EC-COUNCIL 212-89 Certification Exam Dumps with 174 Practice Test Questions [Q54-Q76]

EC-COUNCIL 212-89 Certification Exam Dumps with 174 Practice Test Questions

New 212-89 Exam Dumps with High Passing Rate

The ECIH v2 exam covers various topics related to incident handling and response, including incident management process, types of incidents, incident analysis, and incident response techniques. 212-89 exam also covers various tools and techniques used in incident handling, such as network monitoring, log analysis, and forensic analysis. It also includes hands-on labs and simulations to provide practical experience in handling various types of incidents.

Career Path

If you want to pursue your career beyond the EC-Council ECIH certification, there are many paths that you can choose from. First of all, you can become a Licensed Security Consultant. In this case, you can opt for the EC-Council Licensed Penetration Tester (LPT) certificate. Alternatively, you can go for the trainer path. Then you should apply for the Certified EC-Council Instructor (CEI) program.

If your goal is to become a multidisciplinary expert, earning the Computer Hacking Forensics Investigator (CHFI) or Certified Application Security Engineer (CASE) certifications will be an ideal choice for you. Finally, you can consider attaining a master’s cybersecurity degree. For this purpose, go for the EC-Council University Master of Security Sciences (MSS) program. By obtaining the ECIH certificate, you have already automatically earned 3 credits for this degree.

 

NEW QUESTION # 54
___________________ record(s) user's typing.

• A. Virus
• B. Malware
• C. Spyware
• D. adware

Answer: C

NEW QUESTION # 55
Mr. Smith is a lead incident responder of a small financial enterprise having few branches in Australia. Recently, the company suffered a massive attack losing USD 5 million through an inter-banking system. After in-depth investigation on the case, it was found out that the incident occurred because 6 months ago the attackers penetrated the network through a minor vulnerability and maintained the access without any user being aware of it. Then, he tried to delete users' fingerprints and performed a lateral movement to the computer of a person with privileges in the inter-banking system.
Finally, the attacker gained access and did fraudulent transactions.
Based on the above scenario, identify the most accurate kind of attack.

• A. Denial-of-service attack
• B. APT attack
• C. Ransomware attack
• D. Phishing

Answer: B

Explanation:
The scenario described fits the characteristics of an Advanced Persistent Threat (APT) attack. APTs are sophisticated, stealthy, and continuous computer hacking processes often orchestrated by groups targeting a specific entity. These attackers penetrate the network through vulnerabilities, maintain access without detection, and achieve their objectives, such as data exfiltration or financial theft, over an extended period.
The fact that attackers exploited a minor vulnerability, maintained access for six months, and performed lateral movements to access critical systems for fraudulent transactions highlights the strategic planning and persistence typical of APT attacks.
References:Incident Handler (ECIH v3) certification materials discuss APTs in detail, including their methodologies, objectives, and the importance of comprehensive security strategies to detect and mitigate such threats.

NEW QUESTION # 56
Which of the following terms may be defined as "a measure of possible inability to achieve a goal, objective, or target within a defined security, cost plan and technical limitations that adversely affects the organization's operation and revenues?

• A. Risk
• B. Incident Response
• C. Vulnerability
• D. Threat

Answer: A

NEW QUESTION # 57
Which of the following risk management processes identifies the risks, estimates the impact, and determines sources to recommend proper mitigation measures?

• A. Risk mitigation
• B. Risk assessment
• C. Risk avoidance
• D. Risk assumption

Answer: B

NEW QUESTION # 58
Tibson works as an incident responder for MNC based in Singapore. He is investigating a web application security incident recently faced by the company. The attack is performed on a MS SQL Server hosted by the company. In the detection and analysis phase, he used regular expressions to analyze and detect SQL meta-characters that led to SQL injection attack.
Identify the regular expression used by Tibson to detect SQL injection attack on MS SQL Server.

