최신EC-COUNCIL EC Council Certified Incident Handler (ECIH v3) - 212-89무료샘플문제
문제1
Eric works as an incident handler at Erinol software systems. He was assigned a task to protect the organization from any kind of DoS/DDoS attacks.
Which of the following tools can be used by Eric to achieve his objective?
Eric works as an incident handler at Erinol software systems. He was assigned a task to protect the organization from any kind of DoS/DDoS attacks.
Which of the following tools can be used by Eric to achieve his objective?
정답: C
설명: (KoreaDumps 회원만 볼 수 있음)
문제2
In which of the following types of insider threats an insider who is uneducated on potential security threats or simply bypasses general security procedures to meet workplace efficiency?
In which of the following types of insider threats an insider who is uneducated on potential security threats or simply bypasses general security procedures to meet workplace efficiency?
정답: D
설명: (KoreaDumps 회원만 볼 수 있음)
문제3
Which of the following is an attack that occurs when a malicious program causes a user's browser to perform an unwanted action on a trusted site for which the user is currently authenticated?
Which of the following is an attack that occurs when a malicious program causes a user's browser to perform an unwanted action on a trusted site for which the user is currently authenticated?
정답: B
설명: (KoreaDumps 회원만 볼 수 있음)
문제4
After containing a data compromise that disrupted operations across multiple departments, a global consulting enterprise launched a formal retrospective involving cybersecurity leads, infrastructure managers, legal advisors, and executive stakeholders. The initiative involved constructing a detailed timeline of incident- handling activities, evaluating decision pathways, identifying coordination breakdowns, and recommending actionable improvements to mitigate future occurrences. The review emphasized a no-blame culture, aiming to refine strategic playbooks and organizational readiness based on empirical evidence and shared insights.
Which post-incident activity is primarily being executed in this scenario?
After containing a data compromise that disrupted operations across multiple departments, a global consulting enterprise launched a formal retrospective involving cybersecurity leads, infrastructure managers, legal advisors, and executive stakeholders. The initiative involved constructing a detailed timeline of incident- handling activities, evaluating decision pathways, identifying coordination breakdowns, and recommending actionable improvements to mitigate future occurrences. The review emphasized a no-blame culture, aiming to refine strategic playbooks and organizational readiness based on empirical evidence and shared insights.
Which post-incident activity is primarily being executed in this scenario?
정답: B
설명: (KoreaDumps 회원만 볼 수 있음)
문제5
Jason, a cybersecurity analyst in the incident response team, begins investigating several complaints from employees who received emails urgently requesting wire transfers to an overseas account. The emails appeared to come from the company's CEO, using a tone of authority and pressure to bypass standard procedures. Upon closer inspection, Jason identifies that the sender's email address includes a minor alteration in the domain name-a form of domain spoofing. He examines the email headers, confirms the falsified sender identity, and cross-checks with the actual CEO's activity logs to ensure there was no internal compromise. Immediately, Jason blocks the sender's IP address at the firewall level, alerts the finance department to prevent any unauthorized transactions, and issues a company-wide advisory about the impersonation attempt. What type of phishing is Jason handling?
Jason, a cybersecurity analyst in the incident response team, begins investigating several complaints from employees who received emails urgently requesting wire transfers to an overseas account. The emails appeared to come from the company's CEO, using a tone of authority and pressure to bypass standard procedures. Upon closer inspection, Jason identifies that the sender's email address includes a minor alteration in the domain name-a form of domain spoofing. He examines the email headers, confirms the falsified sender identity, and cross-checks with the actual CEO's activity logs to ensure there was no internal compromise. Immediately, Jason blocks the sender's IP address at the firewall level, alerts the finance department to prevent any unauthorized transactions, and issues a company-wide advisory about the impersonation attempt. What type of phishing is Jason handling?
정답: A
설명: (KoreaDumps 회원만 볼 수 있음)
문제6
After a recent upgrade, users of Trend Spot encountered slow website load times. Analysis revealed attackers flooding the application with fake search requests, causing an application-layer DoS attack. How should Trend Spot primarily respond?
After a recent upgrade, users of Trend Spot encountered slow website load times. Analysis revealed attackers flooding the application with fake search requests, causing an application-layer DoS attack. How should Trend Spot primarily respond?
정답: B
설명: (KoreaDumps 회원만 볼 수 있음)
문제7
Alex is an incident handler for Tech-o-Tech Inc. and is tasked to identify any possible insider threats within his organization. Which of the following insider threat detection techniques can be used by Alex to detect insider threats based on the behavior of a suspicious employee, both individually and in a group?
