EC-COUNCIL 212-89認定ガイドPDFは100%カバー率でリアル試験問題 [Q13-Q34]

EC-COUNCIL 212-89認定ガイドPDFは100%カバー率でリアル試験問題

合格させる212-89試験にはリアル問題解答

EC-COUNCIL 212-89 試験は、インシデントハンドリングとレスポンスの分野の専門家を対象とした認定プログラムです。この認定は、世界的に認知されており、サイバーセキュリティ分野で最も権威ある認定の1つと考えられています。EC-COUNCIL 212-89 試験は、EC Council Certified Incident Handler (ECIH v2) 認定試験としても知られています。

EC-Council Certified Incident Handler（ECIH）認定は、インシデント処理と対応のスキルと知識を検証するために設計された、グローバルに認められた資格です。認定試験は、組織内でセキュリティインシデントを管理および対応する責任を持つ専門家を対象としています。 ECIH v2試験は、インシデント処理手順、対応と回復、脆弱性管理、および法的分析技術など、インシデントハンドラが理解することが必要な幅広いトピックをカバーしています。

 

質問 # 13
Agencies do NOT report an information security incident is because of:

• A. All the above
• B. Afraid of negative publicity
• C. Have full knowledge about how to handle the attack internally
• D. Do not want to pay the additional cost of reporting an incident

正解：B

質問 # 14
Introduction of malicious programs on to the device connected to the campus network (Trojan Horse, email bombs, virus, etc.) is called?

• A. Inappropriate Usage
• B. Authorize Access
• C. Network Access
• D. Un authorize Access

正解：C

質問 # 15
Michael is an incident handler at CyberTech Solutions. He is performing detection and analysis of a cloud security incident. He is also analyzing the file systems, slack spaces, and metadata within the storage units to find hidden malware and evidence of malice.
Identify the cloud security incident handled by Michael:

• A. Storage-related incident
• B. Network-related incident
• C. Application-related incident
• D. Server-related incident

正解：A

質問 # 16
ZYX company experienced a DoS/DDoS attack on their network. Upon investigating the incident, they concluded that the attack is an application-layer attack.
Which of the following attacks did the attacker use?

• A. UDP flood attack
• B. SIowloris attack
• C. Ping of death
• D. SYN flood attack

正解：B

質問 # 17
An attacker after performing an attack decided to wipe evidence using artifact wiping techniques to evade forensic investigation. He applied a magnetic field to the digital media device, resulting in a device entirely cleaned of any previously stored data.
Identify the artifact wiping technique used by the attacker.

• A. Syscall proxying
• B. Disk cleaning utilities
• C. File wiping utilities
• D. Disk degaussing/destruction

正解：D

質問 # 18
An active vulnerability scanner featuring high speed discovery, configuration auditing, asset profiling, sensitive data discovery, and vulnerability analysis is called:

• A. nmap
• B. Nessus
• C. CyberCop
• D. EtherApe

正解：B

質問 # 19
Malicious downloads that result from malicious office documents being manipulated are caused by which of the following?

• A. Registry key manipulation
• B. Macro abuse
• C. Click jacking
• D. Impersonation

正解：B

質問 # 20
What is the best staffing model for an incident response team if current employees' expertise is very low?

• A. Fully insourced
• B. Partially outsourced
• C. Fully outsourced
• D. All the above

正解：C

解説：
Explanation/Reference:

質問 # 21
Organizations or incident response teams need to protect the evidence for any future legal actions that may be taken against perpetrators that intentionally attacked the computer system. EVIDENCE PROTECTION is also required to meet legal compliance issues. Which of the following documents helps in protecting evidence from physical or logical damage:

• A. Network and host log records
• B. Chain-of-Custody
• C. Forensic analysis report
• D. Chain-of-Precedence

正解：B

質問 # 22
An organization named Sam Morison Inc. decided to use cloud-based services to reduce the cost of their maintenance. They first identified various risks and threats associated with cloud service adoption and migrating critical business data to third party systems. Hence, the organization decided to deploy cloud-based security tools to prevent upcoming threats.
Which of the following tools would help the organization to secure cloud resources and services?