• A. ((\.\.\\)|(\.\.\/))
• B. /exec(\s|\+)+(s|x)p\w+/ix
• C. ((\%3C)|<)((\%2F)|\/)*(script)((\%3E)|>)
• D. ((\.|%2E)(\.|%2E)(\/|%2F|\\|%5C))

Answer: B

NEW QUESTION # 59
To effectively describe security incidents, it is necessary to adopt a common set of terminology and to categorize the incidents.
According to ECIH text, in which category would you place an incident that involves illegal file download by a suspected or unknown user?

• A. Ultra High Level
• B. Middle level
• C. Low Level
• D. High level

Answer: D

NEW QUESTION # 60
In the Control Analysis stage of the NIST's risk assessment methodology, technical and none technical control
methods are classified into two categories. What are these two control categories?

• A. Detective and Disguised controls
• B. Preventive and predictive controls
• C. Predictive and Detective controls
• D. Preventive and Detective controls

Answer: D

NEW QUESTION # 61
A US Federal agency network was the target of a DoS attack that prevented and impaired the normal authorized functionality of the networks. According to agency's reporting timeframe guidelines, this incident should be reported within two (2) HOURS of discovery/detection if the successful attack is still ongoing and the agency is unable to successfully mitigate the activity. Which incident category of the US Federal Agency does this incident belong to?

• A. CAT 1
• B. CAT 5
• C. CAT 2
• D. CAT 6

Answer: C

NEW QUESTION # 62
An organization named Sam Morison Inc. decided to use cloud-based services to reduce the cost of maintenance. The organization identified various risks and threats associated with cloud service adoption and migrating business-critical data to thirdparty systems. Hence, the organization decided to deploy cloud-based security tools to prevent upcoming threats.
Which of the following tools help the organization to secure the cloud resources and services?

• A. Burp Suite
• B. Nmap
• C. Alert Logic
• D. Wireshark

Answer: C

Explanation:
Alert Logic is a cloud-based security tool that provides Security-as-a-Service solutions including threat management, vulnerability assessment, and improved security outcomes. It is designed specifically to secure cloud resources and services, making it an ideal choice for organizations like Sam Morison Inc. that are moving their operations to the cloud and are concerned about the security of their data. Tools like Nmap, Burp Suite, and Wireshark, while valuable in certain contexts, do not offer the same cloud-focused security capabilitiesas Alert Logic.

NEW QUESTION # 63
Shally, an incident handler, is working for a company named Texas Pvt. Ltd. based in Florida. She was asked to work on an incident response plan. As part of the plan, she decided to enhance and improve the security infrastructure of the enterprise. She has incorporated a security strategy that allows security professionals to use several protection layers throughout their information system. Due to multiple layer protection, this security strategy assists in preventing direct attacks against the organization's information system as a break in one layer only leads the attacker to the next layer.
Identify the security strategy Shally has incorporated in the incident response plan.

• A. Covert channels
• B. Exponential backoff algorithm
• C. Three-way handshake
• D. Defense-in-depth

Answer: D

Explanation:
Shally has incorporated the Defense-in-depth strategy into the incident response plan for Texas Pvt. Ltd.
Defense-in-depth is a layered security approach that involves implementing multiple security measures and controls throughout an information system. This strategy is designed to provide several defensive barriers to protect against threats and attacks, ensuring that if one layer is compromised, others still provide protection.
The goal is to create a multi-faceted defense that addresses potential vulnerabilities in various areas, including physical security, network security, application security, and user education.References:The Incident Handler (ECIH v3) courses and study guides often emphasize the importance of a Defense-in-depth strategy in creating robust security infrastructures to protect against a wide range of cyber threats.

NEW QUESTION # 64
Alexis an incident handler in QWERTY Company. He identified that an attacker created a backdoor inside the company's network by installing a fake AP inside a firewall.
Which of the following attack types did the attacker use?

• A. AP misconfiguration
• B. Rogue access point
• C. Wardriving
• D. Ad hoc associations

Answer: B

NEW QUESTION # 65
Identify the network security incident where intended or authorized users are prevented from using system, network, or applications by flooding the network with a high volume of traffic that consumes all existing network resources.

