• ホーム
  • ブログ
  • EC-COUNCIL 212-89豪華セット学習ガイドにはオンライン試験エンジン [Q15-Q34]

EC-COUNCIL 212-89豪華セット学習ガイドにはオンライン試験エンジン [Q15-Q34]

Share

EC-COUNCIL 212-89豪華セット学習ガイドにはオンライン試験エンジン

212-89問題集レビュー専門クイズ学習材料


EC-COUNCIL 212-89試験は、インシデント対応プロセス、リスク管理、コンピュータフォレンジック、ネットワークセキュリティの基礎など、幅広いトピックをカバーしています。この試験は、候補者がセキュリティインシデントを迅速かつ効果的に特定、対応、解決する能力をテストすることを目的としています。認定は3年間有効であり、その期間後は、インシデント対応および対応の最新の動向や技術に合わせて認定を更新する必要があります。

 

質問 # 15
Which of the following is an attack that occurs when a malicious program causes a user's browser to perform man unwanted action on a trusted site for which the user is currently authenticated?

  • A. SQL injection
  • B. Insecure direct object references
  • C. Cross-site scripting
  • D. Cross-site request forgery

正解:D


質問 # 16
Which of the following is the BEST method to prevent email incidents?

  • A. Installing antivirus rule updates
  • B. End-user training
  • C. Web proxy filtering
  • D. Disabling HTML in email content fields

正解:B


質問 # 17
They type of attack that prevents the authorized users to access networks, systems, or applications by
exhausting the network resources and sending illegal requests to an application is known as:

  • A. SQL injection attack
  • B. Session Hijacking attack
  • C. Denial of Service attack
  • D. Man in the Middle attack

正解:C


質問 # 18
Your company holds a large amount of customer PH. and you want to protect those data from theft or unauthorized modification. Among other actions, you classify and encrypt the data. In this process, which of the following OWASP security risks are you guarding against?

  • A. Broken authentication
  • B. Insecure deserialization
  • C. Sensitive data exposure
  • D. Security misconfiguration

正解:C

解説:
By classifying and encrypting customer Personally Identifiable Information (PHI), you are specifically guarding against the risk of Sensitive Data Exposure. This OWASP security risk involves the accidental or unlawful exposure of protected data to unauthorized individuals. Encryption serves as a critical defense mechanism by ensuring that, even if data is accessed without authorization, it remains unintelligible and useless to the attacker without the decryption keys. Data classification further supports this by identifying which data is sensitive and requires such protections, ensuring that appropriate security controls are applied to prevent exposure.References:OWASP Top 10, a widely respected document that outlines the most critical web application security risks, identifies Sensitive Data Exposure as a key risk area. Incident Handler (ECIH v3) courses and study guides often refer to the OWASP Top 10 to explain common web security risks and appropriate countermeasures, including the importance of encrypting sensitive data.


質問 # 19
Which of the following is not a best practice to eliminate the possibility of insider attacks?

  • A. Implement secure backup and disaster recovery processes for business continuity
  • B. Monitor employee behaviors and the computer systems used by employees
  • C. Always leave business details over voicemail or email broadcast message
  • D. Disable the users from installing unauthorized software or accessing malicious websites using the corporate network

正解:C


質問 # 20
Robert is an incident handler working for X security Inc. One day, his organization faced a massive cyberattack and all of the websites related to the organization went offline. Robert was on duty during the incident and he was responsible for handling the incident and maintaining business continuity. He immediately restored the web application service with the help of the existing backups.
According to the scenario, which of the following stages of incident handling and response (IH&R) process did Robert perform?

  • A. Eradication
  • B. Evidence gathering and forensics analysis
  • C. Not if cation
  • D. Recovery

正解:D


質問 # 21
In the Control Analysis stage of the NIST's risk assessment methodology, technical and none technical control methods are classified into two categories. What are these two control categories?

