Get Instant Access of 100% REAL 212-89 DUMP Pass Your Exam Easily [Q67-Q92]

Share

Get Instant Access of 100% REAL 212-89 DUMP Pass Your Exam Easily

212-89 Free Exam Questions with Quality Guaranteed


The ECIH certification exam is based on the latest version of the ECIH v2 courseware. 212-89 courseware covers a wide range of topics such as incident handling process, incident handling procedures, communication and documentation, and various types of incidents, including network security incidents, web application security incidents, and malware incidents. 212-89 courseware also covers the legal and ethical issues related to incident handling and response.


Exam Overview

EC-Council 212-89 is a 3-hour test consisting of 100 questions. The potential candidates must understand the details of different topics covered in the exam before attempting it. The highlights of the scope of the domains that should be studied during your preparation are enumerated below:

  • Application Level Incidents: This part covers 8% of the whole content and measures the skills of the individuals in web application vulnerabilities & threats, eradication of web apps, and web attack;
  • Insider Threats: Here, you need to have the skills in insider threats, employee monitoring tools, detecting & preventing insider threats, and eradication. It covers 7% of the entire content;
  • Email Security Incidents: The next domain covers one’s skills in different areas, including phishing email, email incidents, deceptive & suspicious email, and email security. It comes with 10% of the exam questions;
  • Process Handling: This area covers 14% of the exam questions and focuses on incident handling & response, security auditing, incident readiness, eradication & recovery, forensic investigation, and security incidents;
  • Network & Mobile Incidents: This module focuses on 16% of the exam content and covers the skill areas related to network attacks, eradication of mobile incidents and recovery, denial-of-service, mobile platform risks & vulnerabilities, wireless network, inappropriate usage, and unauthorized access;
  • Malware Incidents: This subject area makes up 8% of the exam questions and focuses on malicious code, malware incident triage, and malware;
  • Incident Handling & Response: This topic focuses on information security, threat intelligence, computer security, security policies, incident handling, and risk management. It makes up 16% of the exam content;

The ECIH v2 certification exam is recognized globally and is highly respected in the cybersecurity industry. EC Council Certified Incident Handler (ECIH v2) certification exam is designed to meet the needs of both individuals and organizations, providing individuals with the necessary skills and knowledge to effectively manage and respond to cybersecurity incidents, while also providing organizations with the assurance that their cybersecurity professionals are well-trained and capable of handling any cybersecurity incident that may arise.

 

NEW QUESTION # 67
Quantitative risk is the numerical determination of the probability of an adverse event and the extent of the
losses due to the event. Quantitative risk is calculated as:

  • A. (Loss) / (Probability of Loss)
  • B. Significant Risks X Probability of Loss X Loss
  • C. (Probability of Loss) / (Loss)
  • D. (Probability of Loss) X (Loss)

Answer: D


NEW QUESTION # 68
An attacker uncovered websites a target individual was frequently Suring. The attacker then tested those particular websites to identify possible vulnerabilities. After detecting vulnerabilities within a website, the attacker started injecting malicious script/code into the web application that would redirect the webpage and download the malware on to the victim's machine. After infecting the vulnerable web application, the attacker waited for the victim to access the infected web application. Identify the type of attack performed by the attacker.

  • A. Watering hole
  • B. Directory traversal
  • C. Obfuscation application
  • D. Cookie/Session poisoning

Answer: D


NEW QUESTION # 69
The policy that defines which set of events needs to be logged in order to capture and review the important
data in a timely manner is known as:

  • A. Logging policy
  • B. Evidence Collection policy
  • C. Audit trail policy
  • D. Documentation policy

Answer: A


NEW QUESTION # 70
A software application in which advertising banners are displayed while the program is running that delivers ads to display pop-up windows or bars that appears on a computer screen or browser is called:

  • A. adware (spelled all lower case)
  • B. Trojan
  • C. Worm
  • D. Virus
  • E. RootKit

Answer: A


NEW QUESTION # 71
A software application in which advertising banners are displayed while the program is running that delivers
ads to display pop-up windows or bars that appears on a computer screen or browser is called:

  • A. adware (spelled all lower case)
  • B. Trojan
  • C. Worm
  • D. Virus
  • E. RootKit

Answer: A


NEW QUESTION # 72
Incident prioritization must be based on:

  • A. Current damage
  • B. All the above
  • C. Criticality of affected systems
  • D. Potential impact

Answer: B


NEW QUESTION # 73
Business Continuity provides a planning methodology that allows continuity in business operations:

  • A. Before and after a disaster
  • B. Before, during and after a disaster
  • C. During and after a disaster
  • D. Before a disaster

Answer: B


NEW QUESTION # 74
A Malicious code attack using emails is considered as:

  • A. Multiple component attack
  • B. Inappropriate usage incident
  • C. Email attack
  • D. Malware based attack

Answer: A


NEW QUESTION # 75
Eric works as a system administrator at ABC organization and previously granted several users with access privileges to the organizations systems with unlimited permissions. These privileged users could prospectively misuse their rights unintentionally, maliciously, or could be deceived by attackers that could trick them to perform malicious activities.
Which of the following guidelines would help incident handlers eradicate insider at tacks by privileged users?

