Here you have the best EC-Council 212-89 practice exam questions
Which of the following terms may be defined as "a measure of possible inability to achieve a goal, objective, or target within a defined security, cost plan and technical limitations that adversely affects the organization's operation and revenues?
The term that best fits the definition of 'a measure of possible inability to achieve a goal, objective, or target within a defined security, cost plan and technical limitations that adversely affects the organization's operation and revenues' is 'Risk'. Risk refers to the potential for losses or adverse effects on an organization's operations and revenues due to various factors, including security vulnerabilities, technical issues, and cost constraints.
A distributed Denial of Service (DDoS) attack is a more common type of DoS Attack, where a single system is targeted by a large number of infected machines over the Internet. In a DDoS attack, attackers first infect multiple systems which are known as:
In a Distributed Denial of Service (DDoS) attack, the multiple systems that are infected and used to target a single system are known as 'Zombies'. These zombies form a botnet, which attackers use to overload the target system with traffic, causing a denial of service.
The goal of incident response is to handle the incident in a way that minimizes damage and reduces recovery time and cost. Which of the following does NOT constitute a goal of incident response?
Dealing with human resources department and various employee conflict behaviors does not constitute a goal of incident response. The purpose of incident response includes using information gathered during incident handling to enhance future response and provide better protection (B), helping personnel to recover quickly and efficiently from security incidents (C), and properly addressing any legal issues that may arise (D).
An organization faced an information security incident where a disgruntled employee passed sensitive access control information to a competitor. The organization's incident response manager, upon investigation, found that the incident must be handled within a few hours on the same day to maintain business continuity and market competitiveness. How would you categorize such information security incident?
This incident should be categorized as a middle level incident. Middle level incidents require action within a few hours to mitigate potential moderate threats to the organization. The fact that the incident must be handled within a few hours on the same day aligns with the characteristics of middle level incidents.
The flow chart gives a view of different roles played by the different personnel of CSIRT. Identify the incident response personnel denoted by A, B, C, D, E, F and
G.
The roles depicted in the flow chart are best matched with the given option D. A is the Incident Manager, acting as a link between groups. B is the Incident Analyst, a stakeholder in the incident. C is Public Relations, ensuring operations return to normal. D is the Administrator, handling incidents from a management and technical viewpoint. E is Human Resources, responsible for human aspects of a disaster. F is the Constituency, eradicating and recovering from incidents. G is the Incident Coordinator, responsible for stakeholder communications. Therefore, the roles align perfectly with option D.