• Home
  • Articles
  • [Q57-Q81] ExamDumpsVCE 212-89 Real Exam Question Answers Updated [Mar 22, 2023]

[Q57-Q81] ExamDumpsVCE 212-89 Real Exam Question Answers Updated [Mar 22, 2023]

Share

ExamDumpsVCE 212-89 Real Exam Question Answers Updated [Mar 22, 2023]

Easily To Pass New EC-COUNCIL 212-89 Dumps with 205 Questions

NEW QUESTION 57
Jason is setting up a computer forensics lab and must perform the following steps:
1. physical location and structural design considerations;
2. planning and budgeting;
3. work area considerations;
4. physical security recommendations;
5. forensic lab licensing;
6. human resource considerations.
Arrange these steps in the order of execution.

  • A. 3->2->1->4->6->5
  • B. 2->1->3->6->4->5
  • C. 5->2->1->3->4->6
  • D. 2->3->1->4->6->5

Answer: B

 

NEW QUESTION 58
The typical correct sequence of activities used by CSIRT when handling a case is:

  • A. Log, inform, maintain contacts, release information, follow up and reporting
  • B. Log, inform, release information, maintain contacts, follow up and reporting
  • C. Log, maintain contacts, inform, release information, follow up and reporting
  • D. Log, maintain contacts, release information, inform, follow up and reporting

Answer: A

 

NEW QUESTION 59
The largest number of cyber-attacks are conducted by:

  • A. Outsiders
  • B. Business partners
  • C. Suppliers
  • D. Insiders

Answer: A

 

NEW QUESTION 60
The ability of an agency to continue to function even after a disastrous event, accomplished through the
deployment of redundant hardware and software, the use of fault tolerant systems, as well as a solid backup
and recovery strategy is known as:

  • A. Business Continuity
  • B. Business Continuity Plan
  • C. Contingency Planning
  • D. Disaster Planning

Answer: A

 

NEW QUESTION 61
Which of the following methods help incident responders to reduce the false positive alert rates and further provide ben efts of focusing on top priority issues, thereby reducing potential risk and corporate liabilities?

  • A. Threat contextualization
  • B. Threat attribution
  • C. Threat co relation
  • D. Threat profiling

Answer: C

 

NEW QUESTION 62
Based on the some statistics; what is the typical number one top incident?

  • A. Phishing
  • B. Malware
  • C. Policy violation
  • D. Un-authorized access

Answer: A

 

NEW QUESTION 63
Elizabeth, who works for OBC organization as an incident responder, is assessing the risks to the organizational security. As part of the assessment process, she is calculating the probability of a threat source exploiting an existing system vulnerability.
Which of the following risk assessment steps is Elizabeth currently in?

  • A. Impact analysis
  • B. Likelihood analysis
  • C. Vulnerability identification
  • D. System characterization

Answer: C

 

NEW QUESTION 64
Which policy recommends controls for securing and tracking organizational resources:

  • A. Access control policy
  • B. Asset control policy
  • C. Acceptable use policy
  • D. Administrative security policy

Answer: B

Explanation:
Explanation/Reference:

 

NEW QUESTION 65
Which of the following forensic investigation phases should occur first?

  • A. Create two-bitstream copies of the evidence.
  • B. Preform the first responder procedure.
  • C. Collect preliminary evidence.
  • D. Transport the evidence to the forensic laboratory.

Answer: B

 

NEW QUESTION 66
Which of the following is NOT a digital forensic analysis tool:

  • A. EAR/ Pilar
  • B. Guidance Software EnCase Forensic
  • C. Access Data FTK
  • D. Helix

Answer: A

 

NEW QUESTION 67
Which of the following is NOT one of the techniques used to respond to insider threats:

  • A. Placing malicious users in quarantine network, so that attack cannot be spread
  • B. Preventing malicious users from accessing unclassified information
  • C. Blocking malicious user accounts
  • D. Disabling the computer systems from network connection

Answer: B

 

NEW QUESTION 68
Clark, a professional hacker, successfully exploited the web application of a target organization by tampering with form and parameter values. Consequently, Clark gained access to the information assets of the organization.
Which of the following is the web-application vulnerability exploited by the attacker?

  • A. Broken access control
  • B. Security misconfiguration
  • C. SQL injection
  • D. Sensitive data exposure

Answer: C

 

NEW QUESTION 69
The process of rebuilding and restoring the computer systems affected by an incident to normal operational
stage including all the processes, policies and tools is known as:

  • A. Incident Response
  • B. Incident Management
  • C. Incident Recovery
  • D. Incident Handling

Answer: C

Explanation:
Explanation/Reference:

 

NEW QUESTION 70
The very well-known free open source port, OS and service scanner and network discovery utility is called:

  • A. SAINT
  • B. Nmap (Network Mapper)
  • C. Wireshark
  • D. Snort

Answer: B

 

NEW QUESTION 71
Patrick is performing a cyber forensic investigation. He is in the process of collect ng physical evidence at the crime scene.
Which of the following elements must he consider while collecting physical evidence?