  • A. Detective and Disguised controls
  • B. Preventive and predictive controls
  • C. Preventive and Detective controls
  • D. Predictive and Detective controls

正解:C


質問 # 22
The message that is received and requires an urgent action and it prompts the recipient to delete certain files or forward it to others is called:

  • A. A Virus Hoax
  • B. Spear Phishing
  • C. An Adware
  • D. Mail bomb

正解:A


質問 # 23
Stenley is an incident handler working for Texa Corp. located in the United States. With the growing concern of increasing emails from outside the organization, Stenley was asked to take appropriate actions to keep the security of the organization intact. In the process of detecting and containing malicious emails, Stenley was asked to check the validity of the emails received by employees.
Identify the tools he can use to accomplish the given task.

  • A. EventLog Analyzer
  • B. Email Dossier
  • C. PointofMail
  • D. PoliteMail

正解:B


質問 # 24
Who is mainly responsible for providing proper network services and handling network-related incidents in all the cloud service models?

  • A. Cloud auditor
  • B. Cloud brokers
  • C. Cloud consumer
  • D. Cloud service provide

正解:D


質問 # 25
Investigator lan gives you a drive image to investigate.
What type of analysis are you performing?

  • A. Real-time
  • B. Live
  • C. Static
  • D. Dynamic

正解:C


質問 # 26
Ikeo Corp, hired an incident response team to assess the enterprise security. As part of the incident handling and response process, the IR team is reviewing the current security policies implemented by the enterprise.
The IR team finds that employees of the organization do not have any restrictions on Internet access: they are allowed to visit any site, download any application, and access a computer or network from a remote location.
Considering this as the main security threat, the IR team plans to change this policy as it can be easily exploited by attackers. Which of the following security policies is the IR team planning to modify?

  • A. Permissive policy
  • B. Prudent policy
  • C. Promiscuous policy
  • D. Paranoic policy

正解:A

解説:
A permissive security policy is one that allows employees broad freedoms in terms of internet access, application downloads, and remote access capabilities. In the scenario described, the incident response team identifies that the lack of restrictions is a significant security threat that could be exploited by attackers, indicating that the current policy is permissive. Modifying this policy would involve implementing more stringent controls on what sites can be visited, what applications can be downloaded, and how remote access is granted, moving towards a more controlled and secure environment. This approach contrasts with paranoic, prudent, and promiscuous policies, each of which has its own characteristics and applications in cybersecurity frameworks.References:The ECIH v3 certification materials often discuss security policies within the context of organizational security posture, emphasizing how varying degrees of restrictiveness impact security and risk.


質問 # 27
Employee monitoring tools are mostly used by employers to find which of the following?

  • A. Stolen credentials
  • B. Lost registry keys
  • C. Conspiracies
  • D. Malicious insider threats

正解:D

解説:
Employee monitoring tools are primarily used by employers to detect and prevent malicious insider threats.
These tools can track activities such as data access, data exfiltration attempts, unauthorized actions, and other behaviors that could indicate malicious intent or pose a risk to the organization's security. While such tools may also incidentally uncover issues like lost registry keys, conspiracies, or stolen credentials, their main purpose is to safeguard against insiders who might misuse their access to harm the organization, steal data, sabotage systems, or engage in espionage.References:ECIH v3 study materials cover various security measures and tools that organizations can use to protect against insider threats, emphasizing the role ofmonitoring in detecting and responding to malicious activities by insiders.


質問 # 28
An incident is analyzed for its nature, intensity and its effects on the network and systems. Which stage of the
incident response and handling process involves auditing the system and network log files?

  • A. Incident recording
  • B. Containment
  • C. Identification
  • D. Reporting

正解:C


質問 # 29
Which of the following is not called volatile data?

