
[Jan 31, 2022] Fully Updated ECIH Certification (212-89) Certification Sample Questions
Latest EC-COUNCIL 212-89 Real Exam Dumps PDF
NEW QUESTION 20
Risk is defined as the probability of the occurrence of an incident. Risk formulation generally begins with the likeliness of an event's occurrence, the harm it may cause and is usually denoted as Risk = ∑(events)X(Probability of occurrence)X?
- A. Magnitude
- B. Significance
- C. Consequences
- D. Probability
Answer: A
NEW QUESTION 21
One of the main objectives of incident management is to prevent incidents and attacks by tightening the physical security of the system or infrastructure. According to CERT's incident management process, which stage focuses on implementing infrastructure improvements resulting from postmortem reviews or other process improvement mechanisms?
- A. Protection
- B. Detection
- C. Preparation
- D. Triage
Answer: A
NEW QUESTION 22
An adversary attacks the information resources to gain undue advantage is called:
- A. Electronic Warfare
- B. Offensive Information Warfare
- C. Defensive Information Warfare
- D. Conventional Warfare
Answer: B
NEW QUESTION 23
An incident is analyzed for its nature, intensity and its effects on the network and systems. Which stage of the
incident response and handling process involves auditing the system and network log files?
- A. Incident recording
- B. Reporting
- C. Containment
- D. Identification
Answer: D
NEW QUESTION 24
An audit trail policy collects all audit trails such as series of records of computer events, about an operating system, application or user activities. Which of the following statements is NOT true for an audit trail policy:
- A. It helps in reconstructing the events after a problem has occurred
- B. It helps tracking individual actions and allows users to be personally accountable for their actions
- C. It helps calculating intangible losses to the organization due to incident
- D. It helps in compliance to various regulatory laws, rules,and guidelines
Answer: C
NEW QUESTION 25
An incident recovery plan is a statement of actions that should be taken before, during or after an incident. Identify which of the following is NOT an objective of the incident recovery plan?
- A. Avoiding the legal liabilities arising due to incident
- B. Providing assurance that systems are reliable
- C. Creating new business processes to maintain profitability after incident
- D. Providing a standard for testing the recovery plan
Answer: C
NEW QUESTION 26
In the Control Analysis stage of the NIST's risk assessment methodology, technical and none technical control
methods are classified into two categories. What are these two control categories?
- A. Preventive and Detective controls
- B. Predictive and Detective controls
- C. Detective and Disguised controls
- D. Preventive and predictive controls
Answer: A
NEW QUESTION 27
Preventing the incident from spreading and limiting the scope of the incident is known as:
- A. Incident Classification
- B. Incident Containment
- C. Incident Eradication
- D. Incident Protection
Answer: B
NEW QUESTION 28
Installing a password cracking tool, downloading pornography material, sending emails to colleagues which irritates them and hosting unauthorized websites on the company's computer are considered:
- A. Network based attacks
- B. Unauthorized access attacks
- C. Inappropriate usage incidents
- D. Malware attacks
Answer: C
NEW QUESTION 29
Which of the following is NOT one of the techniques used to respond to insider threats:
- A. Preventing malicious users from accessing unclassified information
- B. Blocking malicious user accounts
- C. Disabling the computer systems from network connection
- D. Placing malicious users in quarantine network, so that attack cannot be spread
Answer: A
NEW QUESTION 30
Common name(s) for CSIRT is(are)
- A. Incident Response Team (IRT)
- B. Security Incident Response Team (SIRT)
- C. Incident Handling Team (IHT)
- D. All the above
Answer: D
NEW QUESTION 31
The process of rebuilding and restoring the computer systems affected by an incident to normal operational stage including all the processes, policies and tools is known as:
- A. Incident Recovery
- B. Incident Handling
- C. Incident Management
- D. Incident Response
Answer: A
NEW QUESTION 32
When an employee is terminated from his or her job, what should be the next immediate step taken by an organization?
- A. All access rights of the employee to physical locations, networks, systems, applications and data should be disabled
- B. The organization should enforce separation of duties
- C. The access requests granted to an employee should be documented and vetted by the supervisor
- D. The organization should monitor the activities of the system administrators and privileged users who have permissions to access the sensitive information
Answer: A
NEW QUESTION 33
An adversary attacks the information resources to gain undue advantage is called:
- A. Electronic Warfare
- B. Offensive Information Warfare
- C. Defensive Information Warfare
- D. Conventional Warfare
Answer: B
Explanation:
Explanation/Reference:
NEW QUESTION 34
Incident handling and response steps help you to detect, identify, respond and manage an incident. Which of the following steps focus on limiting the scope and extent of an incident?
- A. Identification
- B. Eradication
- C. Containment
- D. Data collection
Answer: C
NEW QUESTION 35
The ability of an agency to continue to function even after a disastrous event, accomplished through the deployment of redundant hardware and software, the use of fault tolerant systems, as well as a solid backup and recovery strategy is known as:
- A. Business Continuity
- B. Disaster Planning
- C. Contingency Planning
- D. Business Continuity Plan
Answer: A
NEW QUESTION 36
Which of the following is a correct statement about incident management, handling and response:
- A. Incident handling is on the functions provided by incident response
- B. Triage is one of the services provided by incident response
- C. Incident response is on the functions provided by incident handling
- D. Incident response is one of the services provided by triage
Answer: C
NEW QUESTION 37
The sign(s) of the presence of malicious code on a host infected by a virus which is delivered via e-mail could
be:
- A. Increase in the number of e-mails sent and received
- B. Antivirus software detects the infected files
- C. System files become inaccessible
- D. All the above
Answer: D
NEW QUESTION 38
An access control policy authorized a group of users to perform a set of actions on a set of resources. Access to resources is based on necessity and if a particular job role requires the use of those resources. Which of the following is NOT a fundamental element of access control policy
- A. Access group: group of users to which the policy applies
- B. Action group: group of actions performed by the users on resources
- C. Resource group: resources controlled by the policy
- D. Development group: group of persons who develop the policy
Answer: D
NEW QUESTION 39
Authorized users with privileged access who misuse the corporate informational assets and directly affects the
confidentiality, integrity, and availability of the assets are known as:
- A. Zombies
- B. Insider threats
- C. Outsider threats
- D. Social Engineers
Answer: B
NEW QUESTION 40
Identify a standard national process which establishes a set of activities, general tasks and a management structure to certify and accredit systems that will maintain the information assurance (IA) and security posture of a system or site.
- A. NIAAAP
- B. NIASAP
- C. NIACAP
- D. NIPACP
Answer: C
NEW QUESTION 41
Which of the following can be considered synonymous:
- A. Threat and Threat Agent
- B. Hazard and Threat
- C. Precaution and countermeasure
- D. Vulnerability and Danger
Answer: B
NEW QUESTION 42
What command does a Digital Forensic Examiner use to display the list of all open ports and the associated IP
addresses on a victim computer to identify the established connections on it:
- A. "netstat -an" command
- B. "dd" command
- C. "ifconfig" command
- D. "arp" command
Answer: A
NEW QUESTION 43
......
There are some steps to apply for ECCouncil 212-89 Exam
In order to apply for the ECCouncil 212-89, You have to follow
EC-COUNCIL 212-89 Dumps - Secret To Pass in First Attempt: https://www.exam-killer.com/212-89-valid-questions.html
212-89 Practice Test Questions Updated 165 Questions: https://drive.google.com/open?id=13UP2I77paSi_HfucmB-X16rrNE6t0NJR

