時間限定無料ダウンロード 最新の212-89問題集で2025年最新の212-89試験問題 [Q30-Q54]

時間限定無料ダウンロード 最新の212-89問題集で2025年最新の212-89試験問題

最新のEC-COUNCIL 212-89認定の練習テスト問題

質問 # 30
An insider threat response plan helps an organization minimize the damage caused by malicious insiders. One of the approaches to mitigate these threats is setting up controls from the human resources department. Which of the following guidelines can the human resources department use?

• A. Monitor and secure the organization's physical environment.
• B. Access granted to users should be documented and vetted by a supervisor.
• C. Disable the default administrative account to ensure accountability.
• D. Implement a person-to-person rule to secure the backup process and physical media.

正解：B

解説：
One of the key approaches to mitigating insider threats is ensuring that access control policies are strictly implemented and monitored. This includes the guideline that access granted to users should be thoroughly documented and vetted by a supervisor. This control helps ensure that users have only the access necessary to perform their job functions, reducing the risk of inappropriate access or misuse of information. Proper documentation and supervisor approval also ensure accountability and traceability of access decisions, which is crucial for detecting and responding to insider threats. The human resources department plays a vital role in this process, working closely with IT and security teams to enforce access control policies, conduct regular reviews of access rights, and manage the onboarding and offboarding process to ensure that access rights are appropriately updated.References:The Incident Handler (ECIH v3) materials often emphasize the importance of comprehensive access control measures and the role of human resources in preventinginsider threats by managing the lifecycle of employee access to organizational resources.

質問 # 31
BadGuy Bob hid files in the slack space, changed the file headers, hid suspicious files in executables, and changed the metadata for all types of files on his hacker laptop. What has he committed?

• A. Legal hostility
• B. Felony
• C. Anti-forensics
• D. Adversarial mechanics

正解：C

質問 # 32
Sam received an alert through an email monitoring tool indicating that their company was targeted by a phishing attack. After analyzing the incident, Sam identified that most of the targets of the attack are high-profile executives of the company. What type of phishing attack is this?

• A. Puddle phishing
• B. Spear phishing
• C. Whaling
• D. Pharming

正解：C

質問 # 33
Mike is an incident handler for PNP Infosystems Inc. One day, there was a ticket submitted regarding a critical incident and Mike was assigned to handle the incident. During the process of incident handling, at one stage, he performed incident analysis and validation to check whether the incident is a genuine incident or a false positive.
Identify the stage he is currently in.

• A. Post-incident activities
• B. Incident triage
• C. Incident recording and assignment
• D. Incident disclosure

正解：B

解説：
Incident triage is the stage in the incident response process where the incident handler, like Mike, performs an initial assessment of the reported incident to determine its validity, severity, and potential impact. This includes analyzing the incident to verify if it is a genuine threat or a false positive. The purpose of incident triage is to prioritize incidents based on their criticality and ensure that resources are allocated effectively to address the most serious threats first. This stage is crucial for efficient incident management, as it helps in filtering out false alarms and focusing on real security incidents that require immediate attention.References:The ECIH v3 curriculum covers the incident response lifecycle, including the importance of incident triage as a key step in ensuring that incident handling efforts are focused on genuine security incidents, thereby optimizing the response process.

質問 # 34
Smith employs various malware detection techniques to thoroughly examine the network and its systems for suspicious and malicious malware files. Among all techniques, which one involves analyzing the memory dumps or binary codes for the traces of malware?

• A. Dynamic analysis
• B. Live system
• C. Intrusion analysis
• D. Static analysis

正解：D

解説：
Static analysis involves examining the malware's memory dumps or binary codes without executing the code.
This technique is used to find traces of malware by analyzing the code to understand its purpose, functionality, and potential impact. Static analysis allows for the identification of malicious signatures, strings, or other indicators of compromise within the malware's code. This method is contrasted with dynamic analysis, which studies the malware's behavior during execution, live system analysis, which examines running systems, and intrusion analysis, which focuses on detecting and analyzing breaches.References:The ECIH v3 certification program includes malware analysis techniques, highlighting static analysis as a key method for investigating malware without the risk of executing it on a live system.

質問 # 35
An attacker uncovered websites a target individual was frequently Suring. The attacker then tested those particular websites to identify possible vulnerabilities. After detecting vulnerabilities within a website, the attacker started injecting malicious script/code into the web application that would redirect the webpage and download the malware on to the victim's machine. After infecting the vulnerable web application, the attacker waited for the victim to access the infected web application. Identify the type of attack performed by the attacker.

• A. Directory traversal
• B. Cookie/Session poisoning
• C. Watering hole
• D. Obfuscation application

正解：B

質問 # 36
Which policy recommends controls for securing and tracking organizational resources:

• A. Access control policy
• B. Asset control policy
• C. Acceptable use policy
• D. Administrative security policy

正解：B

質問 # 37
Your company holds a large amount of customer Pll, and you want to protect those data from theft or unauthorized modification. Among other actions, you classify and encrypt the data.
In this process, which of the following OWASP security risks are you guarding against?

