212-89 Practice Questions

Bob, an incident responder at CyberTech Solutions, is investigating a cybercrime attack occurred in the client company. He acquired the evidence data, preserved it, and started

performing analysis on acquired evidentiary data to identify the source of the crime and the culprit behind the incident.

Identify the forensic investigation phase in which Bob is currently in.

Bonney’s system has been compromised by a gruesome malware.

What is the primary step that is advisable to Bonney in order to contain the malware

incident from spreading?

A global retail enterprise operating across multiple e-commerce platforms and physical locations has recently been targeted by a well-orchestrated cyberattack that disrupted transaction processing systems and led to a temporary shutdown of online services. Following the incident, customer confidence dropped, and the board demanded immediate corrective and preventive measures to strengthen cybersecurity resilience. The Chief Information Security Officer (CISO) directed the incident response team to establish a forward-looking approach that not only mitigates such incidents but also ensures that all stakeholders are trained in advance. This includes defining clear roles and responsibilities, creating and training a dedicated response team, conducting simulation exercises, reviewing existing IR tools, auditing organizational assets, and developing a comprehensive set of policies and playbooks. Which phase of the IH&R process should the organization focus on to achieve this?

Malicious Micky has moved from the delivery stage to the exploitation stage of the kill chain. This malware wants to find and report to the command center any useful services on the system. Which of the following recon attacks is the MOST LIKELY to provide this information?

Eric is an incident responder and is working on developing incident-handling plans and procedures. As part of this process, he is performing an analysis on the organizational network to generate a report and develop policies based on the acquired results. Which of the following tools will help him in analyzing his network and the related traffic?

Michael, a digital forensic responder, enters a server room after a suspected data breach. He ensures all individuals not involved in the investigation are escorted out, avoids altering any device configurations, and isolates the server from the network without powering it down. What is the main goal of Michael's actions?

Francis received a spoof email asking for his bank information. He decided to use a tool to analyze the email headers. Which of the following should he use?

An organization suffers a financial loss after an executive responds to a fraudulent email crafted as part of a spear phishing attack. After isolating affected systems and notifying internal stakeholders, the incident response team prepares a detailed report outlining the attack timeline, suspicious IP addresses, email metadata, phone scam details, and the amount lost. This report is forwarded to a government agency specializing in cybercrime to aid further investigation and potential restitution. Which aspect of the recovery process is the organization addressing?

After unearthing malware within their AI-based prediction systems, Future Tech Corp realized that their business projections were skewed. This malware was not just altering data but was equipped with machine learning capabilities, evolving its methods. With access to a dedicated AI security module and a database restoration tool, what's the primary step?

In which of the following phases of the incident handling and response (IH&R) process is the identified security incidents analyzed, validated, categorized, and prioritized?