• A. Wire shark
• B. Nmap
• C. Burp Suite
• D. Alert Logic

正解：D

質問 # 23
Which of the following tools helps incident handlers to view the filesystem, retrieve deleted data, perform timeline analysis, web art facts, etc., during an incident response process?

• A. Process Explorer
• B. Autopsy
• C. netstat
• D. nbtstat

正解：B

質問 # 24
Identify a standard national process which establishes a set of activities, general tasks and a management
structure to certify and accredit systems that will maintain the information assurance (IA) and security posture
of a system or site.

• A. NIASAP
• B. NIPACP
• C. NIAAAP
• D. NIACAP

正解：D

質問 # 25
Incident management team provides support to all users in the organization that are affected by the threat or
attack. The organization's internal auditor is part of the incident response team. Identify one of the
responsibilities of the internal auditor as part of the incident response team:

• A. Coordinate incident containment activities with the information security officer
• B. Identify and report security loopholes to the management for necessary actions
• C. Perform necessary action to block the network traffic from suspected intruder
• D. Configure information security controls

正解：B

質問 # 26
Which of the following options describes common characteristics of phishing emails?

• A. Written in French
• B. Sent from friends or colleagues
• C. No BCC fields
• D. Urgency, threatening, or promising subject lines

正解：D

質問 # 27
The ability of an agency to continue to function even after a disastrous event, accomplished through the deployment of redundant hardware and software, the use of fault tolerant systems, as well as a solid backup and recovery strategy is known as:

• A. Disaster Planning
• B. Business Continuity Plan
• C. Business Continuity
• D. Contingency Planning

正解：C

質問 # 28
Bit stream image copy of the digital evidence must be performed in order to:

• A. All the above
• B. Copy all disk sectors including slack space
• C. Copy the FAT table
• D. Prevent alteration to the original disk

正解：B

質問 # 29
Michael is a part of the computer incident response team of a company. One of his responsibilities is to handle email incidents. The company receives an email from an unknown source, and one of the steps that he needs to take is to check the validity of the email.
Which of the following tools should he use?

• A. Zendio
• B. Yes ware
• C. G Suite Toolbox
• D. Email Dossier

正解：D

質問 # 30
Incident handling and response steps help you to detect, identify, respond and manage an incident. Which of the following steps focus on limiting the scope and extent of an incident?

• A. Identification
• B. Containment
• C. Data collection
• D. Eradication

正解：B

質問 # 31
Adam is an incident handler who intends to use DBCCLOG command to analyze a database and retrieve the active transaction logfiles for the specified database. The syntax of DBCC LG command is DBCC LOG (<database name>, <output>), where the output parameter specifies the level of information an incident handler wants to retrieve.
If Adam wants to retrieve the full information on each operation along with the hex dump of a current transaction row, which of the following output parameters should Adam use?

• A. 0
• B. 1
• C. 2
• D. 3

正解：D

質問 # 32
An estimation of the expected losses after an incident helps organization in prioritizing and formulating their
incident response. The cost of an incident can be categorized as a tangible and intangible cost. Identify the
tangible cost associated with virus outbreak?

• A. Psychological damage
• B. Damage to corporate reputation
• C. Loss of goodwill
• D. Lost productivity damage

正解：D

質問 # 33
Which of the following is not a best practice to eliminate the possibility of insider attacks?

• A. Implementing secure backup and disaster recovery processes for business continuity
• B. Always leave business details over voicemail or email messages
• C. Monitoring employee behaviors and computer systems used by employees
• D. Disabling users from install ng unauthorized software or accessing malicious websites using the corporate network

正解：A

質問 # 34
......

100%無料212-89日常練習試験には205問があります：https://www.jpntest.com/shiken/212-89-mondaishu