• ホーム
  • ブログ
  • [Q18-Q42] 究極のガイド準備問題212-89には正確なPDF解答[2025年03月14日]

[Q18-Q42] 究極のガイド準備問題212-89には正確なPDF解答[2025年03月14日]

Share

究極のガイド準備問題212-89には正確なPDF解答[2025年03月14日]

合格できるEC-COUNCILの試験問題集

質問 # 18
Joseph is an incident handling and response (IH&R) team lead in Toro Network Solutions Company. As a part of IH&R process, Joseph alerted the service providers, developers, and manufacturers about the affected resources.
Identify the stage of IH&R process Joseph is currently in.

  • A. Containment
  • B. Eradication
  • C. Recovery
  • D. Incident triage

正解:A


質問 # 19
Multiple component incidents consist of a combination of two or more attacks in a system. Which of the
following is not a multiple component incident?

  • A. An attacker redirecting user to a malicious website and infects his system with Trojan
  • B. An attacker using email with malicious code to infect internal workstation
  • C. An attacker infecting a machine to launch a DDoS attack
  • D. An insider intentionally deleting files from a workstation

正解:D


質問 # 20
Which of the following does NOT reduce the success rate of SQL injection?

  • A. Constrain legitimate characters to exclude special characters.
  • B. Close unnecessary application services and ports on the server.
  • C. Automatically lock a user account at era predefined number of invalid login attempts within a predefined interval
  • D. Limit the length of the input field.

正解:B


質問 # 21
Which of the following is an attack that occurs when a malicious program causes a user's browser to perform man unwanted action on a trusted site for which the user is currently authenticated?

  • A. Cross-site request forgery
  • B. Cross-site scripting
  • C. SQL injection
  • D. Insecure direct object references

正解:A


質問 # 22
Which test is conducted to determine the incident recovery procedures effectiveness?

  • A. Live walk-throughs of procedures
  • B. Scenario testing
  • C. Department-level test
  • D. Facility-level test

正解:A


質問 # 23
The ability of an agency to continue to function even after a disastrous event, accomplished through the deployment of redundant hardware and software, the use of fault tolerant systems, as well as a solid backup and recovery strategy is known as:

  • A. Contingency Planning
  • B. Business Continuity Plan
  • C. Disaster Planning
  • D. Business Continuity

正解:D


質問 # 24
QualTech Solutions is a leading security services enterprise. Dickson, who works as an incident responder with this firm, is performing a vulnerability assessment to identify the security problems in the network by using automated tools for identifying the hosts, services, and vulnerabilities in the enterprise network. In the above scenario, which of the following types of vulnerability assessment is Dickson performing?

  • A. Active assessment
  • B. Passive assessment
  • C. External assessment
  • D. Internal assessment

正解:A

解説:
In the scenario described, Dickson is performing an active assessment. This type of vulnerability assessment involves using automated tools to actively scan and probe the network for identifying hosts, services, and vulnerabilities. Unlike passive assessments, which rely on monitoring network traffic without direct interaction with the targets, active assessments engage directly with the network infrastructure to discover vulnerabilities, misconfigurations, and other security issues by sending data to systems and analyzing the responses. This approach provides a more immediate and detailed view of the security posture but can also generate detectable traffic that might be noticed by defensive systems or affect the performance of live systems.
References:The ECIH v3 curriculum by EC-Council includes discussions on various methods of conducting vulnerability assessments, highlighting the differences between active and passive techniques, as well as the contexts in which each is most appropriately used.


質問 # 25
Organizations or incident response teams need to protect the evidence for any future legal actions that may be taken against perpetrators that intentionally attacked the computer system. EVIDENCE PROTECTION is also required to meet legal compliance issues. Which of the following documents helps in protecting evidence from physical or logical damage:

  • A. Network and host log records
  • B. Chain-of-Custody
  • C. Chain-of-Precedence
  • D. Forensic analysis report

正解:B


質問 # 26
A self-replicating virus does not alter files but resides inactive memory and duplicates itself. It takes advantage of file or information transport features on the system to travel independently.
What is this type of object called?

