212-89 Exam - EC Council Certified Incident Handler (ECIH v2)

NEW QUESTION 1
Quantitative risk is the numerical determination of the probability of an adverse event and the extent of the losses due to the event. Quantitative risk is calculated as:

• A. (Probability of Loss) X (Loss)
• B. (Loss) / (Probability of Loss)
• C. (Probability of Loss) / (Loss)
• D. Significant Risks X Probability of Loss X Loss

Answer: A

NEW QUESTION 2
Which of the following is NOT a digital forensic analysis tool:

• A. Access Data FTK
• B. EAR/ Pilar
• C. Guidance Software EnCase Forensic
• D. Helix

Answer: B

NEW QUESTION 3
A Host is infected by worms that propagates through a vulnerable service; the sign(s) of the presence of the worm include:

• A. Decrease in network usage
• B. Established connection attempts targeted at the vulnerable services
• C. System becomes instable or crashes
• D. All the above

Answer: C

NEW QUESTION 4
The policy that defines which set of events needs to be logged in order to capture and review the important data in a timely manner is known as:

• A. Audit trail policy
• B. Logging policy
• C. Documentation policy
• D. Evidence Collection policyAn information security policy must be:
• E. Distributed and communicated
• F. Enforceable and Regularly updated
• G. Written in simple language
• H. All the above

Answer: D

NEW QUESTION 5
Incident prioritization must be based on:

• A. Potential impact
• B. Current damage
• C. Criticality of affected systems
• D. All the above

Answer: D

NEW QUESTION 6
Insiders may be:

• A. Ignorant employees
• B. Carless administrators
• C. Disgruntled staff members
• D. All the above

Answer: D

NEW QUESTION 7
Total cost of disruption of an incident is the sum of

• A. Tangible and Intangible costs
• B. Tangible cost only
• C. Intangible cost only
• D. Level Two and Level Three incidents cost

Answer: A

NEW QUESTION 8
The USB tool (depicted below) that is connected to male USB Keyboard cable and not detected by antispyware tools is most likely called:

• A. Software Key Grabber
• B. Hardware Keylogger
• C. USB adapter
• D. Anti-Keylogger

Answer: B

NEW QUESTION 9
Based on the some statistics; what is the typical number one top incident?

• A. Phishing
• B. Policy violation
• C. Un-authorized access
• D. Malware

Answer: A

NEW QUESTION 10
Which of the following incidents are reported under CAT -5 federal agency category?

• A. Exercise/ Network Defense Testing
• B. Malicious code
• C. Scans/ probes/ Attempted Access
• D. Denial of Service DoS

Answer: C

NEW QUESTION 11
In the Control Analysis stage of the NIST’s risk assessment methodology, technical and none technical control methods are classified into two categories. What are these two control categories?

• A. Preventive and Detective controls
• B. Detective and Disguised controls
• C. Predictive and Detective controls
• D. Preventive and predictive controls

Answer: A

NEW QUESTION 12
An incident recovery plan is a statement of actions that should be taken before, during or after an incident. Identify which of the following is NOT an objective of the incident recovery plan?

• A. Creating new business processes to maintain profitability after incident
• B. Providing a standard for testing the recovery plan
• C. Avoiding the legal liabilities arising due to incident
• D. Providing assurance that systems are reliable

Answer: A

NEW QUESTION 13
Incidents such as DDoS that should be handled immediately may be considered as:

• A. Level One incident
• B. Level Two incident
• C. Level Three incident
• D. Level Four incident

Answer: C

NEW QUESTION 14
What is correct about Quantitative Risk Analysis:

• A. It is Subjective but faster than Qualitative Risk Analysis
• B. Easily automated
• C. Better than Qualitative Risk Analysis
• D. Uses levels and descriptive expressions

Answer: B

NEW QUESTION 15
Computer forensics is methodical series of techniques and procedures for gathering evidence from computing equipment, various storage devices and or digital media that can be presented in a course of law in a coherent and meaningful format. Which one of the following is an appropriate flow of steps in the computer forensics process:

• A. Examination> Analysis > Preparation > Collection > Reporting
• B. Preparation > Analysis > Collection > Examination > Reporting
• C. Analysis > Preparation > Collection > Reporting > Examination
• D. Preparation > Collection > Examination > Analysis > Reporting

Answer: D

NEW QUESTION 16
Keyloggers do NOT:

• A. Run in the background
• B. Alter system files
• C. Secretly records URLs visited in browser, keystrokes, chat conversations, ...etc
• D. Send log file to attacker’s email or upload it to an ftp server

Answer: B

NEW QUESTION 17
When an employee is terminated from his or her job, what should be the next immediate step taken by an organization?

• A. All access rights of the employee to physical locations, networks, systems, applications and data should be disabled
• B. The organization should enforce separation of duties
• C. The access requests granted to an employee should be documented and vetted by the supervisor
• D. The organization should monitor the activities of the system administrators and privileged users who have permissions to access the sensitive information

Answer: A

NEW QUESTION 18
Performing Vulnerability Assessment is an example of a:

• A. Incident Response
• B. Incident Handling
• C. Pre-Incident Preparation
• D. Post Incident Management

Answer: C

NEW QUESTION 19
A Malicious code attack using emails is considered as:

• A. Malware based attack
• B. Email attack
• C. Inappropriate usage incident
• D. Multiple component attack

Answer: D

NEW QUESTION 20
A software application in which advertising banners are displayed while the program is running that delivers ads to display pop-up windows or bars that appears on a computer screen or browser is called:

• A. adware (spelled all lower case)
• B. Trojan
• C. RootKit
• D. Virus
• E. Worm

Answer: A

NEW QUESTION 21
......