dumpssheet 212-89 QUESTIONS BY Ellis 06-06-2022 8QA - Page 1

Free Questions for 212-89

Shared by Ellis on 06-06-2022
For More Free Questions and Preparation Resources

Check the Links on Last Page

 dumpssheet 212-89 QUESTIONS BY Ellis 06-06-2022 8QA - Page 2

Question 1
Question Type: MultipleChoice

Clark, a professional hacker, exploited the web application of a target organization by

tampering the form and parameter values. He successfully exploited the web

application and gained access to the information assets of the organization.

Identify the vulnerability in the web application exploited by the attacker.

Options:
A- Broken access control
B- Security misconfiguration
C- SQL injection
D- Sensitive data exposure

Answer:
A

Explanation:
The vulnerability exploited by Clark through tampering with form and parameter values to gain
unauthorized access to information assets is indicative of Broken Access Control. Broken Access
Control vulnerabilities occur when a web application does not properly enforce restrictions on
what authenticated users are allowed to do. Attackers can exploit these vulnerabilities to access
unauthorized functionality or data, such as accessing other users' accounts, viewing sensitive
files, and modifying other users' data.

Question 2
Question Type: MultipleChoice

An organization implemented an encoding technique to eradicate SQL injection

attacks. In this technique, if a user submits a request using single-quote and some

values, then the encoding technique will convert it into numeric digits and letters
 dumpssheet 212-89 QUESTIONS BY Ellis 06-06-2022 8QA - Page 3

ranging from a to f. This prevents the user request from performing SQL injection

attempt on the web application.

Identify the encoding technique used by the organization.

Options:
A- Unicode encoding
B- Base64 encoding
C- Hex encoding
D- URL encoding

Answer:
C

Explanation:
Hex encoding (also known as hexadecimal encoding) involves converting binary data into
hexadecimal representation. In the context described, when a user submits a request with
potentially malicious input (such as a single quote and other characters in an attempt to perform
SQL injection), the encoding technique converts this input into a string of hexadecimal digits
(ranging from 0 to 9 and A to F). This prevents the direct interpretation of the input as SQL
commands by the database, thereby mitigating the risk of SQL injection attacks. This method is a
form of input sanitization that helps ensure that user input cannot be used to manipulate
database queries directly.

Question 3
Question Type: MultipleChoice

Bob, an incident responder at CyberTech Solutions, is investigating a cybercrime attack occurred

in the client company. He acquired the evidence data, preserved it, and started

performing analysis on acquired evidentiary data to identify the source of the crime and the
culprit behind the incident.

Identify the forensic investigation phase in which Bob is currently in.

 dumpssheet 212-89 QUESTIONS BY Ellis 06-06-2022 8QA - Page 4

Options:
A- Vulnerability assessment phase
B- Post-investigation phase
C- Pre-investigation phase
D- Investigation phas

Answer:
D

Explanation:
Bob is in the Investigation phase of the forensic investigation process. This phase involves the
detailed examination and analysis of the collected evidence to identify the source of the crime
and the perpetrator behind the incident. It is a crucial step that follows the acquisition and
preservation of evidence, where the incident responder applies various techniques and
methodologies to analyze the evidentiary data. This analysis aims to uncover how the cybercrime
was committed, trace the activities of the culprit, and gather actionable intelligence to support
legal actions and prevent future incidents. Reference: The ECIH v3 certification materials discuss
the stages of a forensic investigation, emphasizing the investigation phase as the point at which
the incident responder analyzes evidence to draw conclusions about the incident's specifics.

Question 4
Question Type: MultipleChoice

Otis is an incident handler working in Delmont organization. Recently, the organization is facing
several setbacks in the business and thereby its revenues are going down. Otis

was asked to take the charge and look into the matter. While auditing the enterprise security, he
found the traces of an attack, where the proprietary information was stolen

from the enterprise network and was passed onto the competitors.

Which of the following information security incidents Delmont organization faced?

Options:
A- Network and resource abuses
B- Unauthorized access
C- Espionage
 dumpssheet 212-89 QUESTIONS BY Ellis 06-06-2022 8QA - Page 5

D- Email-based abuse

Answer:
C

Explanation:
The Delmont organization faced an espionage incident, which involves the unauthorized access
and theft of proprietary or confidential information for passing it onto competitors or other
external entities. Espionage is targeted at obtaining secrets or intellectual property to gain a
competitive advantage or for other strategic purposes. Unlike network and resource abuses or
email-based abuse, which might not specifically target sensitive information, espionage directly
aims at stealing valuable data. Unauthorized access is a method that could be used in an
espionage attempt but does not fully capture the motive of passing stolen information to
competitors. Reference: Incident Handler (ECIH v3) courses and study materials discuss various
types of information security incidents, including espionage, highlighting its impact on businesses
and strategies for detection and prevention.

