EC-COUNCIL 212-89 Online Practice Questions and Exam Preparation

EC-COUNCIL 212-89 Online Questions & Answers

• Question 111:

  Which of the following are malicious software programs that infect computers and corrupt or delete the data on them?

  A. Worms
  B. Trojans
  C. Spyware
  D. Virus
  D. Virus

  ---

  Viruses are a type of malicious software program designed to infect legitimate software programs. Once a virus is executed, it can corrupt or delete data on a computer, replicate itself, and spread to other files and systems. Unlike worms, which can spread across networks on their own, viruses usually require some form of user interaction, such as opening an infected email attachment or downloading and executing a malicious file, to propagate. Trojans and spyware, while also malicious software, serve different malicious purposes, such as creating backdoors for attackers (Trojans) or spying on users' activities (Spyware).

  References: The Incident Handler (ECIH v3) certification materials categorize various forms of malware and explain their behaviors, impacts, and propagation methods. Viruses are specifically highlighted for their ability to attach to legitimate programs and files, causing damage or data loss upon execution.

• Question 112:

  Bonney's system has been compromised by a gruesome malware.

  What is the primary step that is advisable to Bonney in order to contain the malware incident from spreading?

  A. Turn off the infected machine
  B. Leave it to the network administrators to handle
  C. Complaint to police in a formal way regarding the incident
  D. Call the legal department in the organization and inform about the incident
  A. Turn off the infected machine

  ---

  Turning off the infected machine is a common immediate response to contain a malware incident and prevent it from spreading to other systems on the network. This action halts any ongoing malicious activities by the malware, thereby limiting the potential for further damage or data exfiltration. However, it is essential to note that this step can lead to the loss of volatile data that might be useful for forensic analysis. Therefore, it is advisable only when it's critical to stop the malware immediately, and there's a strategy in place for forensic investigation that includes handling non-volatile data or when the preservation of volatile data is not possible.

  References: The Incident Handler (ECIH v3) curriculum by EC-Council outlines various strategies for containing malware incidents, discussing the implications and considerations of actions such as turning off infected machines.

• Question 113:

  Which of the following terms refers to the personnel that the incident handling and response (IHandR) team must contact to report the incident and obtain the necessary permissions?

  A. Civil litigation
  B. Point of contact
  C. Criminal referral
  D. Ticketing
  B. Point of contact

  ---

  In the context of incident handling and response (IHandR), the term "Point of contact" refers to individuals or departments within an organization that are designated to be contacted by the IHandR team in case of an incident. These personnel are crucial for the reporting process and for obtaining the necessary permissions to proceed with incident response activities. They serve as the liaison between the incident response team and other parts of the organization, external agencies, or partners involved in the incident response process. The point of contact is responsible for facilitating communication, coordinating actions, and ensuring that the appropriate stakeholders are engaged in the response to an incident. This role is pivotal in ensuring a swift and effective response to security incidents, minimizing damage, and restoring operations.

  References: Incident Handler (ECIH v3) courses and study guides typically emphasize the importance of clearly defined roles and responsibilities within the incident response process, including the designation of points of contact.

• Question 114:

  An insider threat response plan helps an organization minimize the damage caused by malicious insiders. One of the approaches to mitigate these threats is setting up controls from the human resources department. Which of the following guidelines can the human resources department use?

  A. Access granted to users should be documented and vetted by a supervisor.
  B. Disable the default administrative account to ensure accountability.
  C. Implement a person-to-person rule to secure the backup process and physical media.
  D. Monitor and secure the organization's physical environment.
  A. Access granted to users should be documented and vetted by a supervisor.

  ---

  One of the key approaches to mitigating insider threats is ensuring that access control policies are strictly implemented and monitored. This includes the guideline that access granted to users should be thoroughly documented and vetted by a supervisor. This control helps ensure that users have only the access necessary to perform their job functions, reducing the risk of inappropriate access or misuse of information. Proper documentation and supervisor approval also ensure accountability and traceability of access decisions, which is crucial for detecting and responding to insider threats. The human resources department plays a vital role in this process, working closely with IT and security teams to enforce access control policies, conduct regular reviews of access rights, and manage the onboarding and offboarding process to ensure that access rights are appropriately updated.

  References: The Incident Handler (ECIH v3) materials often emphasize the importance of comprehensive access control measures and the role of human resources in preventing insider threats by managing the lifecycle of employee access to organizational resources.

• Question 115:

  Chandler is a professional hacker who is targeting Technote organization. He wants to obtain important organizational information that is being transmitted between different hierarchies. In the process, he is sniffing the data packets transmitted through the network and then analyzing them to gather packet details such as network, ports, protocols, devices, issues in network transmission, and other network specifications. Which of the following tools Chandler must employ to perform packet analysis?