  • A. Spyware
  • B. Trojan
  • C. Worm
  • D. Adware

正解:C


質問 # 27
Alexis works as an incident responder at XYZ organization. She was asked to identify and attributethe actors behind an attack that occurred recently. For this purpose, she is performing a type of threat attribution that deals with the identification of a specific person, society, or country sponsoring a well-planned and executed intrusion or attack on its target. Which of the following types of threat attributions is Alexis performing?

  • A. Campaign attribution
  • B. Intrusion set attribution
  • C. True attribution
  • D. Nation-state attribution

正解:D

解説:
Nation-state attribution involves identifying a specific country or government as the sponsor behind a cyber-attack or intrusion. This type of threat attribution is focused on determining the involvement of state actors in cyber operations against specific targets, which often involves sophisticated, well-planned, and executed cyber campaigns. Alexis's efforts to identify and attribute the actors behind the attack to a specific nation-state fall under this category, as she seeks to uncover the geopolitical motives and the extent of state sponsorship behind the incident. Nation-state attribution requires analyzing a variety of indicators, including technical evidence, tactics, techniques, and procedures (TTPs), and contextual intelligence. This is distinct from campaign attribution, which focuses on linking attacks to a specific campaign or operation, true attribution, which aims at identifying the actual individuals behind an attack, and intrusion set attribution, which involves attributing a set of malicious activities to a particular threat actor or group.References:The Incident Handler (ECIH v3) certification program includes discussions on various types of threat attributions, highlighting the challenges and methodologies involved in attributing cyber-attacks to specific actors, including nation-states.


質問 # 28
Which of the following details are included in the evidence bags?

  • A. Software version information and web application source code
  • B. Date and time of seizure, exhibit number, anc name of incident responder
  • C. Sensitive cirectories, personal, and organizational email adcress
  • D. Error messages that contain sensitive information and files containing passworos

正解:A

解説:
In the practice of digital forensics and incident handling, evidence bags play a crucial role in preserving the integrity and chain of custody of physical and digital evidence. The information typically included in the documentation on evidence bags encompasses the date and time of seizure, which provides a timestamp for when the evidence was collected; the exhibit number, which is a unique identifier assigned to each piece of evidence for tracking and reference purposes; and the name of the incident responder or individual who collected the evidence, ensuring accountability and traceability. This documentation is essential for maintaining the chain of custody, a critical element in legal proceedings, as it helps establish the evidence's authenticity and integrity by detailing its handling from collection to presentation in court. Options A, B, and C describe types of digital evidence but are not directly related to the content typically documented on evidence bags.References:Incident Handler (ECIH v3) courses and study guides emphasize the importance of accurately documenting evidence bags as part of the evidence collection and preservation process in incident handling and digital forensics.


質問 # 29
Rinni is an incident handler and she is performing memory dump analysis.
Which of following tools she can use in order to perform memory dump analysis?

  • A. Procmon and ProcessExplorer
  • B. Scylla and OllyDumpEx
  • C. OllyDbg and IDA Pro
  • D. iNetSim

正解:C


質問 # 30
Contingency planning enables organizations to develop and maintain effective methods to handle emergencies. Every organization will have its own specific requirements that the planning should address. There are five major components of the IT contingency plan, namely supporting information, notification activation, recovery and reconstitution and plan appendices. What is the main purpose of the reconstitution plan?

  • A. To restore the original site, tests systems to prevent the incident and terminates operations
  • B. To provide the introduction and detailed concept of the contingency plan
  • C. To provide a sequence of recovery activities with the help of recovery procedures
  • D. To define the notification procedures, damage assessments and offers the plan activation

正解:A


質問 # 31
Quantitative risk is the numerical determination of the probability of an adverse event and the extent of the
losses due to the event. Quantitative risk is calculated as:

  • A. (Loss) / (Probability of Loss)
  • B. Significant Risks X Probability of Loss X Loss
  • C. (Probability of Loss) / (Loss)
  • D. (Probability of Loss) X (Loss)

正解:D


質問 # 32
Risk management consists of three processes, risk assessment, mitigation and evaluation. Risk assessment determines the extent of the potential threat and the risk associated with an IT system through its SDLC. How many primary steps does NIST's risk assessment methodology involve?

