• Home
  • Articles
  • Latest Dec 03, 2021 212-89 Brain Dump A Study Guide with Tips & Tricks for passing Exam [Q35-Q60]

Latest Dec 03, 2021 212-89 Brain Dump A Study Guide with Tips & Tricks for passing Exam [Q35-Q60]

Share

Latest Dec 03, 2021 212-89 Brain Dump: A Study Guide with Tips & Tricks for passing Exam

212-89 Question Bank: Free PDF Download Recently Updated Questions

NEW QUESTION 35
The program that helps to train people to be better prepared to respond to emergency situations in their communities is known as:

  • A. All the above
  • B. Incident Response Team (IRT)
  • C. Community Emergency Response Team (CERT)
  • D. Security Incident Response Team (SIRT)

Answer: C

 

NEW QUESTION 36
Bit stream image copy of the digital evidence must be performed in order to:

  • A. All the above
  • B. Copy the FAT table
  • C. Prevent alteration to the original disk
  • D. Copy all disk sectors including slack space

Answer: D

 

NEW QUESTION 37
Common name(s) for CSIRT is(are)

  • A. Incident Handling Team (IHT)
  • B. Incident Response Team (IRT)
  • C. All the above
  • D. Security Incident Response Team (SIRT)

Answer: C

 

NEW QUESTION 38
Identify the malicious program that is masked as a genuine harmless program and gives the attacker unrestricted access to the user's information and system. These programs may unleash dangerous programs that may erase the unsuspecting user's disk and send the victim's credit card numbers and passwords to a stranger.

  • A. Trojan
  • B. Worm
  • C. Virus
  • D. Cookie tracker

Answer: A

 

NEW QUESTION 39
An incident is analyzed for its nature, intensity and its effects on the network and systems. Which stage of the
incident response and handling process involves auditing the system and network log files?

  • A. Containment
  • B. Reporting
  • C. Incident recording
  • D. Identification

Answer: D

 

NEW QUESTION 40
Any information of probative value that is either stored or transmitted in a digital form during a computer crime is called:

  • A. Digital Forensic Examiner
  • B. Digital evidence
  • C. Computer Emails
  • D. Digital investigation

Answer: B

 

NEW QUESTION 41
A malicious security-breaking code that is disguised as any useful program that installs an executable programs when a file is opened and allows others to control the victim's system is called:

  • A. Trojan
  • B. Worm
  • C. Virus
  • D. RootKit

Answer: A

 

NEW QUESTION 42
US-CERT and Federal civilian agencies use the reporting timeframe criteria in the federal agency reporting
categorization. What is the timeframe required to report an incident under the CAT 4 Federal Agency category?

  • A. Within two (2) hours of discovery/detection
  • B. Weekly
  • C. Within four (4) hours of discovery/detection if the successful attack is still ongoing and agency is unable to
    successfully mitigate activity
  • D. Monthly

Answer: B

 

NEW QUESTION 43
In a DDoS attack, attackers first infect multiple systems, which are then used to attack a particular target directly. Those systems are called:

  • A. Relays
  • B. Handlers
  • C. Honey Pots
  • D. Zombies

Answer: D

 

NEW QUESTION 44
According to the Evidence Preservation policy, a forensic investigator should make at least ..................... image copies of the digital evidence.

  • A. Four image copies
  • B. Three image copies
  • C. One image copy
  • D. Two image copies

Answer: D

 

NEW QUESTION 45
The service organization that provides 24x7 computer security incident response services to any user, company, government agency, or organization is known as:

  • A. Computer Security Incident Response Team CSIRT
  • B. Security Operations Center SOC
  • C. Digital Forensics Examiner
  • D. Vulnerability Assessor

Answer: A

 

NEW QUESTION 46
Which of the following may be considered as insider threat(s):

  • A. Disgruntled system administrators
  • B. An employee who gets an annual 7% salary raise
  • C. An employee with an insignificant technical literacy and business process knowledge
  • D. An employee having no clashes with supervisors and coworkers

Answer: A

 

NEW QUESTION 47
A malware code that infects computer files, corrupts or deletes the data in them and requires a host file to
propagate is called:

  • A. Trojan
  • B. Worm
  • C. Virus
  • D. RootKit

Answer: C

 

NEW QUESTION 48
Contingency planning enables organizations to develop and maintain effective methods to handle emergencies. Every organization will have its own specific requirements that the planning should address. There are five major components of the IT contingency plan, namely supporting information, notification activation, recovery and reconstitution and plan appendices. What is the main purpose of the reconstitution plan?

