EC-Council 212-89 Q&A 2021

Act now and download your EC-Council 212-89 test today! Do not waste time for the worthless EC-Council 212-89 tutorials. Download Leading EC-Council EC Council Certified Incident Handler (ECIH v2) exam with real questions and answers and begin to learn EC-Council 212-89 with a classic professional.

Check 212-89 free dumps before getting the full version:

NEW QUESTION 1
A malware code that infects computer files, corrupts or deletes the data in them and requires a host file to propagate is called:

  • A. Trojan
  • B. Worm
  • C. Virus
  • D. RootKit

Answer: C

NEW QUESTION 2
Which policy recommends controls for securing and tracking organizational resources:

  • A. Access control policy
  • B. Administrative security policy
  • C. Acceptable use policy
  • D. Asset control policy

Answer: D

NEW QUESTION 3
If the loss anticipated is greater than the agreed upon threshold; the organization will:

  • A. Accept the risk
  • B. Mitigate the risk
  • C. Accept the risk but after management approval
  • D. Do nothing

Answer: B

NEW QUESTION 4
Business Continuity provides a planning methodology that allows continuity in business operations:

  • A. Before and after a disaster
  • B. Before a disaster
  • C. Before, during and after a disaster
  • D. During and after a disaster

Answer: C

NEW QUESTION 5
Incident handling and response steps help you to detect, identify, respond and manage an incident. Which of the following steps focus on limiting the scope and extent of an incident?

  • A. Eradication
  • B. Containment
  • C. Identification
  • D. Data collection

Answer: B

NEW QUESTION 6
Overall Likelihood rating of a Threat to Exploit a Vulnerability is driven by :

  • A. Threat-source motivation and capability
  • B. Nature of the vulnerability
  • C. Existence and effectiveness of the current controls
  • D. All the above

Answer: D

NEW QUESTION 7
Absorbing minor risks while preparing to respond to major ones is called:

  • A. Risk Mitigation
  • B. Risk Transfer
  • C. Risk Assumption
  • D. Risk Avoidance

Answer: C

NEW QUESTION 8
The IDS and IPS system logs indicating an unusual deviation from typical network traffic flows; this is called:

  • A. A Precursor
  • B. An Indication
  • C. A Proactive
  • D. A Reactive

Answer: B

NEW QUESTION 9
Common name(s) for CSIRT is(are)

  • A. Incident Handling Team (IHT)
  • B. Incident Response Team (IRT)
  • C. Security Incident Response Team (SIRT)
  • D. All the above

Answer: D

NEW QUESTION 10
Risk management consists of three processes, risk assessment, mitigation and evaluation. Risk assessment determines the extent of the potential threat and the risk associated with an IT system through its SDLC. How many primary steps does NIST’s risk assessment methodology involve?

  • A. Twelve
  • B. Four
  • C. Six
  • D. Nine

Answer: D

NEW QUESTION 11
An assault on system security that is derived from an intelligent threat is called:

  • A. Threat Agent
  • B. Vulnerability
  • C. Attack
  • D. Risk

Answer: C

NEW QUESTION 12
The product of intellect that has commercial value and includes copyrights and trademarks is called:

  • A. Intellectual property
  • B. Trade secrets
  • C. Logos
  • D. Patents

Answer: A

NEW QUESTION 13
To respond to DDoS attacks; one of the following strategies can be used:

  • A. Using additional capacity to absorb attack
  • B. Identifying none critical services and stopping them
  • C. Shut down some services until the attack has subsided
  • D. All the above

Answer: D

NEW QUESTION 14
The data on the affected system must be backed up so that it can be retrieved if it is damaged during incident response. The system backup can also be used for further investigations of the incident. Identify the stage of the incident response and handling process in which complete backup of the infected system is carried out?

  • A. Containment
  • B. Eradication
  • C. Incident recording
  • D. Incident investigation

Answer: A

NEW QUESTION 15
Which of the following is a risk assessment tool:

  • A. Nessus
  • B. Wireshark
  • C. CRAMM
  • D. Nmap

Answer: C

NEW QUESTION 16
The ability of an agency to continue to function even after a disastrous event, accomplished through the deployment of redundant hardware and software, the use of fault tolerant systems, as well as a solid backup and recovery strategy is known as:

  • A. Business Continuity Plan
  • B. Business Continuity
  • C. Disaster Planning
  • D. Contingency Planning

Answer: B

NEW QUESTION 17
ADAM, an employee from a multinational company, uses his company’s accounts to send e-mails to a third party with their spoofed mail address. How can you categorize this type of account?

  • A. Inappropriate usage incident
  • B. Unauthorized access incident
  • C. Network intrusion incident
  • D. Denial of Service incident

Answer: A

NEW QUESTION 18
Removing or eliminating the root cause of the incident is called:

  • A. Incident Eradication
  • B. Incident Protection
  • C. Incident Containment
  • D. Incident Classification

Answer: A

NEW QUESTION 19
Which of the following service(s) is provided by the CSIRT:

  • A. Vulnerability handling
  • B. Technology watch
  • C. Development of security tools
  • D. All the above

Answer: D

NEW QUESTION 20
A self-replicating malicious code that does not alter files but resides in active memory and duplicates itself, spreads through the infected network automatically and takes advantage of file or information transport features on the system to travel independently is called:

  • A. Trojan
  • B. Worm
  • C. Virus
  • D. RootKit

Answer: B

NEW QUESTION 21
The largest number of cyber-attacks are conducted by:

  • A. Insiders
  • B. Outsiders
  • C. Business partners
  • D. Suppliers

Answer: B

NEW QUESTION 22
......

P.S. Easily pass 212-89 Exam with 163 Q&As Certleader Dumps & pdf Version, Welcome to Download the Newest Certleader 212-89 Dumps: https://www.certleader.com/212-89-dumps.html (163 New Questions)