EC-COUNCIL EC-COUNCIL Certifications 212-89 Questions & Answers

• Question 131:

  An incident is analyzed for its nature, intensity and its effects on the network and systems. Which stage of the incident response and handling process involves auditing the system and network log files?

  A. Incident recording

  B. Reporting

  C. Containment

  D. Identification

  Correct Answer: D

• Question 132:

  Which among the following CERTs is an Internet provider to higher education institutions and various other research institutions in the Netherlands and deals with all cases related to computer security incidents in which a customer is involved either as a victim or as a suspect?

  A. NET-CERT

  B. DFN-CERT

  C. Funet CERT

  D. SURFnet-CERT

  Correct Answer: D

• Question 133:

  Which of the following incident recovery testing methods works by creating a mock disaster, like fire to identify the reaction of the procedures that are implemented to handle such situations?

  A. Scenario testing

  B. Facility testing

  C. Live walk-through testing

  D. Procedure testing

  Correct Answer: D

• Question 134:

  In the Control Analysis stage of the NIST's risk assessment methodology, technical and none technical control methods are classified into two categories. What are these two control categories?

  A. Preventive and Detective controls

  B. Detective and Disguised controls

  C. Predictive and Detective controls

  D. Preventive and predictive controls

  Correct Answer: A

• Question 135:

  A threat source does not present a risk if NO vulnerability that can be exercised for a particular threat source. Identify the step in which different threat sources are defined:

  

  A. Identification Vulnerabilities

  B. Control analysis

  C. Threat identification

  D. System characterization

  Correct Answer: C

• Question 136:

  When an employee is terminated from his or her job, what should be the next immediate step taken by an organization?

  A. All access rights of the employee to physical locations, networks, systems, applications and data should be disabled

  B. The organization should enforce separation of duties

  C. The access requests granted to an employee should be documented and vetted by the supervisor

  D. The organization should monitor the activities of the system administrators and privileged users who have permissions to access the sensitive information

  Correct Answer: A

• Question 137:

  Policies are designed to protect the organizational resources on the network by establishing the set rules and procedures. Which of the following policies authorizes a group of users to perform a set of actions on a set of resources?

  A. Access control policy

  B. Audit trail policy

  C. Logging policy

  D. Documentation policy

  Correct Answer: A

• Question 138:

  Identify a standard national process which establishes a set of activities, general tasks and a management structure to certify and accredit systems that will maintain the information assurance (IA) and security posture of a system or site.

  A. NIASAP

  B. NIAAAP

  C. NIPACP

  D. NIACAP

  Correct Answer: D

• Question 139:

  US-CERT and Federal civilian agencies use the reporting timeframe criteria in the federal agency reporting categorization. What is the timeframe required to report an incident under the CAT 4 Federal Agency category?

  A. Weekly

  B. Within four (4) hours of discovery/detection if the successful attack is still ongoing and agency is unable to successfully mitigate activity

  C. Within two (2) hours of discovery/detection

  D. Monthly

  Correct Answer: A

• Question 140:

  The network perimeter should be configured in such a way that it denies all incoming and outgoing traffic/ services that are not required. Which service listed below, if blocked, can help in preventing Denial of Service attack?

  A. SAM service

  B. POP3 service

  C. SMTP service

  D. Echo service

  Correct Answer: D