Is this exam completely free?

ExamCademy offers a free preview for every exam, covering around 20% of the total questions. Full access to all questions is available for free by signing up for an account. Optional supporters unlock AstroTutor (AI tutor) and advanced study modes.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! ExamCademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our practice questions are community-created and moderator-reviewed to align with realistic exam objectives, style, and difficulty.

212-89 by EC-Council - Page 1 | ExamCademy

Mode Selection

Question 1

Question 2

Question 3

A Malicious code attack using emails is considered as:

A Malware based attack
B Email attack
C Inappropriate usage incident
D Multiple component attack

Question 4

A malware code that infects computer files, corrupts or deletes the data in them and requires a host file to propagate is called:

A Trojan
B Worm
C Virus
D RootKit

Question 5

Identify the malicious program that is masked as a genuine harmless program and gives the attacker unrestricted access to the user's information and system.
These programs may unleash dangerous programs that may erase the unsuspecting user's disk and send the victim's credit card numbers and passwords to a stranger.

A Cookie tracker
B Worm
C Trojan
D Virus

Question 6

The Malicious code that is installed on the computer without user's knowledge to acquire information from the user's machine and send it to the attacker who can access it remotely is called:

A Spyware
B Logic Bomb
C Trojan
D Worm

Question 7

A Host is infected by worms that propagates through a vulnerable service; the sign(s) of the presence of the worm include:

A Decrease in network usage
B Established connection attempts targeted at the vulnerable services
C System becomes instable or crashes
D All the above

Question 8

Which of the following is NOT one of the common techniques used to detect Insider threats:

A Spotting an increase in their performance
B Observing employee tardiness and unexplained absenteeism
C Observing employee sick leaves
D Spotting conflicts with supervisors and coworkers

Question 9

Quantitative risk is the numerical determination of the probability of an adverse event and the extent of the losses due to the event. Quantitative risk is calculated as:

A (Probability of Loss) X (Loss)
B (Loss) / (Probability of Loss)
C (Probability of Loss) / (Loss)
D Significant Risks X Probability of Loss X Loss

Question 10

Which of the following is NOT one of the techniques used to respond to insider threats:

A Placing malicious users in quarantine network, so that attack cannot be spread
B Preventing malicious users from accessing unclassified information
C Disabling the computer systems from network connection
D Blocking malicious user accounts

Question 11

Insiders may be:

A Ignorant employees
B Carless administrators
C Disgruntled staff members
D All the above

Question 12

An incident recovery plan is a statement of actions that should be taken before, during or after an incident. Identify which of the following is NOT an objective of the incident recovery plan?

A Creating new business processes to maintain profitability after incident
B Providing a standard for testing the recovery plan
C Avoiding the legal liabilities arising due to incident
D Providing assurance that systems are reliable

Question 13

The Linux command used to make binary copies of computer media and as a disk imaging tool if given a raw disk device as its input is:

A "dd" command
B "netstat" command
C "nslookup" command
D "find" command

Question 14

What command does a Digital Forensic Examiner use to display the list of all IP addresses and their associated MAC addresses on a victim computer to identify the machines that were communicating with it:

A "arp" command
B "netstat ""an" command
C "dd" command
D "ifconfig" command

Question 15

To recover, analyze, and preserve computer and related materials in such a way that it can be presented as evidence in a court of law and identify the evidence in short time, estimate the potential impact of the malicious activity on the victim, and assess the intent and identity of the perpetrator is known as:

A Computer Forensics
B Digital Forensic Analysis
C Forensic Readiness
D Digital Forensic Examiner

Question 16

Risk is defined as the probability of the occurrence of an incident. Risk formulation generally begins with the likeliness of an event's occurrence, the harm it may cause and is usually denoted as Risk = âˆ‘(events)X(Probability of occurrence)X?

A Magnitude
B Probability
C Consequences
D Significance

Question 17

The person who offers his formal opinion as a testimony about a computer crime incident in the court of law is known as:

A Expert Witness
B Incident Analyzer
C Incident Responder
D Evidence Documenter

Question 18

An audit trail policy collects all audit trails such as series of records of computer events, about an operating system, application or user activities. Which of the following statements is NOT true for an audit trail policy:

A It helps calculating intangible losses to the organization due to incident
B It helps tracking individual actions and allows users to be personally accountable for their actions
C It helps in compliance to various regulatory laws, rules,and guidelines
D It helps in reconstructing the events after a problem has occurred

That's the end of the Preview

Create a free account to unlock all questions for this exam.

Log In / Sign Up

Page 1 of 4 • Questions 1-25 of 86

1 2 3 4

→

Know a question that should be here? Contribute to this exam

Which of the following terms may be defined as "a measure of possible inability to achieve a goal, objective, or target within a defined security, cost plan and technical limitations that adversely affects the organization's operation and revenues?

A Risk
B Vulnerability
C Threat
D Incident Response

Incident handling and response steps help you to detect, identify, respond and manage an incident. Which of the following steps focus on limiting the scope and extent of an incident?

A Eradication
B Containment
C Identification
D Data collection