  A. BeEf
  B. IDAPro
  C. Omnipeek
  D. shARP
  C. Omnipeek

  ---

  Omnipeek is a network analyzer tool that allows for the capture and analysis of data packets transmitted across a network. It is designed to provide deep insights into network traffic, enabling users to examine various aspects of the data packets, including network protocols, ports, devices, and potential issues in network transmission. This tool would be ideal for Chandler, who is targeting the Technote organization with the intent of intercepting and analyzing network traffic to obtain sensitive organizational information. Omnipeek's capabilities in packet analysis make it suitable for such activities, offering detailed visibility into the network's operation and data flows.

  References: The ECIH v3 certification program includes discussions on network monitoring and analysis tools, including packet sniffers like Omnipeek, and their role in both cybersecurity defense and offensive activities like hacking.

• Question 116:

  Based on the some statistics; what is the typical number one top incident?

  A. Phishing
  B. Policy violation
  C. Un-authorized access
  D. Malware
  A. Phishing

  ---

  Explanation

• Question 117:

  Which of the following processes is referred to as an approach to respond to the security incidents that occurred in an organization and enables the response team by ensuring that they know exactly what process to follow in case of security incidents?

  A. Risk assessment
  B. Incident response orchestration
  C. Vulnerability management
  D. Threat assessment
  B. Incident response orchestration

  ---

  Incident response orchestration refers to the process and technologies used to coordinate and streamline the response to security incidents. This approach ensures that incident response teams have clear procedures and workflows to follow, enabling them to act swiftly and effectively when dealing with security incidents. By orchestrating the response, organizations can minimize the impact of incidents, ensure consistent and thorough investigation and remediation activities, and improve their overall security posture. Incident response orchestration involves integrating various security tools, automating response actions where possible, and providing a centralized platform for managing incidents.

  References: The concept of incident response orchestration and its role in enhancing the effectiveness of incident handling and response efforts is discussed in cybersecurity literature and training, including ECIH v3 study materials, which highlight the benefits of having a structured and organized approach to managing security incidents.

• Question 118:

  In which of the following types of insider threats an insider who is uneducated on potential security threats or simply bypasses general security procedures to meet workplace efficiency?

  A. Compromised insider
  B. Negligent insider
  C. Professional insider
  D. Malicious insider
  B. Negligent insider

  ---

  A negligent insider is an individual within an organization who, due to a lack of knowledge on security threats or in an attempt to increase workplace efficiency, inadvertently bypasses security procedures or makes errors that compromise security. This type of insider threat is not malicious in intent; rather, it stems from carelessness, oversight, or a lack of proper security training. Such insiders might click on phishing links, mishandle sensitive information, or use unsecured networks for work-related tasks, thereby exposing the organization to potential security breaches. This contrasts with compromised insiders (who are manipulated by external parties), professional insiders (who misuse their access for personal gain), and malicious insiders (who intentionally aim to harm the organization).

  References: The Incident Handler (ECIH v3) courses and study guides discuss different types of insider threats, emphasizing the importance of security awareness training to mitigate the risks associated with negligent insiders.

• Question 119:

  Michael is a part of the computer incident response team of a company. One of his responsibilities is to handle email incidents. The company receives an email from an unknown source, and one of the steps that he needs to take is to check the validity of the email. Which of the following tools should he use?

  A. Zendio
  B. Email Dossier
  C. Yesware
  D. G Suite Toolbox
  B. Email Dossier

  ---

  Email Dossier is a tool designed to assist in the investigation of email incidents by analyzing and validating email headers and providing detailed information about the origin, routing, and authenticity of an email. When Michael is tasked with handling an email incident and needs to check the validity of an email received from an unknown source, Email Dossier can be utilized to trace the email's path, assess its credibility, and identify potential red flags associated with phishing or other malicious email-based attacks.

  References: The ECIH v3 curriculum emphasizes the importance of tools and techniques for email incident handling, including the use of Email Dossier for investigating suspicious emails and aiding in the response to email-based threats.

• Question 120:

  Which of the following tools helps incident responders effectively contain a potential cloud security incident and gather required forensic evidence?

  A. Alert Logic
  B. CloudPassage Quarantine
  C. Qualys Cloud Platform
  D. Cloud Passage Halo
  D. Cloud Passage Halo

  ---

  Cloud Passage Halo is a security platform designed to provide comprehensive visibility and protection for cloud environments, making it an effective tool for incident responders dealing with potential cloud security incidents. It offers capabilities for detecting, responding to, and containing threats across public, private, and hybrid cloud environments. With features like automated security policies, compliance monitoring, and threat detection, Cloud Passage Halo enables incident responders to quickly contain incidents and gather the required forensic evidence to investigate the scope and impact of a breach or security issue. Tools like Alert Logic and Qualys Cloud Platform also provide security and compliance solutions for cloud environments, but Cloud Passage Halo is specifically recognized for its robust incident response and containment capabilities.

  References: The Incident Handler (ECIH v3) certification materials and courses discuss various tools and technologies that support cloud security incident response, including the role of platforms like Cloud Passage Halo in effective incident management.