Last Updated on July 17, 2021 by InfraExam
212-89 : EC-Council Certified Incident Handler : Part 04
-
The sign of incident that may happen in the future is called:
- A Precursor
- An Indication
- A Proactive
- A Reactive
-
Incidents such as DDoS that should be handled immediately may be considered as:
- Level One incident
- Level Two incident
- Level Three incident
- Level Four incident
-
Total cost of disruption of an incident is the sum of
- Tangible and Intangible costs
- Tangible cost only
- Intangible cost only
- Level Two and Level Three incidents cost
-
Incident prioritization must be based on:
- Potential impact
- Current damage
- Criticality of affected systems
- All the above
-
An information security incident is
- Any real or suspected adverse event in relation to the security of computer systems or networks
- Any event that disrupts normal today’s business functions
- Any event that breaches the availability of information assets
- All of the above
-
Which of the following can be considered synonymous:
- Hazard and Threat
- Threat and Threat Agent
- Precaution and countermeasure
- Vulnerability and Danger
-
If the loss anticipated is greater than the agreed upon threshold; the organization will:
- Accept the risk
- Mitigate the risk
- Accept the risk but after management approval
- Do nothing
-
A payroll system has a vulnerability that cannot be exploited by current technology. Which of the following is correct about this scenario:
- The risk must be urgently mitigated
- The risk must be transferred immediately
- The risk is not present at this time
- The risk is accepted
-
Overall Likelihood rating of a Threat to Exploit a Vulnerability is driven by :
- Threat-source motivation and capability
- Nature of the vulnerability
- Existence and effectiveness of the current controls
- All the above
-
Absorbing minor risks while preparing to respond to major ones is called:
- Risk Mitigation
- Risk Transfer
- Risk Assumption
- Risk Avoidance
-
The left over risk after implementing a control is called:
- Residual risk
- Unaccepted risk
- Low risk
- Critical risk
-
Adam calculated the total cost of a control to protect 10,000 $ worth of data as 20,000 $. What do you advise Adam to do?
- Apply the control
- Not to apply the control
- Use qualitative risk assessment
- Use semi-qualitative risk assessment instead
-
What is correct about Quantitative Risk Analysis:
- It is Subjective but faster than Qualitative Risk Analysis
- Easily automated
- Better than Qualitative Risk Analysis
- Uses levels and descriptive expressions
-
Which of the following is a risk assessment tool:
- Nessus
- Wireshark
- CRAMM
- Nmap
-
In NIST risk assessment/ methodology; the process of identifying the boundaries of an IT system along with the resources and information that constitute the system is known as:
- Asset Identification
- System characterization
- Asset valuation
- System classification
-
Performing Vulnerability Assessment is an example of a:
- Incident Response
- Incident Handling
- Pre-Incident Preparation
- Post Incident Management
-
The correct sequence of Incident Response and Handling is:
- Incident Identification, recording, initial response, communication and containment
- Incident Identification, initial response, communication, recording and containment
- Incident Identification, communication, recording, initial response and containment
- Incident Identification, recording, initial response, containment and communication
-
Preventing the incident from spreading and limiting the scope of the incident is known as:
- Incident Eradication
- Incident Protection
- Incident Containment
- Incident Classification
-
What is the best staffing model for an incident response team if current employees’ expertise is very low?
- Fully outsourced
- Partially outsourced
- Fully insourced
- All the above
-
The correct sequence of incident management process is:
- Prepare, protect, triage, detect and respond
- Prepare, protect, detect, triage and respond
- Prepare, detect, protect, triage and respond
- Prepare, protect, detect, respond and triage