• ホーム
  • ブログ
  • 212-89事前に試験練習テストで使おう(最新170問題) [Q56-Q80]

212-89事前に試験練習テストで使おう(最新170問題) [Q56-Q80]

Share

212-89事前に試験練習テストで使おう(最新170問題)

有効な212-89試験解答PDF一年無料更新

質問 # 56
Dan is a newly appointed information security professional in a renowned organization. He is supposed to follow multiple security strategies to eradicate malware incidents. Which of the following is not considered as a good practice for maintaining information security and eradicating malware incidents?

  • A. Do not download or execute applications from third-party sources
  • B. Do not open files with file extensions such as .bat, .com, ,exe, .pif, .vbs, and so on
  • C. Do not click on web browser pop-up windows
  • D. Do not download or execute applications from trusted sources

正解:D

解説:
The statement "Do not download or execute applications from trusted sources" is incorrect and not considered a good practice for maintaining information security and eradicating malware incidents. In contrast, downloading or executing applications from trusted sources is a fundamental security best practice. Trusted sources are vetted and are generally considered safe for downloading software, updates, and applications. This practice helps to minimize the risk of introducing malware into the organizational environment. The other options (A, B, C) represent good practices that help in reducing the likelihood of malware infections by avoiding potentially harmful actions.
References:The ECIH v3 materials from EC-Council provide guidance on best practices for malware prevention and response, underscoring the importance of relying on trusted sources for software and application downloads as part of a robust information security strategy.


質問 # 57
In which of the following types of fuzz testing strategies the new data will be generated from scratch and the amount of data to be generated are predefined based on the testing model?

  • A. Log-based fuzz testing
  • B. Generation-based fuzz testing
  • C. Mutation-based fuzz testing
  • D. Protocol-based fuzz testing

正解:B

解説:
Generation-based fuzz testing is a strategy where new test data is generated from scratch based on a predefined model that specifies the structure, type, and format of the input data. This approach is systematic and relies on a deep understanding of the format and protocol of the input data to create test cases that are both valid and potentially revealing of vulnerabilities. This contrasts with mutation-based fuzz testing, where existing data samples are modified (mutated) to produce new test cases, and log-based and protocol-based fuzz testing, which use different approaches to test software robustness andsecurity.References:ECIH v3 certification materials often cover software testing techniques, including fuzz testing, to identify vulnerabilities in applications by inputting unexpected or random data.


質問 # 58
Which of the following is a term that describes the combination of strategies and services intended to restore data, applications, and other resources to the public cloud or dedicated service providers?

  • A. Analysis
  • B. Eradication
  • C. Cloud recovery
  • D. Mitigation

正解:C


質問 # 59
John is performing memory dump analysis in order to find out the traces of malware.
He has employed volatility tool in order to achieve his objective.
Which of the following volatility framework commands he will use in order to analyze running process from the memory dump?

  • A. python vol.py pslist --profile=Win2008SP1x86 -f /root/Desktop/memdump.mem
  • B. python vol.py imageinfo -f /root/Desktop/memdump.mem
  • C. python vol.py hivelist --profile=Win2008SP1x86 -f /root/Desktop/memdump.mem
  • D. python vol.py svcscan --profile=Win2008SP1x86 -f /root/Desktop/memdump.mem | more

正解:A


質問 # 60
Jason is setting up a computer forensics lab and must perform the following steps: 1. physical location and structural design considerations; 2. planning and budgeting; 3. work area considerations; 4. physical security recommendations; 5. forensic lab licensing; 6. human resource considerations. Arrange these steps in the order of execution.

  • A. 2->3->l ->4->6->5
  • B. 5-> 2-> l-> 3-> 4-> 6
  • C. 2 -> 1 -> 3 -> 6 -> 4 -> 5
  • D. 3 .> 2 -> 1 -> 4-> 6-> 5

正解:C

解説:
Setting up a computer forensics lab involves several critical steps that need to be executed in a logical and efficient order. The correct sequence starts with planning and budgeting(2), as it is essential to understand the scope, resources, and financial commitment required for the lab. The next step involves considering the physical location and structural design (1) to ensure the lab meets operational needs and security requirements.
Work area considerations (3) follow, focusing on the layout and functionality of the workspace. Human resource considerations (6) are crucial next, to ensure the lab is staffed with qualified personnel. Physical security recommendations (4) are then implemented to protect the lab and its resources. Finally, forensic lab licensing (5) ensures the lab operates within legal and regulatory frameworks.
References:The ECIH v3 course materials from EC-Council outline the foundational steps for setting up a computer forensics lab, stressing the importance of thorough planning and adherence to best practices in lab design and operation.


