Eccouncil 212-89 practice test

EC-Council Certified Incident Handler v2 Exam

Last exam update: Dec 02 ,2023
Page 1 out of 11
Viewing questions 1-15 out of 136

Question 1

The ability of an agency to continue to function even after a disastrous event, accomplished through
the deployment of redundant hardware and software, the use of fault tolerant systems, as well as a
solid backup and recovery strategy is known as:

  • A. Business Continuity Plan
  • B. Business Continuity
  • C. Disaster Planning
  • D. Contingency Planning
Answer:

B

Discussions
0 / 1000

Question 2

Business Continuity provides a planning methodology that allows continuity in business operations:

  • A. Before and after a disaster
  • B. Before a disaster
  • C. Before, during and after a disaster
  • D. During and after a disaster
Answer:

C

Discussions
0 / 1000

Question 3

Which test is conducted to determine the incident recovery procedures effectiveness?

  • A. Live walk-throughs of procedures
  • B. Scenario testing
  • C. Department-level test
  • D. Facility-level test
Answer:

A

Discussions
0 / 1000

Question 4

Business Continuity planning includes other plans such as:

  • A. Incident/disaster recovery plan
  • B. Business recovery and resumption plans
  • C. Contingency plan
  • D. All the above
Answer:

D

Discussions
0 / 1000

Question 5

The process of rebuilding and restoring the computer systems affected by an incident to normal
operational stage including all the processes, policies and tools is known as:

  • A. Incident Management
  • B. Incident Response
  • C. Incident Recovery
  • D. Incident Handling
Answer:

C

Discussions
0 / 1000

Question 6

To whom should an information security incident be reported?

  • A. It should not be reported at all and it is better to resolve it internally
  • B. Human resources and Legal Department
  • C. It should be reported according to the incident reporting & handling policy
  • D. Chief Information Security Officer
Answer:

C

Discussions
0 / 1000

Question 7

Incident may be reported using/ by:

  • A. Phone call
  • B. Facsimile (Fax)
  • C. Email or on-line Web form
  • D. All the above
Answer:

D

Discussions
0 / 1000

Question 8

Agencies do NOT report an information security incident is because of:

  • A. Afraid of negative publicity
  • B. Have full knowledge about how to handle the attack internally
  • C. Do not want to pay the additional cost of reporting an incident
  • D. All the above
Answer:

A

Discussions
0 / 1000

Question 9

According to US-CERT; if an agency is unable to successfully mitigate a DOS attack it must be reported
within:

  • A. One (1) hour of discovery/detection if the successful attack is still ongoing
  • B. Two (2) hours of discovery/detection if the successful attack is still ongoing
  • C. Three (3) hours of discovery/detection if the successful attack is still ongoing
  • D. Four (4) hours of discovery/detection if the successful attack is still ongoing
Answer:

B

Discussions
0 / 1000

Question 10

Incidents are reported in order to:

  • A. Provide stronger protection for systems and data
  • B. Deal properly with legal issues
  • C. Be prepared for handling future incidents
  • D. All the above
Answer:

D

Discussions
0 / 1000

Question 11

A methodical series of techniques and procedures for gathering evidence, from computing
equipment and various storage devices and digital media, that can be presented in a court of law in a
coherent and meaningful format is called:

  • A. Forensic Analysis
  • B. Computer Forensics
  • C. Forensic Readiness
  • D. Steganalysis
Answer:

B

Discussions
0 / 1000

Question 12

Electronic evidence may reside in the following:

  • A. Data Files
  • B. Backup tapes
  • C. Other media sources
  • D. All the above
Answer:

D

Discussions
0 / 1000

Question 13

The person who offers his formal opinion as a testimony about a computer crime incident in the
court of law is known as:

  • A. Expert Witness
  • B. Incident Analyzer
  • C. Incident Responder
  • D. Evidence Documenter
Answer:

A

Discussions
0 / 1000

Question 14

The correct order or sequence of the Computer Forensic processes is:

  • A. Preparation, analysis, examination, collection, and reporting
  • B. Preparation, collection, examination, analysis, and reporting
  • C. Preparation, examination, collection, analysis, and reporting
  • D. Preparation, analysis, collection, examination, and reporting
Answer:

B

Discussions
0 / 1000

Question 15

Which of the following is NOT one of the Computer Forensic types:

  • A. USB Forensics
  • B. Email Forensics
  • C. Forensic Archaeology
  • D. Image Forensics
Answer:

C

Discussions
0 / 1000
To page 2