  • A. To provide the introduction and detailed concept of the contingency plan
  • B. To provide a sequence of recovery activities with the help of recovery procedures
  • C. To define the notification procedures, damage assessments and offers the plan activation
  • D. To restore the original site, tests systems to prevent the incident and terminates operations

Answer: D

 

NEW QUESTION 49
The steps followed to recover computer systems after an incident are:

  • A. System restoration, operation, validation, and monitoring
  • B. System monitoring, validation, operation and restoration
  • C. System restoration, validation, operation and monitoring
  • D. System validation, restoration, operation and monitoring

Answer: C

 

NEW QUESTION 50
Performing Vulnerability Assessment is an example of a:

  • A. Incident Response
  • B. Pre-Incident Preparation
  • C. Post Incident Management
  • D. Incident Handling

Answer: B

 

NEW QUESTION 51
What is the best staffing model for an incident response team if current employees' expertise is very low?

  • A. All the above
  • B. Partially outsourced
  • C. Fully insourced
  • D. Fully outsourced

Answer: D

Explanation:
Explanation/Reference:

 

NEW QUESTION 52
According to US-CERT; if an agency is unable to successfully mitigate a DOS attack it must be reported within:

  • A. Two (2) hours of discovery/detection if the successful attack is still ongoing
  • B. Four (4) hours of discovery/detection if the successful attack is still ongoing
  • C. Three (3) hours of discovery/detection if the successful attack is still ongoing
  • D. One (1) hour of discovery/detection if the successful attack is still ongoing

Answer: A

 

NEW QUESTION 53
The state of incident response preparedness that enables an organization to maximize its potential to use digital evidence while minimizing the cost of an investigation is called:

  • A. Digital Forensic Policy
  • B. Computer Forensics
  • C. Digital Forensic Analysis
  • D. Forensic Readiness

Answer: D

 

NEW QUESTION 54
An audit trail policy collects all audit trails such as series of records of computer events, about an operating system, application or user activities. Which of the following statements is NOT true for an audit trail policy:

  • A. It helps in compliance to various regulatory laws, rules,and guidelines
  • B. It helps calculating intangible losses to the organization due to incident
  • C. It helps in reconstructing the events after a problem has occurred
  • D. It helps tracking individual actions and allows users to be personally accountable for their actions

Answer: B

 

NEW QUESTION 55
Identify the network security incident where intended authorized users are prevented from using system, network, or applications by flooding the network with high volume of traffic that consumes all existing network resources.

  • A. URL Manipulation
  • B. SQL Injection
  • C. Denial of Service Attack
  • D. XSS Attack

Answer: C

 

NEW QUESTION 56
An estimation of the expected losses after an incident helps organization in prioritizing and formulating their
incident response. The cost of an incident can be categorized as a tangible and intangible cost. Identify the
tangible cost associated with virus outbreak?

  • A. Damage to corporate reputation
  • B. Lost productivity damage
  • C. Loss of goodwill
  • D. Psychological damage

Answer: B

 

NEW QUESTION 57
An incident recovery plan is a statement of actions that should be taken before, during or after an incident.
Identify which of the following is NOT an objective of the incident recovery plan?

  • A. Avoiding the legal liabilities arising due to incident
  • B. Providing assurance that systems are reliable
  • C. Providing a standard for testing the recovery plan
  • D. Creating new business processes to maintain profitability after incident

Answer: D

Explanation:
Explanation/Reference:

 

NEW QUESTION 58
________________ attach(es) to files

  • A. adware
  • B. Spyware
  • C. Viruses
  • D. Worms

Answer: C

 

NEW QUESTION 59
What command does a Digital Forensic Examiner use to display the list of all IP addresses and their associated MAC addresses on a victim computer to identify the machines that were communicating with it:

  • A. "netstat -an" command
  • B. "ifconfig" command
  • C. "arp" command
  • D. "dd" command

Answer: C

 

NEW QUESTION 60
......

New 212-89 Exam Dumps with High Passing Rate: https://testinsides.vcedumps.com/212-89-examcollection.html

Related Articles

more
EC-COUNCIL 212-89 Certification Practice Exam

VCEDumps is a joint venture for provding vce files free and valid dumps pdf. We guarantee VCEDumps dumps pdf help you pass exam 100% for sure. Not Valid, Full Refund!

Latest VCE Dumps

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 VCEDumps NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy