Last Updated on September 20, 2021 by Admin 2

212-89 : EC-Council Certified Incident Handler : Part 07

  1. Authorized users with privileged access who misuse the corporate informational assets and directly affects the confidentiality, integrity, and availability of the assets are known as:

    • Outsider threats
    • Social Engineers
    • Insider threats
    • Zombies
  2. Keyloggers do NOT:

    • Run in the background
    • Alter system files
    • Secretly records URLs visited in browser, keystrokes, chat conversations, …etc
    • Send log file to attacker’s email or upload it to an ftp server
  3. Which is the incorrect statement about Anti-keyloggers scanners:

    • Detect already installed Keyloggers in victim machines
    • Run in stealthy mode to record victims online activity
    • Software tools
  4. The USB tool (depicted below) that is connected to male USB Keyboard cable and not detected by anti-spyware tools is most likely called:

    212-89 Part 07 Q04 003
    212-89 Part 07 Q04 003
    • Software Key Grabber
    • Hardware Keylogger
    • USB adapter
    • Anti-Keylogger
  5. Insiders understand corporate business functions. What is the correct sequence of activities performed by Insiders to damage company assets:

    • Gain privileged access, install malware then activate
    • Install malware, gain privileged access, then activate
    • Gain privileged access, activate and install malware
    • Activate malware, gain privileged access then install malware
  6. Spyware tool used to record malicious user’s computer activities and keyboard stokes is called:

    • adware
    • Keylogger
    • Rootkit
    • Firewall
  7. Insiders may be:

    • Ignorant employees
    • Carless administrators
    • Disgruntled staff members
    • All the above
  8. Which of the following may be considered as insider threat(s):

    • An employee having no clashes with supervisors and coworkers
    • Disgruntled system administrators
    • An employee who gets an annual 7% salary raise
    • An employee with an insignificant technical literacy and business process knowledge
  9. Lack of forensic readiness may result in:

    • Loss of clients thereby damaging the organization’s reputation
    • System downtime
    • Data manipulation, deletion, and theft
    • All the above
  10. The state of incident response preparedness that enables an organization to maximize its potential to use digital evidence while minimizing the cost of an investigation is called:

    • Computer Forensics
    • Digital Forensic Analysis
    • Forensic Readiness
    • Digital Forensic Policy
  11. Which of the following is NOT a digital forensic analysis tool:

    • Access Data FTK
    • EAR/ Pilar
    • Guidance Software EnCase Forensic
    • Helix
  12. The Linux command used to make binary copies of computer media and as a disk imaging tool if given a raw disk device as its input is:

    • “dd” command
    • “netstat” command
    • “nslookup” command
    • “find” command
  13. What command does a Digital Forensic Examiner use to display the list of all open ports and the associated IP addresses on a victim computer to identify the established connections on it:

    • “arp” command
    • “netstat –an” command
    • “dd” command
    • “ifconfig” command
  14. What command does a Digital Forensic Examiner use to display the list of all IP addresses and their associated MAC addresses on a victim computer to identify the machines that were communicating with it:

    • “arp” command
    • “netstat –an” command
    • “dd” command
    • “ifconfig” command
  15. The individual who recovers, analyzes, and preserves computer and related materials to be presented as evidence in a court of law and identifies the evidence, estimates the potential impact of the malicious activity on the victim, and assesses the intent and identity of the perpetrator is called:

    • Digital Forensic Examiner
    • Computer Forensic Investigator
    • Computer Hacking Forensic Investigator
    • All the above
  16. To recover, analyze, and preserve computer and related materials in such a way that it can be presented as evidence in a court of law and identify the evidence in short time, estimate the potential impact of the malicious activity on the victim, and assess the intent and identity of the perpetrator is known as:

    • Computer Forensics
    • Digital Forensic Analysis
    • Forensic Readiness
    • Digital Forensic Examiner
  17. Any information of probative value that is either stored or transmitted in a digital form during a computer crime is called:

    • Digital evidence
    • Computer Emails
    • Digital investigation
    • Digital Forensic Examiner
  18. Digital evidence must:

    • Be Authentic, complete and reliable
    • Not prove the attackers actions
    • Be Volatile
    • Cast doubt on the authenticity and veracity of the evidence
  19. Which of the following is NOT one of the Computer Forensic types:

    • USB Forensics
    • Email Forensics
    • Forensic Archaeology
    • Image Forensics
  20. The correct order or sequence of the Computer Forensic processes is:

    • Preparation, analysis, examination, collection, and reporting
    • Preparation, collection, examination, analysis, and reporting
    • Preparation, examination, collection, analysis, and reporting
    • Preparation, analysis, collection, examination, and reporting