Is the 212-89 practice exam free?

Yes. ExamCademy offers all 162 212-89 practice questions for free with a registered account. No payment needed. Optional supporter features add AI explanations and spaced repetition study tools.

How accurate are the 212-89 practice questions?

All 212-89 questions are community-created and reviewed by moderators to align with ECCouncil's published exam objectives. The community continuously reports and fixes issues to keep content accurate and up to date.

How should I study for the 212-89 exam?

Start by browsing practice questions to identify weak areas. Use spaced repetition (Learn Mode) to focus study time on topics you struggle with. Combine practice questions with official ECCouncil documentation and hands-on experience for best results.

212-89 Practice Exam — Free 162+ Questions

162Practice Questions

3Study Modes

FreeTo Get Started

Topic:Sort:

Question 1

Insider Threats

Question 2

Malware Incidents

Question 3

Incident Response and Handling

Question 4

Process Handling

Question 5

Process Handling

Question 6

Network & Mobile Incidents

Question 7

Network & Mobile Incidents

Question 8

Insider Threats

Question 9

Incident Response and Handling

Question 10

Incident Response and Handling

Question 11

Malware Incidents

Question 12

Network & Mobile Incidents

Question 13

Incident Response and Handling

Question 14

Incident Response and Handling

Question 15

Insider Threats

Question 16

Process Handling

Question 17

Process Handling

Question 18

Process Handling

Question 19

Insider Threats

Question 20

Malware Incidents

Question 21

Insider Threats

Question 22

Incident Response and Handling

Question 23

Incident Response and Handling

Question 24

Incident Response and Handling

Question 25

Email Security Incidents

Page 1 of 7 • Questions 1-25 of 162

1 2 3 4 5

→

Know a question that should be here? Contribute to this exam

Insiders may be:

A Ignorant employees
B Carless administrators
C Disgruntled staff members
D All the above

A malware code that infects computer files, corrupts or deletes the data in them and requires a host file to propagate is called:

A Trojan
B Worm
C Virus
D RootKit

In a qualitative risk analysis, risk is calculated in terms of:

A (Attack Success + Criticality ) ""(Countermeasures)
B Asset criticality assessment "" (Risks and Associated Risk Levels)
C Probability of Loss X Loss
D (Countermeasures + Magnitude of Impact) "" (Reports from prior risk assessments)

A computer Risk Policy is a set of ideas to be implemented to overcome the risk associated with computer security incidents. Identify the procedure that is NOT part of the computer risk policy?

A Procedure to identify security funds to hedge risk
B Procedure to monitor the efficiency of security controls
C Procedure for the ongoing training of employees authorized to access the system
D Provisions for continuing support if there is an interruption in the system or if the system crashes

Risk management consists of three processes, risk assessment, mitigation and evaluation. Risk assessment determines the extent of the potential threat and the risk associated with an IT system through its SDLC. How many primary steps does NIST's risk assessment methodology involve?

A Twelve
B Four
C Six
D Nine

Identify the network security incident where intended authorized users are prevented from using system, network, or applications by flooding the network with high volume of traffic that consumes all existing network resources.

A URL Manipulation
B XSS Attack
C SQL Injection
D Denial of Service Attack

A distributed Denial of Service (DDoS) attack is a more common type of DoS Attack, where a single system is targeted by a large number of infected machines over the Internet. In a DDoS attack, attackers first infect multiple systems which are known as:

A Trojans
B Zombies
C Spyware
D Worms

An organization faced an information security incident where a disgruntled employee passed sensitive access control information to a competitor. The organization's incident response manager, upon investigation, found that the incident must be handled within a few hours on the same day to maintain business continuity and market competitiveness. How would you categorize such information security incident?

A High level incident
B Middle level incident
C Ultra-High level incident
D Low level incident

Which of the following is an appropriate flow of the incident recovery steps?

A System Operation-System Restoration-System Validation-System Monitoring
B System Validation-System Operation-System Restoration-System Monitoring
C System Restoration-System Monitoring-System Validation-System Operations
D System Restoration-System Validation-System Operations-System Monitoring

Incident handling and response steps help you to detect, identify, respond and manage an incident. Which of the following steps focus on limiting the scope and extent of an incident?

A Eradication
B Containment
C Identification
D Data collection

Identify the malicious program that is masked as a genuine harmless program and gives the attacker unrestricted access to the user's information and system.
These programs may unleash dangerous programs that may erase the unsuspecting user's disk and send the victim's credit card numbers and passwords to a stranger.

A Cookie tracker
B Worm
C Trojan
D Virus

A US Federal agency network was the target of a DoS attack that prevented and impaired the normal authorized functionality of the networks. According to agency's reporting timeframe guidelines, this incident should be reported within two (2) HOURS of discovery/detection if the successful attack is still ongoing and the agency is unable to successfully mitigate the activity. Which incident category of the US Federal Agency does this incident belong to?

