212-89試験無料問題集（174題）「EC-COUNCIL EC Council Certified Incident Handler (ECIH v3) 認定」

出題：1

What is the most recent NIST standard for incident response?

A. 800-53r3

B. 800-171r2

C. 800-61r3

D. 800-61r2

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：2

Which of the following is a term that describes the combination of strategies and services intended to restore data, applications, and other resources to the public cloud or dedicated service providers?

A. Analysis

B. Eradication

C. Cloud recovery

D. Mitigation

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：3

Which of the following is a volatile evidence collecting tool?

A. HashTool

B. Netstat

C. FTK Images

D. ProDiscover Forensics

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：4

Clark is investigating a cybercrime at TechSoft Solutions. While investigating the case, he needs to collect volatile information such as running services, their process IDs, startmode, state, and status.
Which of the following commands will help Clark to collect such information from running services?

A. Openfiles

B. wmic

C. net file

D. netstat -ab

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：5

Ikeo Corp, hired an incident response team to assess the enterprise security. As part of the incident handling and response process, the IR team is reviewing the current security policies implemented by the enterprise.
The IR team finds that employees of the organization do not have any restrictions on Internet access: they are allowed to visit any site, download any application, and access a computer or network from a remote location.
Considering this as the main security threat, the IR team plans to change this policy as it can be easily exploited by attackers. Which of the following security policies is the IR team planning to modify?

A. Paranoid policy

B. Prudent policy

C. Promiscuous policy

D. Permissive policy

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：6

Which stage of the incident response and handling process involves auditing the system and network log files?

A. Incident triage

B. Containment

C. Incident disclosure

D. Incident eradication

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：7

Smith employs various malware detection techniques to thoroughly examine the network and its systems for suspicious and malicious malware files. Among all techniques, which one involves analyzing the memory dumps or binary codes for the traces of malware?

A. Dynamic analysis

B. Live system

C. Intrusion analysis

D. Static analysis

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：8

Dash wants to perform a DoS attack over 256 target URLs simultaneously.
Which of the following tools can Dash employ to achieve his objective?

A. OpenVAS

B. Ollydbg

C. HOIC

D. IDAPro

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：9

An attacker after performing an attack decided to wipe evidences using artifact wiping techniques to evade forensic investigation. He applied magnetic field to the digital media device, resulting in an entirely clean device of any previously stored data.
Identify the artifact wiping technique used by the attacker.

A. Disk degaussing/destruction

B. File wiping utilities

C. Disk cleaning utilities

D. Syscall proxying

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：10

Patrick is doing a cyber forensic investigation. He is in the process of collecting physical evidence at the crime scene.
Which of the following elements he must consider while collecting physical evidence?

A. DNS information including domain and subdomains

B. Open ports, services, and operating system (OS) vulnerabilities

C. Published name servers and web application source code

D. Removable media, cable, and publications

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

212-89試験無料問題集「EC-COUNCIL EC Council Certified Incident Handler (ECIH v3) 認定」