質問 # 61
You are a systems administrator for a company. You are accessing your file server remotely for maintenance. Suddenly, you are unable to access the server. After contacting others in your department, you find out that they cannot access the file server either. You can ping the file server but not connect to it via RDP. You check the Active Directory Server, and all is well. You check the email server and find that emails are sent and received normally. What is the most likely issue?

  • A. An admin account issue
  • B. An e-mail service issue
  • C. A denial-of-service issue
  • D. The file server has shut down

正解:C


質問 # 62
identify the Sarbanes-Oxley Act (SOX) Title, which consists of only one section, that includes measures designed to help restore investor confidence in the reporting of securities analysts.

  • A. Title V: Analyst Conflicts of Interest
  • B. Title VIII: Corporate and Criminal Fraud Accountability
  • C. Title IX: White-Collar-Crime Penalty Enhancement
  • D. Title VII: Studies and Reports

正解:A


質問 # 63
Which of the following is a common tool used to help detect malicious internal or compromised actors?

  • A. Log forward ng
  • B. SOC2 compliance report
  • C. Syslog configuration
  • D. User behavior analytics

正解:D

解説:
User Behavior Analytics (UBA) is a cybersecurity process or tool that utilizes machine learning, algorithms, and statistical analyses to detect potentially harmful activities within an organization's network by comparing them against established patterns of users' behavior. It is particularly effective in identifying malicious internal actors or compromised users who may be conducting activities that deviate from their normal behavior patterns, such as accessing unauthorized data or systems, excessive file downloads, or unusual login times.
UBA tools can flag these activities for further investigation, often before traditional security tools detect a breach. In contrast, SOC2 compliance reports, log forwarding, and syslog configuration are important for maintaining and auditing security standards and for infrastructure monitoring, but they are not primarily focused on detecting malicious behavior based on deviations from established user behavior patterns.References:The Incident Handler (ECIH v3) curriculum discusses various tools and methodologies for detecting and responding to security incidents, highlighting User Behavior Analytics as a key tool for identifying insider threats and compromised accounts through behavioral monitoring and analysis.


質問 # 64
Ren is assigned to handle a security incident of an organization. He is tasked with forensics investigation to find the evidence needed by the management.
Which of the following steps falls under the investigation phase of the computer forensics investigation process?

  • A. Evidence assessment
  • B. Secure the evidence
  • C. Risk assessment
  • D. Setup a computer forensics lab

正解:B


質問 # 65
The policy that defines which set of events needs to be logged in order to capture and review the important data in a timely manner is known as:

  • A. Documentation policy
  • B. Logging policy
  • C. Evidence Collection policy
  • D. Audit trail policy

正解:B


質問 # 66
QualTech Solutions is a leading security services enterprise. Dickson, who works as an incident responder with this firm, is performing a vulnerability assessment to identify the security problems in the network by using automated tools for identifying the hosts, services, and vulnerabilities in the enterprise network. In the above scenario, which of the following types of vulnerability assessment is Dickson performing?

  • A. Internal assessment
  • B. Passive assessment
  • C. Active assessment
  • D. External assessment

正解:C

解説:
In the scenario described, Dickson is performing an active assessment. This type of vulnerability assessment involves using automated tools to actively scan and probe the network for identifying hosts, services, and vulnerabilities. Unlike passive assessments, which rely on monitoring network traffic without direct interaction with the targets, active assessments engage directly with the network infrastructure to discover vulnerabilities, misconfigurations, and other security issues by sending data to systems and analyzing the responses. This approach provides a more immediate and detailed view of the security posture but can also generate detectable traffic that might be noticed by defensive systems or affect the performance of live systems.
References:The ECIH v3 curriculum by EC-Council includes discussions on various methods of conducting vulnerability assessments, highlighting the differences between active and passive techniques, as well as the contexts in which each is most appropriately used.


