• Home
  • Articles
  • Mar-2025 Free 212-89 Test Questions Real Practice Test Questions [Q45-Q70]

Mar-2025 Free 212-89 Test Questions Real Practice Test Questions [Q45-Q70]

Share

Mar-2025 Free 212-89 Test Questions Real Practice Test Questions

212-89 Dumps Updated Mar 15, 2025 WIith 170 Questions

NEW QUESTION # 45
Patrick is performing a cyber forensic investigation. He is in the process of collect ng physical evidence at the crime scene.
Which of the following elements must he consider while collecting physical evidence?

  • A. Removable media, cables, and publications
  • B. Open ports, services, and operating system (OS) vulnerabilities
  • C. DNS information including domains and subdomains
  • D. Published nameservers and web-application source code

Answer: A


NEW QUESTION # 46
Which stage of the incident response and handling process involves auditing the system and network log files?

  • A. Containment
  • B. Incident disclosure
  • C. Incident eradication
  • D. Incident triage

Answer: D


NEW QUESTION # 47
Adam is an incident handler who intends to use DBCCLOG command to analyze a database and retrieve the active transaction logfiles for the specified database. The syntax of DBCC LG command is DBCC LOG (<database name>, <output>), where the output parameter specifies the level of information an incident handler wants to retrieve.
If Adam wants to retrieve the full information on each operation along with the hex dump of a current transaction row, which of the following output parameters should Adam use?

  • A. 0
  • B. 1
  • C. 2
  • D. 3

Answer: D


NEW QUESTION # 48
Which of the following is not a countermeasure to eradicate inappropriate usage incidents?

  • A. Avoid VPN and other secure network channels
  • B. Register the user activity logs and keep monitoring them regularly
  • C. Install firewall and IDS/IPS to block services that violate the organization's policy
  • D. Always store the sensitive data in far located servers and restrict its access

Answer: A

Explanation:
Avoiding VPN (Virtual Private Network) and other secure network channels is not a countermeasure to eradicate inappropriate usage incidents. On the contrary, using VPNs and secure network channels is a best practice for enhancing security, as these technologies help protect data in transit, ensuring that it is encrypted and less susceptible to interception or eavesdropping. Countermeasures for inappropriate usage typically involve enhancing security and monitoring, not reducing the security of communications.


NEW QUESTION # 49
Absorbing minor risks while preparing to respond to major ones is called:

  • A. Risk Transfer
  • B. Risk Avoidance
  • C. Risk Assumption
  • D. Risk Mitigation

Answer: C


NEW QUESTION # 50
During the process of detecting and containing malicious emails, incident responders should examine the originating IP address of the emails.
The steps to examine the originating IP address are as follow:
1. Search for the IP in the WHOIS database
2. Open the email to trace and find its header
3. Collect the IP address of the sender from the header of the received mail
4. Look for the geographic address of the sender in the WHOIS database
Identify the correct sequence of steps to be performed by the incident responders to examine originating IP address of the emails.

  • A. 4-->1-->2-->3
  • B. 2-->3-->1-->4
  • C. 2-->1-->4-->3
  • D. 1-->3-->2-->4

Answer: B

Explanation:
The correct sequence to examine the originating IP address of emails involves first accessing the email's header to locate the IP address, then using external resources to investigate that address further. The steps are as follows:
* Step 2:Open the email to trace and find its header. This is the initial step because the header contains valuable information about the email's journey across the internet, including the originating IP address.
* Step 3:Collect the IP address of the sender from the header of the received mail. This detail is crucial for the next steps in the investigation.
* Step 1:Search for the IP in the WHOIS database. This database can provide information about the owner of the IP address, including the ISP and sometimes the geographic location.
* Step 4:Look for the geographic address of the sender in the WHOIS database. With the IP address information obtained from the WHOIS search, the geographic location or the originating country of the email can often be deduced, contributing to the analysis of the email's legitimacy.
References:The process of analyzing email headers to trace originating IP addresses and further investigating those addresses is a common practice in incident response, covered under the digital forensics and email analysis topics within the ECIH v3 curriculum by EC-Council.


