• Home
  • Articles
  • Brilliant 212-89 Exam Dumps Get 212-89 Dumps PDF [Q54-Q76]

Brilliant 212-89 Exam Dumps Get 212-89 Dumps PDF [Q54-Q76]

Share

Brilliant 212-89 Exam Dumps Get 212-89 Dumps PDF

212-89 Dumps PDF - 212-89 Real Exam Questions Answers

NEW QUESTION # 54
Mike is an incident handler for PNP Infosystems Inc. One day, there was a ticket submitted regarding a critical incident and Mike was assigned to handle the incident. During the process of incident handling, at one stage, he performed incident analysis and validation to check whether the incident is a genuine incident or a false positive.
Identify the stage he is currently in.

  • A. Incident disclosure
  • B. Incident recording and assignment
  • C. Incident triage
  • D. Post-incident activities

Answer: C


NEW QUESTION # 55
Chandler is a professional hacker who is targeting an organization called Technote. He wants to obtain important organizational information that is being transmitted between different hierarchies. In the process, he is sniff ng the data packets transmitted through the network and then analyzing them to gather packet details such as network, ports, protocols, devices, issues in network transmission, and other network specifications.
Which of the following tools would Chandler employ to perform packet analysis?

  • A. Omni peek
  • B. BeEf
  • C. IDA Pro
  • D. Sharp

Answer: A


NEW QUESTION # 56
A malicious security-breaking code that is disguised as any useful program that installs an executable
programs when a file is opened and allows others to control the victim's system is called:

  • A. Trojan
  • B. RootKit
  • C. Worm
  • D. Virus

Answer: A

Explanation:
Explanation


NEW QUESTION # 57
Matt is an incident handler working for one of the largest social network companies, which was affected by malware. According to the company's reporting timeframe guidelines, a malware incident should be reported within 1 h of discovery/detection after its spread across the company.
Which category does this incident belong to?

  • A. CAT 4
  • B. CAT 3
  • C. CAT 1
  • D. CAT 2

Answer: B


NEW QUESTION # 58
If the browser does not expire the session when the user fails to logout properly, which of the following OWASP Top 10 web vulnerabilities is caused?

  • A. A2: Broken authentication
  • B. A5: Broken access control
  • C. A7: Cross-site scripting
  • D. A3: Sensitive data exposure

Answer: A


NEW QUESTION # 59
US-CERT and Federal civilian agencies use the reporting timeframe criteria in the federal agency reporting categorization. What is the timeframe required to report an incident under the CAT 4 Federal Agency category?

  • A. Within four (4) hours of discovery/detection if the successful attack is still ongoing and agency is unable to successfully mitigate activity
  • B. Monthly
  • C. Weekly
  • D. Within two (2) hours of discovery/detection

Answer: C


NEW QUESTION # 60
Network Ned is the security administrator for a company. He is going to place the company's new web server into production.
Into which of the following zones should he place the server to best protect the company's network?

  • A. Sandbox
  • B. DMZ
  • C. Honeypot
  • D. Intranet

Answer: D


NEW QUESTION # 61
The Malicious code that is installed on the computer without user's knowledge to acquire information from the user's machine and send it to the attacker who can access it remotely is called:

  • A. Worm
  • B. Trojan
  • C. Spyware
  • D. Logic Bomb

Answer: C


NEW QUESTION # 62
The main difference between viruses and worms is:

  • A. Viruses require a host file to propagate while Worms don't
  • B. Worms require a host file to propagate while viruses don't
  • C. Viruses and worms are common names for the same malware
  • D. Viruses don't require user interaction; they are self-replicating malware

Answer: A


NEW QUESTION # 63
Contingency planning enables organizations to develop and maintain effective methods to handle emergencies. Every organization will have its own specific requirements that the planning should address. There are five major components of the IT contingency plan, namely supporting information, notification activation, recovery and reconstitution and plan appendices. What is the main purpose of the reconstitution plan?

  • A. To provide the introduction and detailed concept of the contingency plan
  • B. To define the notification procedures, damage assessments and offers the plan activation
  • C. To restore the original site, tests systems to prevent the incident and terminates operations
  • D. To provide a sequence of recovery activities with the help of recovery procedures

Answer: C


NEW QUESTION # 64
An audit trail policy collects all audit trails such as series of records of computer events, about an operating system, application or user activities. Which of the following statements is NOT true for an audit trail policy:

  • A. It helps in compliance to various regulatory laws, rules,and guidelines
  • B. It helps tracking individual actions and allows users to be personally accountable for their actions
  • C. It helps in reconstructing the events after a problem has occurred
  • D. It helps calculating intangible losses to the organization due to incident

Answer: D


NEW QUESTION # 65
James has been appointed as an incident handing and response (IH&R) team lead and was assigned to build an IH&R plan and his own team in the company. Identify the IH&R process step James is currently working on.

