212-89認定ガイドPDFは100%カバー率でリアル試験問題が使える
合格させる212-89試験にはリアル問題解答
EC-COUNCIL 212-89試験は、セキュリティ専門家、インシデントハンドラー、ITマネージャー、ネットワーク管理者、およびインシデントハンドリングとレスポンスの分野で知識とスキルを向上させたい人に最適です。認定は、組織内でセキュリティインシデントを管理および対応する責任がある人々に特に有用です。
質問 # 80
The Linux command used to make binary copies of computer media and as a disk imaging tool if given a raw disk device as its input is:
- A. "find" command
- B. "netstat" command
- C. "nslookup" command
- D. "dd" command
正解:D
質問 # 81
Which of the following types of fuzz testing strategies does new data get generated from scratch, and the amount of data generated is predefined based on the testing model?
- A. Generation-based fuzz testing
- B. Protocol-based fuzz testing
- C. Log-based fuzz testing
- D. Mutation-based fuzz testing
正解:A
質問 # 82
The free utility which quickly scans Systems running Windows OS to find settings that may have been changed by spyware, malware, or other unwanted programs is called:
- A. Stinger
- B. Tripwire
- C. F-Secure Anti-virus
- D. HijackThis
正解:D
質問 # 83
Clark, a professional hacker, successfully exploited the web application of a target organization by tampering with form and parameter values. Consequently, Clark gained access to the information assets of the organization.
Which of the following is the web-application vulnerability exploited by the attacker?
- A. SQL injection
- B. Security misconfiguration
- C. Broken access control
- D. Sensitive data exposure
正解:A
質問 # 84
If a hacker cannot find any other way to attack an organization, they can influence an employee or a disgruntled staff member.
What type of threat is this?
- A. Phishing attack
- B. Insider attack
- C. Identity the t
- D. Footprinting
正解:B
質問 # 85
Preventing the incident from spreading and limiting the scope of the incident is known as:
- A. Incident Eradication
- B. Incident Classification
- C. Incident Protection
- D. Incident Containment
正解:D
質問 # 86
He must present this evidence in a clear and comprehensible manner to the members of jury so that the evidence explains the facts clearly and further helps in obtaining an expert opinion on the same to confirm the investigation process.
In the above scenario, what is the characteristic of the digital evidence Stanley tried to preserve?
- A. Authentic
- B. Complete
- C. Believable
- D. Admissible
正解:C
質問 # 87
An attacker after performing an attack decided to wipe evidence using artifact wiping techniques to evade forensic investigation. He applied a magnetic field to the digital media device, resulting in a device entirely cleaned of any previously stored data.
Identify the artifact wiping technique used by the attacker.
- A. Disk cleaning utilities
- B. Disk degaussing/destruction
- C. File wiping utilities
- D. Syscall proxying
正解:B
質問 # 88
Which of the following DOES NOT expose a cloud application to hacking?
- A. Configuration error
- B. Lack of experience in manipulating cloud systems
- C. Contract with a cloud service vendor
- D. Inappropriate technical issue
正解:C
質問 # 89
Matt is an incident handler working for one of the largest social network companies, which was affected by malware. According to the company's reporting timeframe guidelines, a malware incident should be reported within 1 h of discovery/detection after its spread across the company.
Which category does this incident belong to?
- A. CAT 1
- B. CAT 4
- C. CAT 3
- D. CAT 2
正解:C
質問 # 90
In NIST risk assessment/ methodology; the process of identifying the boundaries of an IT system along with
the resources and information that constitute the system is known as:
- A. Asset Identification
- B. Asset valuation
- C. System classification
- D. System characterization
正解:D
質問 # 91
ADAM, an employee from a multinational company, uses his company's accounts to send e-mails to a third
party with their spoofed mail address. How can you categorize this type of account?
- A. Inappropriate usage incident
- B. Denial of Service incident
- C. Unauthorized access incident
- D. Network intrusion incident
正解:A
質問 # 92
A security policy will take the form of a document or a collection of documents, depending on the situation or usage. It can become a point of reference in case a violation occurs that results in dismissal or other penalty. Which of the following is NOT true for a good security policy?
- A. It must be implemented through system administration procedures, publishing of acceptable use guide lines or other appropriate methods
- B. It must be approved by court of law after verifications of the stated terms and facts
- C. It must be enforceable with security tools where appropriate and with sanctions where actual prevention is not technically feasible
- D. It must clearly define the areas of responsibilities of the users, administrators and management
正解:B
質問 # 93
The IDS and IPS system logs indicating an unusual deviation from typical network traffic flows; this is called:
- A. An Indication
- B. A Precursor
- C. A Proactive
- D. A Reactive
正解:A
質問 # 94
In which of the following stages of the incident handling and response (IH&R) process do the incident handlers try to find the root cause of the incident along with the threat actors behind the incidents, threat vectors, etc.?
- A. Incident recording and assignment
- B. Evidence gathering and forensics analysis
- C. Post-incident activities
- D. Incident triage
正解:B
質問 # 95
Which of the following is not a countermeasure to eradicate cloud security incidents?
- A. Checking for data protection at both design and runtime
- B. Patching the database vulnerabilities and improving the isolation mechanism
- C. Disabling security options such as two factor authentication and CAPTCHA
- D. Removing the malware files and traces from the affected components
正解:C
質問 # 96
......
EC-Council認定インシデントハンドラー(ECIH V2)試験は、ECIHプログラムの認定試験です。この試験では、さまざまな種類のセキュリティインシデントへの処理と対応における候補者の知識とスキルをテストします。この試験は、とりわけ、インシデント処理プロセス、インシデント対応、回復などの分野で候補者の知識をテストするように設計されています。試験は100の複数選択の質問で構成されており、2時間の期間があります。候補者は、試験に合格し、ECIH認定を獲得するために少なくとも70%を獲得する必要があります。 ECIH認定は3年間有効であり、世界的に認識されています。
100%無料212-89日常練習試験には205問があります:https://www.jpntest.com/shiken/212-89-mondaishu