EC-COUNCIL EC Council Certified Incident Handler (ECIH v3) (212-89) Free Practice Test
Question 1
QualTech Solutions is a leading security services enterprise. Dickson, who works as an incident responder with this firm, is performing a vulnerability assessment to identify the security problems in the network by using automated tools for identifying the hosts, services, and vulnerabilities in the enterprise network. In the above scenario, which of the following types of vulnerability assessment is Dickson performing?
Correct Answer: A
Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).
Question 2
NeuroNet, a pioneer in neural network research, identified an insider siphoning off critical research data. Post- investigation revealed employee dissatisfaction as the motive. To minimize such threats in the future, which measure should NeuroNet prioritize?
Correct Answer: D
Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).
Question 3
Jason is an incident handler dealing with malware incidents. He was asked to perform memory dump analysis in order to collect the information about the basic functionality of any program. As a part of his assignment, he needs to perform string search analysis to search for the malicious string that could determine harmful actions that a program can perform. Which of the following string-searching tools Jason needs to use to do the intended task?
Correct Answer: D
Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).
Question 4
A US Federal Agency network was the target of a DoS attack that prevented and impaired the normal authorized functionality of the networks. According to agency's reporting timeframe guidelines, this incident should be reported within 2 h of discovery/detection if the successful attack is still ongoing and the agency is unable to successfully mitigate the activity.
Which incident category of US Federal Agency does this incident belong to?
Which incident category of US Federal Agency does this incident belong to?
Correct Answer: B
Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).
Question 5
Francis is an incident handler and security expert. He works at MorisonTech Solutions based in Sydney, Australia. He was assigned a task to detect phishing/spam mails for the client organization.
Which of the following tools can assist Francis to perform the required task?
Which of the following tools can assist Francis to perform the required task?
Correct Answer: C
Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).
Question 6
Alice is a disgruntled employee. She decided to acquire critical information from her organization for financial benefit. To acccomplish this, Alice started running a virtual machine on the same physical host as her victim's virtual machine and took advantage of shared physical resources (processor cache) to steal data (cryptographic key/plain text secrets) from the victim machine. Identify the type of attack Alice is performing in the above scenario.
Correct Answer: A
Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).
Question 7
DeltaCorp, a global e-commerce company, received an email sent to the financial department claiming to be from the CEO, requesting an urgent transfer of funds. To determine the legitimacy of this potentially deceptive email, which of the following should be the primary focus of the investigation?
Correct Answer: D
Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).
Question 8
A mid-sized healthcare organization undergoing digital modernization is working toward ISO/IEC 27001 certification. During a readiness review, the CISO identifies gaps: staff lack clear channels to raise concerns about system weaknesses, outcome tracking after adverse events is inconsistent, and there is no formalized way to assess what went right or wrong following disruptions. To comply with ISO/IEC 27001 Annex A.16, which action should be prioritized?
Correct Answer: B
Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).
Question 9
Eric works as an incident handler at Erinol software systems. He was assigned a task to protect the organization from any kind of DoS/DDoS attacks.
Which of the following tools can be used by Eric to achieve his objective?
Which of the following tools can be used by Eric to achieve his objective?
Correct Answer: A
Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).
Question 10
Which of the following techniques prevent or mislead incident-handling process and may also affect the collection, preservation, and identification phases of the forensic investigation process?
Correct Answer: B
Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).
Question 11
Bonney's system has been compromised by a gruesome malware.
What is the primary step that is advisable to Bonney in order to contain the malware incident from spreading?
What is the primary step that is advisable to Bonney in order to contain the malware incident from spreading?
Correct Answer: A
Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).