  • A. Nine
  • B. Four
  • C. Six
  • D. Twelve

正解:A


質問 # 33
An adversary attacks the information resources to gain undue advantage is called:

  • A. Offensive Information Warfare
  • B. Electronic Warfare
  • C. Defensive Information Warfare
  • D. Conventional Warfare

正解:A

解説:
Explanation/Reference:


質問 # 34
BadGuy Bob hid files in the slack space, changed the file headers, hid suspicious files in executables, and changed the metadata for all types of files on his hacker laptop. What has he committed?

  • A. Legal hostility
  • B. Anti-forensics
  • C. Adversarial mechanics
  • D. Felony

正解:B


質問 # 35
According to NITS, what are the 5 main actors in cloud computing?

  • A. Provider, carrier, auditor, broker, and seller
  • B. None of these
  • C. Consumer, provider, carrier, auditor, ano broker
  • D. Buyer, consumer, carrier, auditor, and broker

正解:D


質問 # 36
A malicious, security-breaking program is disguised as a useful program. Such executable programs, which are installed when a file is opened, allow others to control a user's system. What is this type of program called?

  • A. Spyware
  • B. Virus
  • C. Worm
  • D. Trojan

正解:D


質問 # 37
Matt is an incident handler working for one of the largest social network companies, which was affected by malware. According to the company's reporting timeframe guidelines, a malware incident should be reported within 1 h of discovery/detection after its spread across the company.
Which category does this incident belong to?

  • A. CAT 4
  • B. CAT 2
  • C. CAT 1
  • D. CAT 3

正解:D


質問 # 38
A computer Risk Policy is a set of ideas to be implemented to overcome the risk associated with computer security incidents. Identify the procedure that is NOT part of the computer risk policy?

  • A. Procedure for the ongoing training of employees authorized to access the system
  • B. Provisions for continuing support if there is an interruption in the system or if the system crashes
  • C. Procedure to identify security funds to hedge risk
  • D. Procedure to monitor the efficiency of security controls

正解:A


質問 # 39
Qual Tech Solutions is a leading security services enterprise. Dickson, who works as an incident responder with this firm, is performing a vulnerability assessment to identify the security problems in the network by using automated tools for identifying the hosts, services, and vulnerabilities in the enterprise network.
In the above scenario, which of the following types of vulnerability assessment is Dickson performing?

  • A. Active assessment
  • B. Passive assessment
  • C. External assessment
  • D. Internal assessment

正解:A


質問 # 40
Computer Forensics is the branch of forensic science in which legal evidence is found in any computer or any digital media device. Of the following, who is responsible for examining the evidence acquired and separating the useful evidence?

  • A. Evidence Documenter
  • B. Evidence Manager
  • C. Evidence Supervisor
  • D. Evidence Examiner/ Investigator

正解:D


質問 # 41
Adam is an attacker who along with his team launched multiple attacks on target organization for financial benefits. Worried about getting caught, he decided to forge his identity. To do so, he created a new identity by obtaining information from different victims.
Identify the type of identity theft Adam has performed.

  • A. Social identity theft
  • B. Synthetic identity theft
  • C. Tax identity theft
  • D. Medical identity theft

正解:B

解説:
Synthetic identity theft is a type of fraud where the perpetrator combines real (often stolen) and fake information to create a new identity. This can include combining a real social security number with a fictitious name, or other variations that result in an identity that is not entirely real but has elements that can pass through verification processes. In the scenario described, Adam is creating a new identity using information from different victims,which is characteristic of synthetic identity theft. This type of fraud is particularly challenging to detect and counter because it does not directly impersonate a single real individual but creates a plausible new identity that can be used to open accounts, obtain credit, and conduct transactions that can be financially beneficial to the attacker.
References:The concept and techniques of synthetic identity theft are covered in detail in the Incident Handler (ECIH v3) curriculum, where the focus is on identifying, understanding, and mitigating various forms of identity theft, including synthetic identity theft, as part of incident response activities.


質問 # 42
......

最新212-89試験問題集で有効で最新の問題集:https://www.goshiken.com/EC-COUNCIL/212-89-mondaishu.html

完全版で最新の212-89問題集で100%カバー率問題と解答があなたをリアル試験で合格させる:https://drive.google.com/open?id=1rYAHRK1tnyLAOJmz2SQL8yQ7Q-0b6W5k

関するブログ

もっと
212-89無料問題集