Question 5
Question Type: MultipleChoice

Which of the following methods help incident responders to reduce the false-positive

alert rates and further provide benefits of focusing on topmost priority issues reducing

potential risk and corporate liabilities?

Options:
A- Threat profiling
B- Threat contextualization
C- Threat correlation
D- Threat attribution

Answer:
C
 dumpssheet 212-89 QUESTIONS BY Ellis 06-06-2022 8QA - Page 6

Explanation:
Threat correlation is a method used by incident responders to analyze and associate various
indicators of compromise (IoCs) and alerts to identify genuine threats. By correlating data from
multiple sources and applying intelligence to distinguish between unrelated events and
coordinated attack patterns, responders can significantly reduce the rate of false-positive alerts.
This enables teams to prioritize their efforts on the most critical and likely threats, thereby
reducing potential risks and corporate liabilities. Effective threat correlation involves the use of
sophisticated security information and event management (SIEM) systems, threat intelligence
platforms, and analytical techniques to identify relationships between seemingly disparate
security events and alerts.

Question 6
Question Type: MultipleChoice

In which of the following types of fuzz testing strategies the new data will be generated

from scratch and the amount of data to be generated are predefined based on the

testing model?

Options:
A- Log-based fuzz testing
B- Generation-based fuzz testing
C- Mutation-based fuzz testing
D- Protocol-based fuzz testing

Answer:
B

Explanation:
Generation-based fuzz testing is a strategy where new test data is generated from scratch based
on a predefined model that specifies the structure, type, and format of the input data. This
approach is systematic and relies on a deep understanding of the format and protocol of the
input data to create test cases that are both valid and potentially revealing of vulnerabilities. This
contrasts with mutation-based fuzz testing, where existing data samples are modified (mutated)
to produce new test cases, and log-based and protocol-based fuzz testing, which use different
 dumpssheet 212-89 QUESTIONS BY Ellis 06-06-2022 8QA - Page 7

approaches to test software robustness and security. Reference: ECIH v3 certification materials
often cover software testing techniques, including fuzz testing, to identify vulnerabilities in
applications by inputting unexpected or random data.

Question 7
Question Type: MultipleChoice

Bonney's system has been compromised by a gruesome malware.

What is the primary step that is advisable to Bonney in order to contain the malware

incident from spreading?

Options:
A- Turn off the infected machine
B- Leave it to the network administrators to handle
C- Complaint to police in a formal way regarding the incident
D- Call the legal department in the organization and inform about the incident

Answer:
A

Explanation:
Turning off the infected machine is a common immediate response to contain a malware incident
and prevent it from spreading to other systems on the network. This action halts any ongoing
malicious activities by the malware, thereby limiting the potential for further damage or data
exfiltration. However, it is essential to note that this step can lead to the loss of volatile data that
might be useful for forensic analysis. Therefore, it is advisable only when it's critical to stop the
malware immediately, and there's a strategy in place for forensic investigation that includes
handling non-volatile data or when the preservation of volatile data is not possible.

Question 8
Question Type: MultipleChoice
 dumpssheet 212-89 QUESTIONS BY Ellis 06-06-2022 8QA - Page 8

Michael is an incident handler at CyberTech Solutions. He is performing detection and analysis of

a cloud security incident. He is analyzing the file systems, slack spaces, and

metadata of the storage units to find hidden malware and evidence of malice.

Identify the cloud security incident handled by Michael.

Options:
A- Network-related incident
B- Storage-related incident
C- Application-related incident
D- Server-related incident

Answer:
B

Explanation:
Michael's activities, which involve analyzing file systems, slack spaces, and metadata of storage
units to find hidden malware and evidence of malice, indicate that he is handling a storage-
related cloud security incident. This type of incident pertains to unauthorized access, alteration,
or exfiltration of data stored in cloud environments. By focusing on the storage aspects such as
file systems and metadata, Michael is looking for signs of compromise that specifically affect the
storage of data, which is indicative of a storage-related security incident in the cloud. Reference:
Incident Handler (ECIH v3) certification materials cover the various types of cloud security
incidents, detailing how to detect and respond to them, including those related to storage where
sensitive data might be targeted or compromised.
 dumpssheet 212-89 QUESTIONS BY Ellis 06-06-2022 8QA - Page 9

To Get Premium Files for 212-89 Visit

https://www.p2pexams.com/products/212-89

For More Free Questions Visit

https://www.p2pexams.com/eccouncil/pdf/212-89