EC-COUNCIL EC Council Certified Incident Handler (ECIH v3) - 212-89 模擬練習
In which of the following stages of the incident handling and response (IH&R) process do the incident handlers try to find the root cause of the incident along with the threat actors behind the incidents, threat vectors, etc.?
正解: D
An attacker traced out and found the kind of websites a target company/individual is frequently surfing and tested those particular websites to identify any possible vulnerabilities. When the attacker detected vulnerabilities in the website, the attacker started injecting malicious script/code into the web application that can redirect the webpage and download the malware onto the victim's machine. After infecting the vulnerable web application, the attacker waited for the victim to access the infected web application.
Identify the type of attack performed by the attacker.
Identify the type of attack performed by the attacker.
正解: B
解説: (PassTest メンバーにのみ表示されます)
Which of the following is not called volatile data?
正解: A
解説: (PassTest メンバーにのみ表示されます)
A regional airport recently upgraded its operations with smart IoT-based baggage handling and security camera systems. During a routine cyber resilience drill mimicking device disruption, operational staff experienced confusion in executing assigned duties and lacked clarity in the communication flow. There was uncertainty about who should engage with third-party vendors, how to retrieve diagnostic logs from affected systems, and which units required priority attention to maintain continuity. Which of the following would best address these preparedness gaps?
正解: A
解説: (PassTest メンバーにのみ表示されます)
Tara, a certified first responder in a digital forensics team, is dispatched to investigate a suspected insider attack targeting a critical workstation in the finance department. Upon arriving at the scene, she takes a methodical approach: she begins labeling all connected network cables, photographs the back panel of the workstation, documents cable connections, and records the power status of each connected device, including peripherals like external drives and monitors. She also notes the orientation and placement of equipment on the desk and the surrounding environment.
These actions are part of her protocol to ensure that, if the devices need to be moved for forensic analysis, investigators can accurately replicate the system's physical setup at the time of the incident. What is Tara aiming to achieve with these actions?
These actions are part of her protocol to ensure that, if the devices need to be moved for forensic analysis, investigators can accurately replicate the system's physical setup at the time of the incident. What is Tara aiming to achieve with these actions?
正解: D
解説: (PassTest メンバーにのみ表示されます)
Which one of the following is the correct flow of the stages in an incident handling and response (IH&R) process?
正解: C
解説: (PassTest メンバーにのみ表示されます)
Which of the following techniques helps incident handlers to detect man-in-the-middle attack by finding the new APs and trying to connect an already established channel, even if the spoofed AP consists similar IP and MAC addresses as of the original AP?
正解: A
解説: (PassTest メンバーにのみ表示されます)
James is working as an incident responder at CyberSol Inc. The management instructed James to investigate a cybersecurity incident that recently happened in the company. As a part of the investigation process, James started collecting volatile information from a system running on Windows operating system.
Which of the following commands helps James in determining all the executable files for running processes?
Which of the following commands helps James in determining all the executable files for running processes?
正解: C
解説: (PassTest メンバーにのみ表示されます)