Last Updated on July 17, 2021 by Admin 2
212-89 : EC-Council Certified Incident Handler : Part 03
A computer virus hoax is a message warning the recipient of non-existent computer virus. The message is usually a chain e-mail that tells the recipient to forward it to every one they know. Which of the following is NOT a symptom of virus hoax message?
- The message prompts the end user to forward it to his / her e-mail contact list and gain monetary benefits in doing so
- The message from a known email id is caught by SPAM filters due to change of filter settings
- The message warns to delete certain files if the user does not take appropriate action
- The message prompts the user to install Anti-Virus
In which of the steps of NIST’s risk assessment methodology are the boundary of the IT system, along with the resources and the information that constitute the system identified?
- Likelihood Determination
- Control recommendation
- System characterization
- Control analysis
ADAM, an employee from a multinational company, uses his company’s accounts to send e-mails to a third party with their spoofed mail address. How can you categorize this type of account?
- Inappropriate usage incident
- Unauthorized access incident
- Network intrusion incident
- Denial of Service incident
A security policy will take the form of a document or a collection of documents, depending on the situation or usage. It can become a point of reference in case a violation occurs that results in dismissal or other penalty. Which of the following is NOT true for a good security policy?
- It must be enforceable with security tools where appropriate and with sanctions where actual prevention is not technically feasible
- It must be approved by court of law after verifications of the stated terms and facts
- It must be implemented through system administration procedures, publishing of acceptable use guide lines or other appropriate methods
- It must clearly define the areas of responsibilities of the users, administrators and management
Incident handling and response steps help you to detect, identify, respond and manage an incident. Which of the following helps in recognizing and separating the infected hosts from the information system?
- Configuring firewall to default settings
- Inspecting the process running on the system
- Browsing particular government websites
- Sending mails to only group of friends
An access control policy authorized a group of users to perform a set of actions on a set of resources. Access to resources is based on necessity and if a particular job role requires the use of those resources. Which of the following is NOT a fundamental element of access control policy
- Action group: group of actions performed by the users on resources
- Development group: group of persons who develop the policy
- Resource group: resources controlled by the policy
- Access group: group of users to which the policy applies
Computer viruses are malicious software programs that infect computers and corrupt or delete the data on them. Identify the virus type that specifically infects Microsoft Word files?
- Micro Virus
- File Infector
- Macro Virus
- Boot Sector virus
The type of relationship between CSIRT and its constituency have an impact on the services provided by the CSIRT. Identify the level of the authority that enables members of CSIRT to undertake any necessary actions on behalf of their constituency?
- Full-level authority
- Mid-level authority
- Half-level authority
- Shared-level authority
Digital evidence plays a major role in prosecuting cyber criminals. John is a cyber-crime investigator, is asked to investigate a child pornography case. The personal computer of the criminal in question was confiscated by the county police. Which of the following evidence will lead John in his investigation?
- SAM file
- Web serve log
- Routing table list
- Web browser history
An estimation of the expected losses after an incident helps organization in prioritizing and formulating their incident response. The cost of an incident can be categorized as a tangible and intangible cost. Identify the tangible cost associated with virus outbreak?
- Loss of goodwill
- Damage to corporate reputation
- Psychological damage
- Lost productivity damage
Which of the following incidents are reported under CAT -5 federal agency category?
- Exercise/ Network Defense Testing
- Malicious code
- Scans/ probes/ Attempted Access
- Denial of Service DoS
One of the goals of CSIRT is to manage security problems by taking a certain approach towards the customers’ security vulnerabilities and by responding effectively to potential information security incidents. Identify the incident response approach that focuses on developing the infrastructure and security processes before the occurrence or detection of an event or any incident:
- Interactive approach
- Introductive approach
- Proactive approach
- Qualitative approach
A computer forensic investigator must perform a proper investigation to protect digital evidence. During the investigation, an investigator needs to process large amounts of data using a combination of automated and manual methods. Identify the computer forensic process involved:
Incident management team provides support to all users in the organization that are affected by the threat or attack. The organization’s internal auditor is part of the incident response team. Identify one of the responsibilities of the internal auditor as part of the incident response team:
- Configure information security controls
- Perform necessary action to block the network traffic from suspected intruder
- Identify and report security loopholes to the management for necessary actions
- Coordinate incident containment activities with the information security officer
A risk mitigation strategy determines the circumstances under which an action has to be taken to minimize and overcome risks. Identify the risk mitigation strategy that focuses on minimizing the probability of risk and losses by searching for vulnerabilities in the system and appropriate controls:
- Risk Assumption
- Research and acknowledgment
- Risk limitation
- Risk absorption
Based on the some statistics; what is the typical number one top incident?
- Policy violation
- Un-authorized access
An adversary attacks the information resources to gain undue advantage is called:
- Defensive Information Warfare
- Offensive Information Warfare
- Electronic Warfare
- Conventional Warfare
An assault on system security that is derived from an intelligent threat is called:
- Threat Agent
The IDS and IPS system logs indicating an unusual deviation from typical network traffic flows; this is called:
- A Precursor
- An Indication
- A Proactive
- A Reactive
The largest number of cyber-attacks are conducted by:
- Business partners