0% found this document useful (0 votes)

1K views131 pages

ECIH V2 Dumps

Uploaded by

teketamiru

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

1K views131 pages

ECIH V2 Dumps

Uploaded by

teketamiru

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 131

Recommend!!

Get the Full 212-89 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/212-89-exam-dumps.html (163 New Questions)

EC-Council
Exam Questions 212-89
EC Council Certified Incident Handler (ECIH v2)

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

Recommend!! Get the Full 212-89 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/212-89-exam-dumps.html (163 New Questions)

NEW QUESTION 1
An organization faced an information security incident where a disgruntled employee passed sensitive access control information to a competitor. The
organization’s incident response manager, upon investigation, found that the incident must be handled within a few hours on the same day to maintain business
continuity and market competitiveness. How would you categorize such information security incident?

A. High level incident

B. Middle level incident
C. Ultra-High level incident
D. Low level incident

Answer: A

NEW QUESTION 2
Which of the following is an appropriate flow of the incident recovery steps?

A. System Operation-System Restoration-System Validation-System Monitoring

B. System Validation-System Operation-System Restoration-System Monitoring
C. System Restoration-System Monitoring-System Validation-System Operations
D. System Restoration-System Validation-System Operations-System Monitoring

Answer: D

NEW QUESTION 3
A computer Risk Policy is a set of ideas to be implemented to overcome the risk associated with computer security incidents. Identify the procedure that is NOT
part of the computer risk policy?

A. Procedure to identify security funds to hedge risk

B. Procedure to monitor the efficiency of security controls
C. Procedure for the ongoing training of employees authorized to access the system
D. Provisions for continuing support if there is an interruption in the system or if the system crashes

Answer: C

NEW QUESTION 4
Identify the network security incident where intended authorized users are prevented from using system, network, or applications by flooding the network with high
volume of traffic that consumes all existing network
resources.

A. URL Manipulation
B. XSS Attack
C. SQL Injection
D. Denial of Service Attack

Answer: D

NEW QUESTION 5
Incident handling and response steps help you to detect, identify, respond and manage an incident. Which of the following steps focus on limiting the scope and
extent of an incident?

A. Eradication
B. Containment
C. Identification
D. Data collection

Answer: B

NEW QUESTION 6
Identify the malicious program that is masked as a genuine harmless program and gives the attacker unrestricted access to the user’s information and system.
These programs may unleash dangerous programs that may erase the unsuspecting user’s disk and send the victim’s credit card numbers and passwords to a
stranger.

A. Cookie tracker
B. Worm
C. Trojan
D. Virus

Answer: C

NEW QUESTION 7
An incident recovery plan is a statement of actions that should be taken before, during or after an incident. Identify which of the following is NOT an objective of the
incident recovery plan?

A. Creating new business processes to maintain profitability after incident

B. Providing a standard for testing the recovery plan
C. Avoiding the legal liabilities arising due to incident

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

Recommend!! Get the Full 212-89 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/212-89-exam-dumps.html (163 New Questions)

D. Providing assurance that systems are reliable

Answer: A

NEW QUESTION 8
Computer forensics is methodical series of techniques and procedures for gathering evidence from computing equipment, various storage devices and or digital
media that can be presented in a course of law in a coherent and meaningful format. Which one of the following is an appropriate flow of steps in the computer
forensics process:

A. Examination> Analysis > Preparation > Collection > Reporting

B. Preparation > Analysis > Collection > Examination > Reporting
C. Analysis > Preparation > Collection > Reporting > Examination
D. Preparation > Collection > Examination > Analysis > Reporting

Answer: D

NEW QUESTION 9
Multiple component incidents consist of a combination of two or more attacks in a system. Which of the following is not a multiple component incident?

A. An insider intentionally deleting files from a workstation

B. An attacker redirecting user to a malicious website and infects his system with Trojan
C. An attacker infecting a machine to launch a DDoS attack
D. An attacker using email with malicious code to infect internal workstation

Answer: A

NEW QUESTION 10
Identify a standard national process which establishes a set of activities, general tasks and a management structure to certify and accredit systems that will
maintain the information assurance (IA) and security posture of a system or site.

A. NIASAP
B. NIAAAP
C. NIPACP
D. NIACAP

Answer: D

NEW QUESTION 10
Policies are designed to protect the organizational resources on the network by establishing the set rules and procedures. Which of the following policies
authorizes a group of users to perform a set of actions on a set of resources?

A. Access control policy

B. Audit trail policy
C. Logging policy
D. Documentation policy

Answer: A

NEW QUESTION 13
In the Control Analysis stage of the NIST’s risk assessment methodology, technical and none technical control methods are classified into two categories. What
are these two control categories?

A. Preventive and Detective controls

B. Detective and Disguised controls
C. Predictive and Detective controls
D. Preventive and predictive controls

Answer: A

NEW QUESTION 17
An incident is analyzed for its nature, intensity and its effects on the network and systems. Which stage of the incident response and handling process involves
auditing the system and network log files?

A. Incident recording
B. Reporting
C. Containment
D. Identification

Answer: D

NEW QUESTION 19
One of the main objectives of incident management is to prevent incidents and attacks by tightening the physical security of the system or infrastructure. According
to CERT’s incident management process, which stage focuses on implementing infrastructure improvements resulting from postmortem reviews or other process
improvement mechanisms?

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

Recommend!! Get the Full 212-89 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/212-89-exam-dumps.html (163 New Questions)

A. Protection
B. Preparation
C. Detection
D. Triage

Answer: A

NEW QUESTION 21
Insider threats can be detected by observing concerning behaviors exhibited by insiders, such as conflicts with supervisors and coworkers, decline in performance,
tardiness or unexplained absenteeism. Select the technique that helps in detecting insider threats:

A. Correlating known patterns of suspicious and malicious behavior

B. Protecting computer systems by implementing proper controls
C. Making is compulsory for employees to sign a none disclosure agreement
D. Categorizing information according to its sensitivity and access rights

Answer: A

NEW QUESTION 24
The insider risk matrix consists of technical literacy and business process knowledge vectors. Considering the matrix, one can conclude that:

A. If the insider’s technical literacy is low and process knowledge is high, the risk posed by the threat will be insignificant.
B. If the insider’s technical literacy and process knowledge are high, the risk posed by the threat will be insignificant.
C. If the insider’s technical literacy is high and process knowledge is low, the risk posed by the threat will be high.
D. If the insider’s technical literacy and process knowledge are high, the risk posed by the threat will be high.

Answer: D

NEW QUESTION 25
Which policy recommends controls for securing and tracking organizational resources:

A. Access control policy

B. Administrative security policy
C. Acceptable use policy
D. Asset control policy

Answer: D

NEW QUESTION 28
Organizations or incident response teams need to protect the evidence for any future legal actions that may be taken against perpetrators that intentionally
attacked the computer system. EVIDENCE PROTECTION is also required to meet legal compliance issues. Which of the following documents helps in protecting
evidence from physical or logical damage:

A. Network and host log records

B. Chain-of-Custody
C. Forensic analysis report
D. Chain-of-Precedence

Answer: B

NEW QUESTION 30
ADAM, an employee from a multinational company, uses his company’s accounts to send e-mails to a third party with their spoofed mail address. How can you
categorize this type of account?

A. Inappropriate usage incident

B. Unauthorized access incident
C. Network intrusion incident
D. Denial of Service incident

Answer: A

NEW QUESTION 33
A security policy will take the form of a document or a collection of documents, depending on the situation or usage. It can become a point of reference in case a
violation occurs that results in dismissal or other penalty. Which of the following is NOT true for a good security policy?

A. It must be enforceable with security tools where appropriate and with sanctions where actual prevention is not technically feasible
B. It must be approved by court of law after verifications of the stated terms and facts
C. It must be implemented through system administration procedures, publishing of acceptable use guide lines or other appropriate methods
D. It must clearly define the areas of responsibilities of the users, administrators and management

Answer: B

NEW QUESTION 37
An access control policy authorized a group of users to perform a set of actions on a set of resources. Access to resources is based on necessity and if a particular
job role requires the use of those resources. Which of the following is NOT a fundamental element of access control policy

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

Recommend!! Get the Full 212-89 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/212-89-exam-dumps.html (163 New Questions)

A. Action group: group of actions performed by the users on resources

B. Development group: group of persons who develop the policy
C. Resource group: resources controlled by the policy
D. Access group: group of users to which the policy applies

Answer: B

NEW QUESTION 42
Digital evidence plays a major role in prosecuting cyber criminals. John is a cyber-crime investigator, is asked to investigate a child pornography case. The
personal computer of the criminal in question was confiscated by the county police. Which of the following evidence will lead John in his investigation?

A. SAM file
B. Web serve log
C. Routing table list
D. Web browser history

Answer: D

NEW QUESTION 45
An estimation of the expected losses after an incident helps organization in prioritizing and formulating their incident response. The cost of an incident can be
categorized as a tangible and intangible cost. Identify the tangible cost associated with virus outbreak?

A. Loss of goodwill
B. Damage to corporate reputation
C. Psychological damage
D. Lost productivity damage

Answer: D

NEW QUESTION 48
Which of the following incidents are reported under CAT -5 federal agency category?

A. Exercise/ Network Defense Testing

B. Malicious code
C. Scans/ probes/ Attempted Access
D. Denial of Service DoS

Answer: C

NEW QUESTION 53
A risk mitigation strategy determines the circumstances under which an action has to be taken to minimize and overcome risks. Identify the risk mitigation strategy
that focuses on minimizing the probability of risk and losses by searching for vulnerabilities in the system and appropriate controls:

A. Risk Assumption
B. Research and acknowledgment
C. Risk limitation
D. Risk absorption

Answer: B

NEW QUESTION 57
The IDS and IPS system logs indicating an unusual deviation from typical network traffic flows; this is called:

A. A Precursor
B. An Indication
C. A Proactive
D. A Reactive

Answer: B

NEW QUESTION 62
Overall Likelihood rating of a Threat to Exploit a Vulnerability is driven by :

A. Threat-source motivation and capability

B. Nature of the vulnerability
C. Existence and effectiveness of the current controls
D. All the above

Answer: D

NEW QUESTION 65
Adam calculated the total cost of a control to protect 10,000 $ worth of data as 20,000 $. What do you advise Adam to do?

A. Apply the control

B. Not to apply the control

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

Recommend!! Get the Full 212-89 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/212-89-exam-dumps.html (163 New Questions)

C. Use qualitative risk assessment

D. Use semi-qualitative risk assessment instead

Answer: B

NEW QUESTION 70
What is correct about Quantitative Risk Analysis:

A. It is Subjective but faster than Qualitative Risk Analysis

B. Easily automated
C. Better than Qualitative Risk Analysis
D. Uses levels and descriptive expressions

Answer: B

NEW QUESTION 72
What is the best staffing model for an incident response team if current employees’ expertise is very low?

A. Fully outsourced
B. Partially outsourced
C. Fully insourced
D. All the above

Answer: A

NEW QUESTION 74
Incident response team must adhere to the following:

A. Stay calm and document everything

B. Assess the situation
C. Notify appropriate personnel
D. All the above

Answer: D

NEW QUESTION 79
Removing or eliminating the root cause of the incident is called:

A. Incident Eradication
B. Incident Protection
C. Incident Containment
D. Incident Classification

Answer: A

NEW QUESTION 80
The region where the CSIRT is bound to serve and what does it and give service to is known as:

A. Consistency
B. Confidentiality
C. Constituency
D. None of the above

Answer: C

NEW QUESTION 81
The free, open source, TCP/IP protocol analyzer, sniffer and packet capturing utility standard across many industries and educational institutions is known as:

A. Snort
B. Wireshark
C. Cain & Able
D. nmap

Answer: B

NEW QUESTION 85
Changing the web server contents, Accessing the workstation using a false ID and Copying sensitive data without authorization are examples of:

A. DDoS attacks
B. Unauthorized access attacks
C. Malware attacks
D. Social Engineering attacks

Answer: B

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

Recommend!! Get the Full 212-89 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/212-89-exam-dumps.html (163 New Questions)

NEW QUESTION 86
The very well-known free open source port, OS and service scanner and network discovery utility is called:

A. Wireshark
B. Nmap (Network Mapper)
C. Snort
D. SAINT

Answer: B

NEW QUESTION 91
In a DDoS attack, attackers first infect multiple systems, which are then used to attack a particular target directly. Those systems are called:

A. Honey Pots
B. Relays
C. Zombies
D. Handlers

Answer: C

NEW QUESTION 95
A Malicious code attack using emails is considered as:

A. Malware based attack

B. Email attack
C. Inappropriate usage incident
D. Multiple component attack

Answer: D

NEW QUESTION 98
They type of attack that prevents the authorized users to access networks, systems, or applications by exhausting the network resources and sending illegal
requests to an application is known as:

A. Session Hijacking attack

B. Denial of Service attack
C. Man in the Middle attack
D. SQL injection attack

Answer: B

NEW QUESTION 103

_____ record(s) user’s typing.

A. Spyware
B. adware
C. Virus
D. Malware

Answer: A

NEW QUESTION 104

Which of the following is a characteristic of adware?

A. Gathering information
B. Displaying popups
C. Intimidating users
D. Replicating

Answer: B

NEW QUESTION 109

A self-replicating malicious code that does not alter files but resides in active memory and duplicates itself, spreads through the infected network automatically and
takes advantage of file or information transport features on the system to travel independently is called:

A. Trojan
B. Worm
C. Virus
D. RootKit

Answer: B

NEW QUESTION 111

The free utility which quickly scans Systems running Windows OS to find settings that may have been changed by spyware, malware, or other unwanted programs
is called:

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

Recommend!! Get the Full 212-89 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/212-89-exam-dumps.html (163 New Questions)

A. Tripwire
B. HijackThis
C. Stinger
D. F-Secure Anti-virus

Answer: B

NEW QUESTION 112

The Malicious code that is installed on the computer without user’s knowledge to acquire information from the user’s machine and send it to the attacker who can
access it remotely is called:

A. Spyware
B. Logic Bomb
C. Trojan
D. Worm

Answer: A

NEW QUESTION 113

The main difference between viruses and worms is:

A. Worms require a host file to propagate while viruses don’t

B. Viruses require a host file to propagate while Worms don’t
C. Viruses don’t require user interaction; they are self-replicating malware
D. Viruses and worms are common names for the same malware

Answer: B

NEW QUESTION 116

Which of the following is NOT one of the techniques used to respond to insider threats:

A. Placing malicious users in quarantine network, so that attack cannot be spread

B. Preventing malicious users from accessing unclassified information
C. Disabling the computer systems from network connection
D. Blocking malicious user accounts

Answer: B

NEW QUESTION 121

Authorized users with privileged access who misuse the corporate informational assets and directly affects the confidentiality, integrity, and availability of the
assets are known as:

A. Outsider threats
B. Social Engineers
C. Insider threats
D. Zombies

Answer: C

NEW QUESTION 126

The USB tool (depicted below) that is connected to male USB Keyboard cable and not detected by antispyware tools is most likely called:

A. Software Key Grabber

B. Hardware Keylogger
C. USB adapter
D. Anti-Keylogger

Answer: B

NEW QUESTION 131

Insiders understand corporate business functions. What is the correct sequence of activities performed by Insiders to damage company assets:

A. Gain privileged access, install malware then activate

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

Recommend!! Get the Full 212-89 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/212-89-exam-dumps.html (163 New Questions)

B. Install malware, gain privileged access, then activate

C. Gain privileged access, activate and install malware
D. Activate malware, gain privileged access then install malware

Answer: A

NEW QUESTION 134

Spyware tool used to record malicious user’s computer activities and keyboard stokes is called:

A. adware
B. Keylogger
C. Rootkit
D. Firewall

Answer: B

NEW QUESTION 138

Insiders may be:

A. Ignorant employees
B. Carless administrators
C. Disgruntled staff members
D. All the above

Answer: D

NEW QUESTION 140

Which of the following is NOT a digital forensic analysis tool:

A. Access Data FTK

B. EAR/ Pilar
C. Guidance Software EnCase Forensic
D. Helix

Answer: B

NEW QUESTION 145

The Linux command used to make binary copies of computer media and as a disk imaging tool if given a raw disk device as its input is:

A. “dd” command
B. “netstat” command
C. “nslookup” command
D. “find” command

Answer: A

NEW QUESTION 147

What command does a Digital Forensic Examiner use to display the list of all open ports and the associated IP addresses on a victim computer to identify the
established connections on it:

A. “arp” command
B. “netstat –an” command
C. “dd” command
D. “ifconfig” command

Answer: B

NEW QUESTION 148

What command does a Digital Forensic Examiner use to display the list of all IP addresses and their associated MAC addresses on a victim computer to identify
the machines that were communicating with it:

A. “arp” command
B. “netstat –an” command
C. “dd” command
D. “ifconfig” command

Answer: A

NEW QUESTION 149

Any information of probative value that is either stored or transmitted in a digital form during a computer crime is called:

A. Digital evidence
B. Computer Emails
C. Digital investigation
D. Digital Forensic Examiner

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

Recommend!! Get the Full 212-89 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/212-89-exam-dumps.html (163 New Questions)

Answer: A

NEW QUESTION 151

Digital evidence must:

A. Be Authentic, complete and reliable

B. Not prove the attackers actions
C. Be Volatile
D. Cast doubt on the authenticity and veracity of the evidence

Answer: A

NEW QUESTION 153

Incidents are reported in order to:

A. Provide stronger protection for systems and data

B. Deal properly with legal issues
C. Be prepared for handling future incidents
D. All the above

Answer: D

NEW QUESTION 156

Incident may be reported using/ by:

A. Phone call
B. Facsimile (Fax)
C. Email or on-line Web form
D. All the above

Answer: D

NEW QUESTION 158

To whom should an information security incident be reported?

A. It should not be reported at all and it is better to resolve it internally

B. Human resources and Legal Department
C. It should be reported according to the incident reporting & handling policy
D. Chief Information Security Officer

Answer: C

NEW QUESTION 163

The process of rebuilding and restoring the computer systems affected by an incident to normal operational stage including all the processes, policies and tools is
known as:

A. Incident Management
B. Incident Response
C. Incident Recovery
D. Incident Handling

Answer: C

NEW QUESTION 168

Business Continuity provides a planning methodology that allows continuity in business operations:

A. Before and after a disaster

B. Before a disaster
C. Before, during and after a disaster
D. During and after a disaster

Answer: C

NEW QUESTION 172

The ability of an agency to continue to function even after a disastrous event, accomplished through the deployment of redundant hardware and software, the use
of fault tolerant systems, as well as a solid backup and recovery strategy is known as:

A. Business Continuity Plan

B. Business Continuity
C. Disaster Planning
D. Contingency Planning

Answer: B

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

Recommend!! Get the Full 212-89 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/212-89-exam-dumps.html (163 New Questions)

NEW QUESTION 175

The policy that defines which set of events needs to be logged in order to capture and review the important data in a timely manner is known as:

A. Audit trail policy

B. Logging policy
C. Documentation policy
D. Evidence Collection policyAn information security policy must be:
E. Distributed and communicated
F. Enforceable and Regularly updated
G. Written in simple language
H. All the above

Answer: D

NEW QUESTION 179

The product of intellect that has commercial value and includes copyrights and trademarks is called:

A. Intellectual property
B. Trade secrets
C. Logos
D. Patents

Answer: A

NEW QUESTION 181

The most common type(s) of intellectual property is(are):

A. Copyrights and Trademarks

B. Patents
C. Industrial design rights & Trade secrets
D. All the above

Answer: D

NEW QUESTION 186

According to the Fourth Amendment of USA PATRIOT Act of 2001; if a search does NOT violate a person’s “reasonable” or “legitimate” expectation of privacy
then it is considered:

A. Constitutional/ Legitimate
B. Illegal/ illegitimate
C. Unethical
D. None of the above

Answer: A

NEW QUESTION 189

According to the Evidence Preservation policy, a forensic investigator should make at least ..................... image copies of the digital evidence.

A. One image copy

B. Two image copies
C. Three image copies
D. Four image copies

Answer: B

NEW QUESTION 190

......

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

Recommend!! Get the Full 212-89 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/212-89-exam-dumps.html (163 New Questions)

Thank You for Trying Our Product

We offer two products:

1st - We have Practice Tests Software with Actual Exam Questions

2nd - Questons and Answers in PDF Format

212-89 Practice Exam Features:

* 212-89 Questions and Answers Updated Frequently

* 212-89 Practice Questions Verified by Expert Senior Certified Staff

* 212-89 Most Realistic Questions that Guarantee you a Pass on Your FirstTry

* 212-89 Practice Test Questions in Multiple Choice Formats and Updatesfor 1 Year

100% Actual & Verified — Instant Download, Please Click

Order The 212-89 Practice Test Here

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

Powered by TCPDF (www.tcpdf.org)
100% Valid and Newest Version 212-89 Questions & Answers shared by Certleader
https://www.certleader.com/212-89-dumps.html (163 Q&As)

212-89 Dumps

EC Council Certified Incident Handler (ECIH v2)

https://www.certleader.com/212-89-dumps.html

The Leader of IT Certification visit - https://www.certleader.com

100% Valid and Newest Version 212-89 Questions & Answers shared by Certleader
https://www.certleader.com/212-89-dumps.html (163 Q&As)

NEW QUESTION 1
Which of the following is an appropriate flow of the incident recovery steps?

A. System Operation-System Restoration-System Validation-System Monitoring

Answer: D

NEW QUESTION 2
Quantitative risk is the numerical determination of the probability of an adverse event and the extent of the losses due to the event. Quantitative risk is calculated
as:

A. (Probability of Loss) X (Loss)

B. (Loss) / (Probability of Loss)
C. (Probability of Loss) / (Loss)
D. Significant Risks X Probability of Loss X Loss

Answer: A

NEW QUESTION 3
Multiple component incidents consist of a combination of two or more attacks in a system. Which of the following is not a multiple component incident?

A. An insider intentionally deleting files from a workstation

Answer: A

NEW QUESTION 4
Computer Forensics is the branch of forensic science in which legal evidence is found in any computer or any digital media device. Of the following, who is
responsible for examining the evidence acquired and separating the useful evidence?

A. Evidence Supervisor
B. Evidence Documenter
C. Evidence Manager
D. Evidence Examiner/ Investigator

Answer: D

NEW QUESTION 5
When an employee is terminated from his or her job, what should be the next immediate step taken by an organization?

A. All access rights of the employee to physical locations, networks, systems, applications and data should be disabled
B. The organization should enforce separation of duties
C. The access requests granted to an employee should be documented and vetted by the supervisor
D. The organization should monitor the activities of the system administrators and privileged users who have permissions to access the sensitive information

Answer: A

NEW QUESTION 6
Which among the following CERTs is an Internet provider to higher education institutions and various other research institutions in the Netherlands and deals with
all cases related to computer security incidents in which a customer is involved either as a victim or as a suspect?

A. NET-CERT
B. DFN-CERT
C. Funet CERT
D. SURFnet-CERT

Answer: D

NEW QUESTION 7
Contingency planning enables organizations to develop and maintain effective methods to handle emergencies. Every organization will have its own specific
requirements that the planning should address. There are five major components of the IT contingency plan, namely supporting information, notification activation,
recovery and reconstitution and plan appendices. What is the main purpose of the reconstitution plan?

A. To restore the original site, tests systems to prevent the incident and terminates operations
B. To define the notification procedures, damage assessments and offers the plan activation
C. To provide the introduction and detailed concept of the contingency plan
D. To provide a sequence of recovery activities with the help of recovery procedures

Answer: A

The Leader of IT Certification visit - https://www.certleader.com

100% Valid and Newest Version 212-89 Questions & Answers shared by Certleader
https://www.certleader.com/212-89-dumps.html (163 Q&As)

NEW QUESTION 8
Except for some common roles, the roles in an IRT are distinct for every organization. Which among the following is the role played by the Incident Coordinator of
an IRT?

A. Links the appropriate technology to the incident to ensure that the foundation’s offices are returned to normal operations as quickly as possible
B. Links the groups that are affected by the incidents, such as legal, human resources, different business areas and management
C. Applies the appropriate technology and tries to eradicate and recover from the incident
D. Focuses on the incident and handles it from management and technical point of view

Answer: B

NEW QUESTION 9
In a qualitative risk analysis, risk is calculated in terms of:

A. (Attack Success + Criticality ) –(Countermeasures)

B. Asset criticality assessment – (Risks and Associated Risk Levels)
C. Probability of Loss X Loss
D. (Countermeasures + Magnitude of Impact) – (Reports from prior risk assessments)

Answer: C

NEW QUESTION 10
A computer virus hoax is a message warning the recipient of non-existent computer virus. The message is usually a chain e-mail that tells the recipient to forward it
to every one they know. Which of the following is NOT a symptom of virus hoax message?

A. The message prompts the end user to forward it to his / her e-mail contact list and gain monetary benefits in doing so
B. The message from a known email id is caught by SPAM filters due to change of filter settings
C. The message warns to delete certain files if the user does not take appropriate action
D. The message prompts the user to install Anti-Virus

Answer: A

NEW QUESTION 10
ADAM, an employee from a multinational company, uses his company’s accounts to send e-mails to a third party with their spoofed mail address. How can you
categorize this type of account?

