212-89 Online Practice Questions and Answers

Which of the following is an appropriate flow of the incident recovery steps?

A. System Operation-System Restoration-System Validation-System Monitoring

B. System Validation-System Operation-System Restoration-System Monitoring

C. System Restoration-System Monitoring-System Validation-System Operations

D. System Restoration-System Validation-System Operations-System Monitoring

Which among the following CERTs is an Internet provider to higher education institutions and various other research institutions in the Netherlands and deals with all cases related to computer security incidents in which a customer is involved either as a victim or as a suspect?

A. NET-CERT

B. DFN-CERT

C. Funet CERT

D. SURFnet-CERT

Risk management consists of three processes, risk assessment, mitigation and evaluation. Risk assessment determines the extent of the potential threat and the risk associated with an IT system through its SDLC. How many primary steps does NIST's risk assessment methodology involve?

A. Twelve

B. Four

C. Six

D. Nine

The IDS and IPS system logs indicating an unusual deviation from typical network traffic flows; this is called:

A. A Precursor

B. An Indication

C. A Proactive

D. A Reactive

Which of the following is a correct statement about incident management, handling and response:

A. Incident response is on the functions provided by incident handling

B. Incident handling is on the functions provided by incident response

C. Triage is one of the services provided by incident response

D. Incident response is one of the services provided by triage

The service organization that provides 24x7 computer security incident response services to any user, company, government agency, or organization is known as:

A. Computer Security Incident Response Team CSIRT

B. Security Operations Center SOC

C. Digital Forensics Examiner

D. Vulnerability Assessor

The main feature offered by PGP Desktop Email is:

A. Email service during incidents

B. End-to-end email communications

C. End-to-end secure email service

D. None of the above

An active vulnerability scanner featuring high speed discovery, configuration auditing, asset profiling, sensitive data discovery, and vulnerability analysis is called:

A. Nessus

B. CyberCop

C. EtherApe

D. nmap

The free, open source, TCP/IP protocol analyzer, sniffer and packet capturing utility standard across many industries and educational institutions is known as:

A. Snort

B. Wireshark

C. Cain and Able

D. nmap

Which of the following is a characteristic of adware?

A. Gathering information

B. Displaying popups

C. Intimidating users

D. Replicating

A malicious security-breaking code that is disguised as any useful program that installs an executable programs when a file is opened and allows others to control the victim's system is called:

A. Trojan

B. Worm

C. Virus

D. RootKit

A software application in which advertising banners are displayed while the program is running that delivers ads to display pop-up windows or bars that appears on a computer screen or browser is called:

A. adware (spelled all lower case)

B. Trojan

C. RootKit

D. Virus

E. Worm

Which of the following is NOT one of the techniques used to respond to insider threats:

A. Placing malicious users in quarantine network, so that attack cannot be spread

B. Preventing malicious users from accessing unclassified information

C. Disabling the computer systems from network connection

D. Blocking malicious user accounts

The state of incident response preparedness that enables an organization to maximize its potential to use digital evidence while minimizing the cost of an investigation is called:

A. Computer Forensics

B. Digital Forensic Analysis

C. Forensic Readiness

D. Digital Forensic Policy

The product of intellect that has commercial value and includes copyrights and trademarks is called:

A. Intellectual property

B. Trade secrets

C. Logos

D. Patents