Avant-garde 212-89 Questions 2021

It is impossible to pass EC-Council 212-89 exam without any help in the short term. Come to Certleader soon and find the most advanced, correct and guaranteed EC-Council 212-89 practice questions. You will get a surprising result by our Update EC Council Certified Incident Handler (ECIH v2) practice guides.

Online EC-Council 212-89 free dumps demo Below:

NEW QUESTION 1
In which of the steps of NIST’s risk assessment methodology are the boundary of the IT system, along with the resources and the information that constitute the system identified?

  • A. Likelihood Determination
  • B. Control recommendation
  • C. System characterization
  • D. Control analysis

Answer: C

NEW QUESTION 2
Policies are designed to protect the organizational resources on the network by establishing the set rules and procedures. Which of the following policies authorizes a group of users to perform a set of actions on a set of resources?

  • A. Access control policy
  • B. Audit trail policy
  • C. Logging policy
  • D. Documentation policy

Answer: A

NEW QUESTION 3
According to the Fourth Amendment of USA PATRIOT Act of 2001; if a search does NOT violate a person’s “reasonable” or “legitimate” expectation of privacy then it is considered:

  • A. Constitutional/ Legitimate
  • B. Illegal/ illegitimate
  • C. Unethical
  • D. None of the above

Answer: A

NEW QUESTION 4
Incident response team must adhere to the following:

  • A. Stay calm and document everything
  • B. Assess the situation
  • C. Notify appropriate personnel
  • D. All the above

Answer: D

NEW QUESTION 5
A risk mitigation strategy determines the circumstances under which an action has to be taken to minimize and overcome risks. Identify the risk mitigation strategy that focuses on minimizing the probability of risk and losses by searching for vulnerabilities in the system and appropriate controls:

  • A. Risk Assumption
  • B. Research and acknowledgment
  • C. Risk limitation
  • D. Risk absorption

Answer: B

NEW QUESTION 6
Overall Likelihood rating of a Threat to Exploit a Vulnerability is driven by :

  • A. Threat-source motivation and capability
  • B. Nature of the vulnerability
  • C. Existence and effectiveness of the current controls
  • D. All the above

Answer: D

NEW QUESTION 7
If the loss anticipated is greater than the agreed upon threshold; the organization will:

  • A. Accept the risk
  • B. Mitigate the risk
  • C. Accept the risk but after management approval
  • D. Do nothing

Answer: B

NEW QUESTION 8
The very well-known free open source port, OS and service scanner and network discovery utility is called:

  • A. Wireshark
  • B. Nmap (Network Mapper)
  • C. Snort
  • D. SAINT

Answer: B

NEW QUESTION 9
The state of incident response preparedness that enables an organization to maximize its potential to use digital evidence while minimizing the cost of an investigation is called:

  • A. Computer Forensics
  • B. Digital Forensic Analysis
  • C. Forensic Readiness
  • D. Digital Forensic Policy

Answer: C

NEW QUESTION 10
An organization faced an information security incident where a disgruntled employee passed sensitive access control information to a competitor. The organization’s incident response manager, upon investigation, found that the incident must be handled within a few hours on the same day to maintain business continuity and market competitiveness. How would you categorize such information security incident?

  • A. High level incident
  • B. Middle level incident
  • C. Ultra-High level incident
  • D. Low level incident

Answer: A

NEW QUESTION 11
Performing Vulnerability Assessment is an example of a:

  • A. Incident Response
  • B. Incident Handling
  • C. Pre-Incident Preparation
  • D. Post Incident Management

Answer: C

NEW QUESTION 12
What is correct about Quantitative Risk Analysis:

  • A. It is Subjective but faster than Qualitative Risk Analysis
  • B. Easily automated
  • C. Better than Qualitative Risk Analysis
  • D. Uses levels and descriptive expressions

Answer: B

NEW QUESTION 13
An assault on system security that is derived from an intelligent threat is called:

  • A. Threat Agent
  • B. Vulnerability
  • C. Attack
  • D. Risk

Answer: C

NEW QUESTION 14
A US Federal agency network was the target of a DoS attack that prevented and impaired the normal authorized functionality of the networks. According to agency’s reporting timeframe guidelines, this incident
should be reported within two (2) HOURS of discovery/detection if the successful attack is still ongoing and the agency is unable to successfully mitigate the activity. Which incident category of the US Federal Agency does this incident belong to?

  • A. CAT 5
  • B. CAT 1
  • C. CAT 2
  • D. CAT 6

Answer: C

NEW QUESTION 15
The sign(s) of the presence of malicious code on a host infected by a virus which is delivered via e-mail could be:

  • A. Antivirus software detects the infected files
  • B. Increase in the number of e-mails sent and received
  • C. System files become inaccessible
  • D. All the above

Answer: D

NEW QUESTION 16
Adam calculated the total cost of a control to protect 10,000 $ worth of data as 20,000 $. What do you advise Adam to do?

  • A. Apply the control
  • B. Not to apply the control
  • C. Use qualitative risk assessment
  • D. Use semi-qualitative risk assessment instead

Answer: B

NEW QUESTION 17
A methodical series of techniques and procedures for gathering evidence, from computing equipment and various storage devices and digital media, that can be presented in a court of law in a coherent and meaningful format is called:

  • A. Forensic Analysis
  • B. Computer Forensics
  • C. Forensic Readiness
  • D. Steganalysis

Answer: B

NEW QUESTION 18
Total cost of disruption of an incident is the sum of

  • A. Tangible and Intangible costs
  • B. Tangible cost only
  • C. Intangible cost only
  • D. Level Two and Level Three incidents cost

Answer: A

NEW QUESTION 19
Which of the following is NOT one of the Computer Forensic types:

  • A. USB Forensics
  • B. Email Forensics
  • C. Forensic Archaeology
  • D. Image Forensics

Answer: C

NEW QUESTION 20
According to US-CERT; if an agency is unable to successfully mitigate a DOS attack it must be reported within:

  • A. One (1) hour of discovery/detection if the successful attack is still ongoing
  • B. Two (2) hours of discovery/detection if the successful attack is still ongoing
  • C. Three (3) hours of discovery/detection if the successful attack is still ongoing
  • D. Four (4) hours of discovery/detection if the successful attack is still ongoing

Answer: B

NEW QUESTION 21
The individual who recovers, analyzes, and preserves computer and related materials to be presented as evidence in a court of law and identifies the evidence, estimates the potential impact of the malicious activity on the victim, and assesses the intent and identity of the perpetrator is called:

  • A. Digital Forensic Examiner
  • B. Computer Forensic Investigator
  • C. Computer Hacking Forensic Investigator
  • D. All the above

Answer: D

NEW QUESTION 22
Incidents such as DDoS that should be handled immediately may be considered as:

  • A. Level One incident
  • B. Level Two incident
  • C. Level Three incident
  • D. Level Four incident

Answer: C

NEW QUESTION 23
......

P.S. Easily pass 212-89 Exam with 163 Q&As Passcertsure Dumps & pdf Version, Welcome to Download the Newest Passcertsure 212-89 Dumps: https://www.passcertsure.com/212-89-test/ (163 New Questions)