212-89 Practice Test Questions – EC-Council Certified Incident Handler (ECIH v2)

The EC-Council Certified Incident Handler certification is designed to provide the fundamental skills to handle and respond to computer security incidents in an information system. PassQuestion fully loaded 212-89 Practice Test Questions are the absolute perfect and preferred means of get yourself ready for the 212-89 by thousands of successful certified professionals throughout the world. Each and every PassQuestion 212-89 Practice Test Questions is backed by our 100% pass guarantee. We guaranteed that you will pass your 212-89 actual test in your first attempt. Get 212-89 certified soon and download 212-89 Practice Test Questions for your test today!

212-89 Practice Test Questions – EC-Council Certified Incident Handler (ECIH v2)

1. Which of the following terms may be defined as “a measure of possible inability to achieve a goal, objective, or target within a defined security, cost plan and technical limitations that adversely affects the organization’s operation and revenues?


2. A distributed Denial of Service (DDoS) attack is a more common type of DoS Attack, where a single system is targeted by a large number of infected machines over the Internet.

In a DDoS attack, attackers first infect multiple systems which are known as:


3. The goal of incident response is to handle the incident in a way that minimizes damage and reduces recovery time and cost.

Which of the following does NOT constitute a goal of incident response?


4. An organization faced an information security incident where a disgruntled employee passed sensitive access control information to a competitor. The organization’s incident response manager, upon investigation, found that the incident must be handled within a few hours on the same day to maintain business continuity and market competitiveness.

How would you categorize such information security incident?


5. Business continuity is defined as the ability of an organization to continue to function even after a disastrous event, accomplished through the deployment of redundant hardware and software, the use of fault tolerant systems, as well as a solid backup and recovery strategy.

Identify the plan which is mandatory part of a business continuity plan?


6. The flow chart gives a view of different roles played by the different personnel of CSIRT.

Identify the incident response personnel denoted by A, B, C, D, E, F and G.


7. Which of the following is an appropriate flow of the incident recovery steps?


8. A computer Risk Policy is a set of ideas to be implemented to overcome the risk associated with computer security incidents. Identify the procedure that is NOT part of the computer risk policy?


9. Identify the network security incident where intended authorized users are prevented from using system, network, or applications by flooding the network with high volume of traffic that consumes all existing network resources.


10. Incident handling and response steps help you to detect, identify, respond and manage an incident.

Which of the following steps focus on limiting the scope and extent of an incident?


11. Identify the malicious program that is masked as a genuine harmless program and gives the attacker unrestricted access to the user’s information and system. These programs may unleash dangerous programs that may erase the unsuspecting user’s disk and send the victim’s credit card numbers and passwords to a stranger.


12. Quantitative risk is the numerical determination of the probability of an adverse event and the extent of the losses due to the event. Quantitative risk is calculated as:


13. An incident recovery plan is a statement of actions that should be taken before, during or after an incident.

Identify which of the following is NOT an objective of the incident recovery plan?


14. Risk is defined as the probability of the occurrence of an incident.

Risk formulation generally begins with the likeliness of an event’s occurrence, the harm it may cause and is usually denoted as Risk = ∑(events)X (Probability of occurrence) X?


15. An audit trail policy collects all audit trails such as series of records of computer events, about an operating system, application or user activities.

Which of the following statements is NOT true for an audit trail policy:


16. Computer forensics is methodical series of techniques and procedures for gathering evidence from computing equipment, various storage devices and or digital media that can be presented in a course of law in a coherent and meaningful format.

Which one of the following is an appropriate flow of steps in the computer forensics process?


17. Multiple component incidents consist of a combination of two or more attacks in a system.

Which of the following is not a multiple component incident?


18. Computer Forensics is the branch of forensic science in which legal evidence is found in any computer or any digital media device.

Of the following, who is responsible for examining the evidence acquired and separating the useful evidence?


19. The network perimeter should be configured in such a way that it denies all incoming and outgoing traffic/ services that are not required.

Which service listed below, if blocked, can help in preventing Denial of Service attack?


20. A US Federal agency network was the target of a DoS attack that prevented and impaired the normal authorized functionality of the networks. According to agency’s reporting timeframe guidelines, this incident should be reported within two (2) HOURS of discovery/detection if the successful attack is still ongoing and the agency is unable to successfully mitigate the activity.

Which incident category of the US Federal Agency does this incident belong to?


712-50 Free Questions - EC-Council Certified CISO (CCISO)

Leave a Reply

Your email address will not be published. Required fields are marked *