A. Inappropriate usage incident

B. Unauthorized access incident
C. Network intrusion incident
D. Denial of Service incident

Answer: A

NEW QUESTION 15
Incident handling and response steps help you to detect, identify, respond and manage an incident. Which of the following helps in recognizing and separating the
infected hosts from the information system?

A. Configuring firewall to default settings

B. Inspecting the process running on the system
C. Browsing particular government websites
D. Sending mails to only group of friends

Answer: B

NEW QUESTION 18
An estimation of the expected losses after an incident helps organization in prioritizing and formulating their incident response. The cost of an incident can be
categorized as a tangible and intangible cost. Identify the tangible cost associated with virus outbreak?

A. Loss of goodwill
B. Damage to corporate reputation
C. Psychological damage
D. Lost productivity damage

Answer: D

NEW QUESTION 21
A risk mitigation strategy determines the circumstances under which an action has to be taken to minimize and overcome risks. Identify the risk mitigation strategy
that focuses on minimizing the probability of risk and losses by searching for vulnerabilities in the system and appropriate controls:

A. Risk Assumption
B. Research and acknowledgment
C. Risk limitation
D. Risk absorption

Answer: B

The Leader of IT Certification visit - https://www.certleader.com

100% Valid and Newest Version 212-89 Questions & Answers shared by Certleader
https://www.certleader.com/212-89-dumps.html (163 Q&As)

NEW QUESTION 23
Based on the some statistics; what is the typical number one top incident?

A. Phishing
B. Policy violation
C. Un-authorized access
D. Malware

Answer: A

NEW QUESTION 26
An assault on system security that is derived from an intelligent threat is called:

A. Threat Agent
B. Vulnerability
C. Attack
D. Risk

Answer: C

NEW QUESTION 28
Incidents such as DDoS that should be handled immediately may be considered as:

A. Level One incident

B. Level Two incident
C. Level Three incident
D. Level Four incident

Answer: C

NEW QUESTION 29
Incident prioritization must be based on:

A. Potential impact
B. Current damage
C. Criticality of affected systems
D. All the above

Answer: D

NEW QUESTION 34
Which of the following can be considered synonymous:

A. Hazard and Threat

B. Threat and Threat Agent
C. Precaution and countermeasure
D. Vulnerability and Danger

Answer: A

NEW QUESTION 36
If the loss anticipated is greater than the agreed upon threshold; the organization will:

A. Accept the risk

B. Mitigate the risk
C. Accept the risk but after management approval
D. Do nothing

Answer: B

NEW QUESTION 38
Overall Likelihood rating of a Threat to Exploit a Vulnerability is driven by :

A. Threat-source motivation and capability

B. Nature of the vulnerability
C. Existence and effectiveness of the current controls
D. All the above

Answer: D

NEW QUESTION 39
Removing or eliminating the root cause of the incident is called:

A. Incident Eradication

The Leader of IT Certification visit - https://www.certleader.com

100% Valid and Newest Version 212-89 Questions & Answers shared by Certleader
https://www.certleader.com/212-89-dumps.html (163 Q&As)

B. Incident Protection
C. Incident Containment
D. Incident Classification

Answer: A

NEW QUESTION 43
Incident Response Plan requires

A. Financial and Management support

B. Expert team composition
C. Resources
D. All the above

Answer: D

NEW QUESTION 45
Which of the following service(s) is provided by the CSIRT:

A. Vulnerability handling
B. Technology watch
C. Development of security tools
D. All the above

Answer: D

NEW QUESTION 49
The free, open source, TCP/IP protocol analyzer, sniffer and packet capturing utility standard across many industries and educational institutions is known as:

A. Snort
B. Wireshark
C. Cain & Able
D. nmap

Answer: B

NEW QUESTION 54
The very well-known free open source port, OS and service scanner and network discovery utility is called:

A. Wireshark
B. Nmap (Network Mapper)
C. Snort
D. SAINT

Answer: B

NEW QUESTION 59
A malicious security-breaking code that is disguised as any useful program that installs an executable programs when a file is opened and allows others to control
the victim’s system is called:

A. Trojan
B. Worm
C. Virus
D. RootKit

Answer: A

NEW QUESTION 60
The message that is received and requires an urgent action and it prompts the recipient to delete certain files or forward it to others is called:

A. An Adware
B. Mail bomb
C. A Virus Hoax
D. Spear Phishing

Answer: C

NEW QUESTION 65
The free utility which quickly scans Systems running Windows OS to find settings that may have been changed by spyware, malware, or other unwanted programs
is called:

A. Tripwire
B. HijackThis
C. Stinger
D. F-Secure Anti-virus

The Leader of IT Certification visit - https://www.certleader.com

100% Valid and Newest Version 212-89 Questions & Answers shared by Certleader
https://www.certleader.com/212-89-dumps.html (163 Q&As)

Answer: B

NEW QUESTION 69
The main difference between viruses and worms is:

A. Worms require a host file to propagate while viruses don’t

Answer: B

NEW QUESTION 72
The sign(s) of the presence of malicious code on a host infected by a virus which is delivered via e-mail could be:

A. Antivirus software detects the infected files

B. Increase in the number of e-mails sent and received
C. System files become inaccessible
D. All the above

Answer: D

NEW QUESTION 76
Spyware tool used to record malicious user’s computer activities and keyboard stokes is called:

A. adware
B. Keylogger
C. Rootkit
D. Firewall

Answer: B

NEW QUESTION 77
Which of the following may be considered as insider threat(s):

A. An employee having no clashes with supervisors and coworkers

B. Disgruntled system administrators
C. An employee who gets an annual 7% salary raise
D. An employee with an insignificant technical literacy and business process knowledge

Answer: B

NEW QUESTION 79
Which of the following is NOT a digital forensic analysis tool:

A. Access Data FTK

B. EAR/ Pilar
C. Guidance Software EnCase Forensic
D. Helix

Answer: B

NEW QUESTION 80
What command does a Digital Forensic Examiner use to display the list of all open ports and the associated IP addresses on a victim computer to identify the
established connections on it:

A. “arp” command
B. “netstat –an” command
C. “dd” command
D. “ifconfig” command

Answer: B

NEW QUESTION 84
Digital evidence must:

A. Be Authentic, complete and reliable

B. Not prove the attackers actions
C. Be Volatile
D. Cast doubt on the authenticity and veracity of the evidence

Answer: A

NEW QUESTION 85

The Leader of IT Certification visit - https://www.certleader.com

100% Valid and Newest Version 212-89 Questions & Answers shared by Certleader
https://www.certleader.com/212-89-dumps.html (163 Q&As)

The process of rebuilding and restoring the computer systems affected by an incident to normal operational stage including all the processes, policies and tools is
known as:

A. Incident Management
B. Incident Response
C. Incident Recovery
D. Incident Handling

Answer: C

NEW QUESTION 90
Business Continuity planning includes other plans such as:

A. Incident/disaster recovery plan

B. Business recovery and resumption plans
C. Contingency plan
D. All the above

Answer: D

NEW QUESTION 92
The ability of an agency to continue to function even after a disastrous event, accomplished through the deployment of redundant hardware and software, the use
of fault tolerant systems, as well as a solid backup and recovery strategy is known as:

A. Business Continuity Plan

B. Business Continuity
C. Disaster Planning
D. Contingency Planning

Answer: B

NEW QUESTION 97
The policy that defines which set of events needs to be logged in order to capture and review the important data in a timely manner is known as:

A. Audit trail policy

Answer: D

NEW QUESTION 100

According to the Evidence Preservation policy, a forensic investigator should make at least ..................... image copies of the digital evidence.

A. One image copy

B. Two image copies
C. Three image copies
D. Four image copies

Answer: B

NEW QUESTION 101

......

The Leader of IT Certification visit - https://www.certleader.com

100% Valid and Newest Version 212-89 Questions & Answers shared by Certleader
https://www.certleader.com/212-89-dumps.html (163 Q&As)

Thank You for Trying Our Product

* 100% Pass or Money Back

All our products come with a 90-day Money Back Guarantee.
* One year free update
You can enjoy free update one year. 24x7 online support.
* Trusted by Millions
We currently serve more than 30,000,000 customers.
* Shop Securely
All transactions are protected by VeriSign!

100% Pass Your 212-89 Exam with Our Prep Materials Via below:

https://www.certleader.com/212-89-dumps.html

The Leader of IT Certification visit - https://www.certleader.com

Powered by TCPDF (www.tcpdf.org)
100% Valid and Newest Version 212-89 Questions & Answers shared by Certleader
https://www.certleader.com/212-89-dumps.html (163 Q&As)

212-89 Dumps

EC Council Certified Incident Handler (ECIH v2)

https://www.certleader.com/212-89-dumps.html

The Leader of IT Certification visit - https://www.certleader.com

100% Valid and Newest Version 212-89 Questions & Answers shared by Certleader
https://www.certleader.com/212-89-dumps.html (163 Q&As)

NEW QUESTION 1
Which of the following is an appropriate flow of the incident recovery steps?

A. System Operation-System Restoration-System Validation-System Monitoring

Answer: D

NEW QUESTION 2
Quantitative risk is the numerical determination of the probability of an adverse event and the extent of the losses due to the event. Quantitative risk is calculated
as:

A. (Probability of Loss) X (Loss)

B. (Loss) / (Probability of Loss)
C. (Probability of Loss) / (Loss)
D. Significant Risks X Probability of Loss X Loss

Answer: A

NEW QUESTION 3
Multiple component incidents consist of a combination of two or more attacks in a system. Which of the following is not a multiple component incident?

A. An insider intentionally deleting files from a workstation

Answer: A

A. Evidence Supervisor
B. Evidence Documenter
C. Evidence Manager
D. Evidence Examiner/ Investigator

Answer: D

NEW QUESTION 5
When an employee is terminated from his or her job, what should be the next immediate step taken by an organization?

Answer: A

A. NET-CERT
B. DFN-CERT
C. Funet CERT
D. SURFnet-CERT

Answer: D

Answer: A

The Leader of IT Certification visit - https://www.certleader.com

100% Valid and Newest Version 212-89 Questions & Answers shared by Certleader
https://www.certleader.com/212-89-dumps.html (163 Q&As)

NEW QUESTION 8
Except for some common roles, the roles in an IRT are distinct for every organization. Which among the following is the role played by the Incident Coordinator of
an IRT?

Answer: B

NEW QUESTION 9
In a qualitative risk analysis, risk is calculated in terms of:

A. (Attack Success + Criticality ) –(Countermeasures)

B. Asset criticality assessment – (Risks and Associated Risk Levels)
C. Probability of Loss X Loss
D. (Countermeasures + Magnitude of Impact) – (Reports from prior risk assessments)

Answer: C

Answer: A

A. Inappropriate usage incident

B. Unauthorized access incident
C. Network intrusion incident
D. Denial of Service incident

Answer: A

A. Configuring firewall to default settings

B. Inspecting the process running on the system
C. Browsing particular government websites
D. Sending mails to only group of friends

Answer: B

A. Loss of goodwill
B. Damage to corporate reputation
C. Psychological damage
D. Lost productivity damage

Answer: D

A. Risk Assumption
B. Research and acknowledgment
C. Risk limitation
D. Risk absorption

Answer: B

The Leader of IT Certification visit - https://www.certleader.com

100% Valid and Newest Version 212-89 Questions & Answers shared by Certleader
https://www.certleader.com/212-89-dumps.html (163 Q&As)

NEW QUESTION 23
Based on the some statistics; what is the typical number one top incident?

A. Phishing
B. Policy violation
C. Un-authorized access
D. Malware

Answer: A

NEW QUESTION 26
An assault on system security that is derived from an intelligent threat is called:

A. Threat Agent
B. Vulnerability
C. Attack
D. Risk

Answer: C

NEW QUESTION 28
Incidents such as DDoS that should be handled immediately may be considered as:

A. Level One incident

B. Level Two incident
C. Level Three incident
D. Level Four incident

Answer: C

NEW QUESTION 29
Incident prioritization must be based on:

A. Potential impact
B. Current damage
C. Criticality of affected systems
D. All the above

Answer: D

NEW QUESTION 34
Which of the following can be considered synonymous:

A. Hazard and Threat

B. Threat and Threat Agent
C. Precaution and countermeasure
D. Vulnerability and Danger

Answer: A

NEW QUESTION 36
If the loss anticipated is greater than the agreed upon threshold; the organization will:

A. Accept the risk

B. Mitigate the risk
C. Accept the risk but after management approval
D. Do nothing

Answer: B

NEW QUESTION 38
Overall Likelihood rating of a Threat to Exploit a Vulnerability is driven by :

A. Threat-source motivation and capability

B. Nature of the vulnerability
C. Existence and effectiveness of the current controls
D. All the above

Answer: D

NEW QUESTION 39
Removing or eliminating the root cause of the incident is called:

A. Incident Eradication

The Leader of IT Certification visit - https://www.certleader.com

100% Valid and Newest Version 212-89 Questions & Answers shared by Certleader
https://www.certleader.com/212-89-dumps.html (163 Q&As)

B. Incident Protection
C. Incident Containment
D. Incident Classification

Answer: A

NEW QUESTION 43
Incident Response Plan requires

A. Financial and Management support

B. Expert team composition
C. Resources
D. All the above

Answer: D

NEW QUESTION 45
Which of the following service(s) is provided by the CSIRT:

A. Vulnerability handling
B. Technology watch
C. Development of security tools
D. All the above

Answer: D

NEW QUESTION 49
The free, open source, TCP/IP protocol analyzer, sniffer and packet capturing utility standard across many industries and educational institutions is known as:

A. Snort
B. Wireshark
C. Cain & Able
D. nmap

Answer: B

NEW QUESTION 54
The very well-known free open source port, OS and service scanner and network discovery utility is called:

A. Wireshark
B. Nmap (Network Mapper)
C. Snort
D. SAINT

Answer: B

A. Trojan
B. Worm
C. Virus
D. RootKit

Answer: A

NEW QUESTION 60
The message that is received and requires an urgent action and it prompts the recipient to delete certain files or forward it to others is called:

A. An Adware
B. Mail bomb
C. A Virus Hoax
D. Spear Phishing

Answer: C

NEW QUESTION 65
The free utility which quickly scans Systems running Windows OS to find settings that may have been changed by spyware, malware, or other unwanted programs
is called:

A. Tripwire
B. HijackThis
C. Stinger
D. F-Secure Anti-virus

The Leader of IT Certification visit - https://www.certleader.com

100% Valid and Newest Version 212-89 Questions & Answers shared by Certleader
https://www.certleader.com/212-89-dumps.html (163 Q&As)

Answer: B

NEW QUESTION 69
The main difference between viruses and worms is:

A. Worms require a host file to propagate while viruses don’t

Answer: B

NEW QUESTION 72
The sign(s) of the presence of malicious code on a host infected by a virus which is delivered via e-mail could be:

A. Antivirus software detects the infected files

B. Increase in the number of e-mails sent and received
C. System files become inaccessible
D. All the above

Answer: D

NEW QUESTION 76
Spyware tool used to record malicious user’s computer activities and keyboard stokes is called:

A. adware
B. Keylogger
C. Rootkit
D. Firewall

Answer: B

NEW QUESTION 77
Which of the following may be considered as insider threat(s):

A. An employee having no clashes with supervisors and coworkers

B. Disgruntled system administrators
C. An employee who gets an annual 7% salary raise
D. An employee with an insignificant technical literacy and business process knowledge

Answer: B

NEW QUESTION 79
Which of the following is NOT a digital forensic analysis tool:

A. Access Data FTK

B. EAR/ Pilar
C. Guidance Software EnCase Forensic
D. Helix

Answer: B

A. “arp” command
B. “netstat –an” command
C. “dd” command
D. “ifconfig” command

Answer: B

NEW QUESTION 84
Digital evidence must:

A. Be Authentic, complete and reliable

B. Not prove the attackers actions
C. Be Volatile
D. Cast doubt on the authenticity and veracity of the evidence

Answer: A

NEW QUESTION 85

The Leader of IT Certification visit - https://www.certleader.com

100% Valid and Newest Version 212-89 Questions & Answers shared by Certleader
https://www.certleader.com/212-89-dumps.html (163 Q&As)

The process of rebuilding and restoring the computer systems affected by an incident to normal operational stage including all the processes, policies and tools is
known as:

A. Incident Management
B. Incident Response
C. Incident Recovery
D. Incident Handling

Answer: C

NEW QUESTION 90
Business Continuity planning includes other plans such as:

A. Incident/disaster recovery plan

B. Business recovery and resumption plans
C. Contingency plan
D. All the above

Answer: D

A. Business Continuity Plan

B. Business Continuity
C. Disaster Planning
D. Contingency Planning

Answer: B

NEW QUESTION 97
The policy that defines which set of events needs to be logged in order to capture and review the important data in a timely manner is known as:

A. Audit trail policy

Answer: D

NEW QUESTION 100

According to the Evidence Preservation policy, a forensic investigator should make at least ..................... image copies of the digital evidence.

A. One image copy

B. Two image copies
C. Three image copies
D. Four image copies

Answer: B

NEW QUESTION 101

......

The Leader of IT Certification visit - https://www.certleader.com

100% Valid and Newest Version 212-89 Questions & Answers shared by Certleader
https://www.certleader.com/212-89-dumps.html (163 Q&As)

Thank You for Trying Our Product

* 100% Pass or Money Back

100% Pass Your 212-89 Exam with Our Prep Materials Via below:

https://www.certleader.com/212-89-dumps.html

The Leader of IT Certification visit - https://www.certleader.com

Powered by TCPDF (www.tcpdf.org)
Welcome to download the Newest 2passeasy 212-89 dumps
https://www.2passeasy.com/dumps/212-89/ (163 New Questions)

Exam Questions 212-89

EC Council Certified Incident Handler (ECIH v2)

https://www.2passeasy.com/dumps/212-89/

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

Welcome to download the Newest 2passeasy 212-89 dumps
https://www.2passeasy.com/dumps/212-89/ (163 New Questions)

NEW QUESTION 1
A distributed Denial of Service (DDoS) attack is a more common type of DoS Attack, where a single system is targeted by a large number of infected machines
over the Internet. In a DDoS attack, attackers first infect multiple systems which are known as:

A. Trojans
B. Zombies
C. Spyware
D. Worms

Answer: B

NEW QUESTION 2
The goal of incident response is to handle the incident in a way that minimizes damage and reduces recovery time and cost. Which of the following does NOT
constitute a goal of incident response?

A. Dealing with human resources department and various employee conflict behaviors.
B. Using information gathered during incident handling to prepare for handling future incidents in a better way and to provide stronger protection for systems and
data.
C. Helping personal to recover quickly and efficiently from security incidents, minimizing loss or theft and disruption of services.
D. Dealing properly with legal issues that may arise during incidents.

Answer: A

NEW QUESTION 3
Business continuity is defined as the ability of an organization to continue to function even after a disastrous event, accomplished through the deployment of
redundant hardware and software, the use of fault tolerant systems, as well as a solid backup and recovery strategy. Identify the plan which is mandatory part of a
business continuity plan?

A. Forensics Procedure Plan

B. Business Recovery Plan
C. Sales and Marketing plan
D. New business strategy plan

Answer: B

NEW QUESTION 4
Which of the following is an appropriate flow of the incident recovery steps?

A. System Operation-System Restoration-System Validation-System Monitoring

Answer: D

NEW QUESTION 5
Identify the network security incident where intended authorized users are prevented from using system, network, or applications by flooding the network with high
volume of traffic that consumes all existing network
resources.

A. URL Manipulation
B. XSS Attack
C. SQL Injection
D. Denial of Service Attack

Answer: D

NEW QUESTION 6
Incident handling and response steps help you to detect, identify, respond and manage an incident. Which of the following steps focus on limiting the scope and
extent of an incident?

A. Eradication
B. Containment
C. Identification
D. Data collection

Answer: B

NEW QUESTION 7
Quantitative risk is the numerical determination of the probability of an adverse event and the extent of the losses due to the event. Quantitative risk is calculated
as:

A. (Probability of Loss) X (Loss)

B. (Loss) / (Probability of Loss)
C. (Probability of Loss) / (Loss)

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

Welcome to download the Newest 2passeasy 212-89 dumps
https://www.2passeasy.com/dumps/212-89/ (163 New Questions)

D. Significant Risks X Probability of Loss X Loss

Answer: A

NEW QUESTION 8
Risk is defined as the probability of the occurrence of an incident. Risk formulation generally begins with the likeliness of an event’s occurrence, the harm it may
cause and is usually denoted as Risk = ?(events)X (Probability of occurrence)X?

A. Magnitude
B. Probability
C. Consequences
D. Significance

Answer: A

NEW QUESTION 9
An audit trail policy collects all audit trails such as series of records of computer events, about an operating system, application or user activities. Which of the
following statements is NOT true for an audit trail policy:

A. It helps calculating intangible losses to the organization due to incident

B. It helps tracking individual actions and allows users to be personally accountable for their actions
C. It helps in compliance to various regulatory laws, rules,and guidelines
D. It helps in reconstructing the events after a problem has occurred

Answer: A

NEW QUESTION 10
When an employee is terminated from his or her job, what should be the next immediate step taken by an organization?

Answer: A

NEW QUESTION 10
A threat source does not present a risk if NO vulnerability that can be exercised for a particular threat source. Identify the step in which different threat sources are
defined:

A. Identification Vulnerabilities
B. Control analysis
C. Threat identification
D. System characterization

Answer: C

NEW QUESTION 14
Risk management consists of three processes, risk assessment, mitigation and evaluation. Risk assessment determines the extent of the potential threat and the
risk associated with an IT system through its SDLC. How many primary steps does NIST’s risk assessment methodology involve?

A. Twelve
B. Four
C. Six
D. Nine

Answer: D

NEW QUESTION 16
Insider threats can be detected by observing concerning behaviors exhibited by insiders, such as conflicts with supervisors and coworkers, decline in performance,
tardiness or unexplained absenteeism. Select the technique that helps in detecting insider threats:

A. Correlating known patterns of suspicious and malicious behavior

Answer: A

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

Welcome to download the Newest 2passeasy 212-89 dumps
https://www.2passeasy.com/dumps/212-89/ (163 New Questions)

NEW QUESTION 21
Which policy recommends controls for securing and tracking organizational resources:

A. Access control policy

B. Administrative security policy
C. Acceptable use policy
D. Asset control policy

Answer: D

NEW QUESTION 23
ADAM, an employee from a multinational company, uses his company’s accounts to send e-mails to a third party with their spoofed mail address. How can you
categorize this type of account?

A. Inappropriate usage incident

B. Unauthorized access incident
C. Network intrusion incident
D. Denial of Service incident

Answer: A

NEW QUESTION 24
The type of relationship between CSIRT and its constituency have an impact on the services provided by the CSIRT. Identify the level of the authority that enables
members of CSIRT to undertake any necessary actions on behalf of their constituency?

A. Full-level authority
B. Mid-level authority
C. Half-level authority
D. Shared-level authority

Answer: A

NEW QUESTION 29
Digital evidence plays a major role in prosecuting cyber criminals. John is a cyber-crime investigator, is asked to investigate a child pornography case. The
personal computer of the criminal in question was confiscated by the county police. Which of the following evidence will lead John in his investigation?

A. SAM file
B. Web serve log
C. Routing table list
D. Web browser history

Answer: D

NEW QUESTION 33
An adversary attacks the information resources to gain undue advantage is called:

A. Defensive Information Warfare

B. Offensive Information Warfare
C. Electronic Warfare
D. Conventional Warfare

Answer: B

NEW QUESTION 36
The IDS and IPS system logs indicating an unusual deviation from typical network traffic flows; this is called:

A. A Precursor
B. An Indication
C. A Proactive
D. A Reactive

Answer: B

NEW QUESTION 39
Incidents such as DDoS that should be handled immediately may be considered as:

A. Level One incident

B. Level Two incident
C. Level Three incident
D. Level Four incident

Answer: C

NEW QUESTION 40
Incident prioritization must be based on:

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

Welcome to download the Newest 2passeasy 212-89 dumps
https://www.2passeasy.com/dumps/212-89/ (163 New Questions)

A. Potential impact
B. Current damage
C. Criticality of affected systems
D. All the above

Answer: D

NEW QUESTION 44
An information security incident is

A. Any real or suspected adverse event in relation to the security of computer systems or networks
B. Any event that disrupts normal today’s business functions
C. Any event that breaches the availability of information assets
D. All of the above

Answer: D

NEW QUESTION 47
Which of the following can be considered synonymous:

A. Hazard and Threat

B. Threat and Threat Agent
C. Precaution and countermeasure
D. Vulnerability and Danger

Answer: A

NEW QUESTION 52
If the loss anticipated is greater than the agreed upon threshold; the organization will:

A. Accept the risk

B. Mitigate the risk
C. Accept the risk but after management approval
D. Do nothing

Answer: B

NEW QUESTION 55
The left over risk after implementing a control is called:

A. Residual risk
B. Unaccepted risk
C. Low risk
D. Critical risk

Answer: A

NEW QUESTION 60
In NIST risk assessment/ methodology; the process of identifying the boundaries of an IT system along with the resources and information that constitute the
system is known as:

A. Asset Identification
B. System characterization
C. Asset valuation
D. System classification

Answer: B

NEW QUESTION 61
Performing Vulnerability Assessment is an example of a:

A. Incident Response
B. Incident Handling
C. Pre-Incident Preparation
D. Post Incident Management

Answer: C

NEW QUESTION 66
The correct sequence of Incident Response and Handling is:

A. Incident Identification, recording, initial response, communication and containment

B. Incident Identification, initial response, communication, recording and containment
C. Incident Identification, communication, recording, initial response and containment
D. Incident Identification, recording, initial response, containment and communication

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

Welcome to download the Newest 2passeasy 212-89 dumps
https://www.2passeasy.com/dumps/212-89/ (163 New Questions)

Answer: A

NEW QUESTION 71
What is the best staffing model for an incident response team if current employees’ expertise is very low?