  • A. Recovery
  • B. Eradication
  • C. Preparation
  • D. Notification

Answer: C


NEW QUESTION # 66
Which of the following tools helps incident handlers to view the filesystem, retrieve deleted data, perform timeline analysis, web art facts, etc., during an incident response process?

  • A. netstat
  • B. nbtstat
  • C. Process Explorer
  • D. Autopsy

Answer: D


NEW QUESTION # 67
Which of the following details are included in the evidence bags?

  • A. Software version information and web application source code
  • B. Error messages that contain sensitive information and files containing passwords
  • C. Sensitive directories, personal, and organizational email address
  • D. Date and time of seizure, exhibit number, and name of incident responder

Answer: D


NEW QUESTION # 68
Rossi san incident manager (IM) and his team provides support to all users in the organization that are affected by the threat or attack. David, who is the organizational internal auditor, is also part of the Ross's incident response team.
Among the following duties, identify one of the responsibilities of David.

  • A. Configure information security controls
  • B. Coordinate incident containment activities with the information security officer (ISO)
  • C. Identify and report security loopholes to management for necessary action
  • D. Preform the necessary action required to block the network traffic from the suspected intruder

Answer: C


NEW QUESTION # 69
Tibs on works as an incident responder for MNC based in Singapore. He is investigating a web application security incident recently faced by the company. The attack is performed on a MSSQL Server hosted by the company. In the detection and analysis phase, he used regular expressions to analyze and detect SQL meta-characters that led to SQL injection attack. Identify the regular expression used by Tibs on to detect SQL injection attack on MSSQL Server.

  • A. ((\%3C) <) (\%2F) /) *(script) (\%3E) >)
  • B. /exec(\s|\+) +(s|x) p\w+/ix
  • C. ((\.1%2E)\.1%2E)(V%2FN|%5C))
  • D. ((\A.W)(\.A.V))

Answer: B


NEW QUESTION # 70
An information security policy must be:

  • A. Distributed and communicated
  • B. Enforceable and Regularly updated
  • C. Written in simple language
  • D. All the above

Answer: D


NEW QUESTION # 71
Shiela is working at night as an incident handler. During a shit, servers were affected by a massive cyber-attack. After she classified and prioritized the incident, she must report the incident, obtain necessary permissions, and perform other incident response functions.
What list should she check to notify other responsible personnel?

  • A. Point of contact
  • B. Email list
  • C. Phone number list
  • D. HR logbook

Answer: A


NEW QUESTION # 72
Which among the following CERTs is an Internet provider to higher education institutions and various other research institutions in the Netherlands and deals with all cases related to computer security incidents in which a customer is involved either as a victim or as a suspect?

  • A. NET-CERT
  • B. DFN-CERT
  • C. Funet CERT
  • D. SURFnet-CERT

Answer: D


NEW QUESTION # 73
Alexis an incident handler in QWERTY Company. He identified that an attacker created a backdoor inside the company's network by installing a fake AP inside a firewall.
Which of the following attack types did the attacker use?

  • A. AP misconfiguration
  • B. Rogue access point
  • C. Wardriving
  • D. Ad hoc associations

Answer: B


NEW QUESTION # 74
Which of the following terms refers to an organization's ability to make optimal use of digital evidence in a limited period of time and with minimal investigation costs?

  • A. Data analysis
  • B. Threat assessment
  • C. Forensic readiness
  • D. Risk assessment

Answer: C


NEW QUESTION # 75
Which of the following types of fuzz testing strategies does new data get generated from scratch, and the amount of data generated is predefined based on the testing model?

  • A. Mutation-based fuzz testing
  • B. Protocol-based fuzz testing
  • C. Log-based fuzz testing
  • D. Generation-based fuzz testing

Answer: D


NEW QUESTION # 76
......

Valid 212-89 Test Answers & EC-COUNCIL 212-89 Exam PDF: https://certtree.2pass4sure.com/ECIH-Certification/212-89-actual-exam-braindumps.html

Related Articles

more
EC-COUNCIL 212-89 Certification Practice Exam