PASS4TEST

IT Certification Guaranteed, The Easy Way!

http://www.pass4test.com
We offer free update service for one year
 212-89 Exam Questions, 212-89 study materials. EC Council Certified Incident Handler (ECIH v2)
IT Certification Guaranteed, The Easy Way!

Exam : 212-89

Title : EC Council Certified Incident

Handler (ECIH v2)

Vendor : EC-Council

Version : DEMO

212-89, 212-89 dumps, Pass4Test 212-89 1

https://www.pass4test.com/212-89.html
 212-89 Exam Questions, 212-89 study materials. EC Council Certified Incident Handler (ECIH v2)
IT Certification Guaranteed, The Easy Way!

NO.1 Unusual logins, accessing sensitive information not used for the job role, and the use of
personal external storage drives on company assets are all signs of which of the following?
A. Security breach
B. Insider threat
C. Over-working
D. Lack of job rotation
Answer: B

NO.2 Which of the following are malicious software programs that infect computers and corruptor
delete the data on them?
A. Worms
B. Virus
C. Spyware
D. Trojans
Answer: B

NO.3 In the cloud environment, an authorized security professional executes approved sanitation
procedures using approved utilities to permanently remove data spilled from contaminated
information systems and applications in the cloud.
This is an example of which of the following?
A. Cloud broker
B. Cloud auditor
C. Cloud computing
D. Cloud eradication
Answer: B

NO.4 Dash wants to perform a DoS attack over 256 target URLs simultaneously.
Which of the following tools can Dash employ to achieve his objective?
A. IDA Pro
B. HOIC
C. Open VAS
D. Ollydbg
Answer: B

NO.5 Farheen is an incident responder at reputed IT Firm based in Florida. Farheen was asked to
investigate a recent cybercrime faced by the organization. As part of this process, she collected static
data from a victim system. She used dd, a command line tool, to perform forensic duplication to
obtain an NTFS image of the original disk. She created a sector-by-sector mirror imaging of the disk
and saved the output image file as image.dd. Identify the static data collection process step
performed by Farheen while collecting static data.
A. Physical presentation
B. System preservation
C. Comparison

212-89, 212-89 dumps, Pass4Test 212-89 2

https://www.pass4test.com/212-89.html
 212-89 Exam Questions, 212-89 study materials. EC Council Certified Incident Handler (ECIH v2)
IT Certification Guaranteed, The Easy Way!

D. Administrative consideration
Answer: B

NO.6 Which of the following is an inappropriate usage incident?

A. Insider threat
B. Denial-of-service attack
C. Access-control attack
D. Reconnaissance attack
Answer: A

NO.7 Your company sells SaaS, and your company itself is hosted in the cloud (using it as a PaaS).
In case of a malware incident in your customer's database, who is responsible for eradicating the
malicious software?
A. Your company
B. The customer
C. The PaaS provider
D. Building management
Answer: A

NO.8 Otis is an incident handler working in an organization called Delmont. Recently, the
organization faced several setbacks in business, whereby its revenues are decreasing. Otis was asked
to take charge and look into the matter. While auditing the enterprise security, he found traces of an
attack through which proprietary information was stolen from the enterprise network and passed on
to their competitors.
Which of the following information se cunty incidents did Delmont face?
A. Email-based abuse
B. Unauthorized access
C. Espionage
D. Network and resource abuses
Answer: C

NO.9 If the browser does not expire the session when the user fails to logout properly, which of the
following OWASP Top 10 web vulnerabilities is caused?
A. A3: Sensitive data exposure
B. A2: Broken authentication
C. A7: Cross-site scripting
D. A5: Broken access control
Answer: B

NO.10 Rinni is an incident handler and she is performing memory dump analysis.
Which of following tools she can use in order to perform a memory dump analysis?
A. Proc mon and Process Explorer
B. iNetSim

212-89, 212-89 dumps, Pass4Test 212-89 3

https://www.pass4test.com/212-89.html
 212-89 Exam Questions, 212-89 study materials. EC Council Certified Incident Handler (ECIH v2)
IT Certification Guaranteed, The Easy Way!

