• ホーム
  • ブログ
  • EC-COUNCIL 212-89試験問題(更新されたのは2024年)100%リアル問題解答 [Q84-Q105]

EC-COUNCIL 212-89試験問題(更新されたのは2024年)100%リアル問題解答 [Q84-Q105]

Share

EC-COUNCIL 212-89試験問題(更新されたのは2024年)100%リアル問題解答

合格させるEC-COUNCIL 212-89試験最速合格

質問 # 84
The individual who recovers, analyzes, and preserves computer and related materials to be presented as evidence in a court of law and identifies the evidence, estimates the potential impact of the malicious activity on the victim, and assesses the intent and identity of the perpetrator is called:

  • A. Digital Forensic Examiner
  • B. Computer Forensic Investigator
  • C. Computer Hacking Forensic Investigator
  • D. All the above

正解:D


質問 # 85
Racheal is an incident handler working at an organization called Inception Tech. Recently, numerous employees have been complaining about receiving emails from unknown senders. In order to prevent employees from spoof ng emails and keeping security in mind, Racheal was asked to take appropriate actions in this matter. As a part of her assignment, she needs to analyze the email headers to check the authenticity of received emails.
Which of the following protocol/authentication standards she must check in email header to analyze the email authenticity?

  • A. SNMP
  • B. DKIM
  • C. ARP
  • D. POP

正解:B


質問 # 86
In a qualitative risk analysis, risk is calculated in terms of:

  • A. (Attack Success + Criticality ) -(Countermeasures)
  • B. (Countermeasures + Magnitude of Impact) - (Reports from prior risk assessments)
  • C. Asset criticality assessment - (Risks and Associated Risk Levels)
  • D. Probability of Loss X Loss

正解:D


質問 # 87
Which of the following methods help incident responders to reduce the false-positive alert rates and further provide benefits of focusing on topmost priority issues reducing potential risk and corporate liabilities?

  • A. Threat profiling
  • B. Threat correlation
  • C. Threat contextualization
  • D. Threat attribution

正解:A


質問 # 88
Total cost of disruption of an incident is the sum of

  • A. Tangible cost only
  • B. Tangible and Intangible costs
  • C. Intangible cost only
  • D. Level Two and Level Three incidents cost

正解:B


質問 # 89
Khai was tasked with examining the logs from a Linux email server. The server uses Sendmail to execute the command to send emailsand Syslog to maintain logs. To validate the data within email headers, which of the following directories should Khai check for information such as source and destination IP addresses, dates, and timestamps?

  • A. /Var/log/mailog
  • B. /va r/log/sendmail/mailog
  • C. /ar/log/sendmail
  • D. /va r/log/mai11og

正解:A

解説:
In a Linux environment, email servers such as Sendmail log events, including details about sent and received emails, in a specific log file. The correct directory and file for examining email logs, particularly for Sendmail and using Syslog for logging, is /Var/log/maillog. Thisfile contains vital information for forensic and incident response purposes, including source and destination IP addresses, email addresses, timestamps, and other data relevant to the email traffic handled by the server. By analyzing this log, incident responders can gather evidence related to email-based incidents, trace the source of malicious emails, and understand the scope of an incident. It's crucial for individuals like Khai, who are tasked with examining logs, to know the correct log file locations and their contents to effectively validate and analyze email header information and other relevant data.
References:Incident Handler (ECIH v3) study materials often cover the logging mechanisms of common services and applications on Linux systems, including email servers like Sendmail, and the importance of log files like /var/log/maillog in incident investigation and response activities.


質問 # 90
Clark is investigating a cybercrime at TechSoft Solutions. While investigating the case, he needs to collect volatile information such as running services, their process IDs, startmode, state, and status.
Which of the following commands will help Clark to collect such information from running services?

  • A. wmic
  • B. netstat -ab
  • C. net file
  • D. Openfiles

正解:B


質問 # 91
Computer Forensics is the branch of forensic science in which legal evidence is found in any computer or any
digital media device. Of the following, who is responsible for examining the evidence acquired and separating
the useful evidence?

  • A. Evidence Documenter
  • B. Evidence Examiner/ Investigator
  • C. Evidence Supervisor
  • D. Evidence Manager

正解:B


質問 # 92
An attacker uncovered websites a target individual was frequently Suring. The attacker then tested those particular websites to identify possible vulnerabilities. After detecting vulnerabilities within a website, the attacker started injecting malicious script/code into the web application that would redirect the webpage and download the malware on to the victim's machine. After infecting the vulnerable web application, the attacker waited for the victim to access the infected web application. Identify the type of attack performed by the attacker.

