
ECIH Certification 212-89 Real Exam Questions and Answers FREE Updated on Mar 19, 2024
212-89 Ultimate Study Guide - TestKingIT
To be eligible to take the ECIH v2 exam, candidates must have a minimum of two years of experience in information security or a related field. They must also complete an official training course from EC-Council or an EC-Council-accredited training center. 212-89 course covers all the topics that are included in the exam and provides candidates with the knowledge and skills needed to pass the exam.
NEW QUESTION # 15
Drake is an incident handler at Dark Cloud Inc. He is tasked with performing log analysis to detect traces of malicious activities within the network infrastructure.
Which of the following tools should Drake employ to view logs in real time and identify malware propagation within the network?
- A. HULK
- B. LOIC
- C. Hydra
- D. Splunk
Answer: D
NEW QUESTION # 16
Which of the following is an incident tracking, reporting and handling tool:
- A. RTIR
- B. CRAMM
- C. EAR/ Pilar
- D. NETSTAT
Answer: A
NEW QUESTION # 17
A US Federal Agency network was the target of a DoS attack that prevented and impaired the normal authorized functionality of the networks. According to the agency's reporting timeframe guidelines, this incident should be reported within 2h of discovery/detection if the successful attack is still ongoing and the agency is unable to successfully mitigate the activity.
Which incident category of US Federal Agency does this incident belong to?
- A. CAT 6
- B. CAT 2
- C. CAT 5
- D. CAT 1
Answer: B
NEW QUESTION # 18
Which is the incorrect statement about Anti-keyloggers scanners:
- A. Software tools
- B. Detect already installed Keyloggers in victim machines
- C. Run in stealthy mode to record victims online activity
Answer: C
NEW QUESTION # 19
Performing Vulnerability Assessment is an example of a:
- A. Post Incident Management
- B. Pre-Incident Preparation
- C. Incident Response
- D. Incident Handling
Answer: B
NEW QUESTION # 20
An incident recovery plan is a statement of actions that should be taken before, during or after an incident.
Identify which of the following is NOT an objective of the incident recovery plan?
- A. Creating new business processes to maintain profitability after incident
- B. Providing a standard for testing the recovery plan
- C. Providing assurance that systems are reliable
- D. Avoiding the legal liabilities arising due to incident
Answer: A
Explanation:
Explanation/Reference:
NEW QUESTION # 21
Digital evidence must:
- A. Cast doubt on the authenticity and veracity of the evidence
- B. Be Volatile
- C. Not prove the attackers actions
- D. Be Authentic, complete and reliable
Answer: D
NEW QUESTION # 22
They type of attack that prevents the authorized users to access networks, systems, or applications by
exhausting the network resources and sending illegal requests to an application is known as:
- A. Denial of Service attack
- B. SQL injection attack
- C. Session Hijacking attack
- D. Man in the Middle attack
Answer: A
NEW QUESTION # 23
The free utility which quickly scans Systems running Windows OS to find settings that may have been changed by spyware, malware, or other unwanted programs is called:
- A. HijackThis
- B. F-Secure Anti-virus
- C. Tripwire
- D. Stinger
Answer: A
NEW QUESTION # 24
Identify a standard national process which establishes a set of activities, general tasks and a management
structure to certify and accredit systems that will maintain the information assurance (IA) and security posture
of a system or site.
- A. NIASAP
- B. NIAAAP
- C. NIPACP
- D. NIACAP
Answer: D
NEW QUESTION # 25
To recover, analyze, and preserve computer and related materials in such a way that it can be presented as evidence in a court of law and identify the evidence in short time, estimate the potential impact of the malicious activity on the victim, and assess the intent and identity of the perpetrator is known as:
- A. Forensic Readiness
- B. Digital Forensic Analysis
- C. Digital Forensic Examiner
- D. Computer Forensics
Answer: B
NEW QUESTION # 26
Which of the following is NOT a network forensic tool?
- A. Caps a Network Analyzer
- B. Tcpdump
- C. Advanced NTFS Journaling Parser
- D. Wire shark
Answer: C
NEW QUESTION # 27
A living high level document that states in writing a requirement and directions on how an agency plans to protect its information technology assets is called:
- A. Information security Policy
- B. Information security Standard
- C. Information security Procedure
- D. Information security Baseline
Answer: A
NEW QUESTION # 28
The typical correct sequence of activities used by CSIRT when handling a case is:
- A. Log, maintain contacts, release information, inform, follow up and reporting
- B. Log, maintain contacts, inform, release information, follow up and reporting
- C. Log, inform, maintain contacts, release information, follow up and reporting
- D. Log, inform, release information, maintain contacts, follow up and reporting
Answer: C
NEW QUESTION # 29
Contingency planning enables organizations to develop and maintain effective methods to handle
emergencies. Every organization will have its own specific requirements that the planning should address.
There are five major components of the IT contingency plan, namely supporting information, notification
activation, recovery and reconstitution and plan appendices. What is the main purpose of the reconstitution
plan?
- A. To restore the original site, tests systems to prevent the incident and terminates operations
- B. To define the notification procedures, damage assessments and offers the plan activation
- C. To provide the introduction and detailed concept of the contingency plan
- D. To provide a sequence of recovery activities with the help of recovery procedures
Answer: A
NEW QUESTION # 30
Which of the following is a risk assessment tool:
- A. CRAMM
- B. Nmap
- C. Nessus
- D. Wireshark
Answer: A
NEW QUESTION # 31
A computer forensic investigator must perform a proper investigation to protect digital evidence. During the
investigation, an investigator needs to process large amounts of data using a combination of automated and
manual methods. Identify the computer forensic process involved:
- A. Preparation
- B. Examination
- C. Analysis
- D. Collection
Answer: B
NEW QUESTION # 32
Chandler is a professional hacker who is targeting an organization called Technote. He wants to obtain important organizational information that is being transmitted between different hierarchies. In the process, he sniffs the data packets transmitted through the network and then analyzes them to gather packet details such as network, ports, protocols, devices, issues in network transmission, and other network specifications.
Which of the following tools can Chandler employ to perform packet analysis?
- A. Omni peek
- B. shARP
- C. BeEf
- D. IDA Pro
Answer: B
NEW QUESTION # 33
Jacobi san employee at a firm called Dolphin Investment. While he was on duty, he identified that his computer was facing some problems, and he wanted to convey the issue to the c once med authority in his organization. However, this organization currently does not have a ticketing system to address such types of issues.
In the above scenario, which of the following ticketing systems can be employed by Dolphin Investment to allow Jacob to inform the c once med team about the incident?
- A. IBM X Force Exchange
- B. Threat Connect
- C. ManageEngine ServiceDesk Plus
- D. MISP
Answer: C
NEW QUESTION # 34
Frederick is in the eradication process in one of the incidents he is handing.
Which of the following is NOT an eradication process?
- A. CCs must train a few of their employees to use the cloud securely.
- B. Monitor the client's traffic for any malicious activities.
- C. Conduct vulnerability scanning and configuration audits.
- D. Analyze the security model of the cloud provider interface.
Answer: A
NEW QUESTION # 35
......
Ultimate Guide to Prepare 212-89 Certification Exam for ECIH Certification: https://www.testkingit.com/EC-COUNCIL/latest-212-89-exam-dumps.html
Use Real 212-89 Dumps - EC-COUNCIL Correct Answers: https://drive.google.com/open?id=1TVLbikLWdcTLQGw6MPeGIHsaI_MAePeD