212-89題庫分享,212-89學習資料Fast2test剛剛發布了最新的212-89認證考試所有更新的問題及答案,來確保您考試成功通過。我們提供最新的PDF和軟件版本的問題和答案,可以保證考生的212-89考試100%通過。在我們的網站上,您將獲得我們提供的EC-COUNCIL 212-89免費的PDF版本的DEMO試用,您會發現這絕對是最值得信賴的學習資料。對于擁有高命中率的EC-COUNCIL 212-89考古題,還在等什么,趕快下載最新的題庫資料來準備考試吧! 最新的 ECIH Certification 212-89 免費考試真題 (Q112-Q117):問題 #112
Drake is an incident handler in Dark CLoud Inc. He is intended to perform log analysis in order to detect traces of malicious activities within the network infrastructure.
Which of the following tools Drake must employ in order to view logs in real time and identify malware propagation within the network?
A. HULK
B. Hydra
C. Splunk
D. LOIC
答案:C
問題 #113
Otis is an incident handler working in the Delmont organization. Recently, the organization is facing several setbacks in the business and thereby its revenues are going down. Otis was asked to take charge and look into the matter. While auditing the enterprise security, he found the traces of an attack where proprietary information was stolen from the enterprise network and was passed on to their competitors.
Which of the following information security incidents did the Delmont organization face?
A. Espionage
B. Unauthorized access
C. Email-based abuse
D. Network and resource abuses
答案:A
問題 #114
Who is mainly responsible for providing proper network services and handling network-related incidents in all the cloud service models?
A. Cloud consumer
B. Cloud brokers
C. Cloud auditor
D. Cloud service provide
答案:D
問題 #115
NovoMed discovers encrypted data transfers of drug research and participant data to an unknown location and receives an extortion-like message implying the formula may be released. What is the most prudent course of action?
A. Negotiate with the attackers discreetly to buy time and retrieve data.
B. Immediately recall the drug from the market.
C. Publicly announce the breach warning competitors and authorities.
D. Engage local law enforcement and international cybercrime agencies to trace the transfer's origins.
答案:D
解題說明:
Explanation (incident response governance):
This scenario combines data theft + extortion involving highly sensitive IP and regulated participant data.
The prudent course is to trigger formal legal/incident governance: engage law enforcement and appropriate cybercrime agencies (D), preserve evidence, and coordinate with legal counsel, regulators (if required), and cyber-insurance response processes. Law enforcement engagement can support intelligence sharing, preservation orders, and broader investigation into the infrastructure receiving the exfiltrated data.
(A) recalling the drug is not directly tied to the incident's immediate technical or legal response; it's a business decision that may be unnecessary and harmful without evidence of counterfeit risk. (B) immediate public announcement may be legally required in some jurisdictions, but it must be accurate and coordinated; doing it prematurely can worsen harm. (C) negotiation is risky and typically handled only through controlled legal and executive channels; it does not ensure data return and can incentivize further extortion.
Thus, (D) reflects best-practice escalation: treat it as a serious crime, preserve chain of custody, and coordinate response through legal and investigative authorities while technical teams contain and scope.
問題 #116
What is the best staffing model for an incident response team if current employees' expertise is very low?