• A. Broken authentication
• B. Insecure deserialization
• C. Security misconfiguration
• D. Sensitive data exposure

正解：D

質問 # 38
Miko was hired as an incident handler in XYZ company. His first task was to identify the PING sweep attempts inside the network. For this purpose, he used Wire shark to analyze the traffic.
What filter did he use to identify ICMP ping sweep attempts?

• A. icmp.type==icmp
• B. udp.type== 7
• C. icmp.type ==8 or icmp.type== 0
• D. tcp.type==icmp

正解：C

質問 # 39
Absorbing minor risks while preparing to respond to major ones is called:

• A. Risk Assumption
• B. Risk Avoidance
• C. Risk Mitigation
• D. Risk Transfer

正解：A

質問 # 40
Eric who is an incident responder is working on developing incident-handling plans and procedures. As part of this process, he is performing analysis on the organizational network to generate a report and to develop policies based on the acquired results.
Which of the following tools will help him in analyzing network and its related traffic?

• A. Wireshark
• B. FaceNiff
• C. Burp Suite
• D. Whois

正解：A

解説：
Wireshark is a network protocol analyzer that allows users to capture and interactively browse the traffic running on a computer network. It is a crucial tool for incident responders like Eric who are developing incident-handling plans and need to analyze network traffic and patterns. Wireshark can provide detailed information about the network, including protocols used, source and destination of packets, and potential signs of malicious activity, making it invaluable for developing informed policies and procedures.

質問 # 41
Johnson an incident handler is working on a recent web application attack faced by the organization. As part of this process, he performed data preprocessing in order to analyzing and detecting the watering hole attack. He preprocessed the outbound network traffic data collected from firewalls and proxy servers and started analyzing the user activities within a certain time period to create time-ordered domain sequences to perform further analysis on sequential patterns.
Identify the data-preprocessing step performed by Johnson.

• A. Host name normalization
• B. User-specific sessionization
• C. Filtering invalid host names
• D. Identifying unpopular domains

正解：B

質問 # 42
Alice is an incident handler and she has been informed by her lead that the data on affected systems must be backed up so that it can be retrieved if it is damaged during the incident response process. She was also told that the system backup can also be used for further investigation of the incident. In which of the following stages of the incident handling and response (IH&R) process does Alice need to do a complete backup of the infected system?

• A. Incident triage
• B. Incident recording
• C. Eradication
• D. Containment

正解：D

解説：
In the incident handling and response (IH&R) process, backing up the data on affected systems is a critical step that usually falls under the Containment phase. The Containment phase is crucial for limiting the scope and severity of an incident, ensuring that it does not spread further or affect additional systems. Backing up affected systems during containment is essential for several reasons: it preserves a snapshot of the system in its current state for forensic analysis, ensures that data is not lost if the system needs to be wiped or altered during the response process, and helps in the recovery process if data is corrupted or lost.
By performing a complete backup of the infected system during the Containment phase, Alice ensures that there is a reliable copy of all data and system states before any major actions, such as eradication or deeper forensic analysis, are taken. This step is also preparatory for the potential use of the backup in analyzing how the incident occurred and in restoring system functionality after the incident is resolved.
References:EC-Council's Certified Incident Handler (ECIH v3) courses and study guides highlight the importance of the Containment phase in the IH&R process, including the practice of backing up affected systems to prevent data loss and to aid in the investigation and recovery processes.

質問 # 43
An incident handler is analyzing email headers to find out suspicious emails.
Which of the following tools he/she must use in order to accomplish the task?

• A. SPAMfighter
• B. Barracuda Email Security Gateway
• C. Gophish

正解：B

質問 # 44
Which of the following risk mitigation strategies involves execution of controls to reduce the risk factor and brings it to an acceptable level or accepts the potential risk and continues operating the IT system?

• A. Risk transference
• B. Risk planning
• C. Risk avoidance
• D. Risk assumption

正解：D

解説：
Risk assumption involves accepting the potential risk and continuing to operate the IT system while implementing controls to reduce the risk to an acceptable level. This strategy acknowledges that some level of risk is inevitable and focuses on managing it through mitigation measures rather than eliminating it entirely.
Risk avoidance would entail taking actions to avoid the risk entirely, risk planning involves preparing for potential risks, and risk transference shifts the risk to another party, typically through insurance or outsourcing.
Risk assumption is a pragmatic approach that balances the need for operational continuity with the imperative of risk management.References:The ECIH v3 certification program covers various risk mitigation strategies, emphasizing the selection of the appropriate approach based on the organization's risk tolerance and the specific context of the threat.

質問 # 45
Khai was tasked with examining the logs from a Linux email server. The server uses Sendmail to execute the command to send emailsand Syslog to maintain logs. To validate the data within email headers, which of the following directories should Khai check for information such as source and destination IP addresses, dates, and timestamps?

