• Home
  • Articles
  • 212-89 Dumps with Practice Exam Questions Answers [Q67-Q90]

212-89 Dumps with Practice Exam Questions Answers [Q67-Q90]

Share

212-89 Dumps with Practice Exam Questions Answers

212-89 by ECIH Certification Actual Free Exam Practice Test


The EC-Council Certified Incident Handler (ECIH) 212-89 is an exam that prepares you for handling incidents in various information systems. It prepares you for security plans and policies to deal with incidents with efficiency & effectiveness in a time-constrained environment to decrease the effect of those incidents. This test leads you to the ECIH certification that will allow you to work as an Incident Handler and work in incident response frameworks. So, if you want to excel in the information security environment, the EC-Council Certified Incident Handler certification exam is a must for you. It will be the best gateway to a high-paying job and a good working environment, where you can work with other EC-Council specialists.


ECCouncil 212-89 Exam

The Incident Manager Certification certified by the EC Council is designed to provide the fundamental skills to manage and respond to cybersecurity incidents in an information system. A certified accident controller is a qualified professional who can handle various types of accidents, risk assessment methodologies, and various accident management laws and policies. A certified incident controller will be capable to generate an incident response and management policies and control various types of computer security incidents, such as network security incidents, malicious code incidents, and threats of internal attacks.

 

NEW QUESTION 67
The process of rebuilding and restoring the computer systems affected by an incident to normal operational stage including all the processes, policies and tools is known as:

  • A. Incident Handling
  • B. Incident Response
  • C. Incident Recovery
  • D. Incident Management

Answer: C

 

NEW QUESTION 68
To recover, analyze, and preserve computer and related materials in such a way that it can be presented as evidence in a court of law and identify the evidence in short time, estimate the potential impact of the malicious activity on the victim, and assess the intent and identity of the perpetrator is known as:

  • A. Digital Forensic Analysis
  • B. Forensic Readiness
  • C. Computer Forensics
  • D. Digital Forensic Examiner

Answer: A

 

NEW QUESTION 69
The data on the affected system must be backed up so that it can be retrieved if it is damaged during incident response. The system backup can also be used for further investigations of the incident. Identify the stage of the incident response and handling process in which complete backup of the infected system is carried out?

  • A. Eradication
  • B. Incident investigation
  • C. Incident recording
  • D. Containment

Answer: D

 

NEW QUESTION 70
Which of the following is NOT a digital forensic analysis tool:

  • A. Access Data FTK
  • B. EAR/ Pilar
  • C. Helix
  • D. Guidance Software EnCase Forensic

Answer: B

 

NEW QUESTION 71
___________________ record(s) user's typing.

  • A. Malware
  • B. Virus
  • C. Spyware
  • D. adware

Answer: C

 

NEW QUESTION 72
A computer virus hoax is a message warning the recipient of non-existent computer virus. The message is usually a chain e-mail that tells the recipient to forward it to every one they know. Which of the following is NOT a symptom of virus hoax message?

  • A. The message prompts the end user to forward it to his / her e-mail contact list and gain monetary benefits in doing so
  • B. The message prompts the user to install Anti-Virus
  • C. The message from a known email id is caught by SPAM filters due to change of filter settings
  • D. The message warns to delete certain files if the user does not take appropriate action

Answer: A

 

NEW QUESTION 73
A threat source does not present a risk if NO vulnerability that can be exercised for a particular threat source. Identify the step in which different threat sources are defined:

  • A. Threat identification
  • B. Control analysis
  • C. Identification Vulnerabilities
  • D. System characterization

Answer: A

 

NEW QUESTION 74
A computer forensic investigator must perform a proper investigation to protect digital evidence. During the investigation, an investigator needs to process large amounts of data using a combination of automated and manual methods. Identify the computer forensic process involved:

  • A. Analysis
  • B. Collection
  • C. Examination
  • D. Preparation

Answer: C

 

NEW QUESTION 75
The Linux command used to make binary copies of computer media and as a disk imaging tool if given a raw
disk device as its input is:

  • A. "dd" command
  • B. "nslookup" command
  • C. "netstat" command
  • D. "find" command

Answer: A

Explanation:
Explanation/Reference:

 

NEW QUESTION 76
In a qualitative risk analysis, risk is calculated in terms of:

  • A. (Attack Success + Criticality ) -(Countermeasures)
  • B. Asset criticality assessment - (Risks and Associated Risk Levels)
  • C. (Countermeasures + Magnitude of Impact) - (Reports from prior risk assessments)
  • D. Probability of Loss X Loss

Answer: D

 

NEW QUESTION 77
One of the main objectives of incident management is to prevent incidents and attacks by tightening the physical security of the system or infrastructure. According to CERT's incident management process, which stage focuses on implementing infrastructure improvements resulting from postmortem reviews or other process improvement mechanisms?

  • A. Detection
  • B. Preparation
  • C. Protection
  • D. Triage

Answer: C

 

NEW QUESTION 78
Contingency planning enables organizations to develop and maintain effective methods to handle emergencies. Every organization will have its own specific requirements that the planning should address. There are five major components of the IT contingency plan, namely supporting information, notification activation, recovery and reconstitution and plan appendices. What is the main purpose of the reconstitution plan?

