212-89試験無料問題集「EC-COUNCIL EC Council Certified Incident Handler (ECIH v3) 認定」

Which of the following is not a countermeasure to eradicate inappropriate usage incidents?

解説: (GoShiken メンバーにのみ表示されます)
DeltaCorp, a global e-commerce company, received an email sent to the financial department claiming to be from the CEO, requesting an urgent transfer of funds. To determine the legitimacy of this potentially deceptive email, which of the following should be the primary focus of the investigation?

解説: (GoShiken メンバーにのみ表示されます)
Elizabeth, who works for OBC organization as an incident responder, is assessing the risks to the organizational security. As part of the assessment process, she is calculating the probability of a threat source exploiting an existing system vulnerability. Which of the following risk assessment steps is Elizabeth currently in?

解説: (GoShiken メンバーにのみ表示されます)
Jason is an incident handler dealing with malware incidents. He was asked to perform memory dump analysis in order to collect the information about the basic functionality of any program. As a part of his assignment, he needs to perform string search analysis to search for the malicious string that could determine harmful actions that a program can perform. Which of the following string-searching tools Jason needs to use to do the intended task?

解説: (GoShiken メンバーにのみ表示されます)
Which of the following options describes common characteristics of phishing emails?

解説: (GoShiken メンバーにのみ表示されます)
Farheen is an incident responder at reputed IT Firm based in Florida. Farheen was asked to investigate a recent cybercrime faced by the organization. As part of this process, she collected static data from a victim system. She used DD tool command to perform forensic duplication to obtain an NTFS image of the original disk. She created a sector-by-sector mirror imaging of the disk and saved the output image file as image.dd.
Identify the static data collection process step performed by Farheen while collecting static data.

解説: (GoShiken メンバーにのみ表示されます)
Liam, a network engineer, configures firewalls to prevent outbound file transfers over unauthorized FTP and HTTP channels. Despite this, an insider used encrypted traffic via HTTPS to exfiltrate data. A review revealed that no deep packet inspection was in place. Which insider threat eradication control could have helped prevent this?

解説: (GoShiken メンバーにのみ表示されます)
WebMega, a leading e-commerce giant with over a billion users, suffered a massive data breach, compromising sensitive user data, including financials. During the containment phase, IH&R teams discovered a meticulous attack pattern that bypassed multiple security layers, hinting at an insider's involvement. Investigations revealed that three recently fired employees, with ties to a rival company, had possible motives and means. How should WebMega proceed?

解説: (GoShiken メンバーにのみ表示されます)
Identify the network security incident where intended or authorized users are prevented from using system, network, or applications by flooding the network with a high volume of traffic that consumes all existing network resources.

解説: (GoShiken メンバーにのみ表示されます)
Jacob is an employee at a firm called Dolphin Investment. While he was on duty, he identified that his computer was facing some problems, and he wanted to convey the issue to the concerned authority in his organization. However, this organization currently does not have a ticketing system to address such types of issues. In the above scenario, which of the following ticketing systems can be employed by Dolphin Investment to allow Jacob to inform the concerned team about the incident?

解説: (GoShiken メンバーにのみ表示されます)
Aaron, a digital first responder, is dispatched to an R&D lab after a suspected insider data breach involving intellectual property theft. Upon entering the lab, he observes fingerprint smudges on a workstation keyboard, oily residue on a DVD near the printer, and an unplugged USB drive on the desk. He documents the position of each item, uses gloves and evidence tags, covers surfaces to prevent contamination, and restricts access to the area. Which best practice is Aaron demonstrating?

解説: (GoShiken メンバーにのみ表示されます)
Which of the following is not a best practice to eliminate the possibility of insider attacks?

解説: (GoShiken メンバーにのみ表示されます)
Jason is setting up a computer forensics lab and must perform the following steps: 1. physical location and structural design considerations; 2. planning and budgeting; 3. work area considerations; 4. physical security recommendations; 5. forensic lab licensing; 6. human resource considerations. Arrange these steps in the order of execution.

解説: (GoShiken メンバーにのみ表示されます)