質問 # 67
Which of the following digital evidence is temporarily stored on a digital device that requires a constant power supply and is deleted if the power supply is interrupted?

  • A. Slack space
  • B. Process memory
  • C. Swap file
  • D. Event logs

正解:B


質問 # 68
Dan is a newly appointed information security professional in a renowned organization. He is supposed to follow multiple security strategies to eradicate malware incidents.
Which of the following is not considered as a good practice for maintaining information security and eradicating malware incidents?

  • A. Do not download or execute applications from third-party sources
  • B. Do not click on web browser pop-up windows
  • C. Do not download or execute applications from trusted sources
  • D. Do not open files with file extensions such as.bat, .com, .exe, .p if, .vbs, and soon

正解:C


質問 # 69
Alex is an incident handler in QWERTY Company. He identified that an attacker created a backdoor inside the company's network by installing a fake AP inside a firewall. Which of the following attack types did the attacker use?

  • A. Wardriving
  • B. AP misconfiguration
  • C. Ad hoc associations
  • D. Rogue access point

正解:D

解説:
When an attacker installs a fake AP (Access Point) within a company's network, especially behind a firewall, this constitutes the deployment of a Rogue Access Point. Rogue APs are unauthorized wireless access points installed within a network without the network administrator's knowledge or consent. They pose a significant security risk because they can be used to intercept sensitive information, bypass network security configurations, and provide a gateway for attackers to enter the network undetected. This type of attack circumvents the security measures put in place by a company, including firewalls, by creating an illicit entry point into the network that is under the control of the attacker.References:Incident Handler (ECIH v3) courses and study materials discuss various network-based attacks and their mitigation strategies, emphasizing the importance of regular network scans to detect and remove rogue access points and thus secure the network from unauthorized access.


質問 # 70
Sam. an employee of a multinational company, sends emails to third-party organizations with a spoofed email address of his organization. How can you categorize this type of incident?

  • A. Denial-of-service incicent
  • B. Inappropriate usage incident
  • C. Unauthorized access incident.
  • D. Network intrusion incident

正解:B


質問 # 71
Removing or eliminating the root cause of the incident is called:

  • A. Incident Classification
  • B. Incident Containment
  • C. Incident Protection
  • D. Incident Eradication

正解:D


質問 # 72
Identify a standard national process which establishes a set of activities, general tasks and a management
structure to certify and accredit systems that will maintain the information assurance (IA) and security posture
of a system or site.

  • A. NIAAAP
  • B. NIASAP
  • C. NIACAP
  • D. NIPACP

正解:C


質問 # 73
Joseph is an incident handling and response (IH&R) team lead in Toro Network Solutions Company. As a part of the IH&R process, Joseph alerted the service providers, developers, and manufacturers about the affected resources. Identify the stage of lH&R process Joseph is currently in.

  • A. Recovery
  • B. Eradication
  • C. Incident triage
  • D. Containment

正解:D


質問 # 74
Which of the following is a type of malicious code or software that appears legitimate but can take control of your computer?

  • A. Password attack
  • B. Trojan attack
  • C. Phishing attack
  • D. DDoS

正解:B

解説:
A Trojan attack involves a type of malicious code or software that appears legitimate but can take control of your computer. Trojans often disguise themselves as legitimate software or are hidden within legitimate software that has been tampered with. They differ from viruses and worms because they do not replicate.
However, once activated, Trojans can enable cyber-criminals to spy on you, steal your sensitive data, and gain backdoor access to your system. This can include unauthorized actions such as deleting files, monitoring user activities, or installing additional malicious software.
References:The ECIH v3 course details various forms of malware, including Trojans, their modes of operation, and their impact on information security. Understanding the nature of these threats is crucial for effective incident handling and response.


質問 # 75
Auser downloaded what appears to be genuine software. Unknown to her, when she installed the application, it executed code that provided an unauthorized remote attacker access to her computer. What type of malicious threat displays this characteristic?