A. Fully outsourced
B. Partially outsourced
C. Fully insourced
D. All the above

Answer: A

NEW QUESTION 72
The correct sequence of incident management process is:

A. Prepare, protect, triage, detect and respond

B. Prepare, protect, detect, triage and respond
C. Prepare, detect, protect, triage and respond
D. Prepare, protect, detect, respond and triage

Answer: B

NEW QUESTION 77
The service organization that provides 24x7 computer security incident response services to any user, company, government agency, or organization is known as:

A. Computer Security Incident Response Team CSIRT

B. Security Operations Center SOC
C. Digital Forensics Examiner
D. Vulnerability Assessor

Answer: A

NEW QUESTION 79
The main feature offered by PGP Desktop Email is:

A. Email service during incidents

B. End-to-end email communications
C. End-to-end secure email service
D. None of the above

Answer: C

NEW QUESTION 81
The typical correct sequence of activities used by CSIRT when handling a case is:

A. Log, inform, maintain contacts, release information, follow up and reporting

B. Log, inform, release information, maintain contacts, follow up and reporting
C. Log, maintain contacts, inform, release information, follow up and reporting
D. Log, maintain contacts, release information, inform, follow up and reporting

Answer: A

NEW QUESTION 82
To respond to DDoS attacks; one of the following strategies can be used:

A. Using additional capacity to absorb attack

B. Identifying none critical services and stopping them
C. Shut down some services until the attack has subsided
D. All the above

Answer: D

NEW QUESTION 84
The open source TCP/IP network intrusion prevention and detection system (IDS/IPS), uses a rule-driven language, performs real-time traffic analysis and packet
logging is known as:

A. Snort
B. Wireshark
C. Nessus
D. SAINT

Answer: A

NEW QUESTION 87

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

Welcome to download the Newest 2passeasy 212-89 dumps
https://www.2passeasy.com/dumps/212-89/ (163 New Questions)

A malware code that infects computer files, corrupts or deletes the data in them and requires a host file to propagate is called:

A. Trojan
B. Worm
C. Virus
D. RootKit

Answer: C

NEW QUESTION 90
_____ record(s) user’s typing.

A. Spyware
B. adware
C. Virus
D. Malware

Answer: A

NEW QUESTION 92
Which of the following is a characteristic of adware?

A. Gathering information
B. Displaying popups
C. Intimidating users
D. Replicating

Answer: B

NEW QUESTION 97
Which of the following is NOT one of the techniques used to respond to insider threats:

A. Placing malicious users in quarantine network, so that attack cannot be spread

B. Preventing malicious users from accessing unclassified information
C. Disabling the computer systems from network connection
D. Blocking malicious user accounts

Answer: B

NEW QUESTION 99
Which is the incorrect statement about Anti-keyloggers scanners:

A. Detect already installed Keyloggers in victim machines

B. Run in stealthy mode to record victims online activity
C. Software tools

Answer: B

NEW QUESTION 104

Lack of forensic readiness may result in:

A. Loss of clients thereby damaging the organization’s reputation

B. System downtime
C. Data manipulation, deletion, and theft
D. All the above

Answer: D

NEW QUESTION 105

The state of incident response preparedness that enables an organization to maximize its potential to use digital evidence while minimizing the cost of an
investigation is called:

A. Computer Forensics
B. Digital Forensic Analysis
C. Forensic Readiness
D. Digital Forensic Policy

Answer: C

NEW QUESTION 108

What command does a Digital Forensic Examiner use to display the list of all open ports and the associated IP addresses on a victim computer to identify the
established connections on it:

A. “arp” command
B. “netstat –an” command

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

Welcome to download the Newest 2passeasy 212-89 dumps
https://www.2passeasy.com/dumps/212-89/ (163 New Questions)

C. “dd” command
D. “ifconfig” command

Answer: B

NEW QUESTION 113

Any information of probative value that is either stored or transmitted in a digital form during a computer crime is called:

A. Digital evidence
B. Computer Emails
C. Digital investigation
D. Digital Forensic Examiner

Answer: A

NEW QUESTION 117

Digital evidence must:

A. Be Authentic, complete and reliable

B. Not prove the attackers actions
C. Be Volatile
D. Cast doubt on the authenticity and veracity of the evidence

Answer: A

NEW QUESTION 121

Electronic evidence may reside in the following:

A. Data Files
B. Backup tapes
C. Other media sources
D. All the above

Answer: D

NEW QUESTION 125

Incidents are reported in order to:

A. Provide stronger protection for systems and data

B. Deal properly with legal issues
C. Be prepared for handling future incidents
D. All the above

Answer: D

NEW QUESTION 130

Agencies do NOT report an information security incident is because of:

A. Afraid of negative publicity

B. Have full knowledge about how to handle the attack internally
C. Do not want to pay the additional cost of reporting an incident
D. All the above

Answer: A

NEW QUESTION 131

The process of rebuilding and restoring the computer systems affected by an incident to normal operational stage including all the processes, policies and tools is
known as:

A. Incident Management
B. Incident Response
C. Incident Recovery
D. Incident Handling

Answer: C

NEW QUESTION 135

Business Continuity planning includes other plans such as:

A. Incident/disaster recovery plan

B. Business recovery and resumption plans
C. Contingency plan
D. All the above

Answer: D

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

Welcome to download the Newest 2passeasy 212-89 dumps
https://www.2passeasy.com/dumps/212-89/ (163 New Questions)

NEW QUESTION 139

Business Continuity provides a planning methodology that allows continuity in business operations:

A. Before and after a disaster

B. Before a disaster
C. Before, during and after a disaster
D. During and after a disaster

Answer: C

NEW QUESTION 144

The steps followed to recover computer systems after an incident are:

A. System restoration, validation, operation and monitoring

B. System restoration, operation, validation, and monitoring
C. System monitoring, validation, operation and restoration
D. System validation, restoration, operation and monitoring

Answer: A

NEW QUESTION 145

The product of intellect that has commercial value and includes copyrights and trademarks is called:

A. Intellectual property
B. Trade secrets
C. Logos
D. Patents

Answer: A

NEW QUESTION 146

......

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

Welcome to download the Newest 2passeasy 212-89 dumps
https://www.2passeasy.com/dumps/212-89/ (163 New Questions)

THANKS FOR TRYING THE DEMO OF OUR PRODUCT

Visit Our Site to Purchase the Full Set of Actual 212-89 Exam Questions With Answers.

We Also Provide Practice Exam Software That Simulates Real Exam Environment And Has Many Self-Assessment Features. Order the
212-89 Product From:

https://www.2passeasy.com/dumps/212-89/

Money Back Guarantee

212-89 Practice Exam Features:

* 212-89 Questions and Answers Updated Frequently

* 212-89 Practice Questions Verified by Expert Senior Certified Staff

* 212-89 Most Realistic Questions that Guarantee you a Pass on Your FirstTry

* 212-89 Practice Test Questions in Multiple Choice Formats and Updatesfor 1 Year

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

Powered by TCPDF (www.tcpdf.org)
100% Valid and Newest Version 212-89 Questions & Answers shared by Certleader
https://www.certleader.com/212-89-dumps.html (163 Q&As)

212-89 Dumps

EC Council Certified Incident Handler (ECIH v2)

https://www.certleader.com/212-89-dumps.html

The Leader of IT Certification visit - https://www.certleader.com

100% Valid and Newest Version 212-89 Questions & Answers shared by Certleader
https://www.certleader.com/212-89-dumps.html (163 Q&As)

NEW QUESTION 1
Which of the following is an appropriate flow of the incident recovery steps?

A. System Operation-System Restoration-System Validation-System Monitoring

Answer: D

NEW QUESTION 2
Quantitative risk is the numerical determination of the probability of an adverse event and the extent of the losses due to the event. Quantitative risk is calculated
as:

A. (Probability of Loss) X (Loss)

B. (Loss) / (Probability of Loss)
C. (Probability of Loss) / (Loss)
D. Significant Risks X Probability of Loss X Loss

Answer: A

NEW QUESTION 3
Multiple component incidents consist of a combination of two or more attacks in a system. Which of the following is not a multiple component incident?

A. An insider intentionally deleting files from a workstation

Answer: A

A. Evidence Supervisor
B. Evidence Documenter
C. Evidence Manager
D. Evidence Examiner/ Investigator

Answer: D

NEW QUESTION 5
When an employee is terminated from his or her job, what should be the next immediate step taken by an organization?

Answer: A

A. NET-CERT
B. DFN-CERT
C. Funet CERT
D. SURFnet-CERT

Answer: D

Answer: A

The Leader of IT Certification visit - https://www.certleader.com

100% Valid and Newest Version 212-89 Questions & Answers shared by Certleader
https://www.certleader.com/212-89-dumps.html (163 Q&As)

NEW QUESTION 8
Except for some common roles, the roles in an IRT are distinct for every organization. Which among the following is the role played by the Incident Coordinator of
an IRT?

Answer: B

NEW QUESTION 9
In a qualitative risk analysis, risk is calculated in terms of:

A. (Attack Success + Criticality ) –(Countermeasures)

B. Asset criticality assessment – (Risks and Associated Risk Levels)
C. Probability of Loss X Loss
D. (Countermeasures + Magnitude of Impact) – (Reports from prior risk assessments)

Answer: C

Answer: A

A. Inappropriate usage incident

B. Unauthorized access incident
C. Network intrusion incident
D. Denial of Service incident

Answer: A

A. Configuring firewall to default settings

B. Inspecting the process running on the system
C. Browsing particular government websites
D. Sending mails to only group of friends

Answer: B

A. Loss of goodwill
B. Damage to corporate reputation
C. Psychological damage
D. Lost productivity damage

Answer: D

A. Risk Assumption
B. Research and acknowledgment
C. Risk limitation
D. Risk absorption

Answer: B

The Leader of IT Certification visit - https://www.certleader.com

100% Valid and Newest Version 212-89 Questions & Answers shared by Certleader
https://www.certleader.com/212-89-dumps.html (163 Q&As)

NEW QUESTION 23
Based on the some statistics; what is the typical number one top incident?

A. Phishing
B. Policy violation
C. Un-authorized access
D. Malware

Answer: A

NEW QUESTION 26
An assault on system security that is derived from an intelligent threat is called:

A. Threat Agent
B. Vulnerability
C. Attack
D. Risk

Answer: C

NEW QUESTION 28
Incidents such as DDoS that should be handled immediately may be considered as:

A. Level One incident

B. Level Two incident
C. Level Three incident
D. Level Four incident

Answer: C

NEW QUESTION 29
Incident prioritization must be based on:

A. Potential impact
B. Current damage
C. Criticality of affected systems
D. All the above

Answer: D

NEW QUESTION 34
Which of the following can be considered synonymous:

A. Hazard and Threat

B. Threat and Threat Agent
C. Precaution and countermeasure
D. Vulnerability and Danger

Answer: A

NEW QUESTION 36
If the loss anticipated is greater than the agreed upon threshold; the organization will:

A. Accept the risk

B. Mitigate the risk
C. Accept the risk but after management approval
D. Do nothing

Answer: B

NEW QUESTION 38
Overall Likelihood rating of a Threat to Exploit a Vulnerability is driven by :

A. Threat-source motivation and capability

B. Nature of the vulnerability
C. Existence and effectiveness of the current controls
D. All the above

Answer: D

NEW QUESTION 39
Removing or eliminating the root cause of the incident is called:

A. Incident Eradication

The Leader of IT Certification visit - https://www.certleader.com

100% Valid and Newest Version 212-89 Questions & Answers shared by Certleader
https://www.certleader.com/212-89-dumps.html (163 Q&As)

B. Incident Protection
C. Incident Containment
D. Incident Classification

Answer: A

NEW QUESTION 43
Incident Response Plan requires

A. Financial and Management support

B. Expert team composition
C. Resources
D. All the above

Answer: D

NEW QUESTION 45
Which of the following service(s) is provided by the CSIRT:

A. Vulnerability handling
B. Technology watch
C. Development of security tools
D. All the above

Answer: D

NEW QUESTION 49
The free, open source, TCP/IP protocol analyzer, sniffer and packet capturing utility standard across many industries and educational institutions is known as:

A. Snort
B. Wireshark
C. Cain & Able
D. nmap

Answer: B

NEW QUESTION 54
The very well-known free open source port, OS and service scanner and network discovery utility is called:

A. Wireshark
B. Nmap (Network Mapper)
C. Snort
D. SAINT

Answer: B

A. Trojan
B. Worm
C. Virus
D. RootKit

Answer: A

NEW QUESTION 60
The message that is received and requires an urgent action and it prompts the recipient to delete certain files or forward it to others is called:

A. An Adware
B. Mail bomb
C. A Virus Hoax
D. Spear Phishing

Answer: C

NEW QUESTION 65
The free utility which quickly scans Systems running Windows OS to find settings that may have been changed by spyware, malware, or other unwanted programs
is called:

A. Tripwire
B. HijackThis
C. Stinger
D. F-Secure Anti-virus

The Leader of IT Certification visit - https://www.certleader.com

100% Valid and Newest Version 212-89 Questions & Answers shared by Certleader
https://www.certleader.com/212-89-dumps.html (163 Q&As)

Answer: B

NEW QUESTION 69
The main difference between viruses and worms is:

A. Worms require a host file to propagate while viruses don’t

Answer: B

NEW QUESTION 72
The sign(s) of the presence of malicious code on a host infected by a virus which is delivered via e-mail could be:

A. Antivirus software detects the infected files

B. Increase in the number of e-mails sent and received
C. System files become inaccessible
D. All the above

Answer: D

NEW QUESTION 76
Spyware tool used to record malicious user’s computer activities and keyboard stokes is called:

A. adware
B. Keylogger
C. Rootkit
D. Firewall

Answer: B

NEW QUESTION 77
Which of the following may be considered as insider threat(s):

A. An employee having no clashes with supervisors and coworkers

B. Disgruntled system administrators
C. An employee who gets an annual 7% salary raise
D. An employee with an insignificant technical literacy and business process knowledge

Answer: B

NEW QUESTION 79
Which of the following is NOT a digital forensic analysis tool:

A. Access Data FTK

B. EAR/ Pilar
C. Guidance Software EnCase Forensic
D. Helix

Answer: B

A. “arp” command
B. “netstat –an” command
C. “dd” command
D. “ifconfig” command

Answer: B

NEW QUESTION 84
Digital evidence must:

A. Be Authentic, complete and reliable

B. Not prove the attackers actions
C. Be Volatile
D. Cast doubt on the authenticity and veracity of the evidence

Answer: A

NEW QUESTION 85

The Leader of IT Certification visit - https://www.certleader.com

100% Valid and Newest Version 212-89 Questions & Answers shared by Certleader
https://www.certleader.com/212-89-dumps.html (163 Q&As)

The process of rebuilding and restoring the computer systems affected by an incident to normal operational stage including all the processes, policies and tools is
known as:

A. Incident Management
B. Incident Response
C. Incident Recovery
D. Incident Handling

Answer: C

NEW QUESTION 90
Business Continuity planning includes other plans such as:

A. Incident/disaster recovery plan

B. Business recovery and resumption plans
C. Contingency plan
D. All the above

Answer: D

A. Business Continuity Plan

B. Business Continuity
C. Disaster Planning
D. Contingency Planning

Answer: B

NEW QUESTION 97
The policy that defines which set of events needs to be logged in order to capture and review the important data in a timely manner is known as:

A. Audit trail policy

Answer: D

NEW QUESTION 100

According to the Evidence Preservation policy, a forensic investigator should make at least ..................... image copies of the digital evidence.

A. One image copy

B. Two image copies
C. Three image copies
D. Four image copies

Answer: B

NEW QUESTION 101

......

The Leader of IT Certification visit - https://www.certleader.com

100% Valid and Newest Version 212-89 Questions & Answers shared by Certleader
https://www.certleader.com/212-89-dumps.html (163 Q&As)

Thank You for Trying Our Product

* 100% Pass or Money Back

100% Pass Your 212-89 Exam with Our Prep Materials Via below:

https://www.certleader.com/212-89-dumps.html

The Leader of IT Certification visit - https://www.certleader.com

Powered by TCPDF (www.tcpdf.org)
Recommend!! Get the Full 212-89 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/212-89-exam-dumps.html (163 New Questions)

EC-Council
Exam Questions 212-89
EC Council Certified Incident Handler (ECIH v2)

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

Recommend!! Get the Full 212-89 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/212-89-exam-dumps.html (163 New Questions)

NEW QUESTION 1
The flow chart gives a view of different roles played by the different personnel of CSIRT. Identify the incident response personnel denoted by A, B, C, D, E, F and
G.

A. A-Incident Analyst, B- Incident Coordinator, C- Public Relations, D-Administrator, E- Human Resource, FConstituency, G-Incident Manager
B. A- Incident Coordinator, B-Incident Analyst, C- Public Relations, D-Administrator, E- Human Resource, FConstituency, G-Incident Manager
C. A- Incident Coordinator, B- Constituency, C-Administrator, D-Incident Manager, E- Human Resource, FIncident Analyst, G-Public relations
D. A- Incident Manager, B-Incident Analyst, C- Public Relations, D-Administrator, E- Human Resource, FConstituency, G-Incident Coordinator

Answer: C

NEW QUESTION 2
Quantitative risk is the numerical determination of the probability of an adverse event and the extent of the losses due to the event. Quantitative risk is calculated
as:

A. (Probability of Loss) X (Loss)

B. (Loss) / (Probability of Loss)
C. (Probability of Loss) / (Loss)
D. Significant Risks X Probability of Loss X Loss

Answer: A

NEW QUESTION 3
Risk is defined as the probability of the occurrence of an incident. Risk formulation generally begins with the likeliness of an event’s occurrence, the harm it may
cause and is usually denoted as Risk = ?(events)X (Probability of occurrence)X?

A. Magnitude
B. Probability
C. Consequences
D. Significance

Answer: A

NEW QUESTION 4
An audit trail policy collects all audit trails such as series of records of computer events, about an operating system, application or user activities. Which of the
following statements is NOT true for an audit trail policy:

A. It helps calculating intangible losses to the organization due to incident

Answer: A

NEW QUESTION 5
Multiple component incidents consist of a combination of two or more attacks in a system. Which of the following is not a multiple component incident?

A. An insider intentionally deleting files from a workstation

Answer: A

NEW QUESTION 6
The network perimeter should be configured in such a way that it denies all incoming and outgoing traffic/ services that are not required. Which service listed

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

Recommend!! Get the Full 212-89 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/212-89-exam-dumps.html (163 New Questions)

below, if blocked, can help in preventing Denial of Service attack?

A. SAM service
B. POP3 service
C. SMTP service
D. Echo service

Answer: D

NEW QUESTION 7
A US Federal agency network was the target of a DoS attack that prevented and impaired the normal authorized functionality of the networks. According to
agency’s reporting timeframe guidelines, this incident
should be reported within two (2) HOURS of discovery/detection if the successful attack is still ongoing and the agency is unable to successfully mitigate the
activity. Which incident category of the US Federal Agency does this incident belong to?

A. CAT 5
B. CAT 1
C. CAT 2
D. CAT 6

Answer: C

NEW QUESTION 8
Identify a standard national process which establishes a set of activities, general tasks and a management structure to certify and accredit systems that will
maintain the information assurance (IA) and security posture of a system or site.

A. NIASAP
B. NIAAAP
C. NIPACP
D. NIACAP

Answer: D

NEW QUESTION 9
A threat source does not present a risk if NO vulnerability that can be exercised for a particular threat source. Identify the step in which different threat sources are
defined:

A. Identification Vulnerabilities
B. Control analysis
C. Threat identification
D. System characterization

Answer: C

NEW QUESTION 10
Which of the following incident recovery testing methods works by creating a mock disaster, like fire to identify the reaction of the procedures that are implemented
to handle such situations?

A. Scenario testing
B. Facility testing
C. Live walk-through testing
D. Procedure testing

Answer: D

NEW QUESTION 10
An incident is analyzed for its nature, intensity and its effects on the network and systems. Which stage of the incident response and handling process involves
auditing the system and network log files?

A. Incident recording
B. Reporting
C. Containment
D. Identification

Answer: D

NEW QUESTION 14
Which among the following CERTs is an Internet provider to higher education institutions and various other research institutions in the Netherlands and deals with
all cases related to computer security incidents in which a customer is involved either as a victim or as a suspect?

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

Recommend!! Get the Full 212-89 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/212-89-exam-dumps.html (163 New Questions)

A. NET-CERT
B. DFN-CERT
C. Funet CERT
D. SURFnet-CERT

Answer: D

A. Protection
B. Preparation
C. Detection
D. Triage

Answer: A

NEW QUESTION 22
The insider risk matrix consists of technical literacy and business process knowledge vectors. Considering the matrix, one can conclude that:

Answer: D

NEW QUESTION 27
Which policy recommends controls for securing and tracking organizational resources:

A. Access control policy

B. Administrative security policy
C. Acceptable use policy
D. Asset control policy

Answer: D

NEW QUESTION 32
Which one of the following is the correct sequence of flow of the stages in an incident response:

A. Containment - Identification - Preparation - Recovery - Follow-up - Eradication

B. Preparation - Identification - Containment - Eradication - Recovery - Follow-up
C. Eradication - Containment - Identification - Preparation - Recovery - Follow-up
D. Identification - Preparation - Containment - Recovery - Follow-up - Eradication

Answer: B

NEW QUESTION 36
Organizations or incident response teams need to protect the evidence for any future legal actions that may be taken against perpetrators that intentionally
attacked the computer system. EVIDENCE PROTECTION is also required to meet legal compliance issues. Which of the following documents helps in protecting
evidence from physical or logical damage:

A. Network and host log records

B. Chain-of-Custody
C. Forensic analysis report
D. Chain-of-Precedence

Answer: B

NEW QUESTION 40
Except for some common roles, the roles in an IRT are distinct for every organization. Which among the following is the role played by the Incident Coordinator of
an IRT?

Answer: B

NEW QUESTION 42
In a qualitative risk analysis, risk is calculated in terms of:

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

Recommend!! Get the Full 212-89 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/212-89-exam-dumps.html (163 New Questions)

A. (Attack Success + Criticality ) –(Countermeasures)

B. Asset criticality assessment – (Risks and Associated Risk Levels)
C. Probability of Loss X Loss
D. (Countermeasures + Magnitude of Impact) – (Reports from prior risk assessments)

Answer: C

NEW QUESTION 46
A computer virus hoax is a message warning the recipient of non-existent computer virus. The message is usually a chain e-mail that tells the recipient to forward it
to every one they know. Which of the following is NOT a symptom of virus hoax message?

Answer: A

NEW QUESTION 47
In which of the steps of NIST’s risk assessment methodology are the boundary of the IT system, along with the resources and the information that constitute the
system identified?

A. Likelihood Determination
B. Control recommendation
C. System characterization
D. Control analysis

Answer: C

NEW QUESTION 50
Incident handling and response steps help you to detect, identify, respond and manage an incident. Which of the following helps in recognizing and separating the
infected hosts from the information system?

A. Configuring firewall to default settings

B. Inspecting the process running on the system
C. Browsing particular government websites
D. Sending mails to only group of friends

Answer: B

NEW QUESTION 54
The type of relationship between CSIRT and its constituency have an impact on the services provided by the CSIRT. Identify the level of the authority that enables
members of CSIRT to undertake any necessary actions on behalf of their constituency?

A. Full-level authority
B. Mid-level authority
C. Half-level authority
D. Shared-level authority

Answer: A

NEW QUESTION 59
Which of the following incidents are reported under CAT -5 federal agency category?

