最新の[2025年04月28日]212-89試験問題集で有効で更新された問題集 [Q70-Q94]

最新の[2025年04月28日]212-89試験問題集で有効で更新された問題集

無料お試しまもなく終了！100%有効な212-89試験問題集には170問があります

質問 # 70
Which of the following is a risk assessment tool:

• A. Wireshark
• B. Nmap
• C. CRAMM
• D. Nessus

正解：C

質問 # 71
Bran is an incident handler who is assessing the network of the organization. In the process, he wants to detect ping sweep attempts on the network using Wireshark tool.
Which of the following Wireshark filter he must use to accomplish this task?

• A. icmp.redir_gw
• B. icmp.seq
• C. icmp.type==8
• D. icmp.ident

正解：C

解説：
In Wireshark, the filtericmp.type==8is used to detect ping sweep attempts. ICMP type 8 messages are echo requests, which are used in ping operations to check the availability of a network device. A ping sweep involves sending ICMP echo requests to multiple addresses to discover active devices on a network. By filtering for ICMP type 8 messages in Wireshark, Bran can identify these echo requests, helping to pinpoint ping sweep activities on the network.
References:Wireshark, as a network protocol analyzer, is frequently discussed in the ECIH v3 program, with particular emphasis on its utility in detecting network reconnaissance activities like ping sweeps through specific filter usage.

質問 # 72
Elizabeth, who works for OBC organization as an incident responder, is assessing the risks to the organizational security. As part of the assessment process, she is calculating the probability of a threat source exploiting an existing system vulnerability. Which of the following risk assessment steps is Elizabeth currently in?

• A. System characterization
• B. Vulnerability identification
• C. Impact analysis
• D. Likelihood analysis

正解：D

質問 # 73
QualTech Solutions is a leading security services enterprise. Dickson works as an incident responder with this firm. He is performing vulnerability assessment to identify the security problems in the network, using automated tools to identify the hosts, services, and vulnerabilities present in the enterprise network.
Based on the above scenario, identify the type of vulnerability assessment performed by Dickson.

• A. Active assessment
• B. External assessmen
• C. Passive assessment
• D. Internal assessment

正解：C

質問 # 74
ZYX company experienced a DoS/DDoS attack on their network. Upon investigating the incident, they concluded that the attack is an application-layer attack. Which of the following attacks did the attacker use?

• A. Slowloris attack
• B. Ping of ceath
• C. UDP flood attack
• D. SYN flood attack

正解：A

質問 # 75
Frederick is in the eradication process in one of the incidents he is handing.
Which of the following is NOT an eradication process?

• A. Conduct vulnerability scanning and configuration audits.
• B. CCs must train a few of their employees to use the cloud securely.
• C. Monitor the client's traffic for any malicious activities.
• D. Analyze the security model of the cloud provider interface.

正解：B

質問 # 76
Incident response team must adhere to the following:

• A. Stay calm and document everything
• B. Notify appropriate personnel
• C. Assess the situation
• D. All the above

正解：D

質問 # 77
In which of the following phases of the incident handling and response (IH&R) process is the identified security incidents analyzed, validated, categorized, and prioritized?

• A. Containment
• B. Incident recording and assignment
• C. Notification
• D. Incident triage

正解：D

質問 # 78
Identify the network security incident where intended authorized users are prevented from using system,
network, or applications by flooding the network with high volume of traffic that consumes all existing network
resources.

• A. SQL Injection
• B. XSS Attack
• C. Denial of Service Attack
• D. URL Manipulation

正解：C

質問 # 79
Which of the following encoding techniques replaces unusual ASCII characters with "%" followed by the character's two-digit ASCII code expressed in hexadecimal?

• A. HTML encoding
• B. URL encoding
• C. Base 64 encoding
• D. Unicode encoding

正解：B

質問 # 80
A self-replicating malicious code that does not alter files but resides in active memory and duplicates itself,
spreads through the infected network automatically and takes advantage of file or information transport
features on the system to travel independently is called:

• A. RootKit
• B. Virus
• C. Worm
• D. Trojan

正解：C

質問 # 81
Alice is a disgruntled employee. She decided to acquire critical information from her organization for financial benefit.
To accomplish this, Alice started running a virtual machine on the same physical host as her victim's virtual machine and took advantage of shared physical resources (processor cache) to steal data (cryptographic key/plaintext secrets) from the victim machine. Identify the type of attack Alice is performing in the above scenario.

• A. Man-in-the-cloud attack
• B. SQL injection attack
• C. Service hijacking
• D. Side channel attack

正解：D

質問 # 82
James is a professional hacker and is employed by an organization to exploit their cloud services. In order to achieve this, James created anonymous access to the cloud services to carry out various attacks such as password and key cracking, hosting malicious data, and DDoS attacks. Which of the following threats is he posing to the cloud platform?

• A. Data breach/loss
• B. Abuse end nefarious use of cloud services
• C. Insufficient duo diligence
• D. Insecure interface and APIs

正解：B

質問 # 83
An attacker after performing an attack decided to wipe evidence using artifact wiping techniques to evade forensic investigation. He applied a magnetic field to the digital media device, resulting in a device entirely cleaned of any previously stored data.
Identify the artifact wiping technique used by the attacker.

