• Home
  • Articles
  • [Mar-2024] 212-89 exam torrent EC-COUNCIL study guide [Q38-Q62]

[Mar-2024] 212-89 exam torrent EC-COUNCIL study guide [Q38-Q62]

Share

[Mar-2024] 212-89 exam torrent EC-COUNCIL study guide

Use Valid New 212-89 Test Notes & 212-89 Valid Exam Guide

NEW QUESTION # 38
Alexis is working as an incident responder in XYZ organization. She was asked to identify and attribute the actors behind an attack that took place recently. In order to do so, she is performing threat attribution that deals with the identification of the specific person, society, or country sponsoring a well-planned and executed intrusion or attack on its target.
Which of the following types of threat attributions has Alexis performed?

  • A. Campaign attribution
  • B. Nation-state attribution
  • C. True attribution
  • D. Intrusion-set attribution

Answer: B


NEW QUESTION # 39
Identify the network security incident where intended authorized users are prevented from using system, network, or applications by flooding the network with high volume of traffic that consumes all existing network resources.

  • A. URL Manipulation
  • B. SQL Injection
  • C. XSS Attack
  • D. Denial of Service Attack

Answer: D


NEW QUESTION # 40
Authorized users with privileged access who misuse the corporate informational assets and directly affects the confidentiality, integrity, and availability of the assets are known as:

  • A. Outsider threats
  • B. Social Engineers
  • C. Insider threats
  • D. Zombies

Answer: C


NEW QUESTION # 41
Which of the following encoding techniques replaces unusual ASCII characters with "%" followed by the character's two-digit ASCII code expressed in hexadecimal?

  • A. Unicode encoding
  • B. HTML encoding
  • C. URL encoding
  • D. Base 64 encoding

Answer: C


NEW QUESTION # 42
BadGuy Bob hid files in the slack space, changed the file headers, hid suspicious files in executables, and changed the metadata for all types of files on his hacker laptop.
What has he committed?

  • A. Anti-forensics
  • B. Felony
  • C. Adversarial mechanics
  • D. Legal hostility

Answer: A


NEW QUESTION # 43
Identify the malicious program that is masked as a genuine harmless program and gives the attacker unrestricted access to the users information and system. These programs may unleash dangerous programs that may erase the unsuspecting user's disk and send the victim's credit card numbers and passwords to a stranger.

  • A. Trojan
  • B. Worm
  • C. Virus
  • D. Adware

Answer: A


NEW QUESTION # 44
Which of the following is NOT a network forensic tool?

  • A. Advanced NTFS Journaling Parser
  • B. Caps a Network Analyzer
  • C. Tcpdump
  • D. Wire shark

Answer: A


NEW QUESTION # 45
Which of the following describes the introduction of malicious programs on to a device connected to a campus network (Trojan horse, email bombs, virus, etc.)?

  • A. Inappropriate usage
  • B. Network access
  • C. Authorized access
  • D. Unauthorized access

Answer: B


NEW QUESTION # 46
Multiple component incidents consist of a combination of two or more attacks in a system.
Which of the following is not a multiple component incident?

  • A. An attacker infecting a machine to launch a DDoS attack
  • B. An attacker using email with malicious code to infect internal workstation
  • C. An attacker redirecting user to a malicious website and infects his system with Trojan
  • D. An insider intentionally deleting files from a workstation

Answer: D


NEW QUESTION # 47
Digital evidence plays a major role in prosecuting cyber criminals. John is a cyber-crime investigator, is asked to investigate a child pornography case. The personal computer of the criminal in question was confiscated by the county police. Which of the following evidence will lead John in his investigation?

  • A. Web browser history
  • B. SAM file
  • C. Routing table list
  • D. Web serve log

Answer: A


NEW QUESTION # 48
If a hacker cannot find any other way to attack an organization, they can influence an employee or a disgruntled staff member.
What type of threat is this?

  • A. Footprinting
  • B. Phishing attack
  • C. Insider attack
  • D. Identity the t

Answer: C


NEW QUESTION # 49
Francis is an incident handler and security expert. He works at Morison Tech Solutions based in Sydney, Australia. He was assigned a task to detect phishing/spam mails for the client organization.
Which of the following tools can assist Francis to perform the required task?