C. Scylla and Olly DumpEx

D. OllyDbg and IDA Pro
Answer: D

NO.11 Which of the following tools helps incident responders effectively contain a potential cloud
security incident and gather required forensic evidence?
A. Cloud Passage Halo
B. Alert Logic
C. Qualys Cloud Platform
D. Cloud Passage Quarantine
Answer: A

NO.12 Which of the following risk mitigation strategies involves the execution of controls to reduce
the risk factor and bring it to an acceptable level, or accepts the potential risk and continues
operating the IT system?
A. Risk transference
B. Risk avoidance
C. Risk planning
D. Risk assumption
Answer: D

NO.13 What is the name of the type of malicious software or malware designed to deny access to a
computer system or data until money is paid?
A. Spyware
B. Virus
C. Ransomware
D. Adware
Answer: C

NO.14 According to NITS, what are the 5 main actors in cloud computing?
A. Consumer, provider, carrier, auditor, and broker
B. Provider, carrier, auditor, broker, and seller
C. Buyer, consumer, carrier, auditor, and broker
D. None of these
Answer: A

NO.15 Which of the following is an attack that attempts to prevent the use of systems, networks, or
applications by the intended users?
A. Malicious code or insider threat attack
B. Unauthorized access
C. Fraud and theft
D. Denial of service (DoS) attack
Answer: D

212-89, 212-89 dumps, Pass4Test 212-89 4

https://www.pass4test.com/212-89.html
 212-89 Exam Questions, 212-89 study materials. EC Council Certified Incident Handler (ECIH v2)
IT Certification Guaranteed, The Easy Way!

NO.16 Michael is a part of the computer incident response team of a company. One of his
responsibilities is to handle email incidents. The company receives an email from an unknown source,
and one of the steps that he needs to take is to check the validity of the email.
Which of the following tools should he use?
A. Zendio
B. G Suite Toolbox
C. Email Dossier
D. Yes ware
Answer: C

NO.17 An insider threat response plan help san organization minimize the damage caused by
malicious insiders.
One of the approaches to mitigate these threats is setting up controls from the human resources
department.
Which of the following guidelines can the human resources department use?
A. Monitor and secure the organization's physical environment.
B. Implement a person-to-person rule to secure the backup process and physical media.
C. Access granted to users should be documented and vetted by a supervisor.
D. Disable the default administrative account to ensure accountability.
Answer: C

NO.18 Which of the following email security tools can be used by an incident handler to prevent the
organization against evolving email threats?
A. Gpg4win
B. Email Header Analyzer
C. Mx Toolbox
D. G Suite Toolbox
Answer: A

NO.19 Dan is a newly appointed information security professional in a renowned organization. He is

supposed to follow multiple security strategies to eradicate malware incidents.
Which of the following is not considered as a good practice for maintaining information security and
eradicating malware incidents?
A. Do not open files with file extensions such as.bat, .com, .exe, .p if, .vbs, and soon
B. Do not download or execute applications from trusted sources
C. Do not download or execute applications from third-party sources
D. Do not click on web browser pop-up windows
Answer: B

NO.20 Drake is an incident handler at Dark Cloud Inc. He is tasked with performing log analysis to
detect traces of malicious activities within the network infrastructure.
Which of the following tools should Drake employ to view logs in real time and identify malware
propagation within the network?

212-89, 212-89 dumps, Pass4Test 212-89 5

https://www.pass4test.com/212-89.html
 212-89 Exam Questions, 212-89 study materials. EC Council Certified Incident Handler (ECIH v2)
IT Certification Guaranteed, The Easy Way!

A. HULK
B. LOIC
C. Splunk
D. Hydra
Answer: C

212-89, 212-89 dumps, Pass4Test 212-89 6

https://www.pass4test.com/212-89.html