Download EC-Council Certified Incident Handler.212-89.TestKing.2019-09-26.74q.vcex

Vendor: ECCouncil
Exam Code: 212-89
Exam Name: EC-Council Certified Incident Handler
Date: Sep 26, 2019
File Size: 51 KB

How to open VCEX files?

Files with VCEX extension can be opened by ProfExam Simulator.

Demo Questions

Question 1
Multiple component incidents consist of a combination of two or more attacks in a system. Which of the following is not a multiple component incident? 
  1. An insider intentionally deleting files from a workstation
  2. An attacker redirecting user to a malicious website and infects his system with Trojan
  3. An attacker infecting a machine to launch a DDoS attack
  4. An attacker using email with malicious code to infect internal workstation
Correct answer: A
Question 2
Computer Forensics is the branch of forensic science in which legal evidence is found in any computer or any digital media device. Of the following, who is responsible for examining the evidence acquired and separating the useful evidence?
  1. Evidence Supervisor
  2. Evidence Documenter
  3. Evidence Manager
  4. Evidence Examiner/ Investigator
Correct answer: D
Explanation:
Question 3
The network perimeter should be configured in such a way that it denies all incoming and outgoing traffic/ services that are not required. Which service listed below, if blocked, can help in preventing Denial of Service attack?
  1. SAM service
  2. POP3 service
  3. SMTP service
  4. Echo service
Correct answer: D
Question 4
A US Federal agency network was the target of a DoS attack that prevented and impaired the normal authorized functionality of the networks. According to agency’s reporting timeframe guidelines, this incident should be reported within two (2) HOURS of discovery/detection if the successful attack is still ongoing and the agency is unable to successfully mitigate the activity. Which incident category of the US Federal Agency does this incident belong to?
  1. CAT 5
  2. CAT 1
  3. CAT 2
  4. CAT 6
Correct answer: C
Question 5
When an employee is terminated from his or her job, what should be the next immediate step taken by an organization?
  1. All access rights of the employee to physical locations, networks, systems, applications and data should be disabled 
  2. The organization should enforce separation of duties
  3. The access requests granted to an employee should be documented and vetted by the supervisor
  4. The organization should monitor the activities of the system administrators and privileged users who have permissions to access the sensitive information
Correct answer: A
Question 6
A threat source does not present a risk if NO vulnerability that can be exercised for a particular threat source. Identify the step in which different threat sources are defined:
  
  1. Identification Vulnerabilities
  2. Control analysis
  3. Threat identification
  4. System characterization
Correct answer: C
Question 7
In the Control Analysis stage of the NIST’s risk assessment methodology, technical and none technical control methods are classified into two categories. What are these two control categories?
  1. Preventive and Detective controls 
  2. Detective and Disguised controls
  3. Predictive and Detective controls
  4. Preventive and predictive controls
Correct answer: A
Question 8
Which of the following incident recovery testing methods works by creating a mock disaster, like fire to identify the reaction of the procedures that are implemented to handle such situations?
  1. Scenario testing
  2. Facility testing
  3. Live walk-through testing
  4. Procedure testing
Correct answer: D
Question 9
An incident is analyzed for its nature, intensity and its effects on the network and systems. Which stage of the incident response and handling process involves auditing the system and network log files?
  1. Incident recording
  2. Reporting
  3. Containment
  4. Identification
Correct answer: D
Explanation:
Question 10
Which among the following CERTs is an Internet provider to higher education institutions and various other research institutions in the Netherlands and deals with all cases related to computer security incidents in which a customer is involved either as a victim or as a suspect?
  1. NET-CERT
  2. DFN-CERT
  3. Funet CERT
  4. SURFnet-CERT
Correct answer: D
Question 11
Multiple component incidents consist of a combination of two or more attacks in a system. Which of the following is not a multiple component incident? 
  1. An insider intentionally deleting files from a workstation
  2. An attacker redirecting user to a malicious website and infects his system with Trojan
  3. An attacker infecting a machine to launch a DDoS attack
  4. An attacker using email with malicious code to infect internal workstation
Correct answer: A
Question 12
Computer Forensics is the branch of forensic science in which legal evidence is found in any computer or any digital media device. Of the following, who is responsible for examining the evidence acquired and separating the useful evidence?
  1. Evidence Supervisor
  2. Evidence Documenter
  3. Evidence Manager
  4. Evidence Examiner/ Investigator
Correct answer: D
Explanation:
Question 13
The network perimeter should be configured in such a way that it denies all incoming and outgoing traffic/ services that are not required. Which service listed below, if blocked, can help in preventing Denial of Service attack?
  1. SAM service
  2. POP3 service
  3. SMTP service
  4. Echo service
Correct answer: D
Question 14
A US Federal agency network was the target of a DoS attack that prevented and impaired the normal authorized functionality of the networks. According to agency’s reporting timeframe guidelines, this incident should be reported within two (2) HOURS of discovery/detection if the successful attack is still ongoing and the agency is unable to successfully mitigate the activity. Which incident category of the US Federal Agency does this incident belong to?
  1. CAT 5
  2. CAT 1
  3. CAT 2
  4. CAT 6
Correct answer: C
Question 15
When an employee is terminated from his or her job, what should be the next immediate step taken by an organization?
  1. All access rights of the employee to physical locations, networks, systems, applications and data should be disabled 
  2. The organization should enforce separation of duties
  3. The access requests granted to an employee should be documented and vetted by the supervisor
  4. The organization should monitor the activities of the system administrators and privileged users who have permissions to access the sensitive information
Correct answer: A
Question 16
A threat source does not present a risk if NO vulnerability that can be exercised for a particular threat source. Identify the step in which different threat sources are defined:
  
  1. Identification Vulnerabilities
  2. Control analysis
  3. Threat identification
  4. System characterization
Correct answer: C
Question 17
In the Control Analysis stage of the NIST’s risk assessment methodology, technical and none technical control methods are classified into two categories. What are these two control categories?
  1. Preventive and Detective controls 
  2. Detective and Disguised controls
  3. Predictive and Detective controls
  4. Preventive and predictive controls
Correct answer: A
Question 18
Which of the following incident recovery testing methods works by creating a mock disaster, like fire to identify the reaction of the procedures that are implemented to handle such situations?
  1. Scenario testing
  2. Facility testing
  3. Live walk-through testing
  4. Procedure testing
Correct answer: D
Question 19
An incident is analyzed for its nature, intensity and its effects on the network and systems. Which stage of the incident response and handling process involves auditing the system and network log files?
  1. Incident recording
  2. Reporting
  3. Containment
  4. Identification
Correct answer: D
Explanation:
Question 20
Which among the following CERTs is an Internet provider to higher education institutions and various other research institutions in the Netherlands and deals with all cases related to computer security incidents in which a customer is involved either as a victim or as a suspect?
  1. NET-CERT
  2. DFN-CERT
  3. Funet CERT
  4. SURFnet-CERT
Correct answer: D
HOW TO OPEN VCE FILES

Use VCE Exam Simulator to open VCE files
Avanaset

HOW TO OPEN VCEX AND EXAM FILES

Use ProfExam Simulator to open VCEX and EXAM files
ProfExam Screen

ProfExam
ProfExam at a 20% markdown

You have the opportunity to purchase ProfExam at a 20% reduced price

Get Now!