  • A. Trojan
  • B. Virus
  • C. Backdoor
  • D. Spyware

正解:A

解説:
The scenario described is characteristic of a Trojan. A Trojan is a type of malware that disguises itself as legitimate software but performs malicious actions once installed. Unlike viruses, which can replicate themselves, or worms, which can spread across networks on theirown, Trojans rely on the guise of legitimacy to trick users into initiating their execution. In this case, the user believed they were downloading and installing genuine software, but the reality was that the application contained a Trojan. The malicious code executed upon installation provided unauthorized remote access to the user's computer, which could be used by an attacker to control the system, steal data, install additional malware, or carry out other malicious activities.
Trojans can come in many forms and can be used to achieve a wide range of malicious objectives, making them a versatile and dangerous type of cyber threat. The deceptive nature of Trojans, exploiting the trust users have in what appears to be legitimate software, is what makes them particularly effective and widespread.
References:The ECIH v3 curriculum from EC-Council thoroughly covers different types of malware, including Trojans, and emphasizes understanding their behavior, methods of infection, and strategies for prevention and response.


質問 # 76
Which of the following is NOT part of the static data collection process?

  • A. Password protection
  • B. System preservation
  • C. Evidence examination
  • D. Evidence acquisition

正解:A


質問 # 77
Bob, an incident responder at CyberTech Solutions, is investigating a cybercrime attack occurred in the client company. He acquired the evidence data, preserved it, and started performing analysis on acquired evidentiary data to identify the source of the crime and the culprit behind the incident.
Identify the forensic investigation phase in which Bob is currently in.

  • A. Post-investigation phase
  • B. Vulnerability assessment phase
  • C. Pre-investigation phase
  • D. Investigation phas

正解:D

解説:
Bob is in the Investigation phase of the forensic investigation process. This phase involves the detailed examination and analysis of the collected evidence to identify the source of the crime and the perpetrator behind the incident. It is a crucial step that follows the acquisition and preservation of evidence, where the incident responder applies various techniques and methodologies to analyze the evidentiary data. This analysis aims to uncover how the cybercrime was committed, trace the activities of the culprit, and gather actionable intelligence to support legal actions and prevent future incidents.References:The ECIH v3 certification materials discuss the stages of a forensic investigation, emphasizing the investigation phase as the point at which the incident responder analyzes evidence to draw conclusions about the incident's specifics.


質問 # 78
The policy that defines which set of events needs to be logged in order to capture and review the important
data in a timely manner is known as:

  • A. Documentation policy
  • B. Logging policy
  • C. Evidence Collection policy
  • D. Audit trail policy

正解:B


質問 # 79
Your company sells SaaS, and your company itself is hosted in the cloud (using it as a PaaS). In case of a malware incident in your customer's database, who is responsible for eradicating the malicious software?

  • A. The customer
  • B. The PaaS provider
  • C. Your company
  • D. Building management

正解:C

解説:
In the scenario where your company sells Software as a Service (SaaS) and is hosted on the cloud using it as a Platform as a Service (PaaS), your company is responsible for eradicating malware in your customer's database. This is because, as the SaaS provider, your company manages the software and is responsible for its security and maintenance, including the databases that store customer data. While the PaaS provider is responsible for the underlying infrastructure, platform, and possibly some middleware security aspects, the application layer security, including data and application management, falls to the SaaS provider. Building management would not be involved in digital security matters, and while customers are responsible for their data, the actual software maintenance and security in a SaaS model are the provider's responsibility.References:Incident Handler (ECIH v3) certification materials often discuss cloud service models (IaaS, PaaS, SaaS) and their associated security responsibilities, highlighting the importance of understanding who is responsible for what in cloud environments.


質問 # 80
......

EC Council Certified Incident Handler (ECIH v3)無料更新認定サンプル問題:https://www.passtest.jp/EC-COUNCIL/212-89-shiken.html

試験本場前にトレンドなEC-COUNCIL 212-89のPDF問題集を試そう:https://drive.google.com/open?id=1lnhK4n6Ch3EwVPKDxoi6NDkQMBs4tEFu

関するブログ

もっと
212-89 無料問題集