  • A. Open ports, services, and operating system (OS) vulnerabilities
  • B. Published nameservers and web-application source code
  • C. Removable media, cables, and publications
  • D. DNS information including domains and subdomains

Answer: C

 

NEW QUESTION 72
identify the network security incident where intended or authorized users are prevented from using system, network, or applications by flooding the network with a high volume of traffic that consumes all existing network resources.

  • A. URL manipulation
  • B. XSS attack
  • C. Denial-of-service
  • D. SQL injection

Answer: C

 

NEW QUESTION 73
Malicious downloads that result from malicious office documents being manipulated are caused by which of the following?

  • A. Registry key manipulation
  • B. Impersonation
  • C. Macro abuse
  • D. Click jacking

Answer: C

 

NEW QUESTION 74
Rose is an incident-handler and is responsible for detecting and eliminating any kind of scanning attempts over the network by malicious threat actors. Rose uses Wire shark to sniff the network and detect any malicious activities going on.
Which of the following Wireshark filters can be used by her to detect TCP Xmas scan attempt by the attacker?

  • A. tcp.dstport== 7
  • B. tcp.flags.reset== 1
  • C. tcp.flags==0X 029
  • D. tcp.flags==0X 000

Answer: C

 

NEW QUESTION 75
Quantitative risk is the numerical determination of the probability of an adverse event and the extent of the
losses due to the event. Quantitative risk is calculated as:

  • A. (Loss) / (Probability of Loss)
  • B. (Probability of Loss) X (Loss)
  • C. (Probability of Loss) / (Loss)
  • D. Significant Risks X Probability of Loss X Loss

Answer: B

 

NEW QUESTION 76
Organizations or incident response teams need to protect the evidence for any future legal actions that may be taken against perpetrators that intentionally attacked the computer system. EVIDENCE PROTECTION is also required to meet legal compliance issues. Which of the following documents helps in protecting evidence from physical or logical damage:

  • A. Forensic analysis report
  • B. Chain-of-Precedence
  • C. Chain-of-Custody
  • D. Network and host log records

Answer: C

 

NEW QUESTION 77
Which of the following GPG 18 and Forensic readiness planning (SPF) principles states that "organizations should adopt a scenario based Forensic Readiness Planning approach that learns from experience gained within the business"?

  • A. Principle 3
  • B. Principle 5
  • C. Principle 2
  • D. Principle 7

Answer: B

 

NEW QUESTION 78
Identify the malicious program that is masked as a genuine harmless program and gives the attacker unrestricted access to the user's information and system. These programs may unleash dangerous programs that may erase the unsuspecting user's disk and send the victim's credit card numbers and passwords to a stranger.

  • A. Virus
  • B. Worm
  • C. Trojan
  • D. Cookie tracker

Answer: C

 

NEW QUESTION 79
Raven is a part of an IH&R team and was info med by her manager to handle and lead the removal of the root cause for an incident and to close all attack vectors to prevent similar incidents in the future. Raven notifies the service providers and developers of affected resources.
Which of the following steps of the incident handling and response process does Raven need to implement to remove the root cause of the incident?

  • A. Containment
  • B. Evidence gathering and forensic analysis
  • C. Eradication
  • D. Incident triage

Answer: C

 

NEW QUESTION 80
Jacobi san employee at a firm called Dolphin Investment. While he was on duty, he identified that his computer was facing some problems, and he wanted to convey the issue to the c once med authority in his organization. However, this organization currently does not have a ticketing system to address such types of issues.
In the above scenario, which of the following ticketing systems can be employed by Dolphin Investment to allow Jacob to inform the c once med team about the incident?

  • A. IBM X Force Exchange
  • B. Threat Connect
  • C. MISP
  • D. ManageEngine ServiceDesk Plus

Answer: D

 

NEW QUESTION 81
......

Latest 212-89 Study Guides 2023 - With Test Engine PDF: https://lead2pass.examdumpsvce.com/212-89-valid-exam-dumps.html

Related Articles

more
EC-COUNCIL 212-89 Certification Practice Exam

ExamDumpsVCE not only provides professional valid VCE files but also golden customer service. 99.54% passing rate will help most users pass exams easily if users pay highly attention on our stable dumps VCE and reliable exam dumps.

Latest Exams

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 ExamDumpsVCE NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy