EC-Council 212-89 EC Council Certified Incident Handler (ECIH v2) Online Training
EC-Council 212-89 Online Training
The questions for 212-89 were last updated at Dec 24,2024.
- Exam Code: 212-89
- Exam Name: EC Council Certified Incident Handler (ECIH v2)
- Certification Provider: EC-Council
- Latest update: Dec 24,2024
Johnson is an incident handler and is working on a recent web application attack faced by his organization. As part of this process, he performed data preprocessing in order to analyze and detect the watering hole attack. Johnson preprocessed the outbound network traffic data collected from firewalls and proxy servers. He then started analyzing the user activities within a certain time period to create time ordered domain sequences to perform further analysis on sequential patterns. Identify the data-preprocessing step performed by Johnson.
- A . User-specific sessionization
- B . Identifying unpopular domains
- C . Hostname normalization
- D . Filtering invalid hostnames
Michael is an incident handler at CyberTech Solutions. He is performing detection and analysis of a cloud security incident. He is also analyzing the file systems, slack spaces, and metadata within the storage units to find hidden malware and evidence of malice.
Identify the cloud security incident handled by Michael:
- A . Server-related incident
- B . Storage-related incident
- C . Application-related incident
- D . Network-related incident
Darwin is an attacker within an organization and is performing network sniffing by running his system in promiscuous mode. He is capturing and viewing all the network packets transmitted within the organization. Edwin is an incident handler in the same organization.
In the above situation, which of the following Nmap commands Edwin must use to detect Darwin’s system that is running in promiscuous mode?
- A . nmap –script=sniffer-detect [Target IP Address/Range of IP addresses]
- B . nmap –script host map
- C . nmap -sU -p 500
- D . nmap -sV -T4 -O -F -version-light
lkeo Corp. has hired an incident response team to assess the enterprise security. As a part of the incident handing and response process, the IR team is reviewing the current security policies implemented by the enterprise. The IR team finds out that employees of the organization do not have any restrictions on Internet access, which means that they are allowed to visit any site, download any application, and access a computer or a network from a remote location. Considering this as a main security threat, the IR team plans to change this policy as it can be easily exploited by the attackers. Identify the security policy that the IR team is planning to modify.
- A . Promiscuous pol cy
- B . Prudent policy
- C . Permissive policy
- D . Paranoid policy
An organization’s customers are experiencing either slower network communication or unavailability of services. In addition, network administrators are receiving alerts from security tools such as IDS/IPS and firewalls about a possible DoS/DDoS attack. In result, the organization requests the incident handling and response (IH&R) team further investigates the incident. The IH&R team decides to use manual techniques to detect DoS/DDoS attack.
Which of the following commands helps the IH&R team to manually detect DoS/DDoS attack?
- A . nbtstat /c
- B . nbtstat /S
- C . netstat -r
- D . netstat -an
Which of the following risk mitigation strategies involves the execution of controls to reduce the risk factor and bring it to an acceptable level, or accepts the potential risk and continues operating the IT system?
- A . Risk assumption
- B . Risk planning
- C . Risk transference
- D . Risk avoidance
Robert is an incident handler working for X security Inc. One day, his organization faced a massive cyberattack and all of the websites related to the organization went offline. Robert was on duty during the incident and he was responsible for handling the incident and maintaining business continuity. He immediately restored the web application service with the help of the existing backups.
According to the scenario, which of the following stages of incident handling and response (IH&R) process did Robert perform?
- A . Evidence gathering and forensics analysis
- B . Eradication
- C . Not if cation
- D . Recovery
Which of the following tools helps incident handlers to view the filesystem, retrieve deleted data, perform timeline analysis, web art facts, etc., during an incident response process?
- A . Process Explorer
- B . nbtstat
- C . Autopsy
- D . netstat
Joseph is an incident handling and response (IH&R) team lead in Toro Network Solutions Company. As a part of the IH&R process, Joseph alerted the service providers, developers, and manufacturers about the affected resources. Identify the stage of lH&R process Joseph is currently in.
- A . Eradication
- B . Containment
- C . Recovery
- D . Incident triage
Tibs on works as an incident responder for MNC based in Singapore. He is investigating a web application security incident recently faced by the company. The attack is performed on a MSSQL Server hosted by the company. In the detection and analysis phase, he used regular expressions to analyze and detect SQL meta-characters that led to SQL injection attack. Identify the regular expression used by Tibs on to detect SQL injection attack on MSSQL Server.
- A . ((.1%2E).1%2E)(V%2FN|%5C))
- B . ((A.W)(.A.V))
- C . ((%3C) <) (%2F) /) *(script) (%3E) >)
- D . /exec(s|+) +(s|x) pw+/ix