A. Exercise/ Network Defense Testing

B. Malicious code
C. Scans/ probes/ Attempted Access
D. Denial of Service DoS

Answer: C

NEW QUESTION 63
Incident management team provides support to all users in the organization that are affected by the threat or attack. The organization’s internal auditor is part of
the incident response team. Identify one of the responsibilities of the internal auditor as part of the incident response team:

A. Configure information security controls

B. Perform necessary action to block the network traffic from suspected intruder
C. Identify and report security loopholes to the management for necessary actions
D. Coordinate incident containment activities with the information security officer

Answer: C

NEW QUESTION 67
An assault on system security that is derived from an intelligent threat is called:

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

Recommend!! Get the Full 212-89 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/212-89-exam-dumps.html (163 New Questions)

A. Threat Agent
B. Vulnerability
C. Attack
D. Risk

Answer: C

NEW QUESTION 71
Incidents such as DDoS that should be handled immediately may be considered as:

A. Level One incident

B. Level Two incident
C. Level Three incident
D. Level Four incident

Answer: C

NEW QUESTION 75
If the loss anticipated is greater than the agreed upon threshold; the organization will:

A. Accept the risk

B. Mitigate the risk
C. Accept the risk but after management approval
D. Do nothing

Answer: B

NEW QUESTION 80
A payroll system has a vulnerability that cannot be exploited by current technology. Which of the following is correct about this scenario:

A. The risk must be urgently mitigated

B. The risk must be transferred immediately
C. The risk is not present at this time
D. The risk is accepted

Answer: C

NEW QUESTION 83
Overall Likelihood rating of a Threat to Exploit a Vulnerability is driven by :

A. Threat-source motivation and capability

B. Nature of the vulnerability
C. Existence and effectiveness of the current controls
D. All the above

Answer: D

NEW QUESTION 87
What is correct about Quantitative Risk Analysis:

A. It is Subjective but faster than Qualitative Risk Analysis

B. Easily automated
C. Better than Qualitative Risk Analysis
D. Uses levels and descriptive expressions

Answer: B

NEW QUESTION 89
Which of the following is a risk assessment tool:

A. Nessus
B. Wireshark
C. CRAMM
D. Nmap

Answer: C

NEW QUESTION 94
Performing Vulnerability Assessment is an example of a:

A. Incident Response
B. Incident Handling
C. Pre-Incident Preparation
D. Post Incident Management

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

Recommend!! Get the Full 212-89 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/212-89-exam-dumps.html (163 New Questions)

Answer: C

NEW QUESTION 98
What is the best staffing model for an incident response team if current employees’ expertise is very low?

A. Fully outsourced
B. Partially outsourced
C. Fully insourced
D. All the above

Answer: A

NEW QUESTION 99
Incident response team must adhere to the following:

A. Stay calm and document everything

B. Assess the situation
C. Notify appropriate personnel
D. All the above

Answer: D

NEW QUESTION 102

Removing or eliminating the root cause of the incident is called:

A. Incident Eradication
B. Incident Protection
C. Incident Containment
D. Incident Classification

Answer: A

NEW QUESTION 105

Which of the following is a correct statement about incident management, handling and response:

A. Incident response is on the functions provided by incident handling

B. Incident handling is on the functions provided by incident response
C. Triage is one of the services provided by incident response
D. Incident response is one of the services provided by triage

Answer: A

NEW QUESTION 110

Incident Response Plan requires

A. Financial and Management support

B. Expert team composition
C. Resources
D. All the above

Answer: D

NEW QUESTION 112

The service organization that provides 24x7 computer security incident response services to any user, company, government agency, or organization is known as:

A. Computer Security Incident Response Team CSIRT

B. Security Operations Center SOC
C. Digital Forensics Examiner
D. Vulnerability Assessor

Answer: A

NEW QUESTION 113

The role that applies appropriate technology and tries to eradicate and recover from the incident is known as:

A. Incident Manager
B. Incident Analyst
C. Incident Handler
D. Incident coordinator

Answer: B

NEW QUESTION 116

CERT members can provide critical support services to first responders such as:

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

Recommend!! Get the Full 212-89 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/212-89-exam-dumps.html (163 New Questions)

A. Immediate assistance to victims

B. Consolidated automated service process management platform
C. Organizing spontaneous volunteers at a disaster site
D. A + C

Answer: D

NEW QUESTION 120

CSIRT can be implemented at:

A. Internal enterprise level

B. National, government and military level
C. Vendor level
D. All the above

Answer: D

NEW QUESTION 123

The typical correct sequence of activities used by CSIRT when handling a case is:

A. Log, inform, maintain contacts, release information, follow up and reporting

Answer: A

NEW QUESTION 124

Common name(s) for CSIRT is(are)

A. Incident Handling Team (IHT)

B. Incident Response Team (IRT)
C. Security Incident Response Team (SIRT)
D. All the above

Answer: D

NEW QUESTION 126

The free, open source, TCP/IP protocol analyzer, sniffer and packet capturing utility standard across many industries and educational institutions is known as:

A. Snort
B. Wireshark
C. Cain & Able
D. nmap

Answer: B

NEW QUESTION 130

Installing a password cracking tool, downloading pornography material, sending emails to colleagues which irritates them and hosting unauthorized websites on
the company’s computer are considered:

A. Network based attacks

B. Unauthorized access attacks
C. Malware attacks
D. Inappropriate usage incidents

Answer: D

NEW QUESTION 135

Changing the web server contents, Accessing the workstation using a false ID and Copying sensitive data without authorization are examples of:

A. DDoS attacks
B. Unauthorized access attacks
C. Malware attacks
D. Social Engineering attacks

Answer: B

NEW QUESTION 139

To respond to DDoS attacks; one of the following strategies can be used:

A. Using additional capacity to absorb attack

B. Identifying none critical services and stopping them
C. Shut down some services until the attack has subsided
D. All the above

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

Recommend!! Get the Full 212-89 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/212-89-exam-dumps.html (163 New Questions)

Answer: D

NEW QUESTION 141

The very well-known free open source port, OS and service scanner and network discovery utility is called:

A. Wireshark
B. Nmap (Network Mapper)
C. Snort
D. SAINT

Answer: B

NEW QUESTION 145

In a DDoS attack, attackers first infect multiple systems, which are then used to attack a particular target directly. Those systems are called:

A. Honey Pots
B. Relays
C. Zombies
D. Handlers

Answer: C

NEW QUESTION 147

A Malicious code attack using emails is considered as:

A. Malware based attack

B. Email attack
C. Inappropriate usage incident
D. Multiple component attack

Answer: D

NEW QUESTION 148

A malware code that infects computer files, corrupts or deletes the data in them and requires a host file to propagate is called:

A. Trojan
B. Worm
C. Virus
D. RootKit

Answer: C

NEW QUESTION 149

A malicious security-breaking code that is disguised as any useful program that installs an executable programs when a file is opened and allows others to control
the victim’s system is called:

A. Trojan
B. Worm
C. Virus
D. RootKit

Answer: A

NEW QUESTION 152

The message that is received and requires an urgent action and it prompts the recipient to delete certain files or forward it to others is called:

A. An Adware
B. Mail bomb
C. A Virus Hoax
D. Spear Phishing

Answer: C

NEW QUESTION 153

The free utility which quickly scans Systems running Windows OS to find settings that may have been changed by spyware, malware, or other unwanted programs
is called:

A. Tripwire
B. HijackThis
C. Stinger
D. F-Secure Anti-virus

Answer: B

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

Recommend!! Get the Full 212-89 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/212-89-exam-dumps.html (163 New Questions)

NEW QUESTION 157

A software application in which advertising banners are displayed while the program is running that delivers ads to display pop-up windows or bars that appears on
a computer screen or browser is called:

A. adware (spelled all lower case)

B. Trojan
C. RootKit
D. Virus
E. Worm

Answer: A

NEW QUESTION 161

The sign(s) of the presence of malicious code on a host infected by a virus which is delivered via e-mail could be:

A. Antivirus software detects the infected files

B. Increase in the number of e-mails sent and received
C. System files become inaccessible
D. All the above

Answer: D

NEW QUESTION 165

Which of the following is NOT one of the common techniques used to detect Insider threats:

A. Spotting an increase in their performance

B. Observing employee tardiness and unexplained absenteeism
C. Observing employee sick leaves
D. Spotting conflicts with supervisors and coworkers

Answer: A

NEW QUESTION 166

Keyloggers do NOT:

A. Run in the background

B. Alter system files
C. Secretly records URLs visited in browser, keystrokes, chat conversations, ...etc
D. Send log file to attacker’s email or upload it to an ftp server

Answer: B

NEW QUESTION 167

Which is the incorrect statement about Anti-keyloggers scanners:

A. Detect already installed Keyloggers in victim machines

B. Run in stealthy mode to record victims online activity
C. Software tools

Answer: B

NEW QUESTION 170

Which of the following is NOT a digital forensic analysis tool:

A. Access Data FTK

B. EAR/ Pilar
C. Guidance Software EnCase Forensic
D. Helix

Answer: B

NEW QUESTION 175

The Linux command used to make binary copies of computer media and as a disk imaging tool if given a raw disk device as its input is:

A. “dd” command
B. “netstat” command
C. “nslookup” command
D. “find” command

Answer: A

NEW QUESTION 176

The individual who recovers, analyzes, and preserves computer and related materials to be presented as evidence in a court of law and identifies the evidence,
estimates the potential impact of the malicious activity on the victim, and assesses the intent and identity of the perpetrator is called:

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

Recommend!! Get the Full 212-89 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/212-89-exam-dumps.html (163 New Questions)

A. Digital Forensic Examiner

B. Computer Forensic Investigator
C. Computer Hacking Forensic Investigator
D. All the above

Answer: D

NEW QUESTION 181

Any information of probative value that is either stored or transmitted in a digital form during a computer crime is called:

A. Digital evidence
B. Computer Emails
C. Digital investigation
D. Digital Forensic Examiner

Answer: A

NEW QUESTION 182

Which of the following is NOT one of the Computer Forensic types:

A. USB Forensics
B. Email Forensics
C. Forensic Archaeology
D. Image Forensics

Answer: C

NEW QUESTION 186

The correct order or sequence of the Computer Forensic processes is:

A. Preparation, analysis, examination, collection, and reporting

B. Preparation, collection, examination, analysis, and reporting
C. Preparation, examination, collection, analysis, and reporting
D. Preparation, analysis, collection, examination, and reporting

Answer: B

NEW QUESTION 187

The person who offers his formal opinion as a testimony about a computer crime incident in the court of law is known as:

A. Expert Witness
B. Incident Analyzer
C. Incident Responder
D. Evidence Documenter

Answer: A

NEW QUESTION 188

Electronic evidence may reside in the following:

A. Data Files
B. Backup tapes
C. Other media sources
D. All the above

Answer: D

NEW QUESTION 192

The steps followed to recover computer systems after an incident are:

A. System restoration, validation, operation and monitoring

B. System restoration, operation, validation, and monitoring
C. System monitoring, validation, operation and restoration
D. System validation, restoration, operation and monitoring

Answer: A

NEW QUESTION 196

The product of intellect that has commercial value and includes copyrights and trademarks is called:

A. Intellectual property
B. Trade secrets
C. Logos
D. Patents

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

Recommend!! Get the Full 212-89 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/212-89-exam-dumps.html (163 New Questions)

Answer: A

NEW QUESTION 198

According to the Fourth Amendment of USA PATRIOT Act of 2001; if a search does NOT violate a person’s “reasonable” or “legitimate” expectation of privacy
then it is considered:

A. Constitutional/ Legitimate
B. Illegal/ illegitimate
C. Unethical
D. None of the above

Answer: A

NEW QUESTION 201

......

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

Recommend!! Get the Full 212-89 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/212-89-exam-dumps.html (163 New Questions)

Thank You for Trying Our Product

We offer two products:

1st - We have Practice Tests Software with Actual Exam Questions

2nd - Questons and Answers in PDF Format

212-89 Practice Exam Features:

* 212-89 Questions and Answers Updated Frequently

* 212-89 Practice Questions Verified by Expert Senior Certified Staff

* 212-89 Most Realistic Questions that Guarantee you a Pass on Your FirstTry

* 212-89 Practice Test Questions in Multiple Choice Formats and Updatesfor 1 Year

100% Actual & Verified — Instant Download, Please Click

Order The 212-89 Practice Test Here

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

Powered by TCPDF (www.tcpdf.org)
Welcome to download the Newest 2passeasy 212-89 dumps
https://www.2passeasy.com/dumps/212-89/ (163 New Questions)

Exam Questions 212-89

EC Council Certified Incident Handler (ECIH v2)

https://www.2passeasy.com/dumps/212-89/

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

Welcome to download the Newest 2passeasy 212-89 dumps
https://www.2passeasy.com/dumps/212-89/ (163 New Questions)

NEW QUESTION 1
The goal of incident response is to handle the incident in a way that minimizes damage and reduces recovery time and cost. Which of the following does NOT
constitute a goal of incident response?

Answer: A

NEW QUESTION 2
An organization faced an information security incident where a disgruntled employee passed sensitive access control information to a competitor. The
organization’s incident response manager, upon investigation, found that the incident must be handled within a few hours on the same day to maintain business
continuity and market competitiveness. How would you categorize such information security incident?

A. High level incident

B. Middle level incident
C. Ultra-High level incident
D. Low level incident

Answer: A

A. Forensics Procedure Plan

B. Business Recovery Plan
C. Sales and Marketing plan
D. New business strategy plan

Answer: B

NEW QUESTION 4
The flow chart gives a view of different roles played by the different personnel of CSIRT. Identify the incident response personnel denoted by A, B, C, D, E, F and
G.

Answer: C

NEW QUESTION 5
Incident handling and response steps help you to detect, identify, respond and manage an incident. Which of the following steps focus on limiting the scope and
extent of an incident?

A. Eradication
B. Containment
C. Identification
D. Data collection

Answer: B

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

Welcome to download the Newest 2passeasy 212-89 dumps
https://www.2passeasy.com/dumps/212-89/ (163 New Questions)

NEW QUESTION 6
An incident recovery plan is a statement of actions that should be taken before, during or after an incident. Identify which of the following is NOT an objective of the
incident recovery plan?

A. Creating new business processes to maintain profitability after incident

B. Providing a standard for testing the recovery plan
C. Avoiding the legal liabilities arising due to incident
D. Providing assurance that systems are reliable

Answer: A

NEW QUESTION 7
Risk is defined as the probability of the occurrence of an incident. Risk formulation generally begins with the likeliness of an event’s occurrence, the harm it may
cause and is usually denoted as Risk = ?(events)X (Probability of occurrence)X?

A. Magnitude
B. Probability
C. Consequences
D. Significance

Answer: A

NEW QUESTION 8
An audit trail policy collects all audit trails such as series of records of computer events, about an operating system, application or user activities. Which of the
following statements is NOT true for an audit trail policy:

A. It helps calculating intangible losses to the organization due to incident

Answer: A

NEW QUESTION 9
Computer forensics is methodical series of techniques and procedures for gathering evidence from computing equipment, various storage devices and or digital
media that can be presented in a course of law in a coherent and meaningful format. Which one of the following is an appropriate flow of steps in the computer
forensics process:

A. Examination> Analysis > Preparation > Collection > Reporting

B. Preparation > Analysis > Collection > Examination > Reporting
C. Analysis > Preparation > Collection > Reporting > Examination
D. Preparation > Collection > Examination > Analysis > Reporting

Answer: D

NEW QUESTION 10
Multiple component incidents consist of a combination of two or more attacks in a system. Which of the following is not a multiple component incident?

A. An insider intentionally deleting files from a workstation

Answer: A

NEW QUESTION 10
Computer Forensics is the branch of forensic science in which legal evidence is found in any computer or any digital media device. Of the following, who is
responsible for examining the evidence acquired and separating the useful evidence?

A. Evidence Supervisor
B. Evidence Documenter
C. Evidence Manager
D. Evidence Examiner/ Investigator

Answer: D

NEW QUESTION 12
The network perimeter should be configured in such a way that it denies all incoming and outgoing traffic/ services that are not required. Which service listed
below, if blocked, can help in preventing Denial of Service attack?

A. SAM service
B. POP3 service
C. SMTP service
D. Echo service

Answer:

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

Welcome to download the Newest 2passeasy 212-89 dumps
https://www.2passeasy.com/dumps/212-89/ (163 New Questions)

NEW QUESTION 13
US-CERT and Federal civilian agencies use the reporting timeframe criteria in the federal agency reporting categorization. What is the timeframe required to report
an incident under the CAT 4 Federal Agency category?

A. Weekly
B. Within four (4) hours of discovery/detection if the successful attack is still ongoing and agency is unable to successfully mitigate activity
C. Within two (2) hours of discovery/detection
D. Monthly

Answer: A

NEW QUESTION 16
A threat source does not present a risk if NO vulnerability that can be exercised for a particular threat source. Identify the step in which different threat sources are
defined:

A. Identification Vulnerabilities
B. Control analysis
C. Threat identification
D. System characterization

Answer: C

NEW QUESTION 21
Which of the following incident recovery testing methods works by creating a mock disaster, like fire to identify the reaction of the procedures that are implemented
to handle such situations?

A. Scenario testing
B. Facility testing
C. Live walk-through testing
D. Procedure testing

Answer: D

NEW QUESTION 23
Which among the following CERTs is an Internet provider to higher education institutions and various other research institutions in the Netherlands and deals with
all cases related to computer security incidents in which a customer is involved either as a victim or as a suspect?

A. NET-CERT
B. DFN-CERT
C. Funet CERT
D. SURFnet-CERT

Answer: D

NEW QUESTION 27
One of the main objectives of incident management is to prevent incidents and attacks by tightening the physical security of the system or infrastructure. According
to CERT’s incident management process, which stage focuses on implementing infrastructure improvements resulting from postmortem reviews or other process
improvement mechanisms?

A. Protection
B. Preparation
C. Detection
D. Triage

Answer: A

NEW QUESTION 31
Risk management consists of three processes, risk assessment, mitigation and evaluation. Risk assessment determines the extent of the potential threat and the
risk associated with an IT system through its SDLC. How many primary steps does NIST’s risk assessment methodology involve?

A. Twelve
B. Four
C. Six
D. Nine

Answer: D

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

Welcome to download the Newest 2passeasy 212-89 dumps
https://www.2passeasy.com/dumps/212-89/ (163 New Questions)

NEW QUESTION 32
Which policy recommends controls for securing and tracking organizational resources:

A. Access control policy

B. Administrative security policy
C. Acceptable use policy
D. Asset control policy

Answer: D

A. Network and host log records

B. Chain-of-Custody
C. Forensic analysis report
D. Chain-of-Precedence

Answer: B

NEW QUESTION 38
Except for some common roles, the roles in an IRT are distinct for every organization. Which among the following is the role played by the Incident Coordinator of
an IRT?

Answer: B

NEW QUESTION 41
The data on the affected system must be backed up so that it can be retrieved if it is damaged during incident response. The system backup can also be used for
further investigations of the incident. Identify the stage of the incident response and handling process in which complete backup of the infected system is carried
out?

A. Containment
B. Eradication
C. Incident recording
D. Incident investigation

Answer: A

NEW QUESTION 45
In a qualitative risk analysis, risk is calculated in terms of:

A. (Attack Success + Criticality ) –(Countermeasures)

B. Asset criticality assessment – (Risks and Associated Risk Levels)
C. Probability of Loss X Loss
D. (Countermeasures + Magnitude of Impact) – (Reports from prior risk assessments)

Answer: C

NEW QUESTION 48
In which of the steps of NIST’s risk assessment methodology are the boundary of the IT system, along with the resources and the information that constitute the
system identified?

A. Likelihood Determination
B. Control recommendation
C. System characterization
D. Control analysis

Answer: C

NEW QUESTION 50
ADAM, an employee from a multinational company, uses his company’s accounts to send e-mails to a third party with their spoofed mail address. How can you
categorize this type of account?

A. Inappropriate usage incident

B. Unauthorized access incident
C. Network intrusion incident
D. Denial of Service incident

Answer: A

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

Welcome to download the Newest 2passeasy 212-89 dumps
https://www.2passeasy.com/dumps/212-89/ (163 New Questions)

NEW QUESTION 55
The type of relationship between CSIRT and its constituency have an impact on the services provided by the CSIRT. Identify the level of the authority that enables
members of CSIRT to undertake any necessary actions on behalf of their constituency?

A. Full-level authority
B. Mid-level authority
C. Half-level authority
D. Shared-level authority

Answer: A

NEW QUESTION 56
An estimation of the expected losses after an incident helps organization in prioritizing and formulating their incident response. The cost of an incident can be
categorized as a tangible and intangible cost. Identify the tangible cost associated with virus outbreak?

A. Loss of goodwill
B. Damage to corporate reputation
C. Psychological damage
D. Lost productivity damage

Answer: D

NEW QUESTION 58
A computer forensic investigator must perform a proper investigation to protect digital evidence. During the investigation, an investigator needs to process large
amounts of data using a combination of automated and manual methods. Identify the computer forensic process involved:

A. Analysis
B. Preparation
C. Examination
D. Collection

Answer: C

NEW QUESTION 59
Based on the some statistics; what is the typical number one top incident?

A. Phishing
B. Policy violation
C. Un-authorized access
D. Malware

Answer: A

NEW QUESTION 61
An adversary attacks the information resources to gain undue advantage is called:

A. Defensive Information Warfare

B. Offensive Information Warfare
C. Electronic Warfare
D. Conventional Warfare

Answer: B

NEW QUESTION 65
Incidents such as DDoS that should be handled immediately may be considered as:

A. Level One incident

B. Level Two incident
C. Level Three incident
D. Level Four incident

Answer: C

NEW QUESTION 68
A payroll system has a vulnerability that cannot be exploited by current technology. Which of the following is correct about this scenario:

A. The risk must be urgently mitigated

B. The risk must be transferred immediately
C. The risk is not present at this time
D. The risk is accepted

Answer: C

NEW QUESTION 69

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

Welcome to download the Newest 2passeasy 212-89 dumps
https://www.2passeasy.com/dumps/212-89/ (163 New Questions)

Overall Likelihood rating of a Threat to Exploit a Vulnerability is driven by :

A. Threat-source motivation and capability

B. Nature of the vulnerability
C. Existence and effectiveness of the current controls
D. All the above

Answer: D

NEW QUESTION 73
Which of the following is a risk assessment tool:

A. Nessus
B. Wireshark
C. CRAMM
D. Nmap

Answer: C

NEW QUESTION 76
Performing Vulnerability Assessment is an example of a:

A. Incident Response
B. Incident Handling
C. Pre-Incident Preparation
D. Post Incident Management

Answer: C

NEW QUESTION 77
Preventing the incident from spreading and limiting the scope of the incident is known as:

A. Incident Eradication
B. Incident Protection
C. Incident Containment
D. Incident Classification

Answer: C

NEW QUESTION 80
What is the best staffing model for an incident response team if current employees’ expertise is very low?

