Update 212-89 Dump 2021

NEW QUESTION 1
Business Continuity planning includes other plans such as:

• A. Incident/disaster recovery plan
• B. Business recovery and resumption plans
• C. Contingency plan
• D. All the above

Answer: D

NEW QUESTION 2
Which of the following incident recovery testing methods works by creating a mock disaster, like fire to identify the reaction of the procedures that are implemented to handle such situations?

• A. Scenario testing
• B. Facility testing
• C. Live walk-through testing
• D. Procedure testing

Answer: D

NEW QUESTION 3
Which of the following is NOT one of the common techniques used to detect Insider threats:

• A. Spotting an increase in their performance
• B. Observing employee tardiness and unexplained absenteeism
• C. Observing employee sick leaves
• D. Spotting conflicts with supervisors and coworkers

Answer: A

NEW QUESTION 4
The data on the affected system must be backed up so that it can be retrieved if it is damaged during incident response. The system backup can also be used for further investigations of the incident. Identify the stage of the incident response and handling process in which complete backup of the infected system is carried out?

• A. Containment
• B. Eradication
• C. Incident recording
• D. Incident investigation

Answer: A

NEW QUESTION 5
A Host is infected by worms that propagates through a vulnerable service; the sign(s) of the presence of the worm include:

• A. Decrease in network usage
• B. Established connection attempts targeted at the vulnerable services
• C. System becomes instable or crashes
• D. All the above

Answer: C

NEW QUESTION 6
The free, open source, TCP/IP protocol analyzer, sniffer and packet capturing utility standard across many industries and educational institutions is known as:

• A. Snort
• B. Wireshark
• C. Cain & Able
• D. nmap

Answer: B

NEW QUESTION 7
The Malicious code that is installed on the computer without user’s knowledge to acquire information from the user’s machine and send it to the attacker who can access it remotely is called:

• A. Spyware
• B. Logic Bomb
• C. Trojan
• D. Worm

Answer: A

NEW QUESTION 8
______ attach(es) to files

• A. adware
• B. Spyware
• C. Viruses
• D. Worms

Answer: C

NEW QUESTION 9
A distributed Denial of Service (DDoS) attack is a more common type of DoS Attack, where a single system is targeted by a large number of infected machines over the Internet. In a DDoS attack, attackers first infect multiple systems which are known as:

• A. Trojans
• B. Zombies
• C. Spyware
• D. Worms

Answer: B

NEW QUESTION 10
According to the Evidence Preservation policy, a forensic investigator should make at least ..................... image copies of the digital evidence.

• A. One image copy
• B. Two image copies
• C. Three image copies
• D. Four image copies

Answer: B

NEW QUESTION 11
Business Continuity provides a planning methodology that allows continuity in business operations:

• A. Before and after a disaster
• B. Before a disaster
• C. Before, during and after a disaster
• D. During and after a disaster

Answer: C

NEW QUESTION 12
The goal of incident response is to handle the incident in a way that minimizes damage and reduces recovery time and cost. Which of the following does NOT constitute a goal of incident response?

• A. Dealing with human resources department and various employee conflict behaviors.
• B. Using information gathered during incident handling to prepare for handling future incidents in a better way and to provide stronger protection for systems and data.
• C. Helping personal to recover quickly and efficiently from security incidents, minimizing loss or theft and disruption of services.
• D. Dealing properly with legal issues that may arise during incidents.

Answer: A

NEW QUESTION 13
The type of relationship between CSIRT and its constituency have an impact on the services provided by the CSIRT. Identify the level of the authority that enables members of CSIRT to undertake any necessary actions on behalf of their constituency?

• A. Full-level authority
• B. Mid-level authority
• C. Half-level authority
• D. Shared-level authority

Answer: A

NEW QUESTION 14
What is correct about Quantitative Risk Analysis:

• A. It is Subjective but faster than Qualitative Risk Analysis
• B. Easily automated
• C. Better than Qualitative Risk Analysis
• D. Uses levels and descriptive expressions

Answer: B

NEW QUESTION 15
Removing or eliminating the root cause of the incident is called:

• A. Incident Eradication
• B. Incident Protection
• C. Incident Containment
• D. Incident Classification

Answer: A

NEW QUESTION 16
Which among the following CERTs is an Internet provider to higher education institutions and various other research institutions in the Netherlands and deals with all cases related to computer security incidents in which a customer is involved either as a victim or as a suspect?

• A. NET-CERT
• B. DFN-CERT
• C. Funet CERT
• D. SURFnet-CERT

Answer: D

NEW QUESTION 17
Changing the web server contents, Accessing the workstation using a false ID and Copying sensitive data without authorization are examples of:

• A. DDoS attacks
• B. Unauthorized access attacks
• C. Malware attacks
• D. Social Engineering attacks

Answer: B

NEW QUESTION 18
An adversary attacks the information resources to gain undue advantage is called:

• A. Defensive Information Warfare
• B. Offensive Information Warfare
• C. Electronic Warfare
• D. Conventional Warfare

Answer: B

NEW QUESTION 19
The most common type(s) of intellectual property is(are):

• A. Copyrights and Trademarks
• B. Patents
• C. Industrial design rights & Trade secrets
• D. All the above

Answer: D

NEW QUESTION 20
Authorized users with privileged access who misuse the corporate informational assets and directly affects the confidentiality, integrity, and availability of the assets are known as:

• A. Outsider threats
• B. Social Engineers
• C. Insider threats
• D. Zombies

Answer: C

NEW QUESTION 21
......