212-89 Online Practice Questions and Answers

Which of the following is an appropriate flow of the incident recovery steps?

A. System Operation-System Restoration-System Validation-System Monitoring

B. System Validation-System Operation-System Restoration-System Monitoring

C. System Restoration-System Monitoring-System Validation-System Operations

D. System Restoration-System Validation-System Operations-System Monitoring

An incident recovery plan is a statement of actions that should be taken before, during or after an incident. Identify which of the following is NOT an objective of the incident recovery plan?

A. Creating new business processes to maintain profitability after incident

B. Providing a standard for testing the recovery plan

C. Avoiding the legal liabilities arising due to incident

D. Providing assurance that systems are reliable

The data on the affected system must be backed up so that it can be retrieved if it is damaged during incident response. The system backup can also be used for further investigations of the incident. Identify the stage of the incident response and handling process in which complete backup of the infected system is carried out?

A. Containment

B. Eradication

C. Incident recording

D. Incident investigation

An estimation of the expected losses after an incident helps organization in prioritizing and formulating their incident response. The cost of an incident can be categorized as a tangible and intangible cost. Identify the tangible cost associated with virus outbreak?

A. Loss of goodwill

B. Damage to corporate reputation

C. Psychological damage

D. Lost productivity damage

The IDS and IPS system logs indicating an unusual deviation from typical network traffic flows; this is called:

A. A Precursor

B. An Indication

C. A Proactive

D. A Reactive

Which of the following is a characteristic of adware?

A. Gathering information

B. Displaying popups

C. Intimidating users

D. Replicating

A Host is infected by worms that propagates through a vulnerable service; the sign(s) of the presence of the worm include:

A. Decrease in network usage

B. Established connection attempts targeted at the vulnerable services

C. System becomes instable or crashes

D. All the above

The sign(s) of the presence of malicious code on a host infected by a virus which is delivered via e-mail could be:

A. Antivirus software detects the infected files

B. Increase in the number of e-mails sent and received

C. System files become inaccessible

D. All the above

The USB tool (depicted below) that is connected to male USB Keyboard cable and not detected by anti- spyware tools is most likely called:

A. Software Key Grabber

B. Hardware Keylogger

C. USB adapter

D. Anti-Keylogger

What command does a Digital Forensic Examiner use to display the list of all IP addresses and their associated MAC addresses on a victim computer to identify the machines that were communicating with it:

A. "arp" command

B. "netstat 璦n" command

C. "dd" command

D. "ifconfig" command