212-89 Exam Questions
175 real 212-89 exam questions with expert-verified answers and explanations. Page 3 of 4.
- Question #101
Which of the following is not the responsibility of first responders?
- Question #102
Bob, an incident responder at CyberTech Solutions, is investigating a cybercrime attack occurred in the client company. He acquired the evidence data, preserved it, and started per...
- Question #103
Which of the following port scanning techniques involves resetting the TCP connection between client and server abruptly before completion of the three-way handshake signals, makin...
- Question #104
Smith employs various malware detection techniques to thoroughly examine the network and its systems for suspicious and malicious malware files. Among all techniques, which one inv...
- Question #105
Which of the following techniques prevent or mislead incident-handling process and may also affect the collection, preservation, and identification phases of the forensic investiga...
- Question #106
Marley was asked by his incident handling and response (IH&R) team lead to collect volatile data such as system information and network information present in the registries, cache...
- Question #107
Bonney's system has been compromised by a gruesome malware. What is the primary step that is advisable to Bonney in order to contain the malware incident from spreading?
- Question #108
QualTech Solutions is a leading security services enterprise. Dickson works as an incident responder with this firm. He is performing vulnerability assessment to identify the secur...
- Question #109
After a recent email attack, Harry is analyzing the incident to obtain important information related to the incident. While investigating the incident, he is trying to extract info...
- Question #110
Otis is an incident handler working in Delmont organization. Recently, the organization is facing several setbacks in the business and thereby its revenues are going down. Otis was...
- Question #111
In which of the following types of fuzz testing strategies the new data will be generated from scratch and the amount of data to be generated are predefined based on the testing mo...
- Question #112
Patrick is doing a cyber forensic investigation. He is in the process of collecting physical evidence at the crime scene. Which of the following elements he must consider while col...
- Question #113
An attacker traced out and found the kind of websites a target company/individual is frequently surfing and tested those particular websites to identify any possible vulnerabilitie...
- Question #114
Who is mainly responsible for providing proper network services and handling network-related incidents in all the cloud service models?
- Question #115
Adam is an attacker who along with his team launched multiple attacks on target organization for financial benefits. Worried about getting caught, he decided to forge his identity....
- Question #116
An organization implemented an encoding technique to eradicate SQL injection attacks. In this technique, if a user submits a request using single-quote and some values, then the en...
- Question #117
In which of the following stages of incident handling and response (IH&R) process do the incident handlers try to find out the root cause of the incident along with the threat acto...
- Question #118
Andrew, an incident responder, is performing risk assessment of the client organization. As a part of risk assessment process, he identified the boundaries of the IT systems, along...
- Question #119
Farheen is an incident responder at reputed IT Firm based in Florida. Farheen was asked to investigate a recent cybercrime faced by the organization. As part of this process, she c...
- Question #120
Chandler is a professional hacker who is targeting Technote organization. He wants to obtain important organizational information that is being transmitted between different hierar...
- Question #121
Michael is an incident handler at CyberTech Solutions. He is performing detection and analysis of a cloud security incident. He is analyzing the file systems, slack spaces, and met...
- Question #122
An attacker after performing an attack decided to wipe evidences using artifact wiping techniques to evade forensic investigation. He applied magnetic field to the digital media de...
- Question #123
Rose is an incident-handling person and she is responsible for detecting and eliminating any kind of scanning attempts over the network by any malicious threat actors. Rose uses Wi...
- Question #124
James has been appointed as an incident handling and response (IH&R) team lead and he was assigned to build an IH&R plan along with his own team in the company. Identify the IH&R p...
- Question #125
Which of the following processes is referred to as an approach to respond to the security incidents that occurred in an organization and enables the response team by ensuring that...
- Question #126
Which of the following methods help incident responders to reduce the false-positive alert rates and further provide benefits of focusing on topmost priority issues reducing potent...
