次の認定試験に速く合格する!

簡単に認定試験を準備し、学び、そして合格するためにすべてが必要だ。

会員センター  カート (0)
  • ホーム
  • ブログ
  • 212-89問題集PDFは最新 [2024年最新] 究極な学習ガイド [Q123-Q143]

212-89問題集PDFは最新 [2024年最新] 究極な学習ガイド [Q123-Q143]

Share

212-89問題集PDFは最新 [2024年最新] 究極な学習ガイド

212-89試験問題集PDFは更新された問題集でしかも合格保証付き


EC-COUNCIL 212-89 認定試験の出題範囲:

トピック出題範囲
トピック 1
  • Handling and Responding to Insider Threats
  • Forensic Readiness and First Response
トピック 2
  • Handling and Responding to Web Application Security Incidents
  • Introduction to Incident Handling and Response
トピック 3
  • Handling and Responding to Email Security Incidents
トピック 4
  • Handling and Responding to Cloud Security Incidents
  • Incident Handling and Response Process
トピック 5
  • Handling and Responding to Network Security Incidents
  • Handling and Responding to Malware Incidents

 

質問 # 123
Clark, a professional hacker, successfully exploited the web application of a target organization by tampering the form and parameter values. In result, Clark gained access to the information assets of the organization. Identify the vulnerability in the web application exploited by the attacker.

  • A. SQL injection
  • B. Broken access control
  • C. Security misconfiguration
  • D. Sensitive data exposure

正解:A


質問 # 124
An audit trail policy collects all audit trails such as series of records of computer events, about an operating system, application or user activities. Which of the following statements is NOT true for an audit trail policy:

  • A. It helps tracking individual actions and allows users to be personally accountable for their actions
  • B. It helps calculating intangible losses to the organization due to incident
  • C. It helps in compliance to various regulatory laws, rules,and guidelines
  • D. It helps in reconstructing the events after a problem has occurred

正解:B


質問 # 125
The main difference between viruses and worms is:

  • A. Worms require a host file to propagate while viruses don't
  • B. Viruses and worms are common names for the same malware
  • C. Viruses don't require user interaction; they are self-replicating malware
  • D. Viruses require a host file to propagate while Worms don't

正解:D


質問 # 126
Which of the following forensic investigation phases should occur first?

  • A. Preform the first responder procedure.
  • B. Collect preliminary evidence.
  • C. Create two-bitstream copies of the evidence.
  • D. Transport the evidence to the forensic laboratory.

正解:A


質問 # 127
Incident handling and response steps help you to detect, identify, respond and manage an incident. Which of
the following steps focus on limiting the scope and extent of an incident?

  • A. Data collection
  • B. Containment
  • C. Eradication
  • D. Identification

正解:B


質問 # 128
Contingency planning enables organizations to develop and maintain effective methods to handle
emergencies. Every organization will have its own specific requirements that the planning should address.
There are five major components of the IT contingency plan, namely supporting information, notification
activation, recovery and reconstitution and plan appendices. What is the main purpose of the reconstitution
plan?

  • A. To restore the original site, tests systems to prevent the incident and terminates operations
  • B. To provide the introduction and detailed concept of the contingency plan
  • C. To define the notification procedures, damage assessments and offers the plan activation
  • D. To provide a sequence of recovery activities with the help of recovery procedures

正解:A


質問 # 129
As an IT security officer, what is the first step you will take after discovering a successful email compromise?

  • A. Investigate similar hosts to determine whether the attacker has compromised other systems.
  • B. Report the incident to the organization's computer incident response team.
  • C. Isolate the compromised system or take steps to contain the attack.
  • D. Test the infected system to ensure security

正解:C


質問 # 130
The free, open source, TCP/IP protocol analyzer, sniffer and packet capturing utility standard across many
industries and educational institutions is known as:

  • A. Wireshark
  • B. nmap
  • C. Cain & Able
  • D. Snort

正解:A


質問 # 131
Rose is an incident-handler and is responsible for detecting and eliminating any kind of scanning attempts over the network by malicious threat actors. Rose uses Wire shark to sniff the network and detect any malicious activities going on.
Which of the following Wireshark filters can be used by her to detect TCP Xmas scan attempt by the attacker?

