212-89 EC Council Certified Incident Handler (ECIH v2) exam is a hot EC-Council certification exam, Exam4Training offers you the latest free online 212-89 dumps to practice. You can get online training in the following questions, all these questions are verified by EC-Council experts. If this exam changed, we will share new update questions.
Certification Provider: EC-Council Exam Name: EC Council Certified Incident Handler (ECIH v2) Exam Code: 212-89 Official Exam Time: 180 mins Number of questions in the Official Exam: 100 Q&As Latest update time in our database: May 30,2023 212-89 Official Exam Topics:
Topic1 : Incident Response and Handling
Topic2 : Incident Handling / Security Policies
Topic3 : Process Handling / Incident Handling and Response
Topic4 : Security Auditing / Eradication and Recovery
Topic5 : Forensic Readiness and First Response / Volatile Evidence
Topic6 : Anti-forensics / Deceptive and Suspicious Email
A computer virus hoax is a message warning the recipient of non-existent computer virus. The message is usually a chain e-mail that tells the recipient to forward it to every one they know.
Which of the following is NOT a symptom of virus hoax message? A . The message prompts the end user to forward it to his / her e-mail contact list and gain monetary benefits in doing so B . The message from a known email id is caught by SPAM filters due to change of filter settings C . The message warns to delete certain files if the user does not take appropriate action D . The message prompts the user to install Anti-Virus
Contingency planning enables organizations to develop and maintain effective methods to handle emergencies. Every organization will have its own specific requirements that the planning should address. There are five major components of the IT contingency plan, namely supporting information, notification activation, recovery and reconstitution and plan appendices.
What is the main purpose of the reconstitution plan? A . To restore the original site, tests systems to prevent the incident and terminates operations B . To define the notification procedures, damage assessments and offers the plan activation C . To provide the introduction and detailed concept of the contingency plan D . To provide a sequence of recovery activities with the help of recovery procedures
Which one of the following is the correct sequence of flow of the stages in an incident response: A . Containment – Identification – Preparation – Recovery – Follow-up – Eradication B . Preparation – Identification – Containment – Eradication – Recovery – Follow-up C . Eradication – Containment – Identification – Preparation – Recovery – Follow-up D . Identification – Preparation – Containment – Recovery – Follow-up – Eradication
Elizabeth, working for OBC organization as an incident responder, is assessing the risks facing the organizational security. During the assessment process, she calculates the probability of a threat source exploiting an existing system vulnerability.
Identify the risk assessment step Elizabeth is currently in. A . System characterization B . Impact analysis C . Likelihood analysis D . vulnerability identification
A US Federal agency network was the target of a DoS attack that prevented and impaired the normal authorized functionality of the networks. According to agency’s reporting timeframe guidelines, this incident should be reported within two (2) HOURS of discovery/detection if the successful attack is still ongoing and the agency is unable to successfully mitigate the activity.
Which incident category of the US Federal Agency does this incident belong to? A . CAT 5 B . CAT 1 C . CAT 2 D . CAT 6
The goal of incident response is to handle the incident in a way that minimizes damage and reduces recovery time and cost.
Which of the following does NOT constitute a goal of incident response? A . Dealing with human resources department and various employee conflict behaviors. B . Using information gathered during incident handling to prepare for handling future incidents in a better way and to provide stronger protection for systems and data. C . Helping personal to recover quickly and efficiently from security incidents, minimizing loss or theft and disruption of services. D . Dealing properly with legal issues that may arise during incidents.
Rose is an incident-handler and is responsible for detecting and eliminating any kind of scanning attempts over the network by malicious threat actors. Rose uses Wire shark to sniff the network and detect any malicious activities going on.
Which of the following Wire shark filters can be used by her to detect TCP Xmas scan attempt by the attacker? A . tcp.flags==0X 000 B . tcp.flags==0X 029 C . tcp.dstport== 7 D . tcp.flags.reset== 1
Which among the following CERTs is an Internet provider to higher education institutions and various other research institutions in the Netherlands and deals with all cases related to computer security incidents in which a customer is involved either as a victim or as a suspect? A . NET-CERT B . DFN-CERT C . Funet CERT D . SURFnet-CERT
When an employee is terminated from his or her job, what should be the next immediate step taken by an organization? A . All access rights of the employee to physical locations, networks, systems, applications and data should be disabled B . The organization should enforce separation of duties C . The access requests granted to an employee should be documented and vetted by the supervisor D . The organization should monitor the activities of the system administrators and privileged users who have permissions to access the sensitive information
Risk management consists of three processes, risk assessment, mitigation and evaluation. Risk assessment determines the extent of the potential threat and the risk associated with an IT system through its SDLC.
How many primary steps does NIST’s risk assessment methodology involve? A . Twelve B . Four C . Six D . Nine