Last Updated on July 17, 2021 by Admin 2

212-89 : EC-Council Certified Incident Handler : Part 05

  1. Incident response team must adhere to the following:

    • Stay calm and document everything
    • Assess the situation
    • Notify appropriate personnel
    • All the above
  2. Which of the following is an incident tracking, reporting and handling tool:

    • CRAMM
    • RTIR
    • NETSTAT
    • EAR/ Pilar
  3. Removing or eliminating the root cause of the incident is called:

    • Incident Eradication
    • Incident Protection
    • Incident Containment
    • Incident Classification
  4. Which of the following is a correct statement about incident management, handling and response:

    • Incident response is on the functions provided by incident handling
    • Incident handling is on the functions provided by incident response
    • Triage is one of the services provided by incident response
    • Incident response is one of the services provided by triage
  5. Incident Response Plan requires

    • Financial and Management support
    • Expert team composition
    • Resources
    • All the above
  6. The service organization that provides 24×7 computer security incident response services to any user, company, government agency, or organization is known as:

    • Computer Security Incident Response Team CSIRT
    • Security Operations Center SOC
    • Digital Forensics Examiner
    • Vulnerability Assessor
  7. The main feature offered by PGP Desktop Email is:

    • Email service during incidents
    • End-to-end email communications
    • End-to-end secure email service
    • None of the above
  8. Which of the following service(s) is provided by the CSIRT:

    • Vulnerability handling
    • Technology watch
    • Development of security tools
    • All the above
  9. The role that applies appropriate technology and tries to eradicate and recover from the incident is known as:

    • Incident Manager
    • Incident Analyst
    • Incident Handler
    • Incident coordinator
  10. CERT members can provide critical support services to first responders such as:

    • Immediate assistance to victims
    • Consolidated automated service process management platform
    • Organizing spontaneous volunteers at a disaster site
    • A + C
  11. The region where the CSIRT is bound to serve and what does it and give service to is known as:

    • Consistency
    • Confidentiality
    • Constituency
    • None of the above
  12. The program that helps to train people to be better prepared to respond to emergency situations in their communities is known as:

    • Community Emergency Response Team (CERT)
    • Incident Response Team (IRT)
    • Security Incident Response Team (SIRT)
    • All the above
  13. CSIRT can be implemented at:

    • Internal enterprise level
    • National, government and military level
    • Vendor level
    • All the above
  14. The typical correct sequence of activities used by CSIRT when handling a case is:

    • Log, inform, maintain contacts, release information, follow up and reporting
    • Log, inform, release information, maintain contacts, follow up and reporting
    • Log, maintain contacts, inform, release information, follow up and reporting
    • Log, maintain contacts, release information, inform, follow up and reporting
  15. Common name(s) for CSIRT is(are)

    • Incident Handling Team (IHT)
    • Incident Response Team (IRT)
    • Security Incident Response Team (SIRT)
    • All the above
  16. An active vulnerability scanner featuring high speed discovery, configuration auditing, asset profiling, sensitive data discovery, and vulnerability analysis is called:

    • Nessus
    • CyberCop
    • EtherApe
    • nmap
  17. The free, open source, TCP/IP protocol analyzer, sniffer and packet capturing utility standard across many industries and educational institutions is known as:

    • Snort
    • Wireshark
    • Cain & Able
    • nmap
  18. Installing a password cracking tool, downloading pornography material, sending emails to colleagues which irritates them and hosting unauthorized websites on the company’s computer are considered:

    • Network based attacks
    • Unauthorized access attacks
    • Malware attacks
    • Inappropriate usage incidents
  19. Changing the web server contents, Accessing the workstation using a false ID and Copying sensitive data without authorization are examples of:

    • DDoS attacks
    • Unauthorized access attacks
    • Malware attacks
    • Social Engineering attacks
  20. To respond to DDoS attacks; one of the following strategies can be used:

    • Using additional capacity to absorb attack
    • Identifying none critical services and stopping them
    • Shut down some services until the attack has subsided
    • All the above