  • A. tcp.flags==0X 029
  • B. tcp.flags==0X 000
  • C. tcp.flags.reset== 1
  • D. tcp.dstport== 7

正解:A


質問 # 132
A self-replicating virus does not alter files but resides inactive memory and duplicates itself. It takes advantage of file or information transport features on the system to travel independently.
What is this type of object called?

  • A. Adware
  • B. Worm
  • C. Trojan
  • D. Spyware

正解:B


質問 # 133
The open source TCP/IP network intrusion prevention and detection system (IDS/IPS), uses a rule-driven
language, performs real-time traffic analysis and packet logging is known as:

  • A. Wireshark
  • B. Nessus
  • C. SAINT
  • D. Snort

正解:D

解説:
Explanation


質問 # 134
A living high level document that states in writing a requirement and directions on how an agency plans to protect its information technology assets is called:

  • A. Information security Baseline
  • B. Information security Standard
  • C. Information security Procedure
  • D. Information security Policy

正解:D


質問 # 135
Common name(s) for CSIRT is(are)

  • A. Incident Handling Team (IHT)
  • B. Security Incident Response Team (SIRT)
  • C. Incident Response Team (IRT)
  • D. All the above

正解:D


質問 # 136
What command does a Digital Forensic Examiner use to display the list of all open ports and the associated IP
addresses on a victim computer to identify the established connections on it:

  • A. "netstat -an" command
  • B. "arp" command
  • C. "ifconfig" command
  • D. "dd" command

正解:A


質問 # 137
Quantitative risk is the numerical determination of the probability of an adverse event and the extent of the losses due to the event. Quantitative risk is calculated as:

  • A. (Probability of Loss) / (Loss)
  • B. (Loss) / (Probability of Loss)
  • C. (Probability of Loss) X (Loss)
  • D. Significant Risks X Probability of Loss X Loss

正解:C


質問 # 138
Eric works as an incident handler at Erinol software systems. He was assigned a task to protect the organization from any kind of DoS/DDoS attacks.
Which of the following tools can be used by Eric to achieve his objective?

  • A. Wire shark
  • B. Hydra
  • C. Incapsula
  • D. IDA

正解:C


質問 # 139
The correct sequence of incident management process is:

  • A. Prepare, protect, detect, triage and respond
  • B. Prepare, protect, detect, respond and triage
  • C. Prepare, protect, triage, detect and respond
  • D. Prepare, detect, protect, triage and respond

正解:A


質問 # 140
An information security policy must be:

  • A. Distributed and communicated
  • B. Enforceable and Regularly updated
  • C. All the above
  • D. Written in simple language

正解:C


質問 # 141
Risk is defined as the probability of the occurrence of an incident. Risk formulation generally begins with the likeliness of an event's occurrence, the harm it may cause and is usually denoted as Risk = ∑(events)X(Probability of occurrence)X?

  • A. Magnitude
  • B. Consequences
  • C. Significance
  • D. Probability

正解:A


質問 # 142
The process of rebuilding and restoring the computer systems affected by an incident to normal operational
stage including all the processes, policies and tools is known as:

  • A. Incident Management
  • B. Incident Response
  • C. Incident Recovery
  • D. Incident Handling

正解:C

解説:
Explanation/Reference:


質問 # 143
......

あなたを合格させるEC-COUNCIL試験には212-89試験問題集:https://www.jpntest.com/shiken/212-89-mondaishu

関するブログ

もっと
212-89無料問題集

弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

オンラインサポート時間:( UTC+9 ) 9:00-24:00
月曜日から土曜日まで

サポート:現在連絡 

関連リンク

トップ試験