2024年最新のに更新されたのは212-89テストエンジンとPDFで完全版無料問題集保証!
最新のECIH Certification 212-89実際の無料試験問題
質問 # 110
What command does a Digital Forensic Examiner use to display the list of all open ports and the associated IP addresses on a victim computer to identify the established connections on it:
- A. "arp" command
- B. "netstat -an" command
- C. "ifconfig" command
- D. "dd" command
正解:B
質問 # 111
Darwin is an attacker within an organization and is performing network sniffing by running his system in promiscuous mode. He is capturing and viewing all the network packets transmitted within the organization. Edwin is an incident handler in the same organization.
In the above situation, which of the following Nmap commands Edwin must use to detect Darwin's system that is running in promiscuous mode?
- A. nmap --script=sniffer-detect [Target IP Address/Range of IP addresses]
- B. nmap -sV -T4 -O -F -version-light
- C. nmap --script host map
- D. nmap -sU -p 500
正解:A
質問 # 112
Which of the following port scanning techniques involves resetting the TCP connection between client and server abruptly before completion of the three-way handshake signals, making the connection half-open?
- A. Stealth scan
- B. Full connects can
- C. Xmas scan
- D. Null scan
正解:C
質問 # 113
The main feature offered by PGP Desktop Email is:
- A. End-to-end secure email service
- B. End-to-end email communications
- C. None of the above
- D. Email service during incidents
正解:A
質問 # 114
Incident management team provides support to all users in the organization that are affected by the threat or attack. The organization's internal auditor is part of the incident response team. Identify one of the responsibilities of the internal auditor as part of the incident response team:
- A. Identify and report security loopholes to the management for necessary actions
- B. Configure information security controls
- C. Perform necessary action to block the network traffic from suspected intruder
- D. Coordinate incident containment activities with the information security officer
正解:A
質問 # 115
A Host is infected by worms that propagates through a vulnerable service; the sign(s) of the presence of the
worm include:
- A. All the above
- B. Established connection attempts targeted at the vulnerable services
- C. Decrease in network usage
- D. System becomes instable or crashes
正解:D
質問 # 116
Rinni is an incident handler and she is performing memory dump analysis.
Which of following tools she can use in order to perform a memory dump analysis?
- A. OllyDbg and IDA Pro
- B. iNetSim
- C. Proc mon and Process Explorer
- D. Scylla and Olly DumpEx
正解:A
質問 # 117
Agencies do NOT report an information security incident is because of:
- A. All the above
- B. Do not want to pay the additional cost of reporting an incident
- C. Have full knowledge about how to handle the attack internally
- D. Afraid of negative publicity
正解:D
質問 # 118
In which of the following phases of the incident handling and response (IH&R) process is the identified security incidents analyzed, validated, categorized, and prioritized?
- A. Incident triage
- B. Incident recording and assignment
- C. Notification
- D. Containment
正解:A
質問 # 119
A computer forensic investigator must perform a proper investigation to protect digital evidence. During the investigation, an investigator needs to process large amounts of data using a combination of automated and manual methods. Identify the computer forensic process involved:
- A. Preparation
- B. Collection
- C. Analysis
- D. Examination
正解:D
質問 # 120
What is correct about Quantitative Risk Analysis:
- A. Easily automated
- B. It is Subjective but faster than Qualitative Risk Analysis
- C. Uses levels and descriptive expressions
- D. Better than Qualitative Risk Analysis
正解:A
質問 # 121
An insider threat response plan help san organization minimize the damage caused by malicious insiders.
One of the approaches to mitigate these threats is setting up controls from the human resources department.
Which of the following guidelines can the human resources department use?
- A. Implement a person-to-person rule to secure the backup process and physical media.
- B. Disable the default administrative account to ensure accountability.
- C. Access granted to users should be documented and vetted by a supervisor.
- D. Monitor and secure the organization's physical environment.