A. Fully outsourced
B. Partially outsourced
C. Fully insourced
D. All the above

Answer: A

NEW QUESTION 82
Which of the following is an incident tracking, reporting and handling tool:

A. CRAMM
B. RTIR
C. NETSTAT
D. EAR/ Pilar

Answer: B

NEW QUESTION 85
Incident Response Plan requires

A. Financial and Management support

B. Expert team composition
C. Resources
D. All the above

Answer: D

NEW QUESTION 87
The service organization that provides 24x7 computer security incident response services to any user, company, government agency, or organization is known as:

A. Computer Security Incident Response Team CSIRT

B. Security Operations Center SOC
C. Digital Forensics Examiner

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

Welcome to download the Newest 2passeasy 212-89 dumps
https://www.2passeasy.com/dumps/212-89/ (163 New Questions)

D. Vulnerability Assessor

Answer: A

NEW QUESTION 89
The main feature offered by PGP Desktop Email is:

A. Email service during incidents

B. End-to-end email communications
C. End-to-end secure email service
D. None of the above

Answer: C

NEW QUESTION 92
The role that applies appropriate technology and tries to eradicate and recover from the incident is known as:

A. Incident Manager
B. Incident Analyst
C. Incident Handler
D. Incident coordinator

Answer: B

NEW QUESTION 96
CERT members can provide critical support services to first responders such as:

A. Immediate assistance to victims

B. Consolidated automated service process management platform
C. Organizing spontaneous volunteers at a disaster site
D. A + C

Answer: D

NEW QUESTION 98
The region where the CSIRT is bound to serve and what does it and give service to is known as:

A. Consistency
B. Confidentiality
C. Constituency
D. None of the above

Answer: C

NEW QUESTION 100

The program that helps to train people to be better prepared to respond to emergency situations in their communities is known as:

A. Community Emergency Response Team (CERT)

B. Incident Response Team (IRT)
C. Security Incident Response Team (SIRT)
D. All the above

Answer: A

NEW QUESTION 104

An active vulnerability scanner featuring high speed discovery, configuration auditing, asset profiling, sensitive data discovery, and vulnerability analysis is called:

A. Nessus
B. CyberCop
C. EtherApe
D. nmap

Answer: A

NEW QUESTION 105

The free, open source, TCP/IP protocol analyzer, sniffer and packet capturing utility standard across many industries and educational institutions is known as:

A. Snort
B. Wireshark
C. Cain & Able
D. nmap

Answer: B

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

Welcome to download the Newest 2passeasy 212-89 dumps
https://www.2passeasy.com/dumps/212-89/ (163 New Questions)

NEW QUESTION 108

The very well-known free open source port, OS and service scanner and network discovery utility is called:

A. Wireshark
B. Nmap (Network Mapper)
C. Snort
D. SAINT

Answer: B

NEW QUESTION 111

The open source TCP/IP network intrusion prevention and detection system (IDS/IPS), uses a rule-driven language, performs real-time traffic analysis and packet
logging is known as:

A. Snort
B. Wireshark
C. Nessus
D. SAINT

Answer: A

NEW QUESTION 112

A Malicious code attack using emails is considered as:

A. Malware based attack

B. Email attack
C. Inappropriate usage incident
D. Multiple component attack

Answer: D

NEW QUESTION 116

They type of attack that prevents the authorized users to access networks, systems, or applications by exhausting the network resources and sending illegal
requests to an application is known as:

A. Session Hijacking attack

B. Denial of Service attack
C. Man in the Middle attack
D. SQL injection attack

Answer: B

NEW QUESTION 117

A malware code that infects computer files, corrupts or deletes the data in them and requires a host file to propagate is called:

A. Trojan
B. Worm
C. Virus
D. RootKit

Answer: C

NEW QUESTION 121

______ attach(es) to files

A. adware
B. Spyware
C. Viruses
D. Worms

Answer: C

NEW QUESTION 124

The message that is received and requires an urgent action and it prompts the recipient to delete certain files or forward it to others is called:

A. An Adware
B. Mail bomb
C. A Virus Hoax
D. Spear Phishing

Answer: C

NEW QUESTION 125

The Malicious code that is installed on the computer without user’s knowledge to acquire information from the user’s machine and send it to the attacker who can
access it remotely is called:

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

Welcome to download the Newest 2passeasy 212-89 dumps
https://www.2passeasy.com/dumps/212-89/ (163 New Questions)

A. Spyware
B. Logic Bomb
C. Trojan
D. Worm

Answer: A

NEW QUESTION 127

Which of the following is NOT one of the common techniques used to detect Insider threats:

A. Spotting an increase in their performance

B. Observing employee tardiness and unexplained absenteeism
C. Observing employee sick leaves
D. Spotting conflicts with supervisors and coworkers

Answer: A

NEW QUESTION 132

Which of the following is NOT one of the techniques used to respond to insider threats:

A. Placing malicious users in quarantine network, so that attack cannot be spread

B. Preventing malicious users from accessing unclassified information
C. Disabling the computer systems from network connection
D. Blocking malicious user accounts

Answer: B

NEW QUESTION 136

Authorized users with privileged access who misuse the corporate informational assets and directly affects the confidentiality, integrity, and availability of the
assets are known as:

A. Outsider threats
B. Social Engineers
C. Insider threats
D. Zombies

Answer: C

NEW QUESTION 139

The USB tool (depicted below) that is connected to male USB Keyboard cable and not detected by antispyware tools is most likely called:

A. Software Key Grabber

B. Hardware Keylogger
C. USB adapter
D. Anti-Keylogger

Answer: B

NEW QUESTION 144

Which of the following is NOT a digital forensic analysis tool:

A. Access Data FTK

B. EAR/ Pilar
C. Guidance Software EnCase Forensic
D. Helix

Answer: B

NEW QUESTION 146

The Linux command used to make binary copies of computer media and as a disk imaging tool if given a raw disk device as its input is:

A. “dd” command
B. “netstat” command

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

Welcome to download the Newest 2passeasy 212-89 dumps
https://www.2passeasy.com/dumps/212-89/ (163 New Questions)

C. “nslookup” command
D. “find” command

Answer: A

NEW QUESTION 151

A. “arp” command
B. “netstat –an” command
C. “dd” command
D. “ifconfig” command

Answer: A

NEW QUESTION 153

A. Digital Forensic Examiner

B. Computer Forensic Investigator
C. Computer Hacking Forensic Investigator
D. All the above

Answer: D

NEW QUESTION 158

To recover, analyze, and preserve computer and related materials in such a way that it can be presented as evidence in a court of law and identify the evidence in
short time, estimate the potential impact of the malicious activity on the victim, and assess the intent and identity of the perpetrator is known as:

A. Computer Forensics
B. Digital Forensic Analysis
C. Forensic Readiness
D. Digital Forensic Examiner

Answer: B

NEW QUESTION 161

Any information of probative value that is either stored or transmitted in a digital form during a computer crime is called:

A. Digital evidence
B. Computer Emails
C. Digital investigation
D. Digital Forensic Examiner

Answer: A

NEW QUESTION 164

Which of the following is NOT one of the Computer Forensic types:

A. USB Forensics
B. Email Forensics
C. Forensic Archaeology
D. Image Forensics

Answer: C

NEW QUESTION 167

The person who offers his formal opinion as a testimony about a computer crime incident in the court of law is known as:

A. Expert Witness
B. Incident Analyzer
C. Incident Responder
D. Evidence Documenter

Answer: A

NEW QUESTION 170

Electronic evidence may reside in the following:

A. Data Files
B. Backup tapes
C. Other media sources
D. All the above

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

Welcome to download the Newest 2passeasy 212-89 dumps
https://www.2passeasy.com/dumps/212-89/ (163 New Questions)

Answer: D

NEW QUESTION 174

A methodical series of techniques and procedures for gathering evidence, from computing equipment and various storage devices and digital media, that can be
presented in a court of law in a coherent and meaningful format is called:

A. Forensic Analysis
B. Computer Forensics
C. Forensic Readiness
D. Steganalysis

Answer: B

NEW QUESTION 179

According to US-CERT; if an agency is unable to successfully mitigate a DOS attack it must be reported within:

A. One (1) hour of discovery/detection if the successful attack is still ongoing

B. Two (2) hours of discovery/detection if the successful attack is still ongoing
C. Three (3) hours of discovery/detection if the successful attack is still ongoing
D. Four (4) hours of discovery/detection if the successful attack is still ongoing

Answer: B

NEW QUESTION 183

Incident may be reported using/ by:

A. Phone call
B. Facsimile (Fax)
C. Email or on-line Web form
D. All the above

Answer: D

NEW QUESTION 186

Business Continuity planning includes other plans such as:

A. Incident/disaster recovery plan

B. Business recovery and resumption plans
C. Contingency plan
D. All the above

Answer: D

NEW QUESTION 190

Business Continuity provides a planning methodology that allows continuity in business operations:

A. Before and after a disaster

B. Before a disaster
C. Before, during and after a disaster
D. During and after a disaster

Answer: C

NEW QUESTION 195

The steps followed to recover computer systems after an incident are:

A. System restoration, validation, operation and monitoring

B. System restoration, operation, validation, and monitoring
C. System monitoring, validation, operation and restoration
D. System validation, restoration, operation and monitoring

Answer: A

NEW QUESTION 199

The product of intellect that has commercial value and includes copyrights and trademarks is called:

A. Intellectual property
B. Trade secrets
C. Logos
D. Patents

Answer: A

NEW QUESTION 201

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

Welcome to download the Newest 2passeasy 212-89 dumps
https://www.2passeasy.com/dumps/212-89/ (163 New Questions)

......

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

Welcome to download the Newest 2passeasy 212-89 dumps
https://www.2passeasy.com/dumps/212-89/ (163 New Questions)

THANKS FOR TRYING THE DEMO OF OUR PRODUCT

Visit Our Site to Purchase the Full Set of Actual 212-89 Exam Questions With Answers.

We Also Provide Practice Exam Software That Simulates Real Exam Environment And Has Many Self-Assessment Features. Order the
212-89 Product From:

https://www.2passeasy.com/dumps/212-89/

Money Back Guarantee

212-89 Practice Exam Features:

* 212-89 Questions and Answers Updated Frequently

* 212-89 Practice Questions Verified by Expert Senior Certified Staff

* 212-89 Most Realistic Questions that Guarantee you a Pass on Your FirstTry

* 212-89 Practice Test Questions in Multiple Choice Formats and Updatesfor 1 Year

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

Powered by TCPDF (www.tcpdf.org)
We recommend you to try the PREMIUM 212-89 Dumps From Exambible
https://www.exambible.com/212-89-exam/ (163 Q&As)

EC-Council
Exam Questions 212-89
EC Council Certified Incident Handler (ECIH v2)

Your Partner of IT Exam visit - https://www.exambible.com

We recommend you to try the PREMIUM 212-89 Dumps From Exambible
https://www.exambible.com/212-89-exam/ (163 Q&As)

About Exambible

Your Partner of IT Exam

Found in 1998

Exambible is a company specialized on providing high quality IT exam practice study materials, especially Cisco CCNA, CCDA,
CCNP, CCIE, Checkpoint CCSE, CompTIA A+, Network+ certification practice exams and so on. We guarantee that the
candidates will not only pass any IT exam at the first attempt but also get profound understanding about the certificates they have
got. There are so many alike companies in this industry, however, Exambible has its unique advantages that other companies could
not achieve.

Our Advances

* 99.9% Uptime
All examinations will be up to date.
* 24/7 Quality Support
We will provide service round the clock.
* 100% Pass Rate
Our guarantee that you will pass the exam.
* Unique Gurantee
If you do not pass the exam at the first time, we will not only arrange FULL REFUND for you, but also provide you another
exam of your claim, ABSOLUTELY FREE!

Your Partner of IT Exam visit - https://www.exambible.com

We recommend you to try the PREMIUM 212-89 Dumps From Exambible
https://www.exambible.com/212-89-exam/ (163 Q&As)

NEW QUESTION 1
The flow chart gives a view of different roles played by the different personnel of CSIRT. Identify the incident response personnel denoted by A, B, C, D, E, F and
G.

Answer: C

NEW QUESTION 2
A computer Risk Policy is a set of ideas to be implemented to overcome the risk associated with computer security incidents. Identify the procedure that is NOT
part of the computer risk policy?

A. Procedure to identify security funds to hedge risk

Answer: C

NEW QUESTION 3
Identify the network security incident where intended authorized users are prevented from using system, network, or applications by flooding the network with high
volume of traffic that consumes all existing network
resources.

A. URL Manipulation
B. XSS Attack
C. SQL Injection
D. Denial of Service Attack

Answer: D

NEW QUESTION 4
Risk is defined as the probability of the occurrence of an incident. Risk formulation generally begins with the likeliness of an event’s occurrence, the harm it may
cause and is usually denoted as Risk = ?(events)X (Probability of occurrence)X?

A. Magnitude
B. Probability
C. Consequences
D. Significance

Answer: A

NEW QUESTION 5
An audit trail policy collects all audit trails such as series of records of computer events, about an operating system, application or user activities. Which of the
following statements is NOT true for an audit trail policy:

A. It helps calculating intangible losses to the organization due to incident

Answer: A

NEW QUESTION 6
US-CERT and Federal civilian agencies use the reporting timeframe criteria in the federal agency reporting categorization. What is the timeframe required to report
an incident under the CAT 4 Federal Agency category?

Your Partner of IT Exam visit - https://www.exambible.com

We recommend you to try the PREMIUM 212-89 Dumps From Exambible
https://www.exambible.com/212-89-exam/ (163 Q&As)

Answer: A

NEW QUESTION 7
Policies are designed to protect the organizational resources on the network by establishing the set rules and procedures. Which of the following policies
authorizes a group of users to perform a set of actions on a set of resources?

A. Access control policy

B. Audit trail policy
C. Logging policy
D. Documentation policy

Answer: A

NEW QUESTION 8
An incident is analyzed for its nature, intensity and its effects on the network and systems. Which stage of the incident response and handling process involves
auditing the system and network log files?

A. Incident recording
B. Reporting
C. Containment
D. Identification

Answer: D

NEW QUESTION 9
Which among the following CERTs is an Internet provider to higher education institutions and various other research institutions in the Netherlands and deals with
all cases related to computer security incidents in which a customer is involved either as a victim or as a suspect?

A. NET-CERT
B. DFN-CERT
C. Funet CERT
D. SURFnet-CERT

Answer: D

NEW QUESTION 10
One of the main objectives of incident management is to prevent incidents and attacks by tightening the physical security of the system or infrastructure. According
to CERT’s incident management process, which stage focuses on implementing infrastructure improvements resulting from postmortem reviews or other process
improvement mechanisms?

A. Protection
B. Preparation
C. Detection
D. Triage

Answer: A

NEW QUESTION 10
Risk management consists of three processes, risk assessment, mitigation and evaluation. Risk assessment determines the extent of the potential threat and the
risk associated with an IT system through its SDLC. How many primary steps does NIST’s risk assessment methodology involve?

A. Twelve
B. Four
C. Six
D. Nine

Answer: D

NEW QUESTION 14
Insider threats can be detected by observing concerning behaviors exhibited by insiders, such as conflicts with supervisors and coworkers, decline in performance,
tardiness or unexplained absenteeism. Select the technique that helps in detecting insider threats:

A. Correlating known patterns of suspicious and malicious behavior

Answer: A

NEW QUESTION 15
Which policy recommends controls for securing and tracking organizational resources:

A. Access control policy

B. Administrative security policy
C. Acceptable use policy

Your Partner of IT Exam visit - https://www.exambible.com

We recommend you to try the PREMIUM 212-89 Dumps From Exambible
https://www.exambible.com/212-89-exam/ (163 Q&As)

D. Asset control policy

Answer: D

NEW QUESTION 16
Except for some common roles, the roles in an IRT are distinct for every organization. Which among the following is the role played by the Incident Coordinator of
an IRT?

Answer: B

NEW QUESTION 21
The data on the affected system must be backed up so that it can be retrieved if it is damaged during incident response. The system backup can also be used for
further investigations of the incident. Identify the stage of the incident response and handling process in which complete backup of the infected system is carried
out?

A. Containment
B. Eradication
C. Incident recording
D. Incident investigation

Answer: A

NEW QUESTION 25
In a qualitative risk analysis, risk is calculated in terms of:

A. (Attack Success + Criticality ) –(Countermeasures)

B. Asset criticality assessment – (Risks and Associated Risk Levels)
C. Probability of Loss X Loss
D. (Countermeasures + Magnitude of Impact) – (Reports from prior risk assessments)

Answer: C

NEW QUESTION 29
A computer virus hoax is a message warning the recipient of non-existent computer virus. The message is usually a chain e-mail that tells the recipient to forward it
to every one they know. Which of the following is NOT a symptom of virus hoax message?

Answer: A

NEW QUESTION 31
In which of the steps of NIST’s risk assessment methodology are the boundary of the IT system, along with the resources and the information that constitute the
system identified?

A. Likelihood Determination
B. Control recommendation
C. System characterization
D. Control analysis

Answer: C

NEW QUESTION 35
ADAM, an employee from a multinational company, uses his company’s accounts to send e-mails to a third party with their spoofed mail address. How can you
categorize this type of account?

A. Inappropriate usage incident

B. Unauthorized access incident
C. Network intrusion incident
D. Denial of Service incident

Answer: A

NEW QUESTION 39
An access control policy authorized a group of users to perform a set of actions on a set of resources. Access to resources is based on necessity and if a particular
job role requires the use of those resources. Which of the following is NOT a fundamental element of access control policy

A. Action group: group of actions performed by the users on resources

Your Partner of IT Exam visit - https://www.exambible.com

We recommend you to try the PREMIUM 212-89 Dumps From Exambible
https://www.exambible.com/212-89-exam/ (163 Q&As)

B. Development group: group of persons who develop the policy

C. Resource group: resources controlled by the policy
D. Access group: group of users to which the policy applies

Answer: B

NEW QUESTION 44
An estimation of the expected losses after an incident helps organization in prioritizing and formulating their incident response. The cost of an incident can be
categorized as a tangible and intangible cost. Identify the tangible cost associated with virus outbreak?

A. Loss of goodwill
B. Damage to corporate reputation
C. Psychological damage
D. Lost productivity damage

Answer: D

NEW QUESTION 48
One of the goals of CSIRT is to manage security problems by taking a certain approach towards the customers’ security vulnerabilities and by responding
effectively to potential information security incidents. Identify the incident response approach that focuses on developing the infrastructure and security processes
before the occurrence or detection of an event or any incident:

A. Interactive approach
B. Introductive approach
C. Proactive approach
D. Qualitative approach

Answer: C

NEW QUESTION 51
A computer forensic investigator must perform a proper investigation to protect digital evidence. During the investigation, an investigator needs to process large
amounts of data using a combination of automated and manual methods. Identify the computer forensic process involved:

A. Analysis
B. Preparation
C. Examination
D. Collection

Answer: C

NEW QUESTION 55
Incident management team provides support to all users in the organization that are affected by the threat or attack. The organization’s internal auditor is part of
the incident response team. Identify one of the responsibilities of the internal auditor as part of the incident response team:

A. Configure information security controls

Answer: C

NEW QUESTION 57
An assault on system security that is derived from an intelligent threat is called:

A. Threat Agent
B. Vulnerability
C. Attack
D. Risk

Answer: C

NEW QUESTION 58
The largest number of cyber-attacks are conducted by:

A. Insiders
B. Outsiders
C. Business partners
D. Suppliers

Answer: B

NEW QUESTION 60
The sign of incident that may happen in the future is called:

A. A Precursor

Your Partner of IT Exam visit - https://www.exambible.com

We recommend you to try the PREMIUM 212-89 Dumps From Exambible
https://www.exambible.com/212-89-exam/ (163 Q&As)

B. An Indication
C. A Proactive
D. A Reactive

Answer: A

NEW QUESTION 61
Incidents such as DDoS that should be handled immediately may be considered as:

A. Level One incident

B. Level Two incident
C. Level Three incident
D. Level Four incident

Answer: C

NEW QUESTION 66
Incident prioritization must be based on:

A. Potential impact
B. Current damage
C. Criticality of affected systems
D. All the above

Answer: D

NEW QUESTION 69
A payroll system has a vulnerability that cannot be exploited by current technology. Which of the following is correct about this scenario:

A. The risk must be urgently mitigated

B. The risk must be transferred immediately
C. The risk is not present at this time
D. The risk is accepted

Answer: C

NEW QUESTION 70
Overall Likelihood rating of a Threat to Exploit a Vulnerability is driven by :

A. Threat-source motivation and capability

B. Nature of the vulnerability
C. Existence and effectiveness of the current controls
D. All the above

Answer: D

NEW QUESTION 75
Adam calculated the total cost of a control to protect 10,000 $ worth of data as 20,000 $. What do you advise Adam to do?

A. Apply the control

B. Not to apply the control
C. Use qualitative risk assessment
D. Use semi-qualitative risk assessment instead

Answer: B

NEW QUESTION 78
What is correct about Quantitative Risk Analysis:

A. It is Subjective but faster than Qualitative Risk Analysis

B. Easily automated
C. Better than Qualitative Risk Analysis
D. Uses levels and descriptive expressions

Answer: B

NEW QUESTION 82
In NIST risk assessment/ methodology; the process of identifying the boundaries of an IT system along with the resources and information that constitute the
system is known as:

A. Asset Identification
B. System characterization
C. Asset valuation
D. System classification

Your Partner of IT Exam visit - https://www.exambible.com

We recommend you to try the PREMIUM 212-89 Dumps From Exambible
https://www.exambible.com/212-89-exam/ (163 Q&As)

Answer: B

NEW QUESTION 83
What is the best staffing model for an incident response team if current employees’ expertise is very low?

A. Fully outsourced
B. Partially outsourced
C. Fully insourced
D. All the above

Answer: A

NEW QUESTION 86
The correct sequence of incident management process is:

A. Prepare, protect, triage, detect and respond

B. Prepare, protect, detect, triage and respond
C. Prepare, detect, protect, triage and respond
D. Prepare, protect, detect, respond and triage

Answer: B

NEW QUESTION 87
The service organization that provides 24x7 computer security incident response services to any user, company, government agency, or organization is known as:

A. Computer Security Incident Response Team CSIRT

B. Security Operations Center SOC
C. Digital Forensics Examiner
D. Vulnerability Assessor

Answer: A

NEW QUESTION 89
The main feature offered by PGP Desktop Email is:

A. Email service during incidents

B. End-to-end email communications
C. End-to-end secure email service
D. None of the above

Answer: C

NEW QUESTION 94
Which of the following service(s) is provided by the CSIRT:

A. Vulnerability handling
B. Technology watch
C. Development of security tools
D. All the above

Answer: D

NEW QUESTION 96
CERT members can provide critical support services to first responders such as:

A. Immediate assistance to victims

B. Consolidated automated service process management platform
C. Organizing spontaneous volunteers at a disaster site
D. A + C

Answer: D

NEW QUESTION 97
The region where the CSIRT is bound to serve and what does it and give service to is known as:

A. Consistency
B. Confidentiality
C. Constituency
D. None of the above

Answer: C

NEW QUESTION 101

Common name(s) for CSIRT is(are)

Your Partner of IT Exam visit - https://www.exambible.com

We recommend you to try the PREMIUM 212-89 Dumps From Exambible
https://www.exambible.com/212-89-exam/ (163 Q&As)

A. Incident Handling Team (IHT)

B. Incident Response Team (IRT)
C. Security Incident Response Team (SIRT)
D. All the above

Answer: D

NEW QUESTION 103

An active vulnerability scanner featuring high speed discovery, configuration auditing, asset profiling, sensitive data discovery, and vulnerability analysis is called:

A. Nessus
B. CyberCop
C. EtherApe
D. nmap

Answer: A

NEW QUESTION 104

Installing a password cracking tool, downloading pornography material, sending emails to colleagues which irritates them and hosting unauthorized websites on
the company’s computer are considered:

A. Network based attacks

B. Unauthorized access attacks
C. Malware attacks
D. Inappropriate usage incidents

Answer: D

NEW QUESTION 106

The very well-known free open source port, OS and service scanner and network discovery utility is called:

A. Wireshark
B. Nmap (Network Mapper)
C. Snort
D. SAINT

Answer: B

NEW QUESTION 110

A Malicious code attack using emails is considered as:

A. Malware based attack

B. Email attack
C. Inappropriate usage incident
D. Multiple component attack

Answer: D

NEW QUESTION 112

They type of attack that prevents the authorized users to access networks, systems, or applications by exhausting the network resources and sending illegal
requests to an application is known as:

A. Session Hijacking attack

B. Denial of Service attack
C. Man in the Middle attack
D. SQL injection attack

Answer: B

NEW QUESTION 113

A malware code that infects computer files, corrupts or deletes the data in them and requires a host file to propagate is called:

A. Trojan
B. Worm
C. Virus
D. RootKit

Answer: C

NEW QUESTION 118

_____ record(s) user’s typing.

A. Spyware
B. adware
C. Virus

Your Partner of IT Exam visit - https://www.exambible.com

We recommend you to try the PREMIUM 212-89 Dumps From Exambible
https://www.exambible.com/212-89-exam/ (163 Q&As)

D. Malware

Answer: A

NEW QUESTION 120

A. Trojan
B. Worm
C. Virus
D. RootKit

Answer: B

NEW QUESTION 124

A malicious security-breaking code that is disguised as any useful program that installs an executable programs when a file is opened and allows others to control
the victim’s system is called:

A. Trojan
B. Worm
C. Virus
D. RootKit

Answer: A

NEW QUESTION 126

The main difference between viruses and worms is:

A. Worms require a host file to propagate while viruses don’t

Answer: B

NEW QUESTION 131

The sign(s) of the presence of malicious code on a host infected by a virus which is delivered via e-mail could be:

A. Antivirus software detects the infected files

B. Increase in the number of e-mails sent and received
C. System files become inaccessible
D. All the above

Answer: D

NEW QUESTION 132

Which is the incorrect statement about Anti-keyloggers scanners:

A. Detect already installed Keyloggers in victim machines

B. Run in stealthy mode to record victims online activity
C. Software tools

Answer: B

NEW QUESTION 134

The USB tool (depicted below) that is connected to male USB Keyboard cable and not detected by antispyware tools is most likely called:

Your Partner of IT Exam visit - https://www.exambible.com

We recommend you to try the PREMIUM 212-89 Dumps From Exambible
https://www.exambible.com/212-89-exam/ (163 Q&As)

A. Software Key Grabber

B. Hardware Keylogger
C. USB adapter
D. Anti-Keylogger

Answer: B

NEW QUESTION 139

Which of the following is NOT a digital forensic analysis tool:

A. Access Data FTK

B. EAR/ Pilar
C. Guidance Software EnCase Forensic
D. Helix

Answer: B

NEW QUESTION 141

The Linux command used to make binary copies of computer media and as a disk imaging tool if given a raw disk device as its input is:

A. “dd” command
B. “netstat” command
C. “nslookup” command
D. “find” command

Answer: A

NEW QUESTION 145

A. “arp” command
B. “netstat –an” command
C. “dd” command
D. “ifconfig” command

Answer: A

NEW QUESTION 147

A. Digital Forensic Examiner

B. Computer Forensic Investigator
C. Computer Hacking Forensic Investigator
D. All the above

Answer: D

NEW QUESTION 152

Incidents are reported in order to:

A. Provide stronger protection for systems and data

B. Deal properly with legal issues
C. Be prepared for handling future incidents
D. All the above

Answer: D

NEW QUESTION 157

According to US-CERT; if an agency is unable to successfully mitigate a DOS attack it must be reported within:

A. One (1) hour of discovery/detection if the successful attack is still ongoing

Answer: B

NEW QUESTION 162

To whom should an information security incident be reported?