NEW QUESTION # 51
You are talking to a colleague who is deciding what information they should include in their organization's logs to help with security auditing.
Which of the following items should you tell them to NOT log?

  • A. Source IP address
  • B. userid
  • C. Session ID
  • D. Timestamp

Answer: C


NEW QUESTION # 52
ADAM, an employee from a multinational company, uses his company's accounts to send e-mails to a third
party with their spoofed mail address. How can you categorize this type of account?

  • A. Network intrusion incident
  • B. Denial of Service incident
  • C. Inappropriate usage incident
  • D. Unauthorized access incident

Answer: C


NEW QUESTION # 53
Which of the following best describes an email issued as an attack medium, in which several messages are sent to a mailbox to cause over fi ow?

  • A. Email-bombing
  • B. Masquerading
  • C. Spoofing
  • D. Smurf attack

Answer: A


NEW QUESTION # 54
Identify the network security incident where intended authorized users are prevented from using system, network, or applications by flooding the network with high volume of traffic that consumes all existing network resources.

  • A. SQL Injection
  • B. XSS Attack
  • C. URL Manipulation
  • D. Denial of Service Attack

Answer: D


NEW QUESTION # 55
To respond to DDoS attacks; one of the following strategies can be used:

  • A. Shut down some services until the attack has subsided
  • B. Using additional capacity to absorb attack
  • C. Identifying none critical services and stopping them
  • D. All the above

Answer: D


NEW QUESTION # 56
The USB tool (depicted below) that is connected to male USB Keyboard cable and not detected by anti-spyware tools is most likely called:

  • A. Anti-Keylogger
  • B. Hardware Keylogger
  • C. Software Key Grabber
  • D. USB adapter

Answer: B


NEW QUESTION # 57
Which of the following techniques helps incident handlers detect man-in-the-middle attacks by finding the new APs and trying to connect an already established channel, even if the spoofed AP consists of similar IP and MAC addresses as the original AP?

  • A. Wireless client monitoring
  • B. Network traffic monitoring
  • C. General wireless traffic monitoring
  • D. Access point monitoring

Answer: D


NEW QUESTION # 58
Overall Likelihood rating of a Threat to Exploit a Vulnerability is driven by :

  • A. Threat-source motivation and capability
  • B. Nature of the vulnerability
  • C. Existence and effectiveness of the current controls
  • D. All the above

Answer: D


NEW QUESTION # 59
An incident handler is analyzing email headers to find out suspicious emails.
Which of the following tools he/she must use in order to accomplish the task?

  • A. Gophish
  • B. SPAMfighter
  • C. Barracuda Email Security Gateway

Answer: C


NEW QUESTION # 60
Keyloggers do NOT:

  • A. Run in the background
  • B. Alter system files
  • C. Secretly records URLs visited in browser, keystrokes, chat conversations, ...etc
  • D. Send log file to attacker's email or upload it to an ftp server

Answer: B


NEW QUESTION # 61
SWA Cloud Services added PKI as one of their cloud security controls. What does PKI stand for?

  • A. Public key information
  • B. Private key in for ma lion
  • C. Private key infrastructure
  • D. Public key infrastructure

Answer: D

Explanation:
Public Key Infrastructure (PKI) is a framework used to manage digital certificates and public-key encryption.
It enables secure electronic transfer of information for a range of network activities such as e-commerce, internet banking, and confidential email. PKI is fundamental to the management of encryption keys and digital certificates, ensuring the secure exchange of data over networks and verification of identity.
References:The ECIH v3 program covers the importance of PKI in cloud security controls, emphasizing its role in establishing and maintaining a secure cloud computing environment.


NEW QUESTION # 62
Adam is an incident handler who intends to use DBCC LOG command to analyze a database and retrieve the active transaction log files for the specified database. The syntax of DBCC LOG command is DBCC LOG(, ), where the output parameter specifies the level of information an incident handler wants to retrieve. If Adam wants to retrieve the full information on each operation along with the hex dump of a current transaction row, which of the following output parameters should Adam use?

