps focus on limiting the scope and extent of an incident?
- A. Data collection
- B. Containment
- C. Eradication
- D. Identification
正解:B
質問 # 128
Contingency planning enables organizations to develop and maintain effective methods to handle
emergencies. Every organization will have its own specific requirements that the planning should address.
There are five major components of the IT contingency plan, namely supporting information, notification
activation, recovery and reconstitution and plan appendices. What is the main purpose of the reconstitution
plan?
- A. To restore the original site, tests systems to prevent the incident and terminates operations
- B. To provide the introduction and detailed concept of the contingency plan
- C. To define the notification procedures, damage assessments and offers the plan activation
- D. To provide a sequence of recovery activities with the help of recovery procedures
正解:A
質問 # 129
As an IT security officer, what is the first step you will take after discovering a successful email compromise?
- A. Investigate similar hosts to determine whether the attacker has compromised other systems.
- B. Report the incident to the organization's computer incident response team.
- C. Isolate the compromised system or take steps to contain the attack.
- D. Test the infected system to ensure security
正解:C
質問 # 130
The free, open source, TCP/IP protocol analyzer, sniffer and packet capturing utility standard across many
industries and educational institutions is known as:
- A. Wireshark
- B. nmap
- C. Cain & Able
- D. Snort
正解:A
質問 # 131
Rose is an incident-handler and is responsible for detecting and eliminating any kind of scanning attempts over the network by malicious threat actors. Rose uses Wire shark to sniff the network and detect any malicious activities going on.
Which of the following Wireshark filters can be used by her to detect TCP Xmas scan attempt by the attacker?
- A. tcp.flags==0X 029
- B. tcp.flags==0X 000
- C. tcp.flags.reset== 1
- D. tcp.dstport== 7
正解:A
質問 # 132
A self-replicating virus does not alter files but resides inactive memory and duplicates itself. It takes advantage of file or information transport features on the system to travel independently.
What is this type of object called?
- A. Adware
- B. Worm
- C. Trojan
- D. Spyware
正解:B
質問 # 133
The open source TCP/IP network intrusion prevention and detection system (IDS/IPS), uses a rule-driven
language, performs real-time traffic analysis and packet logging is known as:
- A. Wireshark
- B. Nessus
- C. SAINT
- D. Snort
正解:D
解説:
Explanation
質問 # 134
A living high level document that states in writing a requirement and directions on how an agency plans to protect its information technology assets is called:
- A. Information security Baseline
- B. Information security Standard
- C. Information security Procedure
- D. Information security Policy
正解:D
質問 # 135
Common name(s) for CSIRT is(are)
- A. Incident Handling Team (IHT)
- B. Security Incident Response Team (SIRT)
- C. Incident Response Team (IRT)
- D. All the above
正解:D
質問 # 136
What command does a Digital Forensic Examiner use to display the list of all open ports and the associated IP
addresses on a victim computer to identify the established connections on it:
- A. "netstat -an" command
- B. "arp" command
- C. "ifconfig" command
- D. "dd" command
正解:A
質問 # 137
Quantitative risk is the numerical determination of the probability of an adverse event and the extent of the losses due to the event. Quantitative risk is calculated as:
- A. (Probability of Loss) / (Loss)
- B. (Loss) / (Probability of Loss)
- C. (Probability of Loss) X (Loss)
- D. Significant Risks X Probability of Loss X Loss
正解:C
質問 # 138
Eric works as an incident handler at Erinol software systems. He was assigned a task to protect the organization from any kind of DoS/DDoS attacks.
Which of the following tools can be used by Eric to achieve his objective?
- A. Wire shark
- B. Hydra
- C. Incapsula
- D. IDA
正解:C
質問 # 139
The correct sequence of incident management process is:
- A. Prepare, protect, detect, triage and respond
- B. Prepare, protect, detect, respond and triage
- C. Prepare, protect, triage, detect and respond
- D. Prepare, detect, protect, triage and respond
正解:A
質問 # 140
An information security policy must be:
- A. Distributed and communicated
- B. Enforceable and Regularly updated
- C. All the above
- D. Written in simple language
正解:C
質問 # 141
Risk is defined as the probability of the occurrence of an incident. Risk formulation generally begins with the likeliness of an event's occurrence, the harm it may cause and is usually denoted as Risk = ∑(events)X(Probability of occurrence)X?
- A. Magnitude
- B. Consequences
- C. Significance
- D. Probability
正解:A
質問 # 142
The process of rebuilding and restoring the computer systems affected by an incident to normal operational
stage including all the processes, policies and tools is known as:
- A. Incident Management
- B. Incident Response
- C. Incident Recovery
- D. Incident Handling
正解:C
解説:
Explanation/Reference:
質問 # 143
......
あなたを合格させるEC-COUNCIL試験には212-89試験問題集:https://www.jpntest.com/shiken/212-89-mondaishu