  • A. To provide a sequence of recovery activities with the help of recovery procedures
  • B. To provide the introduction and detailed concept of the contingency plan
  • C. To restore the original site, tests systems to prevent the incident and terminates operations
  • D. To define the notification procedures, damage assessments and offers the plan activation

Answer: C

 

NEW QUESTION 79
An audit trail policy collects all audit trails such as series of records of computer events, about an operating system, application or user activities. Which of the following statements is NOT true for an audit trail policy:

  • A. It helps tracking individual actions and allows users to be personally accountable for their actions
  • B. It helps in compliance to various regulatory laws, rules,and guidelines
  • C. It helps in reconstructing the events after a problem has occurred
  • D. It helps calculating intangible losses to the organization due to incident

Answer: D

 

NEW QUESTION 80
Computer forensics is methodical series of techniques and procedures for gathering evidence from computing
equipment, various storage devices and or digital media that can be presented in a course of law in a coherent
and meaningful format. Which one of the following is an appropriate flow of steps in the computer forensics
process:

  • A. Analysis > Preparation > Collection > Reporting > Examination
  • B. Examination> Analysis > Preparation > Collection > Reporting
  • C. Preparation > Analysis > Collection > Examination > Reporting
  • D. Preparation > Collection > Examination > Analysis > Reporting

Answer: D

 

NEW QUESTION 81
Which among the following CERTs is an Internet provider to higher education institutions and various other research institutions in the Netherlands and deals with all cases related to computer security incidents in which a customer is involved either as a victim or as a suspect?

  • A. Funet CERT
  • B. SURFnet-CERT
  • C. DFN-CERT
  • D. NET-CERT

Answer: B

 

NEW QUESTION 82
Computer Forensics is the branch of forensic science in which legal evidence is found in any computer or any digital media device. Of the following, who is responsible for examining the evidence acquired and separating the useful evidence?

  • A. Evidence Manager
  • B. Evidence Examiner/ Investigator
  • C. Evidence Supervisor
  • D. Evidence Documenter

Answer: B

 

NEW QUESTION 83
A threat source does not present a risk if NO vulnerability that can be exercised for a particular threat source.
Identify the step in which different threat sources are defined:

  • A. Threat identification
  • B. Control analysis
  • C. Identification Vulnerabilities
  • D. System characterization

Answer: A

 

NEW QUESTION 84
An incident recovery plan is a statement of actions that should be taken before, during or after an incident.
Identify which of the following is NOT an objective of the incident recovery plan?

  • A. Providing assurance that systems are reliable
  • B. Avoiding the legal liabilities arising due to incident
  • C. Providing a standard for testing the recovery plan
  • D. Creating new business processes to maintain profitability after incident

Answer: D

Explanation:
Explanation/Reference:

 

NEW QUESTION 85
Digital evidence plays a major role in prosecuting cyber criminals. John is a cyber-crime investigator, is asked to investigate a child pornography case. The personal computer of the criminal in question was confiscated by the county police. Which of the following evidence will lead John in his investigation?

  • A. Web serve log
  • B. SAM file
  • C. Routing table list
  • D. Web browser history

Answer: D

 

NEW QUESTION 86
What command does a Digital Forensic Examiner use to display the list of all open ports and the associated IP
addresses on a victim computer to identify the established connections on it:

  • A. "netstat -an" command
  • B. "ifconfig" command
  • C. "dd" command
  • D. "arp" command

Answer: A

 

NEW QUESTION 87
A computer Risk Policy is a set of ideas to be implemented to overcome the risk associated with computer security incidents. Identify the procedure that is NOT part of the computer risk policy?

  • A. Procedure for the ongoing training of employees authorized to access the system
  • B. Provisions for continuing support if there is an interruption in the system or if the system crashes
  • C. Procedure to identify security funds to hedge risk
  • D. Procedure to monitor the efficiency of security controls

Answer: A

 

NEW QUESTION 88
What is correct about Quantitative Risk Analysis:

  • A. Easily automated
  • B. Uses levels and descriptive expressions
  • C. Better than Qualitative Risk Analysis
  • D. It is Subjective but faster than Qualitative Risk Analysis

Answer: A

 

NEW QUESTION 89
Identify a standard national process which establishes a set of activities, general tasks and a management structure to certify and accredit systems that will maintain the information assurance (IA) and security posture of a system or site.

  • A. NIASAP
  • B. NIACAP
  • C. NIAAAP
  • D. NIPACP

Answer: B

 

NEW QUESTION 90
......


Exam Overview

The EC-Council 212-89 exam is delivered through the ECC Test Centers that are located around the world. The certification test contains 100 multiple-choice questions and has the allocated duration of 3 hours. The exam is available in the English language only. To complete the test successfully, you need to give at least 70% of the correct answers. If one fails this EC-Council exam at the first attempt, there is no waiting period for the second try. For the third and subsequent attempts, a waiting period of 14 days is established. After passing the test, you will receive your ECIH certificate within 7 business days.

 

Free ECIH Certification 212-89 Exam Question: https://evedumps.testkingpass.com/212-89-testking-dumps.html

Related Articles

more
EC-COUNCIL 212-89 Certification Practice Exam