  • A. BT Crack
  • B. Nessus
  • C. Cain and Abel
  • D. Netcraft

Answer: D


NEW QUESTION # 50
A computer forensic investigator must perform a proper investigation to protect digital evidence. During the investigation, an investigator needs to process large amounts of data using a combination of automated and manual methods. Identify the computer forensic process involved:

  • A. Collection
  • B. Examination
  • C. Analysis
  • D. Preparation

Answer: B


NEW QUESTION # 51
What is correct about Quantitative Risk Analysis:

  • A. Uses levels and descriptive expressions
  • B. Better than Qualitative Risk Analysis
  • C. It is Subjective but faster than Qualitative Risk Analysis
  • D. Easily automated

Answer: D


NEW QUESTION # 52
The flow chart gives a view of different roles played by the different personnel of CSIRT. Identify the incident response personnel denoted by A, B, C, D, E, F and G.

  • A. A- Incident Manager, B-Incident Analyst, C- Public Relations, D-Administrator, E- Human Resource, F-Constituency, G-Incident Coordinator
  • B. A- Incident Coordinator, B- Constituency, C-Administrator, D-Incident Manager, E- Human Resource, F-Incident Analyst, G-Public relations
  • C. A- Incident Coordinator, B-Incident Analyst, C- Public Relations, D-Administrator, E- Human Resource, F-Constituency, G-Incident Manager
  • D. A-Incident Analyst, B- Incident Coordinator, C- Public Relations, D-Administrator, E- Human Resource, F-Constituency, G-Incident Manager

Answer: B


NEW QUESTION # 53
The correct sequence of Incident Response and Handling is:

  • A. Incident Identification, recording, initial response, containment and communication
  • B. Incident Identification, recording, initial response, communication and containment
  • C. Incident Identification, initial response, communication, recording and containment
  • D. Incident Identification, communication, recording, initial response and containment

Answer: B


NEW QUESTION # 54
Michael is an incident handler at CyberTech Solutions. He is performing detection and analysis of a cloud security incident. He is also analyzing the file systems, slack spaces, and metadata within the storage units to find hidden malware and evidence of malice.
Identify the cloud security incident handled by Michael:

  • A. Server-related incident
  • B. Application-related incident
  • C. Storage-related incident
  • D. Network-related incident

Answer: C


NEW QUESTION # 55
A security policy will take the form of a document or a collection of documents, depending on the situation or usage. It can become a point of reference in case a violation occurs that results in dismissal or other penalty. Which of the following is NOT true for a good security policy?

  • A. It must be implemented through system administration procedures, publishing of acceptable use guide lines or other appropriate methods
  • B. It must be enforceable with security tools where appropriate and with sanctions where actual prevention is not technically feasible
  • C. It must be approved by court of law after verifications of the stated terms and facts
  • D. It must clearly define the areas of responsibilities of the users, administrators and management

Answer: C


NEW QUESTION # 56
One of your coworkers just sent you an email. She wonders if it is real, a part of your phishing campaign, a real phishing attack, or a mistake. One of the things you want to know is where the email originated from.
Where would you check in the email message to find that information?

  • A. The user's received report
  • B. Email's received report
  • C. Inbox digest
  • D. Email headers

Answer: D


NEW QUESTION # 57
A Host is infected by worms that propagates through a vulnerable service; the sign(s) of the presence of the
worm include:

  • A. System becomes instable or crashes
  • B. Decrease in network usage
  • C. All the above
  • D. Established connection attempts targeted at the vulnerable services

Answer: A


NEW QUESTION # 58
Which of the following is not a best practice to eliminate the possibility of insider attacks?

  • A. Disabling users from install ng unauthorized software or accessing malicious websites using the corporate network
  • B. Always leave business details over voicemail or email messages
  • C. Implementing secure backup and disaster recovery processes for business continuity
  • D. Monitoring employee behaviors and computer systems used by employees

Answer: C


NEW QUESTION # 59
In NIST risk assessment/ methodology; the process of identifying the boundaries of an IT system along with the resources and information that constitute the system is known as:

  • A. Asset valuation
  • B. Asset Identification
  • C. System classification
  • D. System characterization

Answer: D


NEW QUESTION # 60
Which of the following is the ECIH phase that involves removing or eliminating the root cause of an incident and closing all attack vectors to prevent similar incidents in the future?

  • A. Recovery
  • B. Containment
  • C. Eradication
  • D. Vulnerability management phase

Answer: C


NEW QUESTION # 61
What is the most recent NIST standard for incident response?

  • A. 800-61r2
  • B. 800-53r3
  • C. 800-61r3
  • D. 800-171r2

Answer: A


NEW QUESTION # 62
......

212-89 Exam questions and answers: https://www.freecram.com/EC-COUNCIL-certification/212-89-exam-dumps.html

212-89 Actual Questions Answers PDF 100% Cover Real Exam Questions: https://drive.google.com/open?id=1UPkXzOXWnaFxipYu92HL7JiEPV3Ort8q

Related Articles

more
Go To 212-89 Questions
0
0
0
10