It is impossible to pass EC-Council 212-89 exam without any help in the short term. Come to Certleader soon and find the most advanced, correct and guaranteed EC-Council 212-89 practice questions. You will get a surprising result by our Most recent EC Council Certified Incident Handler (ECIH v2) practice guides.

Free demo questions for EC-Council 212-89 Exam Dumps Below:

NEW QUESTION 1
The largest number of cyber-attacks are conducted by:

  • A. Insiders
  • B. Outsiders
  • C. Business partners
  • D. Suppliers

Answer: B

NEW QUESTION 2
The network perimeter should be configured in such a way that it denies all incoming and outgoing traffic/ services that are not required. Which service listed below, if blocked, can help in preventing Denial of Service attack?

  • A. SAM service
  • B. POP3 service
  • C. SMTP service
  • D. Echo service

Answer: D

NEW QUESTION 3
Business Continuity planning includes other plans such as:

  • A. Incident/disaster recovery plan
  • B. Business recovery and resumption plans
  • C. Contingency plan
  • D. All the above

Answer: D

NEW QUESTION 4
The goal of incident response is to handle the incident in a way that minimizes damage and reduces recovery time and cost. Which of the following does NOT constitute a goal of incident response?

  • A. Dealing with human resources department and various employee conflict behaviors.
  • B. Using information gathered during incident handling to prepare for handling future incidents in a better way and to provide stronger protection for systems and data.
  • C. Helping personal to recover quickly and efficiently from security incidents, minimizing loss or theft and disruption of services.
  • D. Dealing properly with legal issues that may arise during incidents.

Answer: A

NEW QUESTION 5
Installing a password cracking tool, downloading pornography material, sending emails to colleagues which irritates them and hosting unauthorized websites on the company’s computer are considered:

  • A. Network based attacks
  • B. Unauthorized access attacks
  • C. Malware attacks
  • D. Inappropriate usage incidents

Answer: D

NEW QUESTION 6
Overall Likelihood rating of a Threat to Exploit a Vulnerability is driven by :

  • A. Threat-source motivation and capability
  • B. Nature of the vulnerability
  • C. Existence and effectiveness of the current controls
  • D. All the above

Answer: D

NEW QUESTION 7
A security policy will take the form of a document or a collection of documents, depending on the situation or usage. It can become a point of reference in case a violation occurs that results in dismissal or other penalty. Which of the following is NOT true for a good security policy?

  • A. It must be enforceable with security tools where appropriate and with sanctions where actual prevention is not technically feasible
  • B. It must be approved by court of law after verifications of the stated terms and facts
  • C. It must be implemented through system administration procedures, publishing of acceptable use guide lines or other appropriate methods
  • D. It must clearly define the areas of responsibilities of the users, administrators and management

Answer: B

NEW QUESTION 8
The correct sequence of incident management process is:

  • A. Prepare, protect, triage, detect and respond
  • B. Prepare, protect, detect, triage and respond
  • C. Prepare, detect, protect, triage and respond
  • D. Prepare, protect, detect, respond and triage

Answer: B

NEW QUESTION 9
The data on the affected system must be backed up so that it can be retrieved if it is damaged during incident response. The system backup can also be used for further investigations of the incident. Identify the stage of the incident response and handling process in which complete backup of the infected system is carried out?

  • A. Containment
  • B. Eradication
  • C. Incident recording
  • D. Incident investigation

Answer: A

NEW QUESTION 10
Removing or eliminating the root cause of the incident is called:

  • A. Incident Eradication
  • B. Incident Protection
  • C. Incident Containment
  • D. Incident Classification

Answer: A

NEW QUESTION 11
ADAM, an employee from a multinational company, uses his company’s accounts to send e-mails to a third party with their spoofed mail address. How can you categorize this type of account?

  • A. Inappropriate usage incident
  • B. Unauthorized access incident
  • C. Network intrusion incident
  • D. Denial of Service incident

Answer: A

NEW QUESTION 12
Total cost of disruption of an incident is the sum of

  • A. Tangible and Intangible costs
  • B. Tangible cost only
  • C. Intangible cost only
  • D. Level Two and Level Three incidents cost

Answer: A

NEW QUESTION 13
The sign(s) of the presence of malicious code on a host infected by a virus which is delivered via e-mail could be:

  • A. Antivirus software detects the infected files
  • B. Increase in the number of e-mails sent and received
  • C. System files become inaccessible
  • D. All the above

Answer: D

NEW QUESTION 14
The IDS and IPS system logs indicating an unusual deviation from typical network traffic flows; this is called:

  • A. A Precursor
  • B. An Indication
  • C. A Proactive
  • D. A Reactive

Answer: B

NEW QUESTION 15
A computer Risk Policy is a set of ideas to be implemented to overcome the risk associated with computer security incidents. Identify the procedure that is NOT part of the computer risk policy?

  • A. Procedure to identify security funds to hedge risk
  • B. Procedure to monitor the efficiency of security controls
  • C. Procedure for the ongoing training of employees authorized to access the system
  • D. Provisions for continuing support if there is an interruption in the system or if the system crashes

Answer: C

NEW QUESTION 16
An adversary attacks the information resources to gain undue advantage is called:

  • A. Defensive Information Warfare
  • B. Offensive Information Warfare
  • C. Electronic Warfare
  • D. Conventional Warfare

Answer: B

NEW QUESTION 17
The sign of incident that may happen in the future is called:

  • A. A Precursor
  • B. An Indication
  • C. A Proactive
  • D. A Reactive

Answer: A

NEW QUESTION 18
Which test is conducted to determine the incident recovery procedures effectiveness?

  • A. Live walk-throughs of procedures
  • B. Scenario testing
  • C. Department-level test
  • D. Facility-level test

Answer: A

NEW QUESTION 19
Which of the following is NOT one of the common techniques used to detect Insider threats:

  • A. Spotting an increase in their performance
  • B. Observing employee tardiness and unexplained absenteeism
  • C. Observing employee sick leaves
  • D. Spotting conflicts with supervisors and coworkers

Answer: A

NEW QUESTION 20
Agencies do NOT report an information security incident is because of:

  • A. Afraid of negative publicity
  • B. Have full knowledge about how to handle the attack internally
  • C. Do not want to pay the additional cost of reporting an incident
  • D. All the above

Answer: A

NEW QUESTION 21
......

P.S. Certifytools now are offering 100% pass ensure 212-89 dumps! All 212-89 exam questions have been updated with correct answers: https://www.certifytools.com/212-89-exam.html (163 New Questions)