The purpose of this Sample Question Set is to provide you with information about the EC-Council Certified Incident Handler exam. These sample questions will make you very familiar with both the type and the difficulty level of the questions on the 212-89 certification test. To get familiar with real exam environment, we suggest you try our Sample EC-Council ECIH Certification Practice Exam. This sample practice exam gives you the feeling of reality and is a clue to the questions asked in the actual EC-Council Certified Incident Handler (ECIH) certification exam.
These sample questions are simple and basic questions that represent likeness to the real EC-Council 212-89 exam questions. To assess your readiness and performance with real time scenario based questions, we suggest you prepare with our Premium EC-Council ECIH Certification Practice Exam. When you solve real time scenario based questions practically, you come across many difficulties that give you an opportunity to improve.
EC-Council 212-89 Sample Questions:
01. In NIST risk assessment/ methodology; the process of identifying the boundaries of an IT system along with the resources and information that constitute the system is known as:
a) System characterization
b) System classification
c) Asset valuation
d) Asset Identification
02. Rinni is an incident handler and she is performing memory dump analysis. Which of following tools she can use in order to perform a memory dump analysis?
a) Proc mon and Process Explorer
b) iNetSim
c) Security breach
d) OllyDbg and IDA Pro
03. Which among the following CERTs is an Internet provider to higher education institutions and various other research institutions in the Netherlands and deals with all cases related to computer security incidents in which a customer is involved either as a victim or as a suspect?
a) SURFnet-CERT
b) NET-CERT
c) Funet CERT
d) DFN-CERT
04. Organizations or incident response teams need to protect the evidence for any future legal actions that may be taken against perpetrators that intentionally attacked the computer system. EVIDENCE PROTECTION is also required to meet legal compliance issues.
Which of the following documents helps in protecting evidence from physical or logical damage?
a) Chain-of-Precedence
b) Chain-of-Custody
c) Network and host log records
d) Forensic analysis report
05. What command does a Digital Forensic Examiner use to display the list of all open ports and the associated IP addresses on a victim computer to identify the established connections on it:
a) "netstat -an" command
b) "dd" command
c) "arp" command
d) "ifconfig" command
06. A computer forensic investigator must perform a proper investigation to protect digital evidence. During the investigation, an investigator needs to process large amounts of data using a combination of automated and manual methods.
Identify the computer forensic process involved:
a) Analysis
b) Preparation
c) Examination
d) Collection
07. What is the best staffing model for an incident response team if current employees' expertise is very low?
a) Fully insourced
b) Fully outsourced
c) Partially outsourced
d) All the above
08. Unusual logins, accessing sensitive information not used for the job role, and the use of personal external storage drives on company assets are all signs of which of the following?
a) Security breach
b) Over-working
c) Insider threat
d) Lack of job rotation
09. Your company sells SaaS, and your company itself is hosted in the cloud (using it as a PaaS). In case of a malware incident in your customer's database, who is responsible for eradicating the malicious software?
a) Your company
b) The customer
c) The PaaS provider
d) Building management
10. When an employee is terminated from his or her job, what should be the next immediate step taken by an organization?
a) The organization should monitor the activities of the system administrators and privileged users who have permissions to access the sensitive information
b) The organization should enforce separation of duties
c) The access requests granted to an employee should be documented and vetted by the supervisor
d) All access rights of the employee to physical locations, networks, systems, applications and data should be disabled
Answers:
Question: 01
Answer: a |
Question: 02
Answer: d |
Question: 03
Answer: a |
Question: 04
Answer: b |
Question: 05
Answer: a |
Question: 06
Answer: c |
Question: 07
Answer: b |
Question: 08
Answer: c |
Question: 09
Answer: a |
Question: 10
Answer: d |
Note: For any error in EC-Council Certified Incident Handler (ECIH) (212-89) certification exam sample questions, please update us by writing an email on feedback@edusum.com.