A. It should not be reported at all and it is better to resolve it internally

B. Human resources and Legal Department
C. It should be reported according to the incident reporting & handling policy

Your Partner of IT Exam visit - https://www.exambible.com

We recommend you to try the PREMIUM 212-89 Dumps From Exambible
https://www.exambible.com/212-89-exam/ (163 Q&As)

D. Chief Information Security Officer

Answer: C

NEW QUESTION 165

Business Continuity planning includes other plans such as:

A. Incident/disaster recovery plan

B. Business recovery and resumption plans
C. Contingency plan
D. All the above

Answer: D

NEW QUESTION 167

The most common type(s) of intellectual property is(are):

A. Copyrights and Trademarks

B. Patents
C. Industrial design rights & Trade secrets
D. All the above

Answer: D

NEW QUESTION 170

Bit stream image copy of the digital evidence must be performed in order to:

A. Prevent alteration to the original disk

B. Copy the FAT table
C. Copy all disk sectors including slack space
D. All the above

Answer: C

NEW QUESTION 172

According to the Evidence Preservation policy, a forensic investigator should make at least ..................... image copies of the digital evidence.

A. One image copy

B. Two image copies
C. Three image copies
D. Four image copies

Answer: B

NEW QUESTION 174

A living high level document that states in writing a requirement and directions on how an agency plans to protect its information technology assets is called:

A. Information security Policy

B. Information security Procedure
C. Information security Baseline
D. Information security Standard

Answer: A

NEW QUESTION 176

......

Your Partner of IT Exam visit - https://www.exambible.com

We recommend you to try the PREMIUM 212-89 Dumps From Exambible
https://www.exambible.com/212-89-exam/ (163 Q&As)

Relate Links

100% Pass Your 212-89 Exam with Exambible Prep Materials

https://www.exambible.com/212-89-exam/

We are proud of our high-quality customer service, which serves you around the clock 24/7.

Viste - https://www.exambible.com/

Your Partner of IT Exam visit - https://www.exambible.com

Powered by TCPDF (www.tcpdf.org)
Welcome to download the Newest 2passeasy 212-89 dumps
https://www.2passeasy.com/dumps/212-89/ (163 New Questions)

Exam Questions 212-89

EC Council Certified Incident Handler (ECIH v2)

https://www.2passeasy.com/dumps/212-89/

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

Welcome to download the Newest 2passeasy 212-89 dumps
https://www.2passeasy.com/dumps/212-89/ (163 New Questions)

Answer: A

NEW QUESTION 2
Business continuity is defined as the ability of an organization to continue to function even after a disastrous event, accomplished through the deployment of
redundant hardware and software, the use of fault tolerant systems, as well as a solid backup and recovery strategy. Identify the plan which is mandatory part of a
business continuity plan?

A. Forensics Procedure Plan

B. Business Recovery Plan
C. Sales and Marketing plan
D. New business strategy plan

Answer: B

NEW QUESTION 3
Quantitative risk is the numerical determination of the probability of an adverse event and the extent of the losses due to the event. Quantitative risk is calculated
as:

A. (Probability of Loss) X (Loss)

B. (Loss) / (Probability of Loss)
C. (Probability of Loss) / (Loss)
D. Significant Risks X Probability of Loss X Loss

Answer: A

NEW QUESTION 4
An incident recovery plan is a statement of actions that should be taken before, during or after an incident. Identify which of the following is NOT an objective of the
incident recovery plan?

A. Creating new business processes to maintain profitability after incident

B. Providing a standard for testing the recovery plan
C. Avoiding the legal liabilities arising due to incident
D. Providing assurance that systems are reliable

Answer: A

NEW QUESTION 5
Computer forensics is methodical series of techniques and procedures for gathering evidence from computing equipment, various storage devices and or digital
media that can be presented in a course of law in a coherent and meaningful format. Which one of the following is an appropriate flow of steps in the computer
forensics process:

A. Examination> Analysis > Preparation > Collection > Reporting

B. Preparation > Analysis > Collection > Examination > Reporting
C. Analysis > Preparation > Collection > Reporting > Examination
D. Preparation > Collection > Examination > Analysis > Reporting

Answer: D

NEW QUESTION 6
Multiple component incidents consist of a combination of two or more attacks in a system. Which of the following is not a multiple component incident?

A. An insider intentionally deleting files from a workstation

Answer: A

A. Access control policy

B. Audit trail policy
C. Logging policy

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

Welcome to download the Newest 2passeasy 212-89 dumps
https://www.2passeasy.com/dumps/212-89/ (163 New Questions)

D. Documentation policy

Answer: A

NEW QUESTION 8
When an employee is terminated from his or her job, what should be the next immediate step taken by an organization?

Answer: A

NEW QUESTION 9
A threat source does not present a risk if NO vulnerability that can be exercised for a particular threat source. Identify the step in which different threat sources are
defined:

A. Identification Vulnerabilities
B. Control analysis
C. Threat identification
D. System characterization

Answer: C

NEW QUESTION 10
Which among the following CERTs is an Internet provider to higher education institutions and various other research institutions in the Netherlands and deals with
all cases related to computer security incidents in which a customer is involved either as a victim or as a suspect?

A. NET-CERT
B. DFN-CERT
C. Funet CERT
D. SURFnet-CERT

Answer: D

A. Twelve
B. Four
C. Six
D. Nine

Answer: D

NEW QUESTION 15
Insider threats can be detected by observing concerning behaviors exhibited by insiders, such as conflicts with supervisors and coworkers, decline in performance,
tardiness or unexplained absenteeism. Select the technique that helps in detecting insider threats:

A. Correlating known patterns of suspicious and malicious behavior

Answer: A

NEW QUESTION 17
The insider risk matrix consists of technical literacy and business process knowledge vectors. Considering the matrix, one can conclude that:

Answer: D

NEW QUESTION 22

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

Welcome to download the Newest 2passeasy 212-89 dumps
https://www.2passeasy.com/dumps/212-89/ (163 New Questions)

Which one of the following is the correct sequence of flow of the stages in an incident response:

A. Containment - Identification - Preparation - Recovery - Follow-up - Eradication

Answer: B

NEW QUESTION 23
In a qualitative risk analysis, risk is calculated in terms of:

A. (Attack Success + Criticality ) –(Countermeasures)

B. Asset criticality assessment – (Risks and Associated Risk Levels)
C. Probability of Loss X Loss
D. (Countermeasures + Magnitude of Impact) – (Reports from prior risk assessments)

Answer: C

NEW QUESTION 26
ADAM, an employee from a multinational company, uses his company’s accounts to send e-mails to a third party with their spoofed mail address. How can you
categorize this type of account?

A. Inappropriate usage incident

B. Unauthorized access incident
C. Network intrusion incident
D. Denial of Service incident

Answer: A

NEW QUESTION 27
An access control policy authorized a group of users to perform a set of actions on a set of resources. Access to resources is based on necessity and if a particular
job role requires the use of those resources. Which of the following is NOT a fundamental element of access control policy

A. Action group: group of actions performed by the users on resources

B. Development group: group of persons who develop the policy
C. Resource group: resources controlled by the policy
D. Access group: group of users to which the policy applies

Answer: B

NEW QUESTION 30
The type of relationship between CSIRT and its constituency have an impact on the services provided by the CSIRT. Identify the level of the authority that enables
members of CSIRT to undertake any necessary actions on behalf of their constituency?

A. Full-level authority
B. Mid-level authority
C. Half-level authority
D. Shared-level authority

Answer: A

NEW QUESTION 35
Digital evidence plays a major role in prosecuting cyber criminals. John is a cyber-crime investigator, is asked to investigate a child pornography case. The
personal computer of the criminal in question was confiscated by the county police. Which of the following evidence will lead John in his investigation?

A. SAM file
B. Web serve log
C. Routing table list
D. Web browser history

Answer: D

NEW QUESTION 38
An estimation of the expected losses after an incident helps organization in prioritizing and formulating their incident response. The cost of an incident can be
categorized as a tangible and intangible cost. Identify the tangible cost associated with virus outbreak?

A. Loss of goodwill
B. Damage to corporate reputation
C. Psychological damage
D. Lost productivity damage

Answer: D

NEW QUESTION 43

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

Welcome to download the Newest 2passeasy 212-89 dumps
https://www.2passeasy.com/dumps/212-89/ (163 New Questions)

Which of the following incidents are reported under CAT -5 federal agency category?

A. Exercise/ Network Defense Testing

B. Malicious code
C. Scans/ probes/ Attempted Access
D. Denial of Service DoS

Answer: C

NEW QUESTION 46
One of the goals of CSIRT is to manage security problems by taking a certain approach towards the customers’ security vulnerabilities and by responding
effectively to potential information security incidents. Identify the incident response approach that focuses on developing the infrastructure and security processes
before the occurrence or detection of an event or any incident:

A. Interactive approach
B. Introductive approach
C. Proactive approach
D. Qualitative approach

Answer: C

NEW QUESTION 48
Based on the some statistics; what is the typical number one top incident?

A. Phishing
B. Policy violation
C. Un-authorized access
D. Malware

Answer: A

NEW QUESTION 52
The IDS and IPS system logs indicating an unusual deviation from typical network traffic flows; this is called:

A. A Precursor
B. An Indication
C. A Proactive
D. A Reactive

Answer: B

NEW QUESTION 54
The largest number of cyber-attacks are conducted by:

A. Insiders
B. Outsiders
C. Business partners
D. Suppliers

Answer: B

NEW QUESTION 57
Incidents such as DDoS that should be handled immediately may be considered as:

A. Level One incident

B. Level Two incident
C. Level Three incident
D. Level Four incident

Answer: C

NEW QUESTION 61
Total cost of disruption of an incident is the sum of

A. Tangible and Intangible costs

B. Tangible cost only
C. Intangible cost only
D. Level Two and Level Three incidents cost

Answer: A

NEW QUESTION 66
An information security incident is

A. Any real or suspected adverse event in relation to the security of computer systems or networks

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

Welcome to download the Newest 2passeasy 212-89 dumps
https://www.2passeasy.com/dumps/212-89/ (163 New Questions)

B. Any event that disrupts normal today’s business functions

C. Any event that breaches the availability of information assets
D. All of the above

Answer: D

NEW QUESTION 71
Which of the following can be considered synonymous:

A. Hazard and Threat

B. Threat and Threat Agent
C. Precaution and countermeasure
D. Vulnerability and Danger

Answer: A

NEW QUESTION 76
Overall Likelihood rating of a Threat to Exploit a Vulnerability is driven by :

A. Threat-source motivation and capability

B. Nature of the vulnerability
C. Existence and effectiveness of the current controls
D. All the above

Answer: D

NEW QUESTION 80
The left over risk after implementing a control is called:

A. Residual risk
B. Unaccepted risk
C. Low risk
D. Critical risk

Answer: A

NEW QUESTION 82
Which of the following is a risk assessment tool:

A. Nessus
B. Wireshark
C. CRAMM
D. Nmap

Answer: C

NEW QUESTION 83
Preventing the incident from spreading and limiting the scope of the incident is known as:

A. Incident Eradication
B. Incident Protection
C. Incident Containment
D. Incident Classification

Answer: C

NEW QUESTION 84
What is the best staffing model for an incident response team if current employees’ expertise is very low?

A. Fully outsourced
B. Partially outsourced
C. Fully insourced
D. All the above

Answer: A

NEW QUESTION 87
Which of the following is an incident tracking, reporting and handling tool:

A. CRAMM
B. RTIR
C. NETSTAT
D. EAR/ Pilar

Answer: B

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

Welcome to download the Newest 2passeasy 212-89 dumps
https://www.2passeasy.com/dumps/212-89/ (163 New Questions)

NEW QUESTION 92
Removing or eliminating the root cause of the incident is called:

A. Incident Eradication
B. Incident Protection
C. Incident Containment
D. Incident Classification

Answer: A

NEW QUESTION 97
Which of the following service(s) is provided by the CSIRT:

A. Vulnerability handling
B. Technology watch
C. Development of security tools
D. All the above

Answer: D

NEW QUESTION 100

The program that helps to train people to be better prepared to respond to emergency situations in their communities is known as:

A. Community Emergency Response Team (CERT)

B. Incident Response Team (IRT)
C. Security Incident Response Team (SIRT)
D. All the above

Answer: A

NEW QUESTION 105

Common name(s) for CSIRT is(are)

A. Incident Handling Team (IHT)

B. Incident Response Team (IRT)
C. Security Incident Response Team (SIRT)
D. All the above

Answer: D

NEW QUESTION 106

The free, open source, TCP/IP protocol analyzer, sniffer and packet capturing utility standard across many industries and educational institutions is known as:

A. Snort
B. Wireshark
C. Cain & Able
D. nmap

Answer: B

NEW QUESTION 107

Installing a password cracking tool, downloading pornography material, sending emails to colleagues which irritates them and hosting unauthorized websites on
the company’s computer are considered:

A. Network based attacks

B. Unauthorized access attacks
C. Malware attacks
D. Inappropriate usage incidents

Answer: D

NEW QUESTION 110

To respond to DDoS attacks; one of the following strategies can be used:

A. Using additional capacity to absorb attack

B. Identifying none critical services and stopping them
C. Shut down some services until the attack has subsided
D. All the above

Answer: D

NEW QUESTION 115

The very well-known free open source port, OS and service scanner and network discovery utility is called:

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

Welcome to download the Newest 2passeasy 212-89 dumps
https://www.2passeasy.com/dumps/212-89/ (163 New Questions)

A. Wireshark
B. Nmap (Network Mapper)
C. Snort
D. SAINT

Answer: B

NEW QUESTION 120

In a DDoS attack, attackers first infect multiple systems, which are then used to attack a particular target directly. Those systems are called:

A. Honey Pots
B. Relays
C. Zombies
D. Handlers

Answer: C

NEW QUESTION 123

The open source TCP/IP network intrusion prevention and detection system (IDS/IPS), uses a rule-driven language, performs real-time traffic analysis and packet
logging is known as:

A. Snort
B. Wireshark
C. Nessus
D. SAINT

Answer: A

NEW QUESTION 124

A malware code that infects computer files, corrupts or deletes the data in them and requires a host file to propagate is called:

A. Trojan
B. Worm
C. Virus
D. RootKit

Answer: C

NEW QUESTION 129

______ attach(es) to files

A. adware
B. Spyware
C. Viruses
D. Worms

Answer: C

NEW QUESTION 134

A malicious security-breaking code that is disguised as any useful program that installs an executable programs when a file is opened and allows others to control
the victim’s system is called:

A. Trojan
B. Worm
C. Virus
D. RootKit

Answer: A

NEW QUESTION 135

The free utility which quickly scans Systems running Windows OS to find settings that may have been changed by spyware, malware, or other unwanted programs
is called:

A. Tripwire
B. HijackThis
C. Stinger
D. F-Secure Anti-virus

Answer: B

NEW QUESTION 138

The Malicious code that is installed on the computer without user’s knowledge to acquire information from the user’s machine and send it to the attacker who can
access it remotely is called:

A. Spyware

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

Welcome to download the Newest 2passeasy 212-89 dumps
https://www.2passeasy.com/dumps/212-89/ (163 New Questions)

B. Logic Bomb
C. Trojan
D. Worm

Answer: A

NEW QUESTION 142

Which of the following is NOT one of the common techniques used to detect Insider threats:

A. Spotting an increase in their performance

B. Observing employee tardiness and unexplained absenteeism
C. Observing employee sick leaves
D. Spotting conflicts with supervisors and coworkers

Answer: A

NEW QUESTION 146

Which is the incorrect statement about Anti-keyloggers scanners:

A. Detect already installed Keyloggers in victim machines

B. Run in stealthy mode to record victims online activity
C. Software tools

Answer: B

NEW QUESTION 151

Spyware tool used to record malicious user’s computer activities and keyboard stokes is called:

A. adware
B. Keylogger
C. Rootkit
D. Firewall

Answer: B

NEW QUESTION 155

Insiders may be:

A. Ignorant employees
B. Carless administrators
C. Disgruntled staff members
D. All the above

Answer: D

NEW QUESTION 159

Which of the following may be considered as insider threat(s):

A. An employee having no clashes with supervisors and coworkers

B. Disgruntled system administrators
C. An employee who gets an annual 7% salary raise
D. An employee with an insignificant technical literacy and business process knowledge

Answer: B

NEW QUESTION 161

Lack of forensic readiness may result in:

A. Loss of clients thereby damaging the organization’s reputation

B. System downtime
C. Data manipulation, deletion, and theft
D. All the above

Answer: D

NEW QUESTION 163

The state of incident response preparedness that enables an organization to maximize its potential to use digital evidence while minimizing the cost of an
investigation is called:

A. Computer Forensics
B. Digital Forensic Analysis
C. Forensic Readiness
D. Digital Forensic Policy

Answer: C

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

Welcome to download the Newest 2passeasy 212-89 dumps
https://www.2passeasy.com/dumps/212-89/ (163 New Questions)

NEW QUESTION 167

What command does a Digital Forensic Examiner use to display the list of all open ports and the associated IP addresses on a victim computer to identify the
established connections on it:

A. “arp” command
B. “netstat –an” command
C. “dd” command
D. “ifconfig” command

Answer: B

NEW QUESTION 171

A. “arp” command
B. “netstat –an” command
C. “dd” command
D. “ifconfig” command

Answer: A

NEW QUESTION 173

A. Digital Forensic Examiner

B. Computer Forensic Investigator
C. Computer Hacking Forensic Investigator
D. All the above

Answer: D

NEW QUESTION 177

A. Computer Forensics
B. Digital Forensic Analysis
C. Forensic Readiness
D. Digital Forensic Examiner

Answer: B

NEW QUESTION 179

Which of the following is NOT one of the Computer Forensic types:

A. USB Forensics
B. Email Forensics
C. Forensic Archaeology
D. Image Forensics

Answer: C

NEW QUESTION 180

The person who offers his formal opinion as a testimony about a computer crime incident in the court of law is known as:

A. Expert Witness
B. Incident Analyzer
C. Incident Responder
D. Evidence Documenter

Answer: A

NEW QUESTION 183

The process of rebuilding and restoring the computer systems affected by an incident to normal operational stage including all the processes, policies and tools is
known as:

A. Incident Management
B. Incident Response
C. Incident Recovery
D. Incident Handling

Answer: C

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

Welcome to download the Newest 2passeasy 212-89 dumps
https://www.2passeasy.com/dumps/212-89/ (163 New Questions)

NEW QUESTION 185

Business Continuity planning includes other plans such as:

A. Incident/disaster recovery plan

B. Business recovery and resumption plans
C. Contingency plan
D. All the above

Answer: D

NEW QUESTION 189

Which test is conducted to determine the incident recovery procedures effectiveness?

A. Live walk-throughs of procedures

B. Scenario testing
C. Department-level test
D. Facility-level test

Answer: A

NEW QUESTION 193

A. Business Continuity Plan

B. Business Continuity
C. Disaster Planning
D. Contingency Planning

Answer: B

NEW QUESTION 197

The steps followed to recover computer systems after an incident are:

A. System restoration, validation, operation and monitoring

B. System restoration, operation, validation, and monitoring
C. System monitoring, validation, operation and restoration
D. System validation, restoration, operation and monitoring

Answer: A

NEW QUESTION 200

Bit stream image copy of the digital evidence must be performed in order to:

A. Prevent alteration to the original disk

B. Copy the FAT table
C. Copy all disk sectors including slack space
D. All the above

Answer: C

NEW QUESTION 203

......

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

Welcome to download the Newest 2passeasy 212-89 dumps
https://www.2passeasy.com/dumps/212-89/ (163 New Questions)

THANKS FOR TRYING THE DEMO OF OUR PRODUCT

Visit Our Site to Purchase the Full Set of Actual 212-89 Exam Questions With Answers.

We Also Provide Practice Exam Software That Simulates Real Exam Environment And Has Many Self-Assessment Features. Order the
212-89 Product From:

https://www.2passeasy.com/dumps/212-89/

Money Back Guarantee

212-89 Practice Exam Features:

* 212-89 Questions and Answers Updated Frequently

* 212-89 Practice Questions Verified by Expert Senior Certified Staff

* 212-89 Most Realistic Questions that Guarantee you a Pass on Your FirstTry

* 212-89 Practice Test Questions in Multiple Choice Formats and Updatesfor 1 Year

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

Powered by TCPDF (www.tcpdf.org)
Recommend!! Get the Full 212-89 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/212-89-exam-dumps.html (163 New Questions)

EC-Council
Exam Questions 212-89
EC Council Certified Incident Handler (ECIH v2)

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

Recommend!! Get the Full 212-89 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/212-89-exam-dumps.html (163 New Questions)

NEW QUESTION 1
Which of the following terms may be defined as “a measure of possible inability to achieve a goal, objective, or target within a defined security, cost plan and
technical limitations that adversely affects the organization’s operation and revenues?

A. Risk
B. Vulnerability
C. Threat
D. Incident Response

Answer: A

NEW QUESTION 2
A distributed Denial of Service (DDoS) attack is a more common type of DoS Attack, where a single system is targeted by a large number of infected machines
over the Internet. In a DDoS attack, attackers first infect multiple systems which are known as:

A. Trojans
B. Zombies
C. Spyware
D. Worms

Answer: B

A. Forensics Procedure Plan

B. Business Recovery Plan
C. Sales and Marketing plan
D. New business strategy plan

Answer: B

NEW QUESTION 4
A computer Risk Policy is a set of ideas to be implemented to overcome the risk associated with computer security incidents. Identify the procedure that is NOT
part of the computer risk policy?

A. Procedure to identify security funds to hedge risk

Answer: C

A. URL Manipulation
B. XSS Attack
C. SQL Injection
D. Denial of Service Attack

Answer: D

A. Cookie tracker
B. Worm
C. Trojan
D. Virus

Answer: C

NEW QUESTION 7
Quantitative risk is the numerical determination of the probability of an adverse event and the extent of the losses due to the event. Quantitative risk is calculated
as:

A. (Probability of Loss) X (Loss)

B. (Loss) / (Probability of Loss)

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

Recommend!! Get the Full 212-89 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/212-89-exam-dumps.html (163 New Questions)

C. (Probability of Loss) / (Loss)

D. Significant Risks X Probability of Loss X Loss

Answer: A

NEW QUESTION 8
Computer Forensics is the branch of forensic science in which legal evidence is found in any computer or any digital media device. Of the following, who is
responsible for examining the evidence acquired and separating the useful evidence?

A. Evidence Supervisor
B. Evidence Documenter
C. Evidence Manager
D. Evidence Examiner/ Investigator

Answer: D

NEW QUESTION 9
US-CERT and Federal civilian agencies use the reporting timeframe criteria in the federal agency reporting categorization. What is the timeframe required to report
an incident under the CAT 4 Federal Agency category?

Answer: A

A. NIASAP
B. NIAAAP
C. NIPACP
D. NIACAP

Answer: D

A. Access control policy

B. Audit trail policy
C. Logging policy
D. Documentation policy

Answer: A

NEW QUESTION 15
A threat source does not present a risk if NO vulnerability that can be exercised for a particular threat source. Identify the step in which different threat sources are
defined:

A. Identification Vulnerabilities
B. Control analysis
C. Threat identification
D. System characterization

Answer: C

NEW QUESTION 19
In the Control Analysis stage of the NIST’s risk assessment methodology, technical and none technical control methods are classified into two categories. What
are these two control categories?

A. Preventive and Detective controls

B. Detective and Disguised controls
C. Predictive and Detective controls
D. Preventive and predictive controls

Answer: A

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

Recommend!! Get the Full 212-89 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/212-89-exam-dumps.html (163 New Questions)

A. NET-CERT
B. DFN-CERT
C. Funet CERT
D. SURFnet-CERT

Answer: D

NEW QUESTION 27
Insider threats can be detected by observing concerning behaviors exhibited by insiders, such as conflicts with supervisors and coworkers, decline in performance,
tardiness or unexplained absenteeism. Select the technique that helps in detecting insider threats:

A. Correlating known patterns of suspicious and malicious behavior

Answer: A

NEW QUESTION 30
In a qualitative risk analysis, risk is calculated in terms of:

A. (Attack Success + Criticality ) –(Countermeasures)

B. Asset criticality assessment – (Risks and Associated Risk Levels)
C. Probability of Loss X Loss
D. (Countermeasures + Magnitude of Impact) – (Reports from prior risk assessments)

Answer: C

NEW QUESTION 32
In which of the steps of NIST’s risk assessment methodology are the boundary of the IT system, along with the resources and the information that constitute the
system identified?

A. Likelihood Determination
B. Control recommendation
C. System characterization
D. Control analysis

Answer: C

NEW QUESTION 35
A security policy will take the form of a document or a collection of documents, depending on the situation or usage. It can become a point of reference in case a
violation occurs that results in dismissal or other penalty. Which of the following is NOT true for a good security policy?

Answer: B

NEW QUESTION 38
Incident handling and response steps help you to detect, identify, respond and manage an incident. Which of the following helps in recognizing and separating the
infected hosts from the information system?