  • A. 0
  • B. 1
  • C. 2
  • D. 3

Answer: D


NEW QUESTION # 63
The service organization that provides 24x7 computer security incident response services to any user, company, government agency, or organization is known as:

  • A. Vulnerability Assessor
  • B. Digital Forensics Examiner
  • C. Computer Security Incident Response Team CSIRT
  • D. Security Operations Center SOC

Answer: C


NEW QUESTION # 64
Dash wants to perform a DoS attack over 256 target URLs simultaneously.
Which of the following tools can Dash employ to achieve his objective?

  • A. HOIC
  • B. OpenVAS
  • C. IDAPro
  • D. Ollydbg

Answer: A

Explanation:
High Orbit Ion Cannon (HOIC) is a tool designed to perform stress testing on networks or servers. It can launch a Distributed Denial of Service (DDoS) attack by enabling an attacker to overwhelm a target with HTTP POST and GET requests. HOIC's distinctive feature is its ability to attack multiple targets (up to 256 URLs simultaneously) with configurable HTTP flood attacks. This capability makes it a preferred choice for attackers aiming to disrupt services on a large scale. Unlike tools designed for debugging or vulnerability scanning (e.g., IDA Pro, Ollydbg, OpenVAS), HOIC is specifically crafted for launching DoS/DDoS attacks, making it the correct answer for Dash's objective.References:The Incident Handler (ECIH v3) courses and study guides delve into various cyber attack tools, including HOIC, explaining their functionalities and potential impact as part of the comprehensive cybersecurity threat landscape education.


NEW QUESTION # 65
Dan is a newly appointed information security professional in a renowned organization. He is supposed to follow multiple security strategies to eradicate malware incidents.
Which of the following is not considered as a good practice for maintaining information security and eradicating malware incidents?

  • A. Do not download or execute applications from trusted sources
  • B. Do not open files with file extensions such as.bat, .com, .exe, .p if, .vbs, and soon
  • C. Do not click on web browser pop-up windows
  • D. Do not download or execute applications from third-party sources

Answer: A


NEW QUESTION # 66
Eric is an incident responder and is working on developing incident-handling plans and procedures. As part of this process, he is performing an analysis on the organizational network to generate a report and develop policies based on the acquired results. Which of the following tools will help him in analyzing his network and the related traffic?

  • A. Burp Suite
  • B. Whois
  • C. FaceNiff
  • D. Wireshark

Answer: D


NEW QUESTION # 67
Which of the following can be considered synonymous:

  • A. Precaution and countermeasure
  • B. Vulnerability and Danger
  • C. Threat and Threat Agent
  • D. Hazard and Threat

Answer: D


NEW QUESTION # 68
Adam is an attacker who along with his team launched multiple attacks on target organization for financial benefits. Worried about getting caught, he decided to forge his identity. To do so, he created a new identity by obtaining information from different victims.
Identify the type of identity theft Adam has performed.

  • A. Social identity theft
  • B. Synthetic identity theft
  • C. Tax identity theft
  • D. Medical identity theft

Answer: B


NEW QUESTION # 69
Dan is a newly appointed information security professional in a renowned organization. He is supposed to follow multiple security strategies to eradicate malware incidents. Which of the following is not considered as a good practice for maintaining information security and eradicating malware incidents?

  • A. Do not download or execute applications from trusted sources
  • B. Do not click on web browser pop-up windows
  • C. Do not open files with file extensions such as .bat, .com, ,exe, .pif, .vbs, and so on
  • D. Do not download or execute applications from third-party sources

Answer: A


NEW QUESTION # 70
......

View All 212-89 Actual Free Exam Questions Updated: https://pass4sure.troytecdumps.com/212-89-troytec-exam-dumps.html

Related Articles

more
EC-COUNCIL 212-89 Certification Practice Exam

Copyright © 2026 Prep4away NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy