212-89 V1

212-89 EC Council Certified Incident Handler (ECIH v2) exam is a hot EC-Council certification exam, Exam4Training offers you the latest free online 212-89 dumps to practice. You can get online training in the following questions, all these questions are verified by EC-Council experts. If this exam changed, we will share new update questions.

Home » EC-Council » 212-89 V1

Which of the following types of insider threats involves an insider who is uneducated on potential security threats or simply bypasses general security procedures to meet workplace efficiency?

Leave a comment

Which of the following types of insider threats involves an insider who is uneducated on potential security threats or simply bypasses general security procedures to meet workplace efficiency?
A . Professional insider
B . Malicious insider
C . Compromised insider
D . Negligent insider

Answer: D

In which of the following stages of the incident handling and response (IH&R) process does Alice need to do a complete backup of the infected system?

Leave a comment

Alice is an incident handler and she has been informed by her lead that the data on affected systems must be backed up so that it can be retrieved if it is damaged during the incident response process. She was also told that the system backup can also be used for further investigation of the incident.

In which of the following stages of the incident handling and response (IH&R) process does Alice need to do a complete backup of the infected system?
A . Containment
B . Incident recording
C . Incident triage
D . Eradication

Answer: B

Michael is an incident handler at CyberTech Solutions. He is performing detection and analysis of a cloud security incident. He is also analyzing the file systems, slack spaces, and metadata within the storage units to find hidden malware and evidence of malice.

Leave a comment

Michael is an incident handler at CyberTech Solutions. He is performing detection and analysis of a cloud security incident. He is also analyzing the file systems, slack spaces, and metadata within the storage units to find hidden malware and evidence of malice.

Identify the cloud security incident handled by Michael:
A . Server-related incident
B . Storage-related incident
C . Application-related incident
D . Network-related incident

Answer: B

Which of the following guidelines would help incident handlers eradicate insider at tacks by privileged users?

Leave a comment

Eric works as a system administrator at ABC organization and previously granted several users with access privileges to the organizations systems with unlimited permissions. These privileged users could prospectively misuse their rights unintentionally, maliciously, or could be deceived by attackers that could trick them to perform malicious activities.

Which of the following guidelines would help incident handlers eradicate insider at tacks by privileged users?
A . Do not allow administrators to use unique accounts during the installation process
B . Do not use encryption methods to prevent administrators and privileged users from accessing backup tapes and sensitive information
C . Do not control the access to administrators and privileged users
D . Do not enable default administrative accounts to ensure accountability

Answer: D

According to the scenario, which of the following stages of incident handling and response (IH&R) process did Robert perform?

Leave a comment

Robert is an incident handler working for X security Inc. One day, his organization faced a massive cyberattack and all of the websites related to the organization went offline. Robert was on duty during the incident and he was responsible for handling the incident and maintaining business continuity. He immediately restored the web application service with the help of the existing backups.

According to the scenario, which of the following stages of incident handling and response (IH&R) process did Robert perform?
A . Evidence gathering and forensics analysis
B . Eradication
C . Not if cation
D . Recovery

Answer: D

lkeo Corp. has hired an incident response team to assess the enterprise security. As a part of the incident handing and response process, the IR team is reviewing the current security policies implemented by the enterprise. The IR team finds out that employees of the organization do not have any restrictions on Internet access, which means that they are allowed to visit any site, download any application, and access a computer or a network from a remote location. Considering this as a main security threat, the IR team plans to change this policy as it can be easily exploited by the attackers. Identify the security policy that the IR team is planning to modify.

Leave a comment

lkeo Corp. has hired an incident response team to assess the enterprise security. As a part of the incident handing and response process, the IR team is reviewing the current security policies implemented by the enterprise. The IR team finds out that employees of the organization do not have any restrictions on Internet access, which means that they are allowed to visit any site, download any application, and access a computer or a network from a remote location. Considering this as a main security threat, the IR team plans to change this policy as it can be easily exploited by the attackers. Identify the security policy that the IR team is planning to modify.
A . Promiscuous pol cy
B . Prudent policy
C . Permissive policy
D . Paranoid policy

Answer: A

Which of the following tools should Drake employ in order to view logs in real time and identify malware propagation within the network?

Leave a comment

Drake is an incident handler at Dark Cloud Inc. Heist asked with performing log analysis in order to detect traces of malicious activities within the network infrastructure.

Which of the following tools should Drake employ in order to view logs in real time and identify malware propagation within the network?
A . Hydra
B . Splunk
C . HULK
D . LOIC

Answer: B