• A. Denial-of-service
• B. XSS attack
• C. SQL injection
• D. URL manipulation

Answer: A

Explanation:
A Denial-of-Service (DoS) attack is characterized by flooding the network with a high volume of traffic to consume all available network resources, preventing intended or authorized users from accessing system, network, or applications. This type of attack aims to overwhelm the target's capacity to handle incoming requests, causing a denial of access to legitimate users. Unlike XSS (Cross-Site Scripting) attacks, URL manipulation, or SQL injection, which exploit vulnerabilities in web applications for unauthorized data access or manipulation, a DoS attack specifically targets the availability of services.References:Incident Handler (ECIH v3) courses and study guides cover various types of network security incidents, including Denial-of-Service attacks, detailing their impact on network resources and services.

NEW QUESTION # 66
Identify the network security incident where intended or authorized users are prevented from using system, network, or applications by flooding the network with a high volume of traffic that consumes all existing network resources.

• A. Denial-of-service
• B. XSS attack
• C. SQL injection
• D. URL manipulation

Answer: A

Explanation:
A Denial-of-Service (DoS) attack is characterized by flooding the network with a high volume of traffic to consume all available network resources, preventing intended or authorized users from accessing system, network, or applications. This type of attack aims to overwhelm the target's capacity to handle incoming requests, causing a denial of access to legitimate users. Unlike XSS (Cross-Site Scripting) attacks, URL manipulation, or SQL injection, which exploit vulnerabilities in web applications for unauthorized data access or manipulation, a DoS attack specifically targets the availability of services.
References:Incident Handler (ECIH v3) courses and study guides cover various types of network security incidents, including Denial-of-Service attacks, detailing their impact on network resources and services.

NEW QUESTION # 67
Which of the following is a common tool used to help detect malicious internal or compromised actors?

• A. User behavior analytics
• B. Log forward ng
• C. Syslog configuration
• D. SOC2 compliance report

Answer: A

NEW QUESTION # 68
Stenley is an incident handler working for Texa Corp. located in the United States. With the growing concern of increasing emails from outside the organization, Stenley was asked to take appropriate actions to keep the security of the organization intact. In the process of detecting and containing malicious emails, Stenley was asked to check the validity of the emails received by employees.
Identify the tools he can use to accomplish the given task.

• A. Email Dossier
• B. PointofMail
• C. EventLog Analyzer
• D. PoliteMail

Answer: A

Explanation:
Email Dossier is a tool designed to perform detailed investigations on email messages to verify their authenticity and trace their origin. It can analyze email headers and provide information about the route an email has taken, the servers it passed through, and potentially malicious links or origins. For an incident handler like Stenley, tasked with verifying the validity of emails and containing malicious email threats, Email Dossier serves as a practical tool for analyzing and validating emails received by employees. By using this tool, Stenley can identify fraudulent or suspicious emails, thereby helping to protect the organization from phishing attacks, malware distribution, and other email-based threats.
References:In the context of managing and mitigating the risks associated with email communications, ECIH v3 study materials outline various tools and techniques for email analysis and validation. These resources recommend the use of tools like Email Dossier for incident handlers to effectively scrutinize incoming emails for security threats.

NEW QUESTION # 69
Dan is a newly appointed information security professional in a renowned organization. He is supposed to follow multiple security strategies to eradicate malware incidents.
Which of the following is not considered as a good practice for maintaining information security and eradicating malware incidents?

• A. Do not click on web browser pop-up windows
• B. Do not download or execute applications from third-party sources
• C. Do not open files with file extensions such as.bat, .com, .exe, .p if, .vbs, and soon
• D. Do not download or execute applications from trusted sources

Answer: D

NEW QUESTION # 70
Which of the following is not the responsibility of first responders?

• A. Identifying the crime scene
• B. Packaging and transporting the electronic evidence
• C. Preserving temporary and fragile evidence and then shut down or reboot the victim's computer
• D. Protecting the crime scene

Answer: D

NEW QUESTION # 71
An insider threat response plan help san organization minimize the damage caused by malicious insiders.
One of the approaches to mitigate these threats is setting up controls from the human resources department.
Which of the following guidelines can the human resources department use?

