EC-Council 212-89 Free Practice Questions

NEW QUESTION 1
Electronic evidence may reside in the following:

• A. Data Files
• B. Backup tapes
• C. Other media sources
• D. All the above

Answer: D

NEW QUESTION 2
Based on the some statistics; what is the typical number one top incident?

• A. Phishing
• B. Policy violation
• C. Un-authorized access
• D. Malware

Answer: A

NEW QUESTION 3
When an employee is terminated from his or her job, what should be the next immediate step taken by an organization?

• A. All access rights of the employee to physical locations, networks, systems, applications and data should be disabled
• B. The organization should enforce separation of duties
• C. The access requests granted to an employee should be documented and vetted by the supervisor
• D. The organization should monitor the activities of the system administrators and privileged users who have permissions to access the sensitive information

Answer: A

NEW QUESTION 4
One of the goals of CSIRT is to manage security problems by taking a certain approach towards the customers’ security vulnerabilities and by responding effectively to potential information security incidents. Identify the incident response approach that focuses on developing the infrastructure and security processes before the occurrence or detection of an event or any incident:

• A. Interactive approach
• B. Introductive approach
• C. Proactive approach
• D. Qualitative approach

Answer: C

NEW QUESTION 5
A computer forensic investigator must perform a proper investigation to protect digital evidence. During the investigation, an investigator needs to process large amounts of data using a combination of automated and manual methods. Identify the computer forensic process involved:

• A. Analysis
• B. Preparation
• C. Examination
• D. Collection

Answer: C

NEW QUESTION 6
If the loss anticipated is greater than the agreed upon threshold; the organization will:

• A. Accept the risk
• B. Mitigate the risk
• C. Accept the risk but after management approval
• D. Do nothing

Answer: B

NEW QUESTION 7
The Malicious code that is installed on the computer without user’s knowledge to acquire information from the user’s machine and send it to the attacker who can access it remotely is called:

• A. Spyware
• B. Logic Bomb
• C. Trojan
• D. Worm

Answer: A

NEW QUESTION 8
Which of the following terms may be defined as “a measure of possible inability to achieve a goal, objective, or target within a defined security, cost plan and technical limitations that adversely affects the organization’s operation and revenues?

• A. Risk
• B. Vulnerability
• C. Threat
• D. Incident Response

Answer: A

NEW QUESTION 9
Insider threats can be detected by observing concerning behaviors exhibited by insiders, such as conflicts with supervisors and coworkers, decline in performance, tardiness or unexplained absenteeism. Select the technique that helps in detecting insider threats:

• A. Correlating known patterns of suspicious and malicious behavior
• B. Protecting computer systems by implementing proper controls
• C. Making is compulsory for employees to sign a none disclosure agreement
• D. Categorizing information according to its sensitivity and access rights

Answer: A

NEW QUESTION 10
The USB tool (depicted below) that is connected to male USB Keyboard cable and not detected by antispyware tools is most likely called:

• A. Software Key Grabber
• B. Hardware Keylogger
• C. USB adapter
• D. Anti-Keylogger

Answer: B

NEW QUESTION 11
Which among the following CERTs is an Internet provider to higher education institutions and various other research institutions in the Netherlands and deals with all cases related to computer security incidents in which a customer is involved either as a victim or as a suspect?

• A. NET-CERT
• B. DFN-CERT
• C. Funet CERT
• D. SURFnet-CERT

Answer: D

NEW QUESTION 12
The person who offers his formal opinion as a testimony about a computer crime incident in the court of law is known as:

• A. Expert Witness
• B. Incident Analyzer
• C. Incident Responder
• D. Evidence Documenter

Answer: A

NEW QUESTION 13
The Linux command used to make binary copies of computer media and as a disk imaging tool if given a raw disk device as its input is:

• A. “dd” command
• B. “netstat” command
• C. “nslookup” command
• D. “find” command

Answer: A

NEW QUESTION 14
A malicious security-breaking code that is disguised as any useful program that installs an executable programs when a file is opened and allows others to control the victim’s system is called:

• A. Trojan
• B. Worm
• C. Virus
• D. RootKit

Answer: A

NEW QUESTION 15
An information security incident is

• A. Any real or suspected adverse event in relation to the security of computer systems or networks
• B. Any event that disrupts normal today’s business functions
• C. Any event that breaches the availability of information assets
• D. All of the above

Answer: D

NEW QUESTION 16
Contingency planning enables organizations to develop and maintain effective methods to handle emergencies. Every organization will have its own specific requirements that the planning should address. There are five major components of the IT contingency plan, namely supporting information, notification activation, recovery and reconstitution and plan appendices. What is the main purpose of the reconstitution plan?

• A. To restore the original site, tests systems to prevent the incident and terminates operations
• B. To define the notification procedures, damage assessments and offers the plan activation
• C. To provide the introduction and detailed concept of the contingency plan
• D. To provide a sequence of recovery activities with the help of recovery procedures

Answer: A

NEW QUESTION 17
A computer Risk Policy is a set of ideas to be implemented to overcome the risk associated with computer security incidents. Identify the procedure that is NOT part of the computer risk policy?

• A. Procedure to identify security funds to hedge risk
• B. Procedure to monitor the efficiency of security controls
• C. Procedure for the ongoing training of employees authorized to access the system
• D. Provisions for continuing support if there is an interruption in the system or if the system crashes

Answer: C

NEW QUESTION 18
Which of the following is a risk assessment tool:

• A. Nessus
• B. Wireshark
• C. CRAMM
• D. Nmap

Answer: C

NEW QUESTION 19
Risk management consists of three processes, risk assessment, mitigation and evaluation. Risk assessment determines the extent of the potential threat and the risk associated with an IT system through its SDLC. How many primary steps does NIST’s risk assessment methodology involve?

• A. Twelve
• B. Four
• C. Six
• D. Nine

Answer: D

NEW QUESTION 20
Authorized users with privileged access who misuse the corporate informational assets and directly affects the confidentiality, integrity, and availability of the assets are known as:

• A. Outsider threats
• B. Social Engineers
• C. Insider threats
• D. Zombies

Answer: C

NEW QUESTION 21
......