212-89試験無料問題集（174題）「EC-COUNCIL EC Council Certified Incident Handler (ECIH v3) 認定」

出題：1

Which of the following are malicious software programs that infect computers and corrupt or delete the data on them?

A. Worms

B. Trojans

C. Virus

D. Spyware

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：2

Which of the following processes is referred to as an approach to respond to the security incidents that occurred in an organization and enables the response team by ensuring that they know exactly what process to follow in case of security incidents?

A. Vulnerability management

B. Threat assessment

C. Risk assessment

D. Incident response orchestration

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：3

Which of the following is a term that describes the combination of strategies and services intended to restore data, applications, and other resources to the public cloud or dedicated service providers?

A. Analysis

B. Eradication

C. Cloud recovery

D. Mitigation

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：4

Oscar receives an email from an unknown source containing his domain name oscar.com. Upon checking the link, he found that it contains a malicious URL that redirects to the website evilsite.org. What type of vulnerability is this?

A. Unvalidated redirects and forwards

B. Bolen

C. SQL injection

D. Malware

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：5

Which of the following is a volatile evidence collecting tool?

A. HashTool

B. Netstat

C. FTK Images

D. ProDiscover Forensics

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：6

Patrick is doing a cyber forensic investigation. He is in the process of collecting physical evidence at the crime scene.
Which of the following elements he must consider while collecting physical evidence?

A. DNS information including domain and subdomains

B. Open ports, services, and operating system (OS) vulnerabilities

C. Published name servers and web application source code

D. Removable media, cable, and publications

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：7

In which of the following types of insider threats an insider who is uneducated on potential security threats or simply bypasses general security procedures to meet workplace efficiency?

A. Negligent insider

B. Malicious insider

C. Professional insider

D. Compromised insider

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：8

Rose is an incident-handling person and she is responsible for detecting and eliminating any kind of scanning attempts over the network by any malicious threat actors. Rose uses Wireshark tool to sniff the network and detect any malicious activities going on.
Which of the following Wireshark filters can be used by her to detect TCP Xmas scan attempt by the attacker?

A. tcp.flags.reset==1

B. tcp.flags==0X000

C. tcp.dstport==7

D. tcp.flags==0X029

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：9

During the vulnerability assessment phase, the incident responders perform various steps as below:
1. Run vulnerability scans using tools
2. Identify and prioritize vulnerabilities
3. Examine and evaluate physical security
4. Perform OSINT information gathering to validate the vulnerabilities
5. Apply business and technology context to scanner results
6. Check for misconfigurations and human errors
7. Create a vulnerability scan report
Identify the correct sequence of vulnerability assessment steps performed by the incident responders.

A. 2-->1-->4-->7-->5-->6-->3

B. 3-->6-->1-->2-->5-->4-->7

C. 1-->3-->2-->4-->5-->6-->7

D. 4-->1-->2-->3-->6-->5-->7

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：10

You are talking to a colleague who Is deciding what information they should include in their organization's logs to help with security auditing. Which of the following items should you tell them to NOT log?

A. Source IP eddross

B. Session ID

C. userid

D. Timestamp

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

212-89試験無料問題集「EC-COUNCIL EC Council Certified Incident Handler (ECIH v3) 認定」