• A. Access granted to users should be documented and vetted by a supervisor.
• B. Monitor and secure the organization's physical environment.
• C. Implement a person-to-person rule to secure the backup process and physical media.
• D. Disable the default administrative account to ensure accountability.

Answer: A

NEW QUESTION # 72
Matt is an incident handler working for one of the largest social network companies, which was affected by malware. According to the company's reporting timeframe guidelines, a malware incident should be reported within 1 h of discovery/detection after its spread across the company. Which category does this incident belong to?

• A. CAT 3
• B. CAT 2
• C. CAT 4
• D. CAT 1

Answer: D

Explanation:
In incident response protocols, incidents are categorized based on their severity, impact, and the urgency of the response required. The categorization helps in prioritizing incident response activities and allocating resources accordingly. A CAT 1 (Category 1) incident is typically considered the highest priority, involving significant threats that require immediate response. Given the scenario where a malware incident in one of the largest social network companies must be reported within 1 hour of discovery/detection, this indicates a high- priority incident due to the potential widespread impact and the need for a rapid response to contain and mitigate the malware's spread. The urgency of the reporting timeframe suggests that the incident is considered critical, aligning with the characteristics of a CAT 1 incident, which necessitates immediate action to prevent significant damage or disruption to the company's operations and services.
References:The Incident Handler (ECIH v3) curriculum emphasizes the importance of incident categorization and the establishment of clear reporting and response protocols based on the severity and urgency of incidents. This framework enables organizations to respond effectively to incidents like malware attacks by ensuring that high-priority threats are quickly identified and addressed.

NEW QUESTION # 73
QualTech Solutions is a leading security services enterprise. Dickson, who works as an incident responder with this firm, is performing a vulnerability assessment to identify the security problems in the network by using automated tools for identifying the hosts, services, and vulnerabilities in the enterprise network. In the above scenario, which of the following types of vulnerability assessment is Dickson performing?

• A. External assessment
• B. Passive assessment
• C. Internal assessment
• D. Active assessment

Answer: D

Explanation:
In the scenario described, Dickson is performing an active assessment. This type of vulnerability assessment involves using automated tools to actively scan and probe the network for identifying hosts, services, and vulnerabilities. Unlike passive assessments, which rely on monitoring network traffic without direct interaction with the targets, active assessments engage directly with the network infrastructure to discover vulnerabilities, misconfigurations, and other security issues by sending data to systems and analyzing the responses. This approach provides a more immediate and detailed view of the security posture but can also generate detectable traffic that might be noticed by defensive systems or affect the performance of live systems.
References:The ECIH v3 curriculum by EC-Council includes discussions on various methods of conducting vulnerability assessments, highlighting the differences between active and passive techniques, as well as the contexts in which each is most appropriately used.

NEW QUESTION # 74
If the browser does not expire the session when the user fails to logout properly, which of the following OWASP Top 10 web vulnerabilities is caused?

• A. A7: Cross-site scripting
• B. A5: Broken access control
• C. A3: Sensitive data exposure
• D. A2: Broken authentication

Answer: D

NEW QUESTION # 75
Mr.Smith is a lead incident responder of a small financial enterprise, which has a few branches in Australia. Recently, the company suffered a massive attack, losing$5M through an inter-banking system After an in-depth investigation, it was found that the incident occurred because the attackers penetrated the network through a minor vulnerability 6 months ago and maintained access without being detected by any user. They then tried to delete user fingerprints and performed a lateral movement to the computer of a person with privileges in the inter-banking system. The attackers finally gained access and performed fraudulent transactions.
In the above scenario, which of the following most accurately describes the type of attack?

• A. Denial-of-service attack
• B. APT attack
• C. Ransom ware attack
• D. Phishing

Answer: B

NEW QUESTION # 76
......

Get 212-89 Braindumps & 212-89 Real Exam Questions: https://pass4sure.actualtorrent.com/212-89-exam-guide-torrent.html