Last Updated on September 20, 2021 by Admin 2

212-89 : EC-Council Certified Incident Handler : Part 06

  1. The very well-known free open source port, OS and service scanner and network discovery utility is called:

    • Wireshark
    • Nmap (Network Mapper)
    • Snort
    • SAINT
  2. In a DDoS attack, attackers first infect multiple systems, which are then used to attack a particular target directly. Those systems are called:

    • Honey Pots
    • Relays
    • Zombies
    • Handlers
  3. The open source TCP/IP network intrusion prevention and detection system (IDS/IPS), uses a rule-driven language, performs real-time traffic analysis and packet logging is known as:

    • Snort
    • Wireshark
    • Nessus
    • SAINT
  4. A Malicious code attack using emails is considered as:

    • Malware based attack
    • Email attack
    • Inappropriate usage incident
    • Multiple component attack
  5. They type of attack that prevents the authorized users to access networks, systems, or applications by exhausting the network resources and sending illegal requests to an application is known as:

    • Session Hijacking attack
    • Denial of Service attack
    • Man in the Middle attack
    • SQL injection attack
  6. A malware code that infects computer files, corrupts or deletes the data in them and requires a host file to propagate is called:

    • Trojan
    • Worm
    • Virus
    • RootKit
  7. ___________________ record(s) user’s typing.

    • Spyware
    • adware
    • Virus
    • Malware
  8. Which of the following is a characteristic of adware?

    • Gathering information
    • Displaying popups
    • Intimidating users
    • Replicating
  9. ________________ attach(es) to files

    • adware
    • Spyware
    • Viruses
    • Worms
  10. A self-replicating malicious code that does not alter files but resides in active memory and duplicates itself, spreads through the infected network automatically and takes advantage of file or information transport features on the system to travel independently is called:

    • Trojan
    • Worm
    • Virus
    • RootKit
  11. A malicious security-breaking code that is disguised as any useful program that installs an executable programs when a file is opened and allows others to control the victim’s system is called:

    • Trojan
    • Worm
    • Virus
    • RootKit
  12. The message that is received and requires an urgent action and it prompts the recipient to delete certain files or forward it to others is called:

    • An Adware
    • Mail bomb
    • A Virus Hoax
    • Spear Phishing
  13. The free utility which quickly scans Systems running Windows OS to find settings that may have been changed by spyware, malware, or other unwanted programs is called:

    • Tripwire
    • HijackThis
    • Stinger
    • F-Secure Anti-virus
  14. The Malicious code that is installed on the computer without user’s knowledge to acquire information from the user’s machine and send it to the attacker who can access it remotely is called:

    • Spyware
    • Logic Bomb
    • Trojan
    • Worm
  15. A software application in which advertising banners are displayed while the program is running that delivers ads to display pop-up windows or bars that appears on a computer screen or browser is called:

    • adware (spelled all lower case)
    • Trojan
    • RootKit
    • Virus
    • Worm
  16. A Host is infected by worms that propagates through a vulnerable service; the sign(s) of the presence of the worm include:

    • Decrease in network usage
    • Established connection attempts targeted at the vulnerable services
    • System becomes instable or crashes
    • All the above
  17. The main difference between viruses and worms is:

    • Worms require a host file to propagate while viruses don’t
    • Viruses require a host file to propagate while Worms don’t
    • Viruses don’t require user interaction; they are self-replicating malware
    • Viruses and worms are common names for the same malware
  18. The sign(s) of the presence of malicious code on a host infected by a virus which is delivered via e-mail could be:

    • Antivirus software detects the infected files
    • Increase in the number of e-mails sent and received
    • System files become inaccessible
    • All the above
  19. Which of the following is NOT one of the common techniques used to detect Insider threats:

    • Spotting an increase in their performance
    • Observing employee tardiness and unexplained absenteeism
    • Observing employee sick leaves
    • Spotting conflicts with supervisors and coworkers
  20. Which of the following is NOT one of the techniques used to respond to insider threats:

    • Placing malicious users in quarantine network, so that attack cannot be spread
    • Preventing malicious users from accessing unclassified information
    • Disabling the computer systems from network connection
    • Blocking malicious user accounts