  • A. Do not enable default administrative accounts to ensure accountability
  • B. Do not use encryption methods to prevent administrators and privileged users from accessing backup tapes and sensitive information
  • C. Do not allow administrators to use unique accounts during the installation process
  • D. Do not control the access to administrators and privileged users

Answer: A


NEW QUESTION # 76
Which of the following is not a best practice to eliminate the possibility of insider attacks?

  • A. Disabling users from install ng unauthorized software or accessing malicious websites using the corporate network
  • B. Implementing secure backup and disaster recovery processes for business continuity
  • C. Monitoring employee behaviors and computer systems used by employees
  • D. Always leave business details over voicemail or email messages

Answer: B


NEW QUESTION # 77
Which of the following types of digital evidence is temporarily stored in a digital device that requires constant power supply and is deleted if the power supply is interrupted?

  • A. Event logs
  • B. Slack space
  • C. Swap file
  • D. Process memory

Answer: D


NEW QUESTION # 78
Spyware tool used to record malicious user's computer activities and keyboard stokes is called:

  • A. Firewall
  • B. adware
  • C. Rootkit
  • D. Keylogger

Answer: D


NEW QUESTION # 79
While analyzing a file, Ryan discovered that an attacker used an anti-forensics method, wherein the attacker embedded a hidden message inside an image file.
What type of method is this?

  • A. Golden ticket
  • B. Steganography
  • C. Program packers
  • D. Password protection

Answer: B


NEW QUESTION # 80
An information security policy must be:

  • A. All the above
  • B. Enforceable and Regularly updated
  • C. Distributed and communicated
  • D. Written in simple language

Answer: A


NEW QUESTION # 81
The ability of an agency to continue to function even after a disastrous event, accomplished through the
deployment of redundant hardware and software, the use of fault tolerant systems, as well as a solid backup
and recovery strategy is known as:

  • A. Disaster Planning
  • B. Business Continuity
  • C. Business Continuity Plan
  • D. Contingency Planning

Answer: B


NEW QUESTION # 82
Alexis works as an incident responder at XYZ organization. She was asked to identify and attribute the actors behind an attack that occurred recently. For this purpose, she is performing a type of threat attribution that deals with the identification of a specific person, society, or country sponsoring a well-planned and executed intrusion or attack on its target.
Which of the following types of threat attributions is Alexis performing?

  • A. True attribution
  • B. Nation-state attribution
  • C. Campaign attribution
  • D. Intrusion-set attribution

Answer: A


NEW QUESTION # 83
Which of the following techniques against insider threats identifies events that are related to suspicious activity?

  • A. Normalization
  • B. Anomaly detection
  • C. Pattern discovery
  • D. Correlation

Answer: B


NEW QUESTION # 84
XYZ Inc. was affected by a malware attack and James, being the incident handling and response (IH&R) team personnel handling the incident, found out that the root cause of the incident is a backdoor that has bypassed the security perimeter due to an existing vulnerability in the deployed firewall. James had contained the spread of the infection and removed the malware completely. Now the organization asked him to perform an incident impact assessment to identify the impact of the incident over the organization and he was also asked to prepare a detailed report of the incident.
Which of the following stages in IH&R process is James working on?

  • A. Post-incident activities
  • B. Eradication
  • C. Notification
  • D. Evidence gathering and forensics analysis

Answer: A


NEW QUESTION # 85
Identify a standard national process which establishes a set of activities, general tasks and a management structure to certify and accredit systems that will maintain the information assurance (IA) and security posture of a system or site.

  • A. NIPACP
  • B. NIASAP
  • C. NIAAAP
  • D. NIACAP

Answer: D


NEW QUESTION # 86
A malicious security-breaking code that is disguised as any useful program that installs an executable
programs when a file is opened and allows others to control the victim's system is called:

  • A. Worm
  • B. Virus
  • C. RootKit
  • D. Trojan

Answer: D

Explanation:
Explanation


NEW QUESTION # 87
SWA Cloud Services added PK las one of their cloud security controls.
What does PKI stand for?

  • A. Private key infrastructure
  • B. Public key infrastructure
  • C. Private key information
  • D. Public key information

Answer: B


NEW QUESTION # 88
In a DDoS attack, attackers first infect multiple systems, which are then used to attack a particular target directly. Those systems are called:

  • A. Relays
  • B. Honey Pots
  • C. Handlers
  • D. Zombies

Answer: D


NEW QUESTION # 89
Which of the following is a written or textual record of an event that usually includes a timestamp, responsible party, and action?

  • A. Log
  • B. Network hunt
  • C. Packet capture
  • D. Boolean expression

Answer: A


NEW QUESTION # 90
Incident handling and response steps help you to detect, identify, respond and manage an incident. Which of the following steps focus on limiting the scope and extent of an incident?

  • A. Containment
  • B. Data collection
  • C. Eradication
  • D. Identification

Answer: A


NEW QUESTION # 91
Smith employs various malware detection techniques to thoroughly examine the network and its systems for suspicious and malicious malware files.
Among all techniques, which one involves analyzing the memory dumps or binary codes for the traces of malware?

  • A. Live system
  • B. Static analysis
  • C. Dynamic analysis
  • D. Intrusion analysis

Answer: B


NEW QUESTION # 92
......

212-89 Free Exam Files Downloaded Instantly: https://www.prepawaypdf.com/EC-COUNCIL/212-89-practice-exam-dumps.html

Practice Exams and Training Solutions for Certifications: https://drive.google.com/open?id=1MY2cBA_0aKwYmL8NO1UxG4hJXVyaeVO6