- Question #127
Shally, an incident handler, is working for a company named Texas Pvt. Ltd. based in Florida. She was asked to work on an incident response plan. As part of the plan, she decided t...
- Question #128
In which of the following confidentiality attacks attackers try to lure users by posing themselves as authorized AP by beaconing the WLAN's SSID?
- Question #129
Joseph is an incident handling and response (IH&R) team lead in Toro Network Solutions Company. As a part of IH&R process, Joseph alerted the service providers, developers, and man...
- Question #130
Identify the network security incident where intended or authorized users are prevented from using system, network, or applications by flooding the network with a high volume of tr...
- Question #131
Clark is investigating a cybercrime at TechSoft Solutions. While investigating the case, he needs to collect volatile information such as running services, their process IDs, start...
- Question #132
Stenley is an incident handler working for Texa Corp. located in the United States. With the growing concern of increasing emails from outside the organization, Stenley was asked t...
- Question #133
Which of the following is not a best practice to eliminate the possibility of insider attacks?
- Question #134Incident Handling and Response Process
When an employee is terminated from his or her job, what should be the next immediate step taken by an organization?
employee terminationaccess revocationoffboardingaccess control - Question #135Incident Handling and Response Process
Unusual logins, accessing sensitive information not used for the job role, and the use of personal external storage drives on company assets are all signs of which of the following...
Insider Threat DetectionAnomalous User BehaviorUnauthorized Data AccessData Exfiltration - Question #136Incident Handling and Response Management
What is the best staffing model for an incident response team if current employees' expertise is very low?
incident response staffingoutsourcing strategycapability assessmentresource planning - Question #137
ZYX company experienced a DoS/DDoS attack on their network. Upon investigating the incident, they concluded that the attack is an application-layer attack. Which of the following a...
- Question #138
Ross is an incident manager (IM) at an organization, and his team provides support to all users in the organization who are affected by threats or attacks. David, who is the organi...
- Question #139
Dash wants to perform a DoS attack over 256 target URLs simultaneously. Which of the following tools can Dash employ to achieve his objective?
- Question #140
Which of the following information security personnel handles incidents from management and technical point of view?
- Question #141
Francis received a spoof email asking for his bank information. He decided to use a tool to analyze the email headers. Which of the following should he use?
- Question #142
Zaimasoft, a prominent IT organization, was attacked by perpetrators who directly targeted the hardware and caused irreversible damage to the hardware. In result, replacing or rein...
- Question #143
Which of the following terms refers to the personnel that the incident handling and response (IH&R) team must contact to report the incident and obtain the necessary permissions?
- Question #144
Khai was tasked with examining the logs from a Linux email server. The server uses Sendmail to execute the command to send emailsand Syslog to maintain logs. To validate the data w...
- Question #145
A malicious, security-breaking program is disguised as a useful program. Such executable programs, which are installed when a file is opened, allow others to control a user's syste...
- Question #146Computer Forensics in Incident Handling
A computer forensic investigator must perform a proper investigation to protect digital evidence. During the investigation, an investigator needs to process large amounts of data u...
Forensic ExaminationEvidence ProcessingInvestigation PhasesData Analysis - Question #147Computer Forensics in Incident Handling
What command does a Digital Forensic Examiner use to display the list of all open ports and the associated IP addresses on a victim computer to identify the established connections...
netstat commandnetwork connectionsopen portslive forensics - Question #148Computer Forensics in Incident Handling
Organizations or incident response teams need to protect the evidence for any future legal actions that may be taken against perpetrators that intentionally attacked the computer s...
Chain-of-CustodyEvidence ProtectionEvidence IntegrityLegal Compliance - Question #149Incident Handling and Response Process
Which among the following CERTs is an Internet provider to higher education institutions and various other research institutions in the Netherlands and deals with all cases related...
CERT organizationsIncident responseRegional security teamsComputer security incidents - Question #150
James is a professional hacker and is employed by an organization to exploit their cloud services. In order to achieve this, James created anonymous access to the cloud services to...