正解:C
質問 # 122
Adam is an incident handler who intends to use DBCCLOG command to analyze a database and retrieve the active transaction logfiles for the specified database. The syntax of DBCC LG command is DBCC LOG (<database name>, <output>), where the output parameter specifies the level of information an incident handler wants to retrieve.
If Adam wants to retrieve the full information on each operation along with the hex dump of a current transaction row, which of the following output parameters should Adam use?
- A. 0
- B. 1
- C. 2
- D. 3
正解:B
質問 # 123
Sam, an employee of a multinational company, sends emails to third-party organizations with a spoofed email address of his organization.
How can you categorize this type of incident?
- A. Inappropriate usage incident
- B. Unauthorized access incident
- C. Network intrusion incident
- D. Denial-of-service incident
正解:A
質問 # 124
The following steps describe the key activities in forensic readiness planning:
1. Train the staff to handle the incident and preserve the evidence
2. Create a special process for documenting the procedure
3. Identify the potential evidence required for an incident
4. Determine the source of the evidence
5. Establish a legal advisory board to guide the investigation process
6. Identify if the incident requires full or formal investigation
7. Establish a policy for securely handing and storing the collected evidence
8. Define a policy that determines the pathway to legally extract electronic evidence with minimal disruption
Identify the correct sequence of steps involved in forensic readiness planning.
- A. 2-->3-->1->4->6->5-->7-->8
- B. 3-->1-->4->5->8->2-->6-->7
- C. 3-->4-->8->7->6->1-->2-->5
- D. 1-->2-->3->4->5->6-->7-->8
正解:C
質問 # 125
The open source TCP/IP network intrusion prevention and detection system (IDS/IPS), uses a rule-driven
language, performs real-time traffic analysis and packet logging is known as:
- A. Nessus
- B. SAINT
- C. Wireshark
- D. Snort
正解:D
解説:
Explanation
質問 # 126
Farheen is an incident responder at reputed IT Firm based in Florida. Farheen was asked to investigate a recent cybercrime faced by the organization. As part of this process, she collected static data from a victim system. She used dd, a command line tool, to perform forensic duplication to obtain an NTFS image of the original disk. She created a sector-by-sector mirror imaging of the disk and saved the output image file as image.dd. Identify the static data collection process step performed by Farheen while collecting static data.
- A. Administrative consideration
- B. System preservation
- C. Physical presentation
- D. Comparison
正解:B
質問 # 127
An organization implemented an encoding technique to eradicate SQL injection attacks. In this technique, if a user submits a request using single-quote and some values, the encoding technique will convert it into numeric digits and letters ranging from "a" to "f". This prevents the user request from performing a SQL injection attempt on the web application.
Identify the encoding technique used by the organization.
- A. Hex encoding
- B. Unicode encoding
- C. Base 64 encoding
- D. URL encoding
正解:A
質問 # 128
......
EC-Council認定インシデントハンドラー(ECIH V2)認定試験は、インシデント処理と対応における個人のスキルと知識を検証するグローバルに認められた認定です。認定試験は、インシデントの取り扱いと対応でキャリアを促進したいセキュリティの専門家と、組織の重要な資産の保護を担当するIT専門家に最適です。認定試験は包括的であり、インシデント処理と対応のすべての側面をカバーし、複数の言語でオンラインで入手できます。
EC-カウンシル212-89(ECカウンシル認定インシデントハンドラー(ECIH V2))認定試験は、雇用主と業界の専門家によって世界中で認められている非常に尊敬される認定です。組織でのインシデント処理と対応を担当する個人向けに設計されており、インシデント処理に関連する幅広いトピックをカバーしています。この認定は、候補者のインシデント処理と対応における知識とスキルを示しており、それらをあらゆる組織にとって貴重な資産としています。
212-89問題集には更新された練習テストと205独特な問題:https://www.goshiken.com/EC-COUNCIL/212-89-mondaishu.html
最新の100%試験合格率爆上がり 212-89問題集PDF:https://drive.google.com/open?id=1uHMwcDoBkv8XjkWmVSTkxzHqcyhhiXVh