A. Configuring firewall to default settings

B. Inspecting the process running on the system
C. Browsing particular government websites
D. Sending mails to only group of friends

Answer: B

A. Action group: group of actions performed by the users on resources

B. Development group: group of persons who develop the policy
C. Resource group: resources controlled by the policy
D. Access group: group of users to which the policy applies

Answer: B

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

Recommend!! Get the Full 212-89 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/212-89-exam-dumps.html (163 New Questions)

A. Loss of goodwill
B. Damage to corporate reputation
C. Psychological damage
D. Lost productivity damage

Answer: D

NEW QUESTION 45
A computer forensic investigator must perform a proper investigation to protect digital evidence. During the investigation, an investigator needs to process large
amounts of data using a combination of automated and manual methods. Identify the computer forensic process involved:

A. Analysis
B. Preparation
C. Examination
D. Collection

Answer: C

NEW QUESTION 50
Incident management team provides support to all users in the organization that are affected by the threat or attack. The organization’s internal auditor is part of
the incident response team. Identify one of the responsibilities of the internal auditor as part of the incident response team:

A. Configure information security controls

Answer: C

NEW QUESTION 51
Based on the some statistics; what is the typical number one top incident?

A. Phishing
B. Policy violation
C. Un-authorized access
D. Malware

Answer: A

NEW QUESTION 52
The IDS and IPS system logs indicating an unusual deviation from typical network traffic flows; this is called:

A. A Precursor
B. An Indication
C. A Proactive
D. A Reactive

Answer: B

NEW QUESTION 57
The largest number of cyber-attacks are conducted by:

A. Insiders
B. Outsiders
C. Business partners
D. Suppliers

Answer: B

NEW QUESTION 58
Incidents such as DDoS that should be handled immediately may be considered as:

A. Level One incident

B. Level Two incident
C. Level Three incident
D. Level Four incident

Answer: C

NEW QUESTION 62

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

Recommend!! Get the Full 212-89 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/212-89-exam-dumps.html (163 New Questions)

A payroll system has a vulnerability that cannot be exploited by current technology. Which of the following is correct about this scenario:

A. The risk must be urgently mitigated

B. The risk must be transferred immediately
C. The risk is not present at this time
D. The risk is accepted

Answer: C

NEW QUESTION 65
Absorbing minor risks while preparing to respond to major ones is called:

A. Risk Mitigation
B. Risk Transfer
C. Risk Assumption
D. Risk Avoidance

Answer: C

NEW QUESTION 66
In NIST risk assessment/ methodology; the process of identifying the boundaries of an IT system along with the resources and information that constitute the
system is known as:

A. Asset Identification
B. System characterization
C. Asset valuation
D. System classification

Answer: B

NEW QUESTION 67
What is the best staffing model for an incident response team if current employees’ expertise is very low?

A. Fully outsourced
B. Partially outsourced
C. Fully insourced
D. All the above

Answer: A

NEW QUESTION 68
Incident response team must adhere to the following:

A. Stay calm and document everything

B. Assess the situation
C. Notify appropriate personnel
D. All the above

Answer: D

NEW QUESTION 71
Which of the following is an incident tracking, reporting and handling tool:

A. CRAMM
B. RTIR
C. NETSTAT
D. EAR/ Pilar

Answer: B

NEW QUESTION 74
Which of the following is a correct statement about incident management, handling and response:

A. Incident response is on the functions provided by incident handling

B. Incident handling is on the functions provided by incident response
C. Triage is one of the services provided by incident response
D. Incident response is one of the services provided by triage

Answer: A

NEW QUESTION 78
The service organization that provides 24x7 computer security incident response services to any user, company, government agency, or organization is known as:

A. Computer Security Incident Response Team CSIRT

B. Security Operations Center SOC

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

Recommend!! Get the Full 212-89 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/212-89-exam-dumps.html (163 New Questions)

C. Digital Forensics Examiner

D. Vulnerability Assessor

Answer: A

NEW QUESTION 83
The main feature offered by PGP Desktop Email is:

A. Email service during incidents

B. End-to-end email communications
C. End-to-end secure email service
D. None of the above

Answer: C

NEW QUESTION 85
Which of the following service(s) is provided by the CSIRT:

A. Vulnerability handling
B. Technology watch
C. Development of security tools
D. All the above

Answer: D

NEW QUESTION 87
CERT members can provide critical support services to first responders such as:

A. Immediate assistance to victims

B. Consolidated automated service process management platform
C. Organizing spontaneous volunteers at a disaster site
D. A + C

Answer: D

NEW QUESTION 89
The region where the CSIRT is bound to serve and what does it and give service to is known as:

A. Consistency
B. Confidentiality
C. Constituency
D. None of the above

Answer: C

NEW QUESTION 92
CSIRT can be implemented at:

A. Internal enterprise level

B. National, government and military level
C. Vendor level
D. All the above

Answer: D

NEW QUESTION 96
The typical correct sequence of activities used by CSIRT when handling a case is:

A. Log, inform, maintain contacts, release information, follow up and reporting

Answer: A

NEW QUESTION 97
Installing a password cracking tool, downloading pornography material, sending emails to colleagues which irritates them and hosting unauthorized websites on
the company’s computer are considered:

A. Network based attacks

B. Unauthorized access attacks
C. Malware attacks
D. Inappropriate usage incidents

Answer: D

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

Recommend!! Get the Full 212-89 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/212-89-exam-dumps.html (163 New Questions)

NEW QUESTION 100

Changing the web server contents, Accessing the workstation using a false ID and Copying sensitive data without authorization are examples of:

A. DDoS attacks
B. Unauthorized access attacks
C. Malware attacks
D. Social Engineering attacks

Answer: B

NEW QUESTION 103

The very well-known free open source port, OS and service scanner and network discovery utility is called:

A. Wireshark
B. Nmap (Network Mapper)
C. Snort
D. SAINT

Answer: B

NEW QUESTION 108

The open source TCP/IP network intrusion prevention and detection system (IDS/IPS), uses a rule-driven language, performs real-time traffic analysis and packet
logging is known as:

A. Snort
B. Wireshark
C. Nessus
D. SAINT

Answer: A

NEW QUESTION 110

They type of attack that prevents the authorized users to access networks, systems, or applications by exhausting the network resources and sending illegal
requests to an application is known as:

A. Session Hijacking attack

B. Denial of Service attack
C. Man in the Middle attack
D. SQL injection attack

Answer: B

NEW QUESTION 111

A malware code that infects computer files, corrupts or deletes the data in them and requires a host file to propagate is called:

A. Trojan
B. Worm
C. Virus
D. RootKit

Answer: C

NEW QUESTION 112

______ attach(es) to files

A. adware
B. Spyware
C. Viruses
D. Worms

Answer: C

NEW QUESTION 114

The message that is received and requires an urgent action and it prompts the recipient to delete certain files or forward it to others is called:

A. An Adware
B. Mail bomb
C. A Virus Hoax
D. Spear Phishing

Answer: C

NEW QUESTION 115

The free utility which quickly scans Systems running Windows OS to find settings that may have been changed by spyware, malware, or other unwanted programs

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

Recommend!! Get the Full 212-89 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/212-89-exam-dumps.html (163 New Questions)

is called:

A. Tripwire
B. HijackThis
C. Stinger
D. F-Secure Anti-virus

Answer: B

NEW QUESTION 119

A Host is infected by worms that propagates through a vulnerable service; the sign(s) of the presence of the worm include:

A. Decrease in network usage

B. Established connection attempts targeted at the vulnerable services
C. System becomes instable or crashes
D. All the above

Answer: C

NEW QUESTION 121

The main difference between viruses and worms is:

A. Worms require a host file to propagate while viruses don’t

Answer: B

NEW QUESTION 122

The sign(s) of the presence of malicious code on a host infected by a virus which is delivered via e-mail could be:

A. Antivirus software detects the infected files

B. Increase in the number of e-mails sent and received
C. System files become inaccessible
D. All the above

Answer: D

NEW QUESTION 123

Which of the following is NOT one of the common techniques used to detect Insider threats:

A. Spotting an increase in their performance

B. Observing employee tardiness and unexplained absenteeism
C. Observing employee sick leaves
D. Spotting conflicts with supervisors and coworkers

Answer: A

NEW QUESTION 125

Which of the following is NOT one of the techniques used to respond to insider threats:

A. Placing malicious users in quarantine network, so that attack cannot be spread

B. Preventing malicious users from accessing unclassified information
C. Disabling the computer systems from network connection
D. Blocking malicious user accounts

Answer: B

NEW QUESTION 126

Insiders understand corporate business functions. What is the correct sequence of activities performed by Insiders to damage company assets:

A. Gain privileged access, install malware then activate

B. Install malware, gain privileged access, then activate
C. Gain privileged access, activate and install malware
D. Activate malware, gain privileged access then install malware

Answer: A

NEW QUESTION 128

Lack of forensic readiness may result in:

A. Loss of clients thereby damaging the organization’s reputation

B. System downtime
C. Data manipulation, deletion, and theft

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

Recommend!! Get the Full 212-89 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/212-89-exam-dumps.html (163 New Questions)

D. All the above

Answer: D

NEW QUESTION 131

Which of the following is NOT a digital forensic analysis tool:

A. Access Data FTK

B. EAR/ Pilar
C. Guidance Software EnCase Forensic
D. Helix

Answer: B

NEW QUESTION 136

The Linux command used to make binary copies of computer media and as a disk imaging tool if given a raw disk device as its input is:

A. “dd” command
B. “netstat” command
C. “nslookup” command
D. “find” command

Answer: A

NEW QUESTION 141

What command does a Digital Forensic Examiner use to display the list of all open ports and the associated IP addresses on a victim computer to identify the
established connections on it:

A. “arp” command
B. “netstat –an” command
C. “dd” command
D. “ifconfig” command

Answer: B

NEW QUESTION 145

A. “arp” command
B. “netstat –an” command
C. “dd” command
D. “ifconfig” command

Answer: A

NEW QUESTION 147

A. Computer Forensics
B. Digital Forensic Analysis
C. Forensic Readiness
D. Digital Forensic Examiner

Answer: B

NEW QUESTION 148

Digital evidence must:

A. Be Authentic, complete and reliable

B. Not prove the attackers actions
C. Be Volatile
D. Cast doubt on the authenticity and veracity of the evidence

Answer: A

NEW QUESTION 149

Electronic evidence may reside in the following:

A. Data Files
B. Backup tapes
C. Other media sources
D. All the above

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

Recommend!! Get the Full 212-89 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/212-89-exam-dumps.html (163 New Questions)

Answer: D

NEW QUESTION 153

Incidents are reported in order to:

A. Provide stronger protection for systems and data

B. Deal properly with legal issues
C. Be prepared for handling future incidents
D. All the above

Answer: D

NEW QUESTION 158

According to US-CERT; if an agency is unable to successfully mitigate a DOS attack it must be reported within:

A. One (1) hour of discovery/detection if the successful attack is still ongoing

Answer: B

NEW QUESTION 163

Agencies do NOT report an information security incident is because of:

A. Afraid of negative publicity

B. Have full knowledge about how to handle the attack internally
C. Do not want to pay the additional cost of reporting an incident
D. All the above

Answer: A

NEW QUESTION 164

The process of rebuilding and restoring the computer systems affected by an incident to normal operational stage including all the processes, policies and tools is
known as:

A. Incident Management
B. Incident Response
C. Incident Recovery
D. Incident Handling

Answer: C

NEW QUESTION 166

Business Continuity planning includes other plans such as:

A. Incident/disaster recovery plan

B. Business recovery and resumption plans
C. Contingency plan
D. All the above

Answer: D

NEW QUESTION 167

Which test is conducted to determine the incident recovery procedures effectiveness?

A. Live walk-throughs of procedures

B. Scenario testing
C. Department-level test
D. Facility-level test

Answer: A

NEW QUESTION 171

Business Continuity provides a planning methodology that allows continuity in business operations:

A. Before and after a disaster

B. Before a disaster
C. Before, during and after a disaster
D. During and after a disaster

Answer: C

NEW QUESTION 176

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

Recommend!! Get the Full 212-89 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/212-89-exam-dumps.html (163 New Questions)

The policy that defines which set of events needs to be logged in order to capture and review the important data in a timely manner is known as:

A. Audit trail policy

Answer: D

NEW QUESTION 179

The product of intellect that has commercial value and includes copyrights and trademarks is called:

A. Intellectual property
B. Trade secrets
C. Logos
D. Patents

Answer: A

NEW QUESTION 184

According to the Fourth Amendment of USA PATRIOT Act of 2001; if a search does NOT violate a person’s “reasonable” or “legitimate” expectation of privacy
then it is considered:

A. Constitutional/ Legitimate
B. Illegal/ illegitimate
C. Unethical
D. None of the above

Answer: A

NEW QUESTION 185

Bit stream image copy of the digital evidence must be performed in order to:

A. Prevent alteration to the original disk

B. Copy the FAT table
C. Copy all disk sectors including slack space
D. All the above

Answer: C

NEW QUESTION 190

According to the Evidence Preservation policy, a forensic investigator should make at least ..................... image copies of the digital evidence.

A. One image copy

B. Two image copies
C. Three image copies
D. Four image copies

Answer: B

NEW QUESTION 195

......

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

Recommend!! Get the Full 212-89 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/212-89-exam-dumps.html (163 New Questions)

Thank You for Trying Our Product

We offer two products:

1st - We have Practice Tests Software with Actual Exam Questions

2nd - Questons and Answers in PDF Format

212-89 Practice Exam Features:

* 212-89 Questions and Answers Updated Frequently

* 212-89 Practice Questions Verified by Expert Senior Certified Staff

* 212-89 Most Realistic Questions that Guarantee you a Pass on Your FirstTry

* 212-89 Practice Test Questions in Multiple Choice Formats and Updatesfor 1 Year

100% Actual & Verified — Instant Download, Please Click

Order The 212-89 Practice Test Here

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

Powered by TCPDF (www.tcpdf.org)
Welcome to download the Newest 2passeasy 212-89 dumps
https://www.2passeasy.com/dumps/212-89/ (163 New Questions)

Exam Questions 212-89

EC Council Certified Incident Handler (ECIH v2)

https://www.2passeasy.com/dumps/212-89/

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

Welcome to download the Newest 2passeasy 212-89 dumps
https://www.2passeasy.com/dumps/212-89/ (163 New Questions)

A. Risk
B. Vulnerability
C. Threat
D. Incident Response

Answer: A

A. High level incident

B. Middle level incident
C. Ultra-High level incident
D. Low level incident

Answer: A

A. Forensics Procedure Plan

B. Business Recovery Plan
C. Sales and Marketing plan
D. New business strategy plan

Answer: B

NEW QUESTION 4
Which of the following is an appropriate flow of the incident recovery steps?

A. System Operation-System Restoration-System Validation-System Monitoring

Answer: D

NEW QUESTION 5
Quantitative risk is the numerical determination of the probability of an adverse event and the extent of the losses due to the event. Quantitative risk is calculated
as:

A. (Probability of Loss) X (Loss)

B. (Loss) / (Probability of Loss)
C. (Probability of Loss) / (Loss)
D. Significant Risks X Probability of Loss X Loss

Answer: A

NEW QUESTION 6
An audit trail policy collects all audit trails such as series of records of computer events, about an operating system, application or user activities. Which of the
following statements is NOT true for an audit trail policy:

A. It helps calculating intangible losses to the organization due to incident

Answer: A

NEW QUESTION 7
Which among the following CERTs is an Internet provider to higher education institutions and various other research institutions in the Netherlands and deals with
all cases related to computer security incidents in which a customer is involved either as a victim or as a suspect?

A. NET-CERT
B. DFN-CERT
C. Funet CERT
D. SURFnet-CERT

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

Welcome to download the Newest 2passeasy 212-89 dumps
https://www.2passeasy.com/dumps/212-89/ (163 New Questions)

Answer: D

NEW QUESTION 8
Contingency planning enables organizations to develop and maintain effective methods to handle emergencies. Every organization will have its own specific
requirements that the planning should address. There are five major components of the IT contingency plan, namely supporting information, notification activation,
recovery and reconstitution and plan appendices. What is the main purpose of the reconstitution plan?

Answer: A

NEW QUESTION 9
Except for some common roles, the roles in an IRT are distinct for every organization. Which among the following is the role played by the Incident Coordinator of
an IRT?

Answer: B

Answer: A

NEW QUESTION 10
In which of the steps of NIST’s risk assessment methodology are the boundary of the IT system, along with the resources and the information that constitute the
system identified?

A. Likelihood Determination
B. Control recommendation
C. System characterization
D. Control analysis

Answer: C

NEW QUESTION 13
ADAM, an employee from a multinational company, uses his company’s accounts to send e-mails to a third party with their spoofed mail address. How can you
categorize this type of account?

A. Inappropriate usage incident

B. Unauthorized access incident
C. Network intrusion incident
D. Denial of Service incident

Answer: A

NEW QUESTION 14
Incident handling and response steps help you to detect, identify, respond and manage an incident. Which of the following helps in recognizing and separating the
infected hosts from the information system?

A. Configuring firewall to default settings

B. Inspecting the process running on the system
C. Browsing particular government websites
D. Sending mails to only group of friends

Answer: B

NEW QUESTION 19
An estimation of the expected losses after an incident helps organization in prioritizing and formulating their incident response. The cost of an incident can be
categorized as a tangible and intangible cost. Identify the tangible cost associated with virus outbreak?

A. Loss of goodwill
B. Damage to corporate reputation

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

Welcome to download the Newest 2passeasy 212-89 dumps
https://www.2passeasy.com/dumps/212-89/ (163 New Questions)

C. Psychological damage
D. Lost productivity damage

Answer: D

NEW QUESTION 21
A computer forensic investigator must perform a proper investigation to protect digital evidence. During the investigation, an investigator needs to process large
amounts of data using a combination of automated and manual methods. Identify the computer forensic process involved:

A. Analysis
B. Preparation
C. Examination
D. Collection

Answer: C

NEW QUESTION 25
The IDS and IPS system logs indicating an unusual deviation from typical network traffic flows; this is called:

A. A Precursor
B. An Indication
C. A Proactive
D. A Reactive

Answer: B

NEW QUESTION 28
Total cost of disruption of an incident is the sum of

A. Tangible and Intangible costs

B. Tangible cost only
C. Intangible cost only
D. Level Two and Level Three incidents cost

Answer: A

NEW QUESTION 31
What is correct about Quantitative Risk Analysis:

A. It is Subjective but faster than Qualitative Risk Analysis

B. Easily automated
C. Better than Qualitative Risk Analysis
D. Uses levels and descriptive expressions

Answer: B

NEW QUESTION 35
Which of the following is a risk assessment tool:

A. Nessus
B. Wireshark
C. CRAMM
D. Nmap

Answer: C

NEW QUESTION 40
Removing or eliminating the root cause of the incident is called:

A. Incident Eradication
B. Incident Protection
C. Incident Containment
D. Incident Classification

Answer: A

NEW QUESTION 42
Which of the following service(s) is provided by the CSIRT:

A. Vulnerability handling
B. Technology watch
C. Development of security tools
D. All the above

Answer: D

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

Welcome to download the Newest 2passeasy 212-89 dumps
https://www.2passeasy.com/dumps/212-89/ (163 New Questions)

NEW QUESTION 44
CSIRT can be implemented at:

A. Internal enterprise level

B. National, government and military level
C. Vendor level
D. All the above

Answer: D

NEW QUESTION 47
Common name(s) for CSIRT is(are)

A. Incident Handling Team (IHT)

B. Incident Response Team (IRT)
C. Security Incident Response Team (SIRT)
D. All the above

Answer: D

NEW QUESTION 52
An active vulnerability scanner featuring high speed discovery, configuration auditing, asset profiling, sensitive data discovery, and vulnerability analysis is called:

A. Nessus
B. CyberCop
C. EtherApe
D. nmap

Answer: A

NEW QUESTION 57
The very well-known free open source port, OS and service scanner and network discovery utility is called:

A. Wireshark
B. Nmap (Network Mapper)
C. Snort
D. SAINT

Answer: B

NEW QUESTION 60
The free utility which quickly scans Systems running Windows OS to find settings that may have been changed by spyware, malware, or other unwanted programs
is called:

A. Tripwire
B. HijackThis
C. Stinger
D. F-Secure Anti-virus

Answer: B

NEW QUESTION 61
A Host is infected by worms that propagates through a vulnerable service; the sign(s) of the presence of the worm include:

A. Decrease in network usage

B. Established connection attempts targeted at the vulnerable services
C. System becomes instable or crashes
D. All the above

Answer: C

NEW QUESTION 66
The sign(s) of the presence of malicious code on a host infected by a virus which is delivered via e-mail could be:

A. Antivirus software detects the infected files

B. Increase in the number of e-mails sent and received
C. System files become inaccessible
D. All the above

Answer: D

NEW QUESTION 67
Which of the following is NOT one of the common techniques used to detect Insider threats:

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

Welcome to download the Newest 2passeasy 212-89 dumps
https://www.2passeasy.com/dumps/212-89/ (163 New Questions)

A. Spotting an increase in their performance

B. Observing employee tardiness and unexplained absenteeism
C. Observing employee sick leaves
D. Spotting conflicts with supervisors and coworkers

Answer: A

NEW QUESTION 68
The state of incident response preparedness that enables an organization to maximize its potential to use digital evidence while minimizing the cost of an
investigation is called:

A. Computer Forensics
B. Digital Forensic Analysis
C. Forensic Readiness
D. Digital Forensic Policy

Answer: C

NEW QUESTION 69
What command does a Digital Forensic Examiner use to display the list of all open ports and the associated IP addresses on a victim computer to identify the
established connections on it:

A. “arp” command
B. “netstat –an” command
C. “dd” command
D. “ifconfig” command

Answer: B

NEW QUESTION 71
Which of the following is NOT one of the Computer Forensic types:

A. USB Forensics
B. Email Forensics
C. Forensic Archaeology
D. Image Forensics

Answer: C

NEW QUESTION 72
Electronic evidence may reside in the following:

A. Data Files
B. Backup tapes
C. Other media sources
D. All the above

Answer: D

NEW QUESTION 76
A methodical series of techniques and procedures for gathering evidence, from computing equipment and various storage devices and digital media, that can be
presented in a court of law in a coherent and meaningful format is called:

A. Forensic Analysis
B. Computer Forensics
C. Forensic Readiness
D. Steganalysis

Answer: B

NEW QUESTION 80
Incidents are reported in order to:

A. Provide stronger protection for systems and data

B. Deal properly with legal issues
C. Be prepared for handling future incidents
D. All the above

Answer: D

NEW QUESTION 84
Business Continuity planning includes other plans such as:

A. Incident/disaster recovery plan

B. Business recovery and resumption plans

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

Welcome to download the Newest 2passeasy 212-89 dumps
https://www.2passeasy.com/dumps/212-89/ (163 New Questions)

C. Contingency plan
D. All the above

Answer: D

NEW QUESTION 88
The product of intellect that has commercial value and includes copyrights and trademarks is called:

A. Intellectual property
B. Trade secrets
C. Logos
D. Patents

Answer: A

NEW QUESTION 91
The most common type(s) of intellectual property is(are):

A. Copyrights and Trademarks

B. Patents
C. Industrial design rights & Trade secrets
D. All the above

Answer: D

NEW QUESTION 96
According to the Fourth Amendment of USA PATRIOT Act of 2001; if a search does NOT violate a person’s “reasonable” or “legitimate” expectation of privacy
then it is considered:

A. Constitutional/ Legitimate
B. Illegal/ illegitimate
C. Unethical
D. None of the above

Answer: A

NEW QUESTION 100

......

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

Welcome to download the Newest 2passeasy 212-89 dumps
https://www.2passeasy.com/dumps/212-89/ (163 New Questions)

THANKS FOR TRYING THE DEMO OF OUR PRODUCT

Visit Our Site to Purchase the Full Set of Actual 212-89 Exam Questions With Answers.

We Also Provide Practice Exam Software That Simulates Real Exam Environment And Has Many Self-Assessment Features. Order the
212-89 Product From:

https://www.2passeasy.com/dumps/212-89/

Money Back Guarantee

212-89 Practice Exam Features:

* 212-89 Questions and Answers Updated Frequently

* 212-89 Practice Questions Verified by Expert Senior Certified Staff

* 212-89 Most Realistic Questions that Guarantee you a Pass on Your FirstTry

* 212-89 Practice Test Questions in Multiple Choice Formats and Updatesfor 1 Year

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

Powered by TCPDF (www.tcpdf.org)
Welcome to download the Newest 2passeasy 212-89 dumps
https://www.2passeasy.com/dumps/212-89/ (163 New Questions)

Exam Questions 212-89

EC Council Certified Incident Handler (ECIH v2)

https://www.2passeasy.com/dumps/212-89/

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

Welcome to download the Newest 2passeasy 212-89 dumps
https://www.2passeasy.com/dumps/212-89/ (163 New Questions)

Answer: A

A. Forensics Procedure Plan

B. Business Recovery Plan
C. Sales and Marketing plan
D. New business strategy plan

Answer: B

NEW QUESTION 3
Quantitative risk is the numerical determination of the probability of an adverse event and the extent of the losses due to the event. Quantitative risk is calculated
as:

A. (Probability of Loss) X (Loss)

B. (Loss) / (Probability of Loss)
C. (Probability of Loss) / (Loss)
D. Significant Risks X Probability of Loss X Loss

Answer: A

A. Creating new business processes to maintain profitability after incident

B. Providing a standard for testing the recovery plan
C. Avoiding the legal liabilities arising due to incident
D. Providing assurance that systems are reliable

Answer: A

A. Examination> Analysis > Preparation > Collection > Reporting

B. Preparation > Analysis > Collection > Examination > Reporting
C. Analysis > Preparation > Collection > Reporting > Examination
D. Preparation > Collection > Examination > Analysis > Reporting

Answer: D

NEW QUESTION 6
Multiple component incidents consist of a combination of two or more attacks in a system. Which of the following is not a multiple component incident?