  • A. Obfuscation application
  • B. Directory traversal
  • C. Watering hole
  • D. Cookie/Session poisoning

正解:D


質問 # 93
Which of the following best describes an email issued as an attack medium, in which several messages are sent to a mailbox to cause overflow?

  • A. Smurf attack
  • B. Spoofing
  • C. Masquerading
  • D. Email-bombing

正解:D


質問 # 94
Insider threats can be detected by observing concerning behaviors exhibited by insiders, such as conflicts with
supervisors and coworkers, decline in performance, tardiness or unexplained absenteeism. Select the
technique that helps in detecting insider threats:

  • A. Correlating known patterns of suspicious and malicious behavior
  • B. Protecting computer systems by implementing proper controls
  • C. Categorizing information according to its sensitivity and access rights
  • D. Making is compulsory for employees to sign a none disclosure agreement

正解:A

解説:
Explanation


質問 # 95
Which of the following are malicious software programs that infect computers and corruptor delete the data on them?

  • A. Virus
  • B. Trojans
  • C. Worms
  • D. Spyware

正解:A


質問 # 96
Computer forensics is methodical series of techniques and procedures for gathering evidence from computing
equipment, various storage devices and or digital media that can be presented in a course of law in a coherent
and meaningful format. Which one of the following is an appropriate flow of steps in the computer forensics
process:

  • A. Preparation > Analysis > Collection > Examination > Reporting
  • B. Examination> Analysis > Preparation > Collection > Reporting
  • C. Analysis > Preparation > Collection > Reporting > Examination
  • D. Preparation > Collection > Examination > Analysis > Reporting

正解:D


質問 # 97
If a hacker cannot find any other way to attack an organization, they can influence an employee or a disgruntled staff member. What type of threat is this?

  • A. Identity theft
  • B. Footprinting
  • C. Phishing attack
  • D. Insider attack

正解:D


質問 # 98
Attackers or insiders create a backdoor into a trusted network by installing an unsecured access point inside a firewall. They then use any software or hardware access point to perform an attack.
Which of the following is this type of attack?

  • A. Email infection
  • B. Password-based attack
  • C. Malware attack
  • D. Rogue access point attack

正解:D


質問 # 99
In the Control Analysis stage of the NIST's risk assessment methodology, technical and none technical control methods are classified into two categories. What are these two control categories?

  • A. Detective and Disguised controls
  • B. Preventive and Detective controls
  • C. Preventive and predictive controls
  • D. Predictive and Detective controls

正解:B


質問 # 100
He must present this evidence in a clear and comprehensible manner to the members of jury so that the evidence explains the facts clearly and further helps in obtaining an expert opinion on the same to confirm the investigation process.
In the above scenario, what is the characteristic of the digital evidence Stanley tried to preserve?

  • A. Admissible
  • B. Believable
  • C. Complete
  • D. Authentic

正解:B


質問 # 101
Zaimasoft, a prominent IT organization, was attacked by perpetrators who directly targeted the hardware and caused irreversible damage to the hardware. In result, replacing or reinstalling the hardware was the only solution.
Identify the type of denial-of-service attack performed on Zaimasoft.

  • A. ddos
  • B. DRDoS
  • C. PDoS
  • D. DoS

正解:C


質問 # 102
Which of the following port scanning techniques involves resetting the TCP connection between client and server abruptly before completion of the three-way handshake signals, making the connection half-open?

  • A. Stealth scan
  • B. Xmas scan
  • C. Full connects can
  • D. Null scan

正解:B


質問 # 103
An attacker after performing an attack decided to wipe evidence using artifact wiping techniques to evade forensic investigation. He applied a magnetic field to the digital media device, resulting in a device entirely cleaned of any previously stored data.
Identify the artifact wiping technique used by the attacker.

  • A. Disk cleaning utilities
  • B. File wiping utilities
  • C. Disk degaussing/destruction
  • D. Syscall proxying

正解:C


質問 # 104
Digital evidence must:

  • A. Not prove the attackers actions
  • B. Be Volatile
  • C. Be Authentic, complete and reliable
  • D. Cast doubt on the authenticity and veracity of the evidence

正解:C


質問 # 105
......

リアルEC-COUNCIL 212-89試験問題 [更新されたのは2024年]:https://www.goshiken.com/EC-COUNCIL/212-89-mondaishu.html

準備212-89問題解答で212-89試験問題集:https://drive.google.com/open?id=1-l73EpBKZj6L6ThpJqphKerW9qzuGL-h

関するブログ

もっと
212-89無料問題集