  • A. Open sockets er open ports
  • B. State of the network interface
  • C. Creation dates of files
  • D. The dale a no Lime of the system

正解:C

解説:
Volatile data refers to information that is stored temporarily and is lost when a computer is turned off or restarted, such as RAM contents, including open sockets and open ports, the date and time of the system, and the state of the network interface. The creation dates of files, however, are considered non-volatile data because they are preserved on the hard drive and remain available after the system is restarted or turned off.
Non-volatile data is stored on persistent storage mediums like hard drives, SSDs, and magnetic tapes, where it remains until it is deleted or overwritten.References:The Incident Handler (ECIH v3) certification emphasizes the distinction between volatile and non-volatile data in the context of digital forensics and incident response, highlighting the importance of understanding what data may be lost upon system shutdown and what data persists.


質問 # 30
XYZ Inc. was affected by a malware attack and James, being the incident handling and response (IH&R) team personnel handling the incident, found out that the root cause of the incident is a backdoor that has bypassed the security perimeter due to an existing vulnerability in the deployed firewall. James had contained the spread of the infection and removed the malware completely. Now the organization asked him to perform incident impact assessment to identify the impact of the incident over the organization and he was also asked to prepare a detailed report of the incident.
Which of the following stages in IH&R process is James working on?

  • A. Eradication
  • B. Evidence gathering and forensics analysis
  • C. Post-incident activities
  • D. Notification

正解:C

解説:
James is working on the post-incident activities stage of the Incident Handling and Response (IH&R) process.
After containing the spread of the infection and removing the malware, the focus shifts to assessing the impact of the incident on the organization and preparing a detailed report. This phase involves analyzing the extent of the damage, determining the cost of the attack, evaluating how well the incident was managed, and identifying lessons learned to improve future response efforts. The objective is to restore systems to normal operation, ensure no remnants of the threat remain, and implement measures to prevent recurrence.References:Incident Handler (ECIH v3) courses and study guides outline the IH&R process, emphasizing the importance of post-incident activities for organizational recovery and improvement of future security measures.


質問 # 31
James is working as an incident responder at Cyber Sol Inc. The management instructed James to invest gate a cybersecurity incident that recently happened in the company. As a part of the investigation process, James started collecting volatile information from a system running on Windows operating system.
Which of the following commands helps James in determining all the executable files for running processes?

  • A. dos key/history
  • B. top
  • C. date/t&time/t
  • D. netstat-ab

正解:D


質問 # 32
Attackers or insiders create a backdoor into a trusted network by installing an unsecured access point inside a firewall. They then use any software or hardware access point to perform an attack. Which of the following is this type of attack?

  • A. Password-based attack
  • B. Rogue- access point attack
  • C. Malware attack
  • D. Email infection

正解:B


質問 # 33
Which of the following has been used to evade IDS and IPS?

  • A. TNP
  • B. SNMP
  • C. Fragmentation
  • D. HTTP

正解:C

解説:
Fragmentation is a technique used by attackers to evade detection by Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS). By breaking down packets into smaller fragments, attackers can make it more difficult for these security systems to detect malicious payloads or signature-based patterns associated with known attacks. This method exploits the fact that some IDS/IPS solutions may not properly reassemble packet fragments for analysis, thereby allowing malicious fragments to pass through undetected.
References:In its coverage of network security mechanisms and evasion techniques, the ECIH v3 certification details how attackers exploit vulnerabilities in the implementation of IDS and IPS systems, including the use of packet fragmentation.


質問 # 34
......


ECIH V2認定試験は、100の質問で構成される複数選択試験です。試験期間は4時間で、候補者は試験に合格するために少なくとも70%を獲得する必要があります。この試験はコンピューターベースであり、世界中の認定テストセンターで管理されています。

 

試験問題解答ブレーン問題集で212-89試験問題集PDF問題:https://www.goshiken.com/EC-COUNCIL/212-89-mondaishu.html

212-89テスト準備トレーニング練習試験問題練習テスト:https://drive.google.com/open?id=14Rp9ZBywjr43rp8s3TPcXFG05yRPgc47

関するブログ

もっと
212-89無料問題集