A. An insider intentionally deleting files from a workstation

Answer: A

A. Access control policy

B. Audit trail policy
C. Logging policy

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

Welcome to download the Newest 2passeasy 212-89 dumps
https://www.2passeasy.com/dumps/212-89/ (163 New Questions)

D. Documentation policy

Answer: A

NEW QUESTION 8
When an employee is terminated from his or her job, what should be the next immediate step taken by an organization?

Answer: A

NEW QUESTION 9
A threat source does not present a risk if NO vulnerability that can be exercised for a particular threat source. Identify the step in which different threat sources are
defined:

A. Identification Vulnerabilities
B. Control analysis
C. Threat identification
D. System characterization

Answer: C

A. NET-CERT
B. DFN-CERT
C. Funet CERT
D. SURFnet-CERT

Answer: D

A. Twelve
B. Four
C. Six
D. Nine

Answer: D

A. Correlating known patterns of suspicious and malicious behavior

Answer: A

NEW QUESTION 17
The insider risk matrix consists of technical literacy and business process knowledge vectors. Considering the matrix, one can conclude that:

Answer: D

NEW QUESTION 22

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

Welcome to download the Newest 2passeasy 212-89 dumps
https://www.2passeasy.com/dumps/212-89/ (163 New Questions)

Which one of the following is the correct sequence of flow of the stages in an incident response:

A. Containment - Identification - Preparation - Recovery - Follow-up - Eradication

Answer: B

NEW QUESTION 23
In a qualitative risk analysis, risk is calculated in terms of:

A. (Attack Success + Criticality ) –(Countermeasures)

B. Asset criticality assessment – (Risks and Associated Risk Levels)
C. Probability of Loss X Loss
D. (Countermeasures + Magnitude of Impact) – (Reports from prior risk assessments)

Answer: C

A. Inappropriate usage incident

B. Unauthorized access incident
C. Network intrusion incident
D. Denial of Service incident

Answer: A

A. Action group: group of actions performed by the users on resources

B. Development group: group of persons who develop the policy
C. Resource group: resources controlled by the policy
D. Access group: group of users to which the policy applies

Answer: B

A. Full-level authority
B. Mid-level authority
C. Half-level authority
D. Shared-level authority

Answer: A

A. SAM file
B. Web serve log
C. Routing table list
D. Web browser history

Answer: D

A. Loss of goodwill
B. Damage to corporate reputation
C. Psychological damage
D. Lost productivity damage

Answer: D

NEW QUESTION 43

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

Welcome to download the Newest 2passeasy 212-89 dumps
https://www.2passeasy.com/dumps/212-89/ (163 New Questions)

Which of the following incidents are reported under CAT -5 federal agency category?

A. Exercise/ Network Defense Testing

B. Malicious code
C. Scans/ probes/ Attempted Access
D. Denial of Service DoS

Answer: C

A. Interactive approach
B. Introductive approach
C. Proactive approach
D. Qualitative approach

Answer: C

NEW QUESTION 48
Based on the some statistics; what is the typical number one top incident?

A. Phishing
B. Policy violation
C. Un-authorized access
D. Malware

Answer: A

NEW QUESTION 52
The IDS and IPS system logs indicating an unusual deviation from typical network traffic flows; this is called:

A. A Precursor
B. An Indication
C. A Proactive
D. A Reactive

Answer: B

NEW QUESTION 54
The largest number of cyber-attacks are conducted by:

A. Insiders
B. Outsiders
C. Business partners
D. Suppliers

Answer: B

NEW QUESTION 57
Incidents such as DDoS that should be handled immediately may be considered as:

A. Level One incident

B. Level Two incident
C. Level Three incident
D. Level Four incident

Answer: C

NEW QUESTION 61
Total cost of disruption of an incident is the sum of

A. Tangible and Intangible costs

B. Tangible cost only
C. Intangible cost only
D. Level Two and Level Three incidents cost

Answer: A

NEW QUESTION 66
An information security incident is

A. Any real or suspected adverse event in relation to the security of computer systems or networks

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

Welcome to download the Newest 2passeasy 212-89 dumps
https://www.2passeasy.com/dumps/212-89/ (163 New Questions)

B. Any event that disrupts normal today’s business functions

C. Any event that breaches the availability of information assets
D. All of the above

Answer: D

NEW QUESTION 71
Which of the following can be considered synonymous:

A. Hazard and Threat

B. Threat and Threat Agent
C. Precaution and countermeasure
D. Vulnerability and Danger

Answer: A

NEW QUESTION 76
Overall Likelihood rating of a Threat to Exploit a Vulnerability is driven by :

A. Threat-source motivation and capability

B. Nature of the vulnerability
C. Existence and effectiveness of the current controls
D. All the above

Answer: D

NEW QUESTION 80
The left over risk after implementing a control is called:

A. Residual risk
B. Unaccepted risk
C. Low risk
D. Critical risk

Answer: A

NEW QUESTION 82
Which of the following is a risk assessment tool:

A. Nessus
B. Wireshark
C. CRAMM
D. Nmap

Answer: C

NEW QUESTION 83
Preventing the incident from spreading and limiting the scope of the incident is known as:

A. Incident Eradication
B. Incident Protection
C. Incident Containment
D. Incident Classification

Answer: C

NEW QUESTION 84
What is the best staffing model for an incident response team if current employees’ expertise is very low?

A. Fully outsourced
B. Partially outsourced
C. Fully insourced
D. All the above

Answer: A

NEW QUESTION 87
Which of the following is an incident tracking, reporting and handling tool:

A. CRAMM
B. RTIR
C. NETSTAT
D. EAR/ Pilar

Answer: B

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

Welcome to download the Newest 2passeasy 212-89 dumps
https://www.2passeasy.com/dumps/212-89/ (163 New Questions)

NEW QUESTION 92
Removing or eliminating the root cause of the incident is called:

A. Incident Eradication
B. Incident Protection
C. Incident Containment
D. Incident Classification

Answer: A

NEW QUESTION 97
Which of the following service(s) is provided by the CSIRT:

A. Vulnerability handling
B. Technology watch
C. Development of security tools
D. All the above

Answer: D

NEW QUESTION 100

The program that helps to train people to be better prepared to respond to emergency situations in their communities is known as:

A. Community Emergency Response Team (CERT)

B. Incident Response Team (IRT)
C. Security Incident Response Team (SIRT)
D. All the above

Answer: A

NEW QUESTION 105

Common name(s) for CSIRT is(are)

A. Incident Handling Team (IHT)

B. Incident Response Team (IRT)
C. Security Incident Response Team (SIRT)
D. All the above

Answer: D

NEW QUESTION 106

The free, open source, TCP/IP protocol analyzer, sniffer and packet capturing utility standard across many industries and educational institutions is known as:

A. Snort
B. Wireshark
C. Cain & Able
D. nmap

Answer: B

NEW QUESTION 107

Installing a password cracking tool, downloading pornography material, sending emails to colleagues which irritates them and hosting unauthorized websites on
the company’s computer are considered:

A. Network based attacks

B. Unauthorized access attacks
C. Malware attacks
D. Inappropriate usage incidents

Answer: D

NEW QUESTION 110

To respond to DDoS attacks; one of the following strategies can be used:

A. Using additional capacity to absorb attack

B. Identifying none critical services and stopping them
C. Shut down some services until the attack has subsided
D. All the above

Answer: D

NEW QUESTION 115

The very well-known free open source port, OS and service scanner and network discovery utility is called:

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

Welcome to download the Newest 2passeasy 212-89 dumps
https://www.2passeasy.com/dumps/212-89/ (163 New Questions)

A. Wireshark
B. Nmap (Network Mapper)
C. Snort
D. SAINT

Answer: B

NEW QUESTION 120

In a DDoS attack, attackers first infect multiple systems, which are then used to attack a particular target directly. Those systems are called:

A. Honey Pots
B. Relays
C. Zombies
D. Handlers

Answer: C

NEW QUESTION 123

The open source TCP/IP network intrusion prevention and detection system (IDS/IPS), uses a rule-driven language, performs real-time traffic analysis and packet
logging is known as:

A. Snort
B. Wireshark
C. Nessus
D. SAINT

Answer: A

NEW QUESTION 124

A malware code that infects computer files, corrupts or deletes the data in them and requires a host file to propagate is called:

A. Trojan
B. Worm
C. Virus
D. RootKit

Answer: C

NEW QUESTION 129

______ attach(es) to files

A. adware
B. Spyware
C. Viruses
D. Worms

Answer: C

NEW QUESTION 134

A malicious security-breaking code that is disguised as any useful program that installs an executable programs when a file is opened and allows others to control
the victim’s system is called:

A. Trojan
B. Worm
C. Virus
D. RootKit

Answer: A

NEW QUESTION 135

The free utility which quickly scans Systems running Windows OS to find settings that may have been changed by spyware, malware, or other unwanted programs
is called:

A. Tripwire
B. HijackThis
C. Stinger
D. F-Secure Anti-virus

Answer: B

NEW QUESTION 138

The Malicious code that is installed on the computer without user’s knowledge to acquire information from the user’s machine and send it to the attacker who can
access it remotely is called:

A. Spyware

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

Welcome to download the Newest 2passeasy 212-89 dumps
https://www.2passeasy.com/dumps/212-89/ (163 New Questions)

B. Logic Bomb
C. Trojan
D. Worm

Answer: A

NEW QUESTION 142

Which of the following is NOT one of the common techniques used to detect Insider threats:

A. Spotting an increase in their performance

B. Observing employee tardiness and unexplained absenteeism
C. Observing employee sick leaves
D. Spotting conflicts with supervisors and coworkers

Answer: A

NEW QUESTION 146

Which is the incorrect statement about Anti-keyloggers scanners:

A. Detect already installed Keyloggers in victim machines

B. Run in stealthy mode to record victims online activity
C. Software tools

Answer: B

NEW QUESTION 151

Spyware tool used to record malicious user’s computer activities and keyboard stokes is called:

A. adware
B. Keylogger
C. Rootkit
D. Firewall

Answer: B

NEW QUESTION 155

Insiders may be:

A. Ignorant employees
B. Carless administrators
C. Disgruntled staff members
D. All the above

Answer: D

NEW QUESTION 159

Which of the following may be considered as insider threat(s):

A. An employee having no clashes with supervisors and coworkers

B. Disgruntled system administrators
C. An employee who gets an annual 7% salary raise
D. An employee with an insignificant technical literacy and business process knowledge

Answer: B

NEW QUESTION 161

Lack of forensic readiness may result in:

A. Loss of clients thereby damaging the organization’s reputation

B. System downtime
C. Data manipulation, deletion, and theft
D. All the above

Answer: D

NEW QUESTION 163

The state of incident response preparedness that enables an organization to maximize its potential to use digital evidence while minimizing the cost of an
investigation is called:

A. Computer Forensics
B. Digital Forensic Analysis
C. Forensic Readiness
D. Digital Forensic Policy

Answer: C

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

Welcome to download the Newest 2passeasy 212-89 dumps
https://www.2passeasy.com/dumps/212-89/ (163 New Questions)

NEW QUESTION 167

What command does a Digital Forensic Examiner use to display the list of all open ports and the associated IP addresses on a victim computer to identify the
established connections on it:

A. “arp” command
B. “netstat –an” command
C. “dd” command
D. “ifconfig” command

Answer: B

NEW QUESTION 171

A. “arp” command
B. “netstat –an” command
C. “dd” command
D. “ifconfig” command

Answer: A

NEW QUESTION 173

A. Digital Forensic Examiner

B. Computer Forensic Investigator
C. Computer Hacking Forensic Investigator
D. All the above

Answer: D

NEW QUESTION 177

A. Computer Forensics
B. Digital Forensic Analysis
C. Forensic Readiness
D. Digital Forensic Examiner

Answer: B

NEW QUESTION 179

Which of the following is NOT one of the Computer Forensic types:

A. USB Forensics
B. Email Forensics
C. Forensic Archaeology
D. Image Forensics

Answer: C

NEW QUESTION 180

The person who offers his formal opinion as a testimony about a computer crime incident in the court of law is known as:

A. Expert Witness
B. Incident Analyzer
C. Incident Responder
D. Evidence Documenter

Answer: A

NEW QUESTION 183

The process of rebuilding and restoring the computer systems affected by an incident to normal operational stage including all the processes, policies and tools is
known as:

A. Incident Management
B. Incident Response
C. Incident Recovery
D. Incident Handling

Answer: C

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

Welcome to download the Newest 2passeasy 212-89 dumps
https://www.2passeasy.com/dumps/212-89/ (163 New Questions)

NEW QUESTION 185

Business Continuity planning includes other plans such as:

A. Incident/disaster recovery plan

B. Business recovery and resumption plans
C. Contingency plan
D. All the above

Answer: D

NEW QUESTION 189

Which test is conducted to determine the incident recovery procedures effectiveness?

A. Live walk-throughs of procedures

B. Scenario testing
C. Department-level test
D. Facility-level test

Answer: A

NEW QUESTION 193

A. Business Continuity Plan

B. Business Continuity
C. Disaster Planning
D. Contingency Planning

Answer: B

NEW QUESTION 197

The steps followed to recover computer systems after an incident are:

A. System restoration, validation, operation and monitoring

B. System restoration, operation, validation, and monitoring
C. System monitoring, validation, operation and restoration
D. System validation, restoration, operation and monitoring

Answer: A

NEW QUESTION 200

Bit stream image copy of the digital evidence must be performed in order to:

A. Prevent alteration to the original disk

B. Copy the FAT table
C. Copy all disk sectors including slack space
D. All the above

Answer: C

NEW QUESTION 203

......

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

Welcome to download the Newest 2passeasy 212-89 dumps
https://www.2passeasy.com/dumps/212-89/ (163 New Questions)

THANKS FOR TRYING THE DEMO OF OUR PRODUCT

Visit Our Site to Purchase the Full Set of Actual 212-89 Exam Questions With Answers.

We Also Provide Practice Exam Software That Simulates Real Exam Environment And Has Many Self-Assessment Features. Order the
212-89 Product From:

https://www.2passeasy.com/dumps/212-89/

Money Back Guarantee

212-89 Practice Exam Features:

* 212-89 Questions and Answers Updated Frequently

* 212-89 Practice Questions Verified by Expert Senior Certified Staff

* 212-89 Most Realistic Questions that Guarantee you a Pass on Your FirstTry

* 212-89 Practice Test Questions in Multiple Choice Formats and Updatesfor 1 Year

Passing Certification Exams Made Easy visit - https://www.2PassEasy.com

ECIH v2 Exam Questions & Answers
100% (1)
ECIH v2 Exam Questions & Answers
32 pages
Exam Dump Ecih 2021
No ratings yet
Exam Dump Ecih 2021
57 pages
Pass4Test: IT Certification Guaranteed, The Easy Way!
No ratings yet
Pass4Test: IT Certification Guaranteed, The Easy Way!
7 pages
Website: Vce To PDF Converter: Facebook: Twitter:: 212-89.vceplus - Premium.Exam.163Q
No ratings yet
Website: Vce To PDF Converter: Facebook: Twitter:: 212-89.vceplus - Premium.Exam.163Q
44 pages
212-82 V12.95
No ratings yet
212-82 V12.95
92 pages
Cybersecurity Exam Prep
0% (1)
Cybersecurity Exam Prep
104 pages
Cscu Exam
No ratings yet
Cscu Exam
1 page
Exam Training 3
No ratings yet
Exam Training 3
6 pages
CSCU Exam Blueprint v3
No ratings yet
CSCU Exam Blueprint v3
3 pages
SOAL Cscu 1
No ratings yet
SOAL Cscu 1
11 pages
312 38
No ratings yet
312 38
7 pages
(@CyberBankSa) - ECIH v3 - CEI Material
100% (2)
(@CyberBankSa) - ECIH v3 - CEI Material
892 pages
CSCU
100% (1)
CSCU
12 pages
ReaQta-Hive v3.9 Administration Guide v1
100% (1)
ReaQta-Hive v3.9 Administration Guide v1
90 pages
pt0-002 0
No ratings yet
pt0-002 0
23 pages
Sans 504
No ratings yet
Sans 504
1 page
Cscu Exam
100% (1)
Cscu Exam
1 page
CompTIA-CS0-002-Dump 2
No ratings yet
CompTIA-CS0-002-Dump 2
55 pages
Cybersecurity Training & Certification Delhi
No ratings yet
Cybersecurity Training & Certification Delhi
2 pages
Security+ 601 Test 3
No ratings yet
Security+ 601 Test 3
26 pages
CSA - New PDF-1
No ratings yet
CSA - New PDF-1
27 pages
CompTIA Security+ Exam - SY0-601 Free Exam Questions (2023)
No ratings yet
CompTIA Security+ Exam - SY0-601 Free Exam Questions (2023)
16 pages
SY0-701 Practice Questions & Answers
100% (1)
SY0-701 Practice Questions & Answers
52 pages
CSCU Module 04 Data Encryption PDF
100% (1)
CSCU Module 04 Data Encryption PDF
23 pages
CTIA
No ratings yet
CTIA
7 pages
Certified Secure Computer User Exam Question Prepare
100% (3)
Certified Secure Computer User Exam Question Prepare
5 pages
CND v2: Certified Network Defender
100% (1)
CND v2: Certified Network Defender
7 pages
EC Council - CSCU PDF
No ratings yet
EC Council - CSCU PDF
1 page
OSSIM Presentation CIO2013 v5
No ratings yet
OSSIM Presentation CIO2013 v5
69 pages
Latihan CSCU
100% (1)
Latihan CSCU
11 pages
cs0-003 4
No ratings yet
cs0-003 4
32 pages
Certified SOC Analyst (CSA) Flyer
No ratings yet
Certified SOC Analyst (CSA) Flyer
1 page
Certified SOC Analyst
No ratings yet
Certified SOC Analyst
10 pages
Comptia Pentest Exam Objectives (2 0)
No ratings yet
Comptia Pentest Exam Objectives (2 0)
16 pages
Exam Test Csu
100% (3)
Exam Test Csu
11 pages
Sy0-701 4
No ratings yet
Sy0-701 4
23 pages
Share The Required Information For TCS NQT 2024 Graduating Batch
No ratings yet
Share The Required Information For TCS NQT 2024 Graduating Batch
48 pages
Security Dumps CertEmpire Or5hvd
No ratings yet
Security Dumps CertEmpire Or5hvd
1,550 pages
312 50v12 Premium
100% (1)
312 50v12 Premium
23 pages
Exam Cscu V2
50% (2)
Exam Cscu V2
14 pages
CompTIA PT0-003 v2025-08-20 q73
No ratings yet
CompTIA PT0-003 v2025-08-20 q73
69 pages
Introduction To Cybersecurity v2 EOC Assessment - Final Exam Answers
No ratings yet
Introduction To Cybersecurity v2 EOC Assessment - Final Exam Answers
10 pages
CSCU
100% (1)
CSCU
1 page
CSCU Exam Info and Test Objective
100% (2)
CSCU Exam Info and Test Objective
7 pages
Ain Dumps 2023-Aug-31 by Martin 0q Vce
100% (1)
Ain Dumps 2023-Aug-31 by Martin 0q Vce
30 pages
CompTIA A+ 220-1202 Exam Objectives (3.0)
No ratings yet
CompTIA A+ 220-1202 Exam Objectives (3.0)
20 pages
CC Certified in Cybersecurity Cert Guide (For Raymond Rhine)
No ratings yet
CC Certified in Cybersecurity Cert Guide (For Raymond Rhine)
454 pages
CSCUv2 FastTrack Outline en
100% (2)
CSCUv2 FastTrack Outline en
198 pages
Exam Test Blue Team SOC Analyst Batch 2
No ratings yet
Exam Test Blue Team SOC Analyst Batch 2
11 pages
CSCUv3 Version Change Document
100% (1)
CSCUv3 Version Change Document
22 pages
Draft InternHiringQuestionnaire
No ratings yet
Draft InternHiringQuestionnaire
8 pages
500++ SIEM Use Cases With Categories
No ratings yet
500++ SIEM Use Cases With Categories
20 pages
cs0-003 5
No ratings yet
cs0-003 5
31 pages
701 Final Exam
No ratings yet
701 Final Exam
174 pages
ISC2 Code of Ethics
50% (2)
ISC2 Code of Ethics
2 pages
Cscu Exam Paper
55% (11)
Cscu Exam Paper
8 pages
IT Certification Practice Exams
No ratings yet
IT Certification Practice Exams
210 pages
Uce 61q Vce
No ratings yet
Uce 61q Vce
17 pages
Ec Council Passleader 212 89 Brain Dumps 2024 Jul 11 by Buck 52q
No ratings yet
Ec Council Passleader 212 89 Brain Dumps 2024 Jul 11 by Buck 52q
11 pages
Ec Council - Passguide.212 89.rapidshare.2022 Nov 26.by - Roderick.127q.vce
No ratings yet
Ec Council - Passguide.212 89.rapidshare.2022 Nov 26.by - Roderick.127q.vce
13 pages
Section 13b Dfss Lecture Notes
No ratings yet
Section 13b Dfss Lecture Notes
46 pages
Reverse Engineering-Project Proposal
No ratings yet
Reverse Engineering-Project Proposal
9 pages
AS25EC9912 Fitment Letter
No ratings yet
AS25EC9912 Fitment Letter
1 page
Ficha de Datos - ZAPEX-ZW - ZWN Variant B - 545
No ratings yet
Ficha de Datos - ZAPEX-ZW - ZWN Variant B - 545
1 page
High-Temp Valves for Refineries
No ratings yet
High-Temp Valves for Refineries
20 pages
Resume 2+ SR Lakshman
No ratings yet
Resume 2+ SR Lakshman
3 pages
IoT Cameras for UAV Control
No ratings yet
IoT Cameras for UAV Control
4 pages
Software Development First Edition Marvin Zelkowitz Ph.D. Ms Bs. Digital Download
100% (12)
Software Development First Edition Marvin Zelkowitz Ph.D. Ms Bs. Digital Download
127 pages
Procurement Analysis Case Study
No ratings yet
Procurement Analysis Case Study
4 pages
Abhay Raj 2019ugcs005r NLP Report
No ratings yet
Abhay Raj 2019ugcs005r NLP Report
21 pages
Pool Main Drains & Covers Guide
No ratings yet
Pool Main Drains & Covers Guide
12 pages
Unit 5 Neuro Fuzzy Systems
No ratings yet
Unit 5 Neuro Fuzzy Systems
27 pages
cp1 Project
No ratings yet
cp1 Project
35 pages
Beneficiaries in Industrial Areas
No ratings yet
Beneficiaries in Industrial Areas
19 pages
Azure Fundamentals Exam Prep
0% (1)
Azure Fundamentals Exam Prep
9 pages
Boq Say-001
No ratings yet
Boq Say-001
12 pages
Introduction To FUJI PLC and Its Different Models.
No ratings yet
Introduction To FUJI PLC and Its Different Models.
14 pages
Math Module for College Students
No ratings yet
Math Module for College Students
15 pages
Monitoring and Improving Workplaceoperations
No ratings yet
Monitoring and Improving Workplaceoperations
8 pages
Wxmaxima Lab Manual
100% (1)
Wxmaxima Lab Manual
52 pages
FEUHS Pending Requirement Agreement Form S.Y. 22 23 - Grade 7 1
No ratings yet
FEUHS Pending Requirement Agreement Form S.Y. 22 23 - Grade 7 1
2 pages
CY7C63813 SXC Cypress Semiconductor
No ratings yet
CY7C63813 SXC Cypress Semiconductor
86 pages
ABB - Terra - AC - Charger - OCPP1.6 - ImplementationOverview - v1.8 - FW1.6.6
No ratings yet
ABB - Terra - AC - Charger - OCPP1.6 - ImplementationOverview - v1.8 - FW1.6.6
24 pages
Bolt Media Kit Brand Guidelines May2022
No ratings yet
Bolt Media Kit Brand Guidelines May2022
147 pages
Zetron Model 284 Spec Sheet
No ratings yet
Zetron Model 284 Spec Sheet
4 pages
Bosch Camera Firmware Update
No ratings yet
Bosch Camera Firmware Update
29 pages
PDCCH Optimization for LTE Performance
100% (1)
PDCCH Optimization for LTE Performance
1 page
BCT Lessonplan
No ratings yet
BCT Lessonplan
3 pages
Develop in Swift Tutorials Educator Guide
No ratings yet
Develop in Swift Tutorials Educator Guide
4 pages
NuScale CH 7
No ratings yet
NuScale CH 7
304 pages