212-89 : EC-Council Certified Incident Handler : Part 08

  1. The person who offers his formal opinion as a testimony about a computer crime incident in the court of law is known as:

    • Expert Witness
    • Incident Analyzer
    • Incident Responder
    • Evidence Documenter
  2. Electronic evidence may reside in the following:

    • Data Files
    • Backup tapes
    • Other media sources
    • All the above
  3. A methodical series of techniques and procedures for gathering evidence, from computing equipment and various storage devices and digital media, that can be presented in a court of law in a coherent and meaningful format is called:

    • Forensic Analysis
    • Computer Forensics
    • Forensic Readiness
    • Steganalysis
  4. Incidents are reported in order to:

    • Provide stronger protection for systems and data
    • Deal properly with legal issues
    • Be prepared for handling future incidents
    • All the above
  5. According to US-CERT; if an agency is unable to successfully mitigate a DOS attack it must be reported within:

    • One (1) hour of discovery/detection if the successful attack is still ongoing
    • Two (2) hours of discovery/detection if the successful attack is still ongoing
    • Three (3) hours of discovery/detection if the successful attack is still ongoing
    • Four (4) hours of discovery/detection if the successful attack is still ongoing
  6. Agencies do NOT report an information security incident is because of:

    • Afraid of negative publicity
    • Have full knowledge about how to handle the attack internally
    • Do not want to pay the additional cost of reporting an incident
    • All the above
  7. Incident may be reported using/ by:

    • Phone call
    • Facsimile (Fax)
    • Email or on-line Web form
    • All the above
  8. To whom should an information security incident be reported?

    • It should not be reported at all and it is better to resolve it internally
    • Human resources and Legal Department
    • It should be reported according to the incident reporting & handling policy
    • Chief Information Security Officer
  9. The process of rebuilding and restoring the computer systems affected by an incident to normal operational stage including all the processes, policies and tools is known as:

    • Incident Management
    • Incident Response
    • Incident Recovery
    • Incident Handling
  10. Business Continuity planning includes other plans such as:

    • Incident/disaster recovery plan
    • Business recovery and resumption plans
    • Contingency plan
    • All the above
  11. Which test is conducted to determine the incident recovery procedures effectiveness?

    • Live walk-throughs of procedures
    • Scenario testing
    • Department-level test
    • Facility-level test
  12. Business Continuity provides a planning methodology that allows continuity in business operations:

    • Before and after a disaster
    • Before a disaster
    • Before, during and after a disaster
    • During and after a disaster
  13. The ability of an agency to continue to function even after a disastrous event, accomplished through the deployment of redundant hardware and software, the use of fault tolerant systems, as well as a solid backup and recovery strategy is known as:

    • Business Continuity Plan
    • Business Continuity
    • Disaster Planning
    • Contingency Planning
  14. The steps followed to recover computer systems after an incident are:

    • System restoration, validation, operation and monitoring
    • System restoration, operation, validation, and monitoring
    • System monitoring, validation, operation and restoration
    • System validation, restoration, operation and monitoring
  15. The policy that defines which set of events needs to be logged in order to capture and review the important data in a timely manner is known as:

    • Audit trail policy
    • Logging policy
    • Documentation policy
    • Evidence Collection policy
  16. An information security policy must be:

    • Distributed and communicated
    • Enforceable and Regularly updated
    • Written in simple language
    • All the above
  17. The product of intellect that has commercial value and includes copyrights and trademarks is called:

    • Intellectual property
    • Trade secrets
    • Logos
    • Patents
  18. The most common type(s) of intellectual property is(are):

    • Copyrights and Trademarks
    • Patents
    • Industrial design rights & Trade secrets
    • All the above
  19. Ensuring the integrity, confidentiality and availability of electronic protected health information of a patient is known as:

    • Gramm-Leach-Bliley Act
    • Health Insurance Portability and Privacy Act
    • Social Security Act
    • Sarbanes-Oxley Act
  20. According to the Fourth Amendment of USA PATRIOT Act of 2001; if a search does NOT violate a person’s “reasonable” or “legitimate” expectation of privacy then it is considered:

    • Constitutional/ Legitimate
    • Illegal/ illegitimate
    • Unethical
    • None of the above
  21. Bit stream image copy of the digital evidence must be performed in order to:

    • Prevent alteration to the original disk
    • Copy the FAT table
    • Copy all disk sectors including slack space
    • All the above
  22. According to the Evidence Preservation policy, a forensic investigator should make at least ………………… image copies of the digital evidence.

    • One image copy
    • Two image copies
    • Three image copies
    • Four image copies
  23. A living high level document that states in writing a requirement and directions on how an agency plans to protect its information technology assets is called:

    • Information security Policy
    • Information security Procedure
    • Information security Baseline
    • Information security Standard