A CAT 5
B CAT 1
C CAT 2
D CAT 6

US-CERT and Federal civilian agencies use the reporting timeframe criteria in the federal agency reporting categorization. What is the timeframe required to report an incident under the CAT 4 Federal Agency category?

A Weekly
B Within four (4) hours of discovery/detection if the successful attack is still ongoing and agency is unable to successfully mitigate activity
C Within two (2) hours of discovery/detection
D Monthly

Which test is conducted to determine the incident recovery procedures effectiveness?

A Live walk-throughs of procedures
B Scenario testing
C Department-level test
D Facility-level test

The insider risk matrix consists of technical literacy and business process knowledge vectors. Considering the matrix, one can conclude that:

A If the insider's technical literacy is low and process knowledge is high, the risk posed by the threat will be insignificant.
B If the insider's technical literacy and process knowledge are high, the risk posed by the threat will be insignificant.
C If the insider's technical literacy is high and process knowledge is low, the risk posed by the threat will be high.
D If the insider's technical literacy and process knowledge are high, the risk posed by the threat will be high.

Contingency planning enables organizations to develop and maintain effective methods to handle emergencies. Every organization will have its own specific requirements that the planning should address. There are five major components of the IT contingency plan, namely supporting information, notification activation, recovery and reconstitution and plan appendices. What is the main purpose of the reconstitution plan?

A To restore the original site, tests systems to prevent the incident and terminates operations
B To define the notification procedures, damage assessments and offers the plan activation
C To provide the introduction and detailed concept of the contingency plan
D To provide a sequence of recovery activities with the help of recovery procedures

Which policy recommends controls for securing and tracking organizational resources:

A Access control policy
B Administrative security policy
C Acceptable use policy
D Asset control policy

Identify a standard national process which establishes a set of activities, general tasks and a management structure to certify and accredit systems that will maintain the information assurance (IA) and security posture of a system or site.

A NIASAP
B NIAAAP
C NIPACP
D NIACAP

When an employee is terminated from his or her job, what should be the next immediate step taken by an organization?

A All access rights of the employee to physical locations, networks, systems, applications and data should be disabled
B The organization should enforce separation of duties
C The access requests granted to an employee should be documented and vetted by the supervisor
D The organization should monitor the activities of the system administrators and privileged users who have permissions to access the sensitive information

A Host is infected by worms that propagates through a vulnerable service; the sign(s) of the presence of the worm include:

A Decrease in network usage
B Established connection attempts targeted at the vulnerable services
C System becomes instable or crashes
D All the above

Which of the following is NOT one of the common techniques used to detect Insider threats:

A Spotting an increase in their performance
B Observing employee tardiness and unexplained absenteeism
C Observing employee sick leaves
D Spotting conflicts with supervisors and coworkers

Which of the following terms may be defined as "a measure of possible inability to achieve a goal, objective, or target within a defined security, cost plan and technical limitations that adversely affects the organization's operation and revenues?

A Risk
B Vulnerability
C Threat
D Incident Response

An incident recovery plan is a statement of actions that should be taken before, during or after an incident. Identify which of the following is NOT an objective of the incident recovery plan?

A Creating new business processes to maintain profitability after incident
B Providing a standard for testing the recovery plan
C Avoiding the legal liabilities arising due to incident
D Providing assurance that systems are reliable

Which of the following incident recovery testing methods works by creating a mock disaster, like fire to identify the reaction of the procedures that are implemented to handle such situations?

A Scenario testing
B Facility testing
C Live walk-through testing
D Procedure testing

A computer virus hoax is a message warning the recipient of non-existent computer virus. The message is usually a chain e-mail that tells the recipient to forward it to every one they know. Which of the following is NOT a symptom of virus hoax message?

A The message prompts the end user to forward it to his / her e-mail contact list and gain monetary benefits in doing so
B The message from a known email id is caught by SPAM filters due to change of filter settings
C The message warns to delete certain files if the user does not take appropriate action
D The message prompts the user to install Anti-Virus

212-89Preview

About the 212-89 Exam

Question 1

Question 2

Question 3

Question 4

Question 5

Question 6

Question 7

Question 8

Question 9

Question 10

Question 11

Question 12

Question 13

Question 14

Question 15

Question 16

Question 17

Question 18

Question 19

Question 20

Question 21

Question 22

Question 23

Question 24

Question 25

212-89Preview

About the 212-89 Exam

Mode Selection

Question 1

Question 2

Question 3

Question 4

Question 5

Question 6

Question 7

Question 8

Question 9

Question 10

Question 11

Question 12

Question 13

Question 14

Question 15

Question 16

Question 17

Question 18

Question 19

Question 20

Question 21

Question 22

Question 23

Question 24

Question 25