212-89 : EC-Council Certified Incident Handler : Part 04

  1. The sign of incident that may happen in the future is called:

    • A Precursor
    • An Indication
    • A Proactive
    • A Reactive
  2. Incidents such as DDoS that should be handled immediately may be considered as:

    • Level One incident
    • Level Two incident
    • Level Three incident
    • Level Four incident
  3. Total cost of disruption of an incident is the sum of

    • Tangible and Intangible costs
    • Tangible cost only
    • Intangible cost only
    • Level Two and Level Three incidents cost
  4. Incident prioritization must be based on:

    • Potential impact
    • Current damage
    • Criticality of affected systems
    • All the above
  5. An information security incident is

    • Any real or suspected adverse event in relation to the security of computer systems or networks
    • Any event that disrupts normal today’s business functions
    • Any event that breaches the availability of information assets
    • All of the above
  6. Which of the following can be considered synonymous:

    • Hazard and Threat
    • Threat and Threat Agent
    • Precaution and countermeasure
    • Vulnerability and Danger
  7. If the loss anticipated is greater than the agreed upon threshold; the organization will:

    • Accept the risk
    • Mitigate the risk
    • Accept the risk but after management approval
    • Do nothing
  8. A payroll system has a vulnerability that cannot be exploited by current technology. Which of the following is correct about this scenario:

    • The risk must be urgently mitigated
    • The risk must be transferred immediately
    • The risk is not present at this time
    • The risk is accepted
  9. Overall Likelihood rating of a Threat to Exploit a Vulnerability is driven by :

    • Threat-source motivation and capability
    • Nature of the vulnerability
    • Existence and effectiveness of the current controls
    • All the above
  10. Absorbing minor risks while preparing to respond to major ones is called:

    • Risk Mitigation
    • Risk Transfer
    • Risk Assumption
    • Risk Avoidance
  11. The left over risk after implementing a control is called:

    • Residual risk
    • Unaccepted risk
    • Low risk
    • Critical risk
  12. Adam calculated the total cost of a control to protect 10,000 $ worth of data as 20,000 $. What do you advise Adam to do?

    • Apply the control
    • Not to apply the control
    • Use qualitative risk assessment
    • Use semi-qualitative risk assessment instead
  13. What is correct about Quantitative Risk Analysis:

    • It is Subjective but faster than Qualitative Risk Analysis
    • Easily automated
    • Better than Qualitative Risk Analysis
    • Uses levels and descriptive expressions
  14. Which of the following is a risk assessment tool:

    • Nessus
    • Wireshark
    • CRAMM
    • Nmap
  15. In NIST risk assessment/ methodology; the process of identifying the boundaries of an IT system along with the resources and information that constitute the system is known as:

    • Asset Identification
    • System characterization
    • Asset valuation
    • System classification
  16. Performing Vulnerability Assessment is an example of a:

    • Incident Response
    • Incident Handling
    • Pre-Incident Preparation
    • Post Incident Management
  17. The correct sequence of Incident Response and Handling is:

    • Incident Identification, recording, initial response, communication and containment
    • Incident Identification, initial response, communication, recording and containment
    • Incident Identification, communication, recording, initial response and containment
    • Incident Identification, recording, initial response, containment and communication
  18. Preventing the incident from spreading and limiting the scope of the incident is known as:

    • Incident Eradication
    • Incident Protection
    • Incident Containment
    • Incident Classification
  19. What is the best staffing model for an incident response team if current employees’ expertise is very low?

    • Fully outsourced
    • Partially outsourced
    • Fully insourced
    • All the above
  20. The correct sequence of incident management process is:

    • Prepare, protect, triage, detect and respond
    • Prepare, protect, detect, triage and respond
    • Prepare, detect, protect, triage and respond
    • Prepare, protect, detect, respond and triage