最新的EC-COUNCIL EC Council Certified Incident Handler (ECIH v3) - 212-89免費考試真題
DeltaCorp, a global e-commerce company, received an email sent to the financial department claiming to be from the CEO, requesting an urgent transfer of funds. To determine the legitimacy of this potentially deceptive email, which of the following should be the primary focus of the investigation?
正確答案: B
說明:(僅 Fast2test 成員可見)
During the vulnerability assessment phase, the incident responders perform various steps as below:
1. Run vulnerability scans using tools
2. Identify and prioritize vulnerabilities
3. Examine and evaluate physical security
4. Perform OSINT information gathering to validate the vulnerabilities
5. Apply business and technology context to scanner results
6. Check for misconfigurations and human errors
7. Create a vulnerability scan report
Identify the correct sequence of vulnerability assessment steps performed by the incident responders.
1. Run vulnerability scans using tools
2. Identify and prioritize vulnerabilities
3. Examine and evaluate physical security
4. Perform OSINT information gathering to validate the vulnerabilities
5. Apply business and technology context to scanner results
6. Check for misconfigurations and human errors
7. Create a vulnerability scan report
Identify the correct sequence of vulnerability assessment steps performed by the incident responders.
正確答案: A
說明:(僅 Fast2test 成員可見)
Following a spear-phishing campaign targeting executive-level employees, a mid-sized financial firm experienced unauthorized access to internal systems, leading to widespread disruption of customer-facing applications. Although the technical issues were resolved within days, the breach triggered legal scrutiny and negative press coverage. Several major customers expressed concern about the firm's risk posture and began transitioning to competitors. Investor confidence was impacted as the stock value dipped, and senior leadership initiated a damage control campaign. Which of the following best categorizes the broader consequences experienced by the organization?
正確答案: C
說明:(僅 Fast2test 成員可見)
Alex is an incident handler in QWERTY Company. He identified that an attacker created a backdoor inside the company's network by installing a fake AP inside a firewall. Which of the following attack types did the attacker use?
正確答案: D
說明:(僅 Fast2test 成員可見)
Which of the following port scanning techniques involves resetting the TCP connection between client and server abruptly before completion of the three-way handshake signals, making the connection half-open?
正確答案: D
說明:(僅 Fast2test 成員可見)
Ikeo Corp, hired an incident response team to assess the enterprise security. As part of the incident handling and response process, the IR team is reviewing the current security policies implemented by the enterprise.
The IR team finds that employees of the organization do not have any restrictions on Internet access: they are allowed to visit any site, download any application, and access a computer or network from a remote location.
Considering this as the main security threat, the IR team plans to change this policy as it can be easily exploited by attackers. Which of the following security policies is the IR team planning to modify?
The IR team finds that employees of the organization do not have any restrictions on Internet access: they are allowed to visit any site, download any application, and access a computer or network from a remote location.
Considering this as the main security threat, the IR team plans to change this policy as it can be easily exploited by attackers. Which of the following security policies is the IR team planning to modify?
正確答案: C
說明:(僅 Fast2test 成員可見)
Liam, a senior incident responder at a manufacturing company, is alerted to an email campaign distributing malware through fake invoice attachments. He confirms that some users opened the attachment, resulting in system slowdown and unauthorized access attempts. He disconnects affected machines, scans and removes malware, disables compromised accounts, restores systems from clean backups, and documents file hashes, sender IPs, and malicious domains. Which of the following best describes Liam's objective?
正確答案: D
說明:(僅 Fast2test 成員可見)
Sophia, a security analyst, notices that a sensitive folder on a file server was accessed during off-hours by an intern using authorized credentials. The access was not flagged because the intern's permissions had not been reviewed in months after their project ended. What process should have been enforced to avoid this insider threat?
正確答案: A
說明:(僅 Fast2test 成員可見)
What is the most recent NIST standard for incident response?
正確答案: B
說明:(僅 Fast2test 成員可見)
An attacker after performing an attack decided to wipe evidences using artifact wiping techniques to evade forensic investigation. He applied magnetic field to the digital media device, resulting in an entirely clean device of any previously stored data.
Identify the artifact wiping technique used by the attacker.
Identify the artifact wiping technique used by the attacker.
正確答案: D
說明:(僅 Fast2test 成員可見)