212-89無料更新100%試験合格率保証 [2022]
[2022年03月] 認証されたEC-COUNCIL試験問題集で212-89試験学習ガイド
質問 97
The ability of an agency to continue to function even after a disastrous event, accomplished through the
deployment of redundant hardware and software, the use of fault tolerant systems, as well as a solid backup
and recovery strategy is known as:
- A. Contingency Planning
- B. Disaster Planning
- C. Business Continuity Plan
- D. Business Continuity
正解: D
質問 98
The largest number of cyber-attacks are conducted by:
- A. Insiders
- B. Suppliers
- C. Outsiders
- D. Business partners
正解: C
質問 99
The steps followed to recover computer systems after an incident are:
- A. System restoration, operation, validation, and monitoring
- B. System validation, restoration, operation and monitoring
- C. System restoration, validation, operation and monitoring
- D. System monitoring, validation, operation and restoration
正解: C
質問 100
The sign(s) of the presence of malicious code on a host infected by a virus which is delivered via e-mail could be:
- A. Antivirus software detects the infected files
- B. System files become inaccessible
- C. Increase in the number of e-mails sent and received
- D. All the above
正解: D
質問 101
The sign(s) of the presence of malicious code on a host infected by a virus which is delivered via e-mail could
be:
- A. Antivirus software detects the infected files
- B. System files become inaccessible
- C. Increase in the number of e-mails sent and received
- D. All the above
正解: D
質問 102
Computer forensics is methodical series of techniques and procedures for gathering evidence from computing
equipment, various storage devices and or digital media that can be presented in a course of law in a coherent
and meaningful format. Which one of the following is an appropriate flow of steps in the computer forensics
process:
- A. Analysis > Preparation > Collection > Reporting > Examination
- B. Preparation > Analysis > Collection > Examination > Reporting
- C. Examination> Analysis > Preparation > Collection > Reporting
- D. Preparation > Collection > Examination > Analysis > Reporting
正解: D
質問 103
Digital evidence must:
- A. Not prove the attackers actions
- B. Cast doubt on the authenticity and veracity of the evidence
- C. Be Volatile
- D. Be Authentic, complete and reliable
正解: D
質問 104
One of the main objectives of incident management is to prevent incidents and attacks by tightening the
physical security of the system or infrastructure. According to CERT's incident management process, which
stage focuses on implementing infrastructure improvements resulting from postmortem reviews or other
process improvement mechanisms?
- A. Preparation
- B. Protection
- C. Detection
- D. Triage
正解: B
質問 105
A malicious security-breaking code that is disguised as any useful program that installs an executable
programs when a file is opened and allows others to control the victim's system is called:
- A. Trojan
- B. RootKit
- C. Worm
- D. Virus
正解: A
解説:
Explanation
質問 106
What command does a Digital Forensic Examiner use to display the list of all open ports and the associated IP addresses on a victim computer to identify the established connections on it:
- A. "arp" command
- B. "netstat -an" command
- C. "ifconfig" command
- D. "dd" command
正解: B
質問 107
Contingency planning enables organizations to develop and maintain effective methods to handle emergencies. Every organization will have its own specific requirements that the planning should address. There are five major components of the IT contingency plan, namely supporting information, notification activation, recovery and reconstitution and plan appendices. What is the main purpose of the reconstitution plan?
- A. To provide the introduction and detailed concept of the contingency plan
- B. To restore the original site, tests systems to prevent the incident and terminates operations
- C. To define the notification procedures, damage assessments and offers the plan activation
- D. To provide a sequence of recovery activities with the help of recovery procedures
正解: B
質問 108
Which of the following incident recovery testing methods works by creating a mock disaster, like fire to identify
the reaction of the procedures that are implemented to handle such situations?
- A. Facility testing
- B. Live walk-through testing
- C. Scenario testing
- D. Procedure testing
正解: D
質問 109
A self-replicating malicious code that does not alter files but resides in active memory and duplicates itself,
spreads through the infected network automatically and takes advantage of file or information transport
features on the system to travel independently is called:
- A. RootKit
- B. Trojan
- C. Worm
- D. Virus
正解: C
質問 110
Spyware tool used to record malicious user's computer activities and keyboard stokes is called:
- A. Rootkit
- B. Keylogger
- C. Firewall
- D. adware
正解: B
質問 111
A malware code that infects computer files, corrupts or deletes the data in them and requires a host file to
propagate is called:
- A. RootKit
- B. Trojan
- C. Worm
- D. Virus
正解: D
質問 112
The flow chart gives a view of different roles played by the different personnel of CSIRT. Identify the incident response personnel denoted by A, B, C, D, E, F and G.
- A. A- Incident Coordinator, B- Constituency, C-Administrator, D-Incident Manager, E- Human Resource, F-Incident Analyst, G-Public relations
- B. A- Incident Coordinator, B-Incident Analyst, C- Public Relations, D-Administrator, E- Human Resource, F-Constituency, G-Incident Manager
- C. A- Incident Manager, B-Incident Analyst, C- Public Relations, D-Administrator, E- Human Resource, F-Constituency, G-Incident Coordinator
- D. A-Incident Analyst, B- Incident Coordinator, C- Public Relations, D-Administrator, E- Human Resource, F-Constituency, G-Incident Manager
正解: A
質問 113
Which of the following is NOT a digital forensic analysis tool:
- A. Guidance Software EnCase Forensic
- B. Access Data FTK
- C. Helix
- D. EAR/ Pilar
正解: D
質問 114
An incident recovery plan is a statement of actions that should be taken before, during or after an incident.
Identify which of the following is NOT an objective of the incident recovery plan?
- A. Creating new business processes to maintain profitability after incident
- B. Avoiding the legal liabilities arising due to incident
- C. Providing a standard for testing the recovery plan
- D. Providing assurance that systems are reliable
正解: A
解説:
Explanation/Reference:
質問 115
The main feature offered by PGP Desktop Email is:
- A. None of the above
- B. End-to-end secure email service
- C. End-to-end email communications
- D. Email service during incidents
正解: B
質問 116
The typical correct sequence of activities used by CSIRT when handling a case is:
- A. Log, inform, maintain contacts, release information, follow up and reporting
- B. Log, maintain contacts, release information, inform, follow up and reporting
- C. Log, maintain contacts, inform, release information, follow up and reporting
- D. Log, inform, release information, maintain contacts, follow up and reporting
正解: A
質問 117
The USB tool (depicted below) that is connected to male USB Keyboard cable and not detected by anti-
spyware tools is most likely called:
- A. Software Key Grabber
- B. Hardware Keylogger
- C. Anti-Keylogger
- D. USB adapter
正解: B
解説:
Explanation
質問 118
......
EC-COUNCIL 212-89 認定試験の出題範囲:
| トピック | 出題範囲 |
|---|---|
| トピック 1 |
|
| トピック 2 |
|
| トピック 3 |
|
| トピック 4 |
|
| トピック 5 |
|
正真正銘のベスト試験材料は212-89オンライン練習試験:https://www.jpntest.com/shiken/212-89-mondaishu