EC-COUNCIL 212-89 Actual Free Exam Questions & Community Discussion
Stanley works as an incident responder at a top MNC based out of Singapore. He was asked to investigate a cybersecurity incident that recently occurred in the company.
While investigating the crime, he collected the evidence from the victim systems. He must present this evidence in a clear and comprehensible manner to the members of jury so that the evidence explains the facts clearly and further helps in obtaining an expert opinion on the same to confirm the investigation process.
In the above scenario, what is the characteristic of the digital evidence Stanley tried to preserve?
While investigating the crime, he collected the evidence from the victim systems. He must present this evidence in a clear and comprehensible manner to the members of jury so that the evidence explains the facts clearly and further helps in obtaining an expert opinion on the same to confirm the investigation process.
In the above scenario, what is the characteristic of the digital evidence Stanley tried to preserve?
Correct Answer: B
Vote an answer
Explanation: Only visible for EduDump members. You can sign-up / login (it's free).
SpaceTech Innovations, specializing in space exploration software, encountered malware that camouflaged itself within proprietary algorithms. This stealthy malware intermittently transmitted blueprints to an unknown receiver. With a state-of-the-art code analyzer and a network traffic analyzer at hand, what's the ideal first step?
Correct Answer: C
Vote an answer
Explanation: Only visible for EduDump members. You can sign-up / login (it's free).
Francis received a spoof email asking for his bank information. He decided to use a tool to analyze the email headers. Which of the following should he use?
Correct Answer: B
Vote an answer
Explanation: Only visible for EduDump members. You can sign-up / login (it's free).
OmegaTech was compromised by an insider who deliberately introduced vulnerabilities into its flagship product after being recruited by a rival company. OmegaTech wants to minimize such risks in the future.
What should be its primary focus?
What should be its primary focus?
Correct Answer: D
Vote an answer
Explanation: Only visible for EduDump members. You can sign-up / login (it's free).
Malicious Micky has moved from the delivery stage to the exploitation stage of the kill chain. This malware wants to find and report to the command center any useful services on the system. Which of the following recon attacks is the MOST LIKELY to provide this information?
Correct Answer: A
Vote an answer
Explanation: Only visible for EduDump members. You can sign-up / login (it's free).
During an internal audit following a surge in unauthorized financial transactions, a multinational investment firm's IR team uncovers evidence of an orchestrated campaign targeting senior staff. The attackers had pieced together fragments of sensitive data by mining executive digital footprints, reviewing online publications, and analyzing company-related mentions on external platforms. Later, they engaged directly with employees under fabricated personas, conducting scripted interviews to extract missing identifiers. With the assembled profile data, the adversaries submitted diversion requests for financial correspondence and used these to impersonate executives and execute fraudulent transfers. Forensic analysis revealed no signs of malware infection or system-level compromise. Which technique best aligns with the adversary's method of obtaining the initial sensitive information?
Correct Answer: A
Vote an answer
Explanation: Only visible for EduDump members. You can sign-up / login (it's free).
Raven is a part of an IH&R team and was informed by her manager to handle and lead the removal of the root cause for an incident and to close all attack vectors to prevent similar incidents in the future. Raven notifies the service providers and developers of affected resources. Which of the following steps of the incident handling and response process does Raven need to implement to remove the root cause of the incident?
Correct Answer: D
Vote an answer
Explanation: Only visible for EduDump members. You can sign-up / login (it's free).
Mei, a forensic analyst, is analyzing logs from a compromised blog platform. She finds evidence that an attacker posted content using a valid account, and later, users who visited the blog were redirected to a phishing site containing session cookies in the URL. What kind of attack does this best describe?
Correct Answer: C
Vote an answer
Explanation: Only visible for EduDump members. You can sign-up / login (it's free).
Following a security alert, the incident response team at a legal consulting firm suspects that an employee used a USB storage device to exfiltrate confidential client data. To confirm which USB device was connected and gather timestamps and identifiers, which method is most effective?
Correct Answer: C
Vote an answer
Explanation: Only visible for EduDump members. You can sign-up / login (it's free).
If the browser does not expire the session when the user fails to logout properly, which of the following OWASP Top 10 web vulnerabilities is caused?
Correct Answer: B
Vote an answer
Explanation: Only visible for EduDump members. You can sign-up / login (it's free).
An organization named Sam Morison Inc. decided to use cloud-based services to reduce the cost of maintenance. The organization identified various risks and threats associated with cloud service adoption and migrating business-critical data to thirdparty systems. Hence, the organization decided to deploy cloud-based security tools to prevent upcoming threats.
Which of the following tools help the organization to secure the cloud resources and services?
Which of the following tools help the organization to secure the cloud resources and services?
Correct Answer: B
Vote an answer
Explanation: Only visible for EduDump members. You can sign-up / login (it's free).
Which of the following has been used to evade IDS and IPS?
Correct Answer: B
Vote an answer
Explanation: Only visible for EduDump members. You can sign-up / login (it's free).
During a routine security audit, an executive's mobile device began exhibiting signs of compromise, including frequent crashes, unrecognized applications, and abnormal data consumption. The organization's IR team conducted multiple antivirus scans and attempted standard malware removal procedures, but the threat continued to persist. Further investigation suggested that the malware was embedded in a background service configured to reinitialize upon reboot. Concerned about the potential risk of data exfiltration or further infection, the team decided to isolate the device and initiate a tailored eradication strategy to remove the threat without activating it. Which eradication step is most appropriate in this situation?
Correct Answer: B
Vote an answer
Explanation: Only visible for EduDump members. You can sign-up / login (it's free).
0
0
0
10
