Download EC-Council Certified Incident Handler.PracticeTest.212-89.2019-10-10.1e.74q.vcex

Download Exam

File Info

Exam EC-Council Certified Incident Handler
Number 212-89
File Name EC-Council Certified Incident Handler.PracticeTest.212-89.2019-10-10.1e.74q.vcex
Size 51 Kb
Posted October 10, 2019
Downloads 63
Download EC-Council Certified Incident Handler.PracticeTest.212-89.2019-10-10.1e.74q.vcex

How to open VCEX & EXAM Files?

Files with VCEX & EXAM extensions can be opened by ProfExam Simulator.


With discount: 20%


Demo Questions

Question 1

Multiple component incidents consist of a combination of two or more attacks in a system. Which of the following is not a multiple component incident?

  • A: An insider intentionally deleting files from a workstation
  • B: An attacker redirecting user to a malicious website and infects his system with Trojan
  • C: An attacker infecting a machine to launch a DDoS attack
  • D: An attacker using email with malicious code to infect internal workstation

Correct Answer: A

Question 2

Computer Forensics is the branch of forensic science in which legal evidence is found in any computer or any digital media device. Of the following, who is responsible for examining the evidence acquired and separating the useful evidence? 

  • A: Evidence Supervisor
  • B: Evidence Documenter
  • C: Evidence Manager
  • D: Evidence Examiner/ Investigator

Correct Answer: D

Question 3

The network perimeter should be configured in such a way that it denies all incoming and outgoing traffic/ services that are not required. Which service listed below, if blocked, can help in preventing Denial of Service attack?

  • A: SAM service
  • B: POP3 service
  • C: SMTP service
  • D: Echo service

Correct Answer: D

Question 4

A US Federal agency network was the target of a DoS attack that prevented and impaired the normal authorized functionality of the networks. According to agency’s reporting timeframe guidelines, this incident should be reported within two (2) HOURS of discovery/detection if the successful attack is still ongoing and the agency is unable to successfully mitigate the activity. Which incident category of the US Federal Agency does this incident belong to?

  • A: CAT 5
  • B: CAT 1
  • C: CAT 2
  • D: CAT 6

Correct Answer: C

Question 5

When an employee is terminated from his or her job, what should be the next immediate step taken by an organization?

  • A: All access rights of the employee to physical locations, networks, systems, applications and data should be disabled 
  • B: The organization should enforce separation of duties
  • C: The access requests granted to an employee should be documented and vetted by the supervisor
  • D: The organization should monitor the activities of the system administrators and privileged users who have permissions to access the sensitive information

Correct Answer: A

Question 6

A threat source does not present a risk if NO vulnerability that can be exercised for a particular threat source. Identify the step in which different threat sources are defined:


  • A: Identification Vulnerabilities
  • B: Control analysis
  • C: Threat identification
  • D: System characterization

Correct Answer: C

Question 7

In the Control Analysis stage of the NIST’s risk assessment methodology, technical and none technical control methods are classified into two categories. What are these two control categories?

  • A: Preventive and Detective controls 
  • B: Detective and Disguised controls
  • C: Predictive and Detective controls
  • D: Preventive and predictive controls

Correct Answer: A

Question 8

Which of the following incident recovery testing methods works by creating a mock disaster, like fire to identify the reaction of the procedures that are implemented to handle such situations?

  • A: Scenario testing
  • B: Facility testing
  • C: Live walk-through testing
  • D: Procedure testing

Correct Answer: D

Question 9

An incident is analyzed for its nature, intensity and its effects on the network and systems. Which stage of the incident response and handling process involves auditing the system and network log files?

  • A: Incident recording
  • B: Reporting
  • C: Containment
  • D: Identification

Correct Answer: D

Question 10

Which among the following CERTs is an Internet provider to higher education institutions and various other research institutions in the Netherlands and deals with all cases related to computer security incidents in which a customer is involved either as a victim or as a suspect?

  • C: Funet CERT
  • D: SURFnet-CERT

Correct Answer: D





You can buy ProfExam with a 20% discount!


Use ProfExam Simulator to open VCEX and EXAM files