• A. /Var/log/mailog
• B. /va r/log/mai11og
• C. /va r/log/sendmail/mailog
• D. /ar/log/sendmail

正解：A

解説：
In a Linux environment, email servers such as Sendmail log events, including details about sent and received emails, in a specific log file. The correct directory and file for examining email logs, particularly for Sendmail and using Syslog for logging, is /Var/log/maillog. Thisfile contains vital information for forensic and incident response purposes, including source and destination IP addresses, email addresses, timestamps, and other data relevant to the email traffic handled by the server. By analyzing this log, incident responders can gather evidence related to email-based incidents, trace the source of malicious emails, and understand the scope of an incident. It's crucial for individuals like Khai, who are tasked with examining logs, to know the correct log file locations and their contents to effectively validate and analyze email header information and other relevant data.
References:Incident Handler (ECIH v3) study materials often cover the logging mechanisms of common services and applications on Linux systems, including email servers like Sendmail, and the importance of log files like /var/log/maillog in incident investigation and response activities.

質問 # 46
Which of the following has been used to evade IDS and IPS?

• A. SNMP
• B. TNP
• C. HTTP
• D. Fragmentation

正解：D

質問 # 47
Which of the following email security tools can be used by an incident handler to prevent the organization against evolving email threats?

• A. Email Header Analyzer
• B. MxToolbox
• C. Gpg4win
• D. G Suite Toolbox

正解：B

解説：
MxToolbox is an online tool that provides various network diagnostics and email security checks, including looking up DNS and MX records, SPF records, and more. It can be used by incident handlers to prevent the organization against evolving email threats by analyzing domain health, checking blacklists, verifying email delivery issues, and more. While Email Header Analyzer is useful for analyzing specific emails for traces of phishing or spoofing, G Suite Toolbox might be specific to Google's services, and Gpg4win is more focused on email encryption. MxToolbox provides a broader set of functionalities for monitoring and troubleshooting email delivery issues and security threats, making it a versatile tool for incident handlers.References:Incident Handler (ECIH v3) courses and study guides often include sections on email security and the tools used to maintain it, among which MxToolbox is commonly recommended for its comprehensive features.

質問 # 48
Francis received a spoof email asking for his bank information. He decided to use a tool to analyze the email headers. Which of the following should he use?

• A. EventLog Analyzer
• B. Email Checker
• C. MxTooIbox
• D. PoliteMail

正解：C

質問 # 49
Which of the following is not called volatile data?

• A. State of the network interface
• B. The dale a no Lime of the system
• C. Creation dates of files
• D. Open sockets er open ports

正解：C

質問 # 50
Risk is defined as the probability of the occurrence of an incident. Risk formulation generally begins with the likeliness of an event's occurrence, the harm it may cause and is usually denoted as Risk = ∑(events)X(Probability of occurrence)X?

• A. Magnitude
• B. Significance
• C. Consequences
• D. Probability

正解：A

質問 # 51
Bran is an incident handler who is assessing the network of the organization. He wants to detect ping sweep attempts on the network using Wireshark. Which of the following Wireshark filters would Bran use to accomplish this task?

• A. icmp.scq
• B. icmp.lype==8
• C. icmp.redir_gw
• D. icmp.ident

正解：B

質問 # 52
Which of the following is the ECIH phase that involves removing or eliminating the root cause of an incident and closing all attack vectors to prevent similar incidents in the future?

• A. Containment
• B. Eradication
• C. Vulnerability management phase
• D. Recovery

正解：B

解説：
Eradication is the phase in the incident response process where the root cause of an incident is removed or eliminated, and all attack vectors are closed to prevent similar incidents in the future. This step follows the containment phase, where the immediate threat is isolated to prevent further damage, and precedes the recovery phase, where normal operations are restored. Eradication involves thoroughly removing malware, unauthorized access mechanisms, or any other elements used in the attack, and securing any vulnerabilities that were exploited. The goal is to ensure that the threat cannot re-emerge and that the systems are secure before they are returned to operational status.References:The EC-Council's Incident Handler (ECIH v3) certification guide outlines the incident response process, including the specific tasks involved in the eradication phase, to ensure that incident handlers are prepared to effectively remove threats from an organization's environment.

質問 # 53
Which of the following terms refers to the personnel that the incident handling and response (IH&R) team must contact to report the incident and obtain the necessary permissions?

• A. Point of contact
• B. Criminal referral
• C. Ticketing
• D. Civil litigation

正解：A

質問 # 54
......

検証済みの212-89問題集と解答で一年間無料最速更新：https://www.goshiken.com/EC-COUNCIL/212-89-mondaishu.html

今すぐ試そう2025年最新の無料更新されたEC-COUNCIL 212-89試験問題と解答：https://drive.google.com/open?id=1KXec5x9WuAHgLWSYqMU3l13utOmlYzBs