Winter Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: bigdisc65

Sure Pass Exam 212-89 PDF

Page: 4 / 12
Question 16

Eve’s is an incident handler in ABC organization. One day, she got a complaint about email hacking incident from one of the employees of the organization. As a part of

incident handling and response process, she must follow many recovery steps in order to recover from incident impact to maintain business continuity.

What is the first step that she must do to secure employee account?

Options:

A.

Restore the email services and change the password

B.

Enable two-factor authentication

C.

Enable scanning of links and attachments in all the emails

D.

Disabling automatic file sharing between the systems

Question 17

Sam. an employee of a multinational company, sends emails to third-party organizations with a spoofed email address of his organization. How can you categorize this type of incident?

Options:

A.

Network intrusion incident

B.

Inappropriate usage incident

C.

Unauthorized access incident.

D.

Denial-of-service incicent

Question 18

Eric is an incident responder and is working on developing incident-handling plans and procedures. As part of this process, he is performing an analysis on the organizational network to generate a report and develop policies based on the acquired results. Which of the following tools will help him in analyzing his network and the related traffic?

Options:

A.

Whois

B.

Burp Suite

C.

FaceNiff

D.

Wireshark

Question 19

Johnson an incident handler is working on a recent web application attack faced by the

organization. As part of this process, he performed data preprocessing in order to

analyzing and detecting the watering hole attack. He preprocessed the outbound

network traffic data collected from firewalls and proxy servers and started analyzing

the user activities within a certain time period to create time-ordered domain sequences

to perform further analysis on sequential patterns.

Identify the data-preprocessing step performed by Johnson.

Options:

A.

Filtering invalid host names

B.

Identifying unpopular domains

C.

Host name normalization

D.

User-specific sessionization

Page: 4 / 12
Exam Code: 212-89
Exam Name: EC Council Certified Incident Handler (ECIH v3)
Last Update: Nov 21, 2024
Questions: 168
212-89 pdf

212-89 PDF

$28  $80
212-89 Engine

212-89 Testing Engine

$33.25  $95
212-89 PDF + Engine

212-89 PDF + Testing Engine

$45.5  $130