Alex is an incident handler for Tech-o-Tech Inc. and is tasked to identify any possible insider threats within his organization. Which of the following insider threat detection techniques can be used by Alex to detect insider threats based on the behavior of a suspicious employee, both individually and in a group?
정답: B
설명: (KoreaDumps 회원만 볼 수 있음)
문제8
Jack, an experienced first responder in a cybersecurity incident response team, arrives at the scene of a major system breach at a financial institution. Upon arrival, Jack begins conducting preliminary interviews with key staff members who were present when the breach occurred, including network administrators, help desk personnel, and system users. He asks targeted questions about unusual system behavior, recent alerts, access logs, and any suspicious activity that may have been noticed before or during the attack. Jack takes notes to gather contextual evidence that could help reconstruct the timeline of the incident and identify potential culprits or attack vectors. Identify the responsibility assigned to Jack in the above scenario.
Jack, an experienced first responder in a cybersecurity incident response team, arrives at the scene of a major system breach at a financial institution. Upon arrival, Jack begins conducting preliminary interviews with key staff members who were present when the breach occurred, including network administrators, help desk personnel, and system users. He asks targeted questions about unusual system behavior, recent alerts, access logs, and any suspicious activity that may have been noticed before or during the attack. Jack takes notes to gather contextual evidence that could help reconstruct the timeline of the incident and identify potential culprits or attack vectors. Identify the responsibility assigned to Jack in the above scenario.
정답: C
설명: (KoreaDumps 회원만 볼 수 있음)
문제9
Which of the following is an attack that attempts to prevent the use of systems, networks, or applications by the intended users?
Which of the following is an attack that attempts to prevent the use of systems, networks, or applications by the intended users?
정답: C
설명: (KoreaDumps 회원만 볼 수 있음)
문제10
Lara, a SOC analyst, investigates multiple alerts generated by an IDS showing repeated login failures from a specific workstation to an internal application. When reviewing Windows Event Viewer logs, she discovers a user repeatedly attempting logins outside of working hours. Further checks reveal the user had installed an unauthorized remote desktop tool. Which of the following best describes this situation?
Lara, a SOC analyst, investigates multiple alerts generated by an IDS showing repeated login failures from a specific workstation to an internal application. When reviewing Windows Event Viewer logs, she discovers a user repeatedly attempting logins outside of working hours. Further checks reveal the user had installed an unauthorized remote desktop tool. Which of the following best describes this situation?
정답: C
설명: (KoreaDumps 회원만 볼 수 있음)
문제11
Which of the following is a standard framework that provides recommendations for implementing information security controls for organizations that initiate, implement, or maintain information security management systems (ISMSs)?
Which of the following is a standard framework that provides recommendations for implementing information security controls for organizations that initiate, implement, or maintain information security management systems (ISMSs)?
정답: A
설명: (KoreaDumps 회원만 볼 수 있음)
문제12
Ikeo Corp, hired an incident response team to assess the enterprise security. As part of the incident handling and response process, the IR team is reviewing the current security policies implemented by the enterprise.
The IR team finds that employees of the organization do not have any restrictions on Internet access: they are allowed to visit any site, download any application, and access a computer or network from a remote location.
Considering this as the main security threat, the IR team plans to change this policy as it can be easily exploited by attackers. Which of the following security policies is the IR team planning to modify?
Ikeo Corp, hired an incident response team to assess the enterprise security. As part of the incident handling and response process, the IR team is reviewing the current security policies implemented by the enterprise.
The IR team finds that employees of the organization do not have any restrictions on Internet access: they are allowed to visit any site, download any application, and access a computer or network from a remote location.
Considering this as the main security threat, the IR team plans to change this policy as it can be easily exploited by attackers. Which of the following security policies is the IR team planning to modify?
정답: A
설명: (KoreaDumps 회원만 볼 수 있음)
문제13
An attack on a network is BEST blocked using which of the following?
An attack on a network is BEST blocked using which of the following?
정답: C
설명: (KoreaDumps 회원만 볼 수 있음)
문제14
Rachel, a digital forensics investigator, arrives at the scene of a suspected data breach. She photographs all electronic devices, labels and packages each item in static-resistant bags, and ensures each item is documented with time, location, and device details. What activity best describes Rachel's task?
Rachel, a digital forensics investigator, arrives at the scene of a suspected data breach. She photographs all electronic devices, labels and packages each item in static-resistant bags, and ensures each item is documented with time, location, and device details. What activity best describes Rachel's task?
정답: B
설명: (KoreaDumps 회원만 볼 수 있음)