EC Council Certified Incident Handler (ECIH) 212-89 Dumps

1. Free EC-council 212-89 Practice Exam Q&As EC Council Certified Incident Handler (ECIH v2) EC Council Certified Incident Handler (ECIH v2) https://www.passcert.com/212-89.html

2. Free EC-council 212-89 Practice Exam From Passcert for Your Best Preparation 1. Patrick is doing a cyber forensic investigation. He is in the process of collecting physical evidence at the crime scene. Which of the following elements he must consider while collecting physical evidence? A. Published nameservers and web application source code B. DNS information including domain and subdomains C. Removable media, cable, and publications D. Open ports, services, and operating system (OS) vulnerabilities Answer: C

3. Free EC-council 212-89 Practice Exam From Passcert for Your Best Preparation 2. Eric works as a system administrator at ABC organization and previously granted several users with access privileges to the organizations systems with unlimited permissions. These privileged users could prospectively misuse their rights unintentionally, maliciously, or could be deceived by attackers that could trick them to perform malicious activities. Which of the following guidelines would help incident handlers eradicate insider at tacks by privileged users? A. Do not allow administrators to use unique accounts during the installation process B. Do not use encryption methods to prevent administrators and privileged users from accessing backup tapes and sensitive information C. Do not control the access to administrators and privileged users D. Do not enable default administrative accounts to ensure accountability Answer: D

4. Free EC-council 212-89 Practice Exam From Passcert for Your Best Preparation 3. Which of the following email security tools can be used by an incident handler to prevent the organization against evolving email threats? A. Mx Toolbox B. G Suite Toolbox C. Email Header Analyzer D. Gpg4win Answer: D

5. Free EC-council 212-89 Practice Exam From Passcert for Your Best Preparation 4. Racheal is an incident handler working at an organization called Inception Tech. Recently, numerous employees have been complaining about receiving emails from unknown senders. In order to prevent employees from spoof ng emails and keeping security in mind, Racheal was asked to take appropriate actions in this matter. As a part of her assignment, she needs to analyze the email headers to check the authenticity of received emails. Which of the following protocol/authentication standards she must check in email header to analyze the email authenticity? A. POP B. SNMP C. DKIM D. ARP Answer: C

6. Free EC-council 212-89 Practice Exam From Passcert for Your Best Preparation 5. Bonney's system has been compromised by a gruesome malware. What is the primary step that is advisable to Bonney in order to contain the malware incident from spreading? What is the cause of this issue? A. Complaint to police in a formal way regarding the incident B. Turnoff the infected machine C. Leave it to the network administrators to handle D. Call the legal department in the organization and info m about the incident Answer: B

7. Free EC-council 212-89 Practice Exam From Passcert for Your Best Preparation 6. Rinni is an incident handler and she is performing memory dump analysis. Which of following tools she can use in order to perform a memory dump analysis? A. iNetSim B. OllyDbg and IDA Pro C. Proc mon and Process Explorer D. Scylla and Olly DumpEx Answer: B

8. Free EC-council 212-89 Practice Exam From Passcert for Your Best Preparation 7.Rose is an incident-handler and is responsible for detecting and eliminating any kind of scanning attempts over the network by malicious threat actors. Rose uses Wire shark to sniff the network and detect any malicious activities going on. Which of the following Wireshark filters can be used by her to detect TCP Xmas scan attempt by the attacker? A. tcp.flags.reset== 1 B. tcp.flags==0X 000 C. tcp.flags==0X 029 D. tcp.dstport== 7 Answer: C

9. Free EC-council 212-89 Practice Exam From Passcert for Your Best Preparation 8. Which of the following is not a countermeasure to eradicate cloud security incidents? A. Checking for data protection at both design and runtime B. Disabling security options such as two factor authentication and CAPTCHA C. Patching the database vulnerabilities and improving the isolation mechanism D. Removing the malware files and traces from the affected components Answer: B

10. Free EC-council 212-89 Practice Exam From Passcert for Your Best Preparation 9. Who is mainly responsible for providing proper network services and handling network-related incidents in each cloud service model? A. Cloud brokers B. Cloud service provider C. Cloud consumer D. Cloud auditor Answer: B

11. Free EC-council 212-89 Practice Exam From Passcert for Your Best Preparation 10.Johnson is an incident handler and is working on a recent web application attack faced by his organization. As part of this process, he performed data preprocessing in order to analyze and detect the watering hole attack. Johnson preprocessed the outbound network traffic data collected from firewalls and proxy servers. He then started analyzing the user activities within a certain time period to create time ordered domain sequences to perform further analysis on sequential patterns. Identify the data-preprocessing step performed by Johnson. A. User-specific sessionization B. Identifying unpopular domains C. Hostname normalization D. Filtering invalid hostnames Answer: A