• A. Disk degaussing/destruction
• B. Syscall proxying
• C. Disk cleaning utilities
• D. File wiping utilities

正解：A

質問 # 84
Andrew, an incident responder, is performing risk assessment of the client organization. As a part of the risk assessment process, he identified the boundaries of the IT systems, along with the resources and the information that constitute the systems.
Identify the risk assessment step Andrew is performing.

• A. System characterization
• B. Control analysis
• C. Likelihood determination
• D. Control recommendations

正解：A

質問 # 85
James is working as an incident responder at Cyber Sol Inc. The management instructed James to invest gate a cybersecurity incident that recently happened in the company. As a part of the investigation process, James started collecting volatile information from a system running on Windows operating system.
Which of the following commands helps James in determining all the executable files for running processes?

• A. top
• B. date/t&time/t
• C. netstat-ab
• D. dos key/history

正解：C

質問 # 86
Attackers or insiders create a backdoor into a trusted network by installing an unsecured access point inside a firewall. They then use any software or hardware access point to perform an attack. Which of the following is this type of attack?

• A. Password-based attack
• B. Email infection
• C. Malware attack
• D. Rogue- access point attack

正解：D

解説：
A rogue-access point attack occurs when attackers or insiders install an unsecured access point within a trusted network, typically behind a firewall, to create a backdoor. This allows them to bypass network security measures and perform various malicious activities undetected. The use of any software or hardware access point to gain unauthorized access and conduct an attack characterizes a rogue-access point attack. This contrasts with password-based attacks, malware attacks, and email infections, which involve different methodologies and objectives, such as stealing credentials, distributing malicious software, or propagating through email systems, respectively.References:The ECIH v3 certification materials discuss various types of network attacks, including rogue-access point attacks, highlighting the risk they pose by providing unauthorized network access to attackers.

質問 # 87
Your manager hands you several items of digital evidence and asks you to investigate them in the order of volatility. Which of the following is the MOST volatile?

• A. Cache
• B. Temp files
• C. Disk
• D. Emails

正解：A

解説：
In the context of digital evidence investigation, volatility refers to how quickly data can change or be lost when power is removed or systems are altered. Among the options provided, cache is the most volatile because it is temporary storage that is designed to speed up access to data and is frequently overwritten. Cache data resides in RAM and includes things like memory buffers, system and network information, and process execution data, which are lost upon reboot or power loss. This contrasts with disks, emails, and temp files, which are considered less volatile because they are stored on permanent or semi-permanent media and are less likely to be immediately lost or overwritten.References:The Incident Handler (ECIH v3) curriculum includes principles of digital evidence handling, which emphasizes the importance of collecting evidence in descending order of volatility to ensure that the most ephemeral data is preserved before it's lost.

質問 # 88
Which of the following is NOT part of the static data collection process?

• A. Password protection
• B. Evidence acquisition
• C. System preservation
• D. Evidence examination

正解：A

質問 # 89
Alex is an incident handler for Tech-o-Tech Inc. and is tasked to identify any possible insider threats within his organization. Which of the following insider threat detection techniques can be used by Alex to detect insider threats based on the behavior of a suspicious employee, both individually and in a group?

• A. Physical detection
• B. Profiling
• C. Mole detection
• D. behaviorial analysis

正解：D

質問 # 90
Zaimasoft, a prominent IT organization, was attacked by perpetrators who directly targeted the hardware and caused irreversible damage to the hardware. In result, replacing or reinstalling the hardware was the only solution. Identify the type of denial-of-service attack performed on Zaimasoft.

• A. DRDoS
• B. PDoS
• C. DoS
• D. DDoS

正解：B

質問 # 91
Eric is an incident responder and is working on developing incident-handling plans and procedures. As part of this process, he is performing an analysis on the organizational network to generate a report and develop policies based on the acquired results.
Which of the following tools will help him in analyzing his network and the related traffic?

• A. Whois
• B. Wireshark
• C. FaceNiff
• D. Burp Suite

正解：B

質問 # 92
Clark, a professional hacker, exploited the web application of a target organization by tampering the form and parameter values. He successfully exploited the web application and gained access to the information assets of the organization.
Identify the vulnerability in the web application exploited by the attacker.

• A. Security misconfiguration
• B. Sensitive data exposure
• C. Broken access control
• D. SQL injection

正解：C

解説：
The vulnerability exploited by Clark through tampering with form and parameter values to gain unauthorized access to information assets is indicative of Broken Access Control. Broken Access Control vulnerabilities occur when a web application does not properly enforce restrictions on what authenticated users are allowed to do. Attackers can exploit these vulnerabilities to access unauthorized functionality or data, such as accessing other users' accounts, viewing sensitive files, and modifying other users' data.

質問 # 93
Which of the following is NOT one of the techniques used to respond to insider threats:

• A. Preventing malicious users from accessing unclassified information
• B. Placing malicious users in quarantine network, so that attack cannot be spread
• C. Disabling the computer systems from network connection
• D. Blocking malicious user accounts

正解：A

質問 # 94
......

212-89試験問題集で100%高得点させる212-89試験解答がこちら：https://www.goshiken.com/EC-COUNCIL/212-89-mondaishu.html

検証済みの212-89試験問題成功確定させます：https://drive.google.com/open?id=1p4uAumt2xDxilwrAsPZEr4MHK-ES_iWf