212-89 : EC-Council Certified Incident Handler : Part 06

Last Updated on July 17, 2021 by InfraExam

212-89 : EC-Council Certified Incident Handler : Part 06

212-89 : All Parts

212-89 : EC-Council Certified Incident Handler : All Parts
212-89 Part 01	212-89 Part 05
212-89 Part 02	212-89 Part 06
212-89 Part 03	212-89 Part 07
212-89 Part 04	212-89 Part 08

The very well-known free open source port, OS and service scanner and network discovery utility is called:
- Wireshark
- Nmap (Network Mapper)
- Snort
- SAINT
In a DDoS attack, attackers first infect multiple systems, which are then used to attack a particular target directly. Those systems are called:
- Honey Pots
- Relays
- Zombies
- Handlers
The open source TCP/IP network intrusion prevention and detection system (IDS/IPS), uses a rule-driven language, performs real-time traffic analysis and packet logging is known as:
- Snort
- Wireshark
- Nessus
- SAINT
A Malicious code attack using emails is considered as:
- Malware based attack
- Email attack
- Inappropriate usage incident
- Multiple component attack
They type of attack that prevents the authorized users to access networks, systems, or applications by exhausting the network resources and sending illegal requests to an application is known as:
- Session Hijacking attack
- Denial of Service attack
- Man in the Middle attack
- SQL injection attack
A malware code that infects computer files, corrupts or deletes the data in them and requires a host file to propagate is called:
- Trojan
- Worm
- Virus
- RootKit
___________________ record(s) user’s typing.
- Spyware
- adware
- Virus
- Malware
Which of the following is a characteristic of adware?
- Gathering information
- Displaying popups
- Intimidating users
- Replicating
________________ attach(es) to files
- adware
- Spyware
- Viruses
- Worms
A self-replicating malicious code that does not alter files but resides in active memory and duplicates itself, spreads through the infected network automatically and takes advantage of file or information transport features on the system to travel independently is called:
- Trojan
- Worm
- Virus
- RootKit
A malicious security-breaking code that is disguised as any useful program that installs an executable programs when a file is opened and allows others to control the victim’s system is called:
- Trojan
- Worm
- Virus
- RootKit
The message that is received and requires an urgent action and it prompts the recipient to delete certain files or forward it to others is called:
- An Adware
- Mail bomb
- A Virus Hoax
- Spear Phishing
The free utility which quickly scans Systems running Windows OS to find settings that may have been changed by spyware, malware, or other unwanted programs is called:
- Tripwire
- HijackThis
- Stinger
- F-Secure Anti-virus
The Malicious code that is installed on the computer without user’s knowledge to acquire information from the user’s machine and send it to the attacker who can access it remotely is called:
- Spyware
- Logic Bomb
- Trojan
- Worm
A software application in which advertising banners are displayed while the program is running that delivers ads to display pop-up windows or bars that appears on a computer screen or browser is called:
- adware (spelled all lower case)
- Trojan
- RootKit
- Virus
- Worm
A Host is infected by worms that propagates through a vulnerable service; the sign(s) of the presence of the worm include:
- Decrease in network usage
- Established connection attempts targeted at the vulnerable services
- System becomes instable or crashes
- All the above
The main difference between viruses and worms is:
- Worms require a host file to propagate while viruses don’t
- Viruses require a host file to propagate while Worms don’t
- Viruses don’t require user interaction; they are self-replicating malware
- Viruses and worms are common names for the same malware
The sign(s) of the presence of malicious code on a host infected by a virus which is delivered via e-mail could be:
- Antivirus software detects the infected files
- Increase in the number of e-mails sent and received
- System files become inaccessible
- All the above
Which of the following is NOT one of the common techniques used to detect Insider threats:
- Spotting an increase in their performance
- Observing employee tardiness and unexplained absenteeism
- Observing employee sick leaves
- Spotting conflicts with supervisors and coworkers
Which of the following is NOT one of the techniques used to respond to insider threats:
- Placing malicious users in quarantine network, so that attack cannot be spread
- Preventing malicious users from accessing unclassified information
- Disabling the computer systems from network connection
- Blocking malicious user accounts

212-89 : All Parts

212-89 : EC-Council Certified Incident Handler : All Parts
212-89 Part 01	212-89 Part 05
212-89 Part 02	212-89 Part 06
212-89 Part 03	212-89 Part 07
212-89 Part 04	212-89 Part 08

212-89 : EC-Council Certified Incident Handler : Part 06

The very well-known free open source port, OS and service scanner and network discovery utility is called:

In a DDoS attack, attackers first infect multiple systems, which are then used to attack a particular target directly. Those systems are called:

The open source TCP/IP network intrusion prevention and detection system (IDS/IPS), uses a rule-driven language, performs real-time traffic analysis and packet logging is known as:

A Malicious code attack using emails is considered as:

They type of attack that prevents the authorized users to access networks, systems, or applications by exhausting the network resources and sending illegal requests to an application is known as:

A malware code that infects computer files, corrupts or deletes the data in them and requires a host file to propagate is called:

___________________ record(s) user’s typing.

Which of the following is a characteristic of adware?

________________ attach(es) to files

A self-replicating malicious code that does not alter files but resides in active memory and duplicates itself, spreads through the infected network automatically and takes advantage of file or information transport features on the system to travel independently is called:

A malicious security-breaking code that is disguised as any useful program that installs an executable programs when a file is opened and allows others to control the victim’s system is called:

The message that is received and requires an urgent action and it prompts the recipient to delete certain files or forward it to others is called:

The free utility which quickly scans Systems running Windows OS to find settings that may have been changed by spyware, malware, or other unwanted programs is called:

The Malicious code that is installed on the computer without user’s knowledge to acquire information from the user’s machine and send it to the attacker who can access it remotely is called:

A software application in which advertising banners are displayed while the program is running that delivers ads to display pop-up windows or bars that appears on a computer screen or browser is called:

A Host is infected by worms that propagates through a vulnerable service; the sign(s) of the presence of the worm include:

The main difference between viruses and worms is:

The sign(s) of the presence of malicious code on a host infected by a virus which is delivered via e-mail could be:

Which of the following is NOT one of the common techniques used to detect Insider threats:

Which of the following is NOT one of the techniques used to respond to insider threats: