
Instant Download EC-COUNCIL: 212-89 Free Updated Test Dumps
Valid 212-89 FREE EXAM DUMPS QUESTIONS & ANSWERS
NEW QUESTION 43
In which of the following phases of the incident handling and response (IH&R) process is the identified security incidents analyzed, validated, categorized, and prioritized?
- A. Containment
- B. Incident recording and assignment
- C. Incident triage
- D. Notification
Answer: C
NEW QUESTION 44
Shiela is working at night as an incident handler. During a shit, servers were affected by a massive cyber-attack. After she classified and prioritized the incident, she must report the incident, obtain necessary permissions, and perform other incident response functions.
What list should she check to notify other responsible personnel?
- A. HR logbook
- B. Point of contact
- C. Email list
- D. Phone number list
Answer: B
NEW QUESTION 45
The goal of incident response is to handle the incident in a way that minimizes damage and reduces recovery time and cost. Which of the following does NOT constitute a goal of incident response?
- A. Helping personal to recover quickly and efficiently from security incidents, minimizing loss or theft and disruption of services.
- B. Dealing properly with legal issues that may arise during incidents.
- C. Dealing with human resources department and various employee conflict behaviors.
- D. Using information gathered during incident handling to prepare for handling future incidents in a better way and to provide stronger protection for systems and data.
Answer: C
NEW QUESTION 46
The main feature offered by PGP Desktop Email is:
- A. None of the above
- B. End-to-end email communications
- C. Email service during incidents
- D. End-to-end secure email service
Answer: D
NEW QUESTION 47
The role that applies appropriate technology and tries to eradicate and recover from the incident is known as:
- A. Incident Analyst
- B. Incident Handler
- C. Incident coordinator
- D. Incident Manager
Answer: A
NEW QUESTION 48
Who is mainly responsible for providing proper network services and handling network-related incidents in each cloud service model?
- A. Cloud consumer
- B. Cloud brokers
- C. Cloud service provider
- D. Cloud auditor
Answer: C
NEW QUESTION 49
The correct sequence of incident management process is:
- A. Prepare, protect, detect, triage and respond
- B. Prepare, protect, triage, detect and respond
- C. Prepare, detect, protect, triage and respond
- D. Prepare, protect, detect, respond and triage
Answer: A
NEW QUESTION 50
US-CERT and Federal civilian agencies use the reporting timeframe criteria in the federal agency reporting
categorization. What is the timeframe required to report an incident under the CAT 4 Federal Agency category?
- A. Monthly
- B. Within two (2) hours of discovery/detection
- C. Weekly
- D. Within four (4) hours of discovery/detection if the successful attack is still ongoing and agency is unable to
successfully mitigate activity
Answer: C
NEW QUESTION 51
Lack of forensic readiness may result in:
- A. All the above
- B. System downtime
- C. Loss of clients thereby damaging the organization's reputation
- D. Data manipulation, deletion, and theft
Answer: A
NEW QUESTION 52
You area systems administrator for a company. You are accessing your fileserver remotely for maintenance.
Suddenly, you are unable to access the server. After contacting others in your department, you find out that they cannot access the file server either.
You can ping the file server but not connect to it via RD. You check the Active Directory Server, and all is well.
You check the email server and find that emails are sent and received normally.
What is the most likely issue?
- A. An admin account issue
- B. A denial-of-service issue
- C. An email service issue
- D. The fileserver has shutdown
Answer: B
NEW QUESTION 53
In the Control Analysis stage of the NIST's risk assessment methodology, technical and none technical control
methods are classified into two categories. What are these two control categories?
- A. Detective and Disguised controls
- B. Predictive and Detective controls
- C. Preventive and Detective controls
- D. Preventive and predictive controls
Answer: C
NEW QUESTION 54
Which of the following types of fuzz testing strategies does new data get generated from scratch, and the amount of data generated is predefined based on the testing model?
- A. Protocol-based fuzz testing
- B. Log-based fuzz testing
- C. Generation-based fuzz testing
- D. Mutation-based fuzz testing
Answer: C
NEW QUESTION 55
Which of the following incident recovery testing methods works by creating a mock disaster, like fire to identify
the reaction of the procedures that are implemented to handle such situations?
- A. Procedure testing
- B. Facility testing
- C. Scenario testing
- D. Live walk-through testing
Answer: A
NEW QUESTION 56
Which of the following email security tools can be used by an incident handler to prevent the organization against evolving email threats?
- A. G Suite Toolbox
- B. Email Header Analyzer
- C. Mx Toolbox
- D. Gpg4win
Answer: D
NEW QUESTION 57
According to the Evidence Preservation policy, a forensic investigator should make at least ..................... image
copies of the digital evidence.
- A. Four image copies
- B. One image copy
- C. Two image copies
- D. Three image copies
Answer: C
Explanation:
Explanation/Reference:
NEW QUESTION 58
Which of the following is NOT part of the static data collection process?
- A. Password protection
- B. System preservation
- C. Evidence examination
- D. Evidence acquisition
Answer: A
NEW QUESTION 59
Francis is an incident handler and security expert. He works at Morison Tech Solutions based in Sydney, Australia. He was assigned a task to detect phishing/spam mails for the client organization.
Which of the following tools can assist Francis to perform the required task?
- A. BT Crack
- B. Netcraft
- C. Cain and Abel
- D. Nessus
Answer: B
NEW QUESTION 60
Multiple component incidents consist of a combination of two or more attacks in a system.
Which of the following is not a multiple component incident?
- A. An attacker infecting a machine to launch a DDoS attack
- B. An attacker using email with malicious code to infect internal workstation
- C. An insider intentionally deleting files from a workstation
- D. An attacker redirecting user to a malicious website and infects his system with Trojan
Answer: C
NEW QUESTION 61
Business continuity is defined as the ability of an organization to continue to function even after a disastrous
event, accomplished through the deployment of redundant hardware and software, the use of fault tolerant
systems, as well as a solid backup and recovery strategy. Identify the plan which is mandatory part of a
business continuity plan?
- A. Forensics Procedure Plan
- B. New business strategy plan
- C. Business Recovery Plan
- D. Sales and Marketing plan
Answer: C
NEW QUESTION 62
A malicious, security-breaking program is disguised as a useful program. Such executable programs, which are installed when a file is opened, allow others to control a user's system.
What is this type of program called?
- A. Spyware
- B. Trojan
- C. Worm
- D. Virus
Answer: B
NEW QUESTION 63
......
Career Path
After accomplishing the ECIH certification, you can apply for the CHFI (Computer Hacking Forensic Investigator) and the CASE (Certified Application Security Engineer) to become a multi-domain specialist. In addition, there are many other specialized certifications that you can opt to master in IT security. Thus, if you plan to become a Licensed Security consultant, it's recommended to take the Licensed Penetration Test Master (LPT) qualification. In all, these certificates can attract potential employers and lead you to a successful path.
Free 212-89 Exam Braindumps EC-COUNCIL Pratice Exam: https://www.passcollection.com/212-89_real-exams.html
Practice Test for 212-89 Certification Real 2023 Mock Exam: https://drive.google.com/open?id=1CEcjrUmLsyjI481fzcYzh9NwPaBTZGTC

