Eccouncil 212-89 Exam Practice Test Instant Access

Question 1

Which of the following is not a best practice to eliminate the possibility of insider attacks?

ADisable the users from installing unauthorized software or accessing malicious websites using the corporate network

BMonitor employee behaviors and the computer systems used by employees

CImplement secure backup and disaster recovery processes for business continuity

DAlways leave business details over voicemail or email broadcast message

Answer : D

Question 2

Stenley is an incident handler working for Texa Corp. located in the United States. With the growing concern of increasing emails from outside the organization, Stenley was

asked to take appropriate actions to keep the security of the organization intact. In the process of detecting and containing malicious emails, Stenley was asked to check the

validity of the emails received by employees.

Identify the tools he can use to accomplish the given task.

APointofMail

BEmail Dossier

CPoliteMail

DEventLog Analyzer

Answer : B

Question 3

Clark is investigating a cybercrime at TechSoft Solutions. While investigating the case,

he needs to collect volatile information such as running services, their process IDs,

startmode, state, and status.

Which of the following commands will help Clark to collect such information from

running services?

AOpenfiles

Bnetstat --ab

Cwmic

Dnet file

Answer : B

Question 4

Identify the network security incident where intended or authorized users are prevented from using system, network, or applications by flooding the network with a

high volume of traffic that consumes all existing network resources.

AXSS attack

BDenial-of-service

CURL manipulation

DSQL injection

Answer : B

Question 5

Joseph is an incident handling and response (IH&R) team lead in Toro Network Solutions Company. As a part of IH&R process, Joseph alerted the service providers,

developers, and manufacturers about the affected resources.

Identify the stage of IH&R process Joseph is currently in.

AEradication

BContainment

CIncident triage

DRecovery

Answer : B

Question 6

In which of the following confidentiality attacks attackers try to lure users by posing themselves as authorized AP by beaconing the WLAN's SSID?

AEvil twin AP

BSession hijacking

CHoneypot AP

DMasqueradin

Answer : A

Question 7

Shally, an incident handler, is working for a company named Texas Pvt. Ltd. based in

Florid

a. She was asked to work on an incident response plan. As part of the plan, she

decided to enhance and improve the security infrastructure of the enterprise. She has

incorporated a security strategy that allows security professionals to use several

protection layers throughout their information system. Due to multiple layer protection,

this security strategy assists in preventing direct attacks against the organization's

information system as a break in one layer only leads the attacker to the next layer.

Identify the security strategy Shally has incorporated in the incident response plan.

ADefense-in-depth

BThree-way handshake

CCovert channels

DExponential backoff algorithm

Answer : A

Eccouncil 212-89 EC-Council Certified Incident Handler v3 Exam Practice Test