212-89 Practice Questions

Bran is an incident handler who is assessing the network of the organization. In the

process, he wants to detect ping sweep attempts on the network using Wireshark tool.

Which of the following Wireshark filter he must use to accomplish this task?

Alexis is working as an incident responder in XYZ organization. She was asked to identify and attribute the actors behind an attack that took place recently. In order to do so, she is performing threat attribution that deals with the identification of the specific person, society, or a country sponsoring a well-planned and executed intrusion or attack over its target. Which of the following types of threat attributions Alexis performed?

Lena, a SOC analyst, observes a pattern of unusual login attempts originating from multiple foreign IP addresses tied to shared drive links circulating within the organization. These links were embedded in emails appearing to come from the HR department and marked with urgent subject lines. Upon deeper inspection, Lena finds multiple similar messages still pending in the mail server’s delivery queue. To prevent widespread exposure, she takes immediate action to eliminate these messages before they reach employees' inboxes. Which incident response action best describes Lena’s action?

Alexis works as an incident responder at XYZ organization. She was asked to identify and attribute the actors behind an attack that occurred recently. For this purpose, she is performing a type of threat attribution that deals with the identification of a specific person, society, or country sponsoring a well-planned and executed intrusion or attack on its target. Which of the following types of threat attributions is Alexis performing?

Sam received an alert through an email monitoring tool indicating that their company was targeted by a phishing attack. After analyzing the incident, Sam identified that most of the targets of the attack are high-profile executives of the company. What type of phishing attack is this?

Alex is an incident handler in QWERTY Company. He identified that an attacker created a backdoor inside the company's network by installing a fake AP inside a firewall. Which of the following attack types did the attacker use?

During a routine investigation, Daniel, a threat analyst, notices repetitive failed login attempts in server logs with HTTP POST requests and status code 200 across several entries. At log entry 117, a 302 redirect status is recorded for the same user account. What type of attack is this indicative of?

A global bank's IH&R team is investigating an intricate cyber-espionage campaign. Advanced persistent threat (APT) actors exfiltrated sensitive financial data over several months using both software vulnerabilities and human errors. What is the MOST appropriate immediate action for the IH&R team?

Otis is an incident handler working in Delmont organization. Recently, the organization is facing several setbacks in the business and thereby its revenues are going down. Otis

was asked to take the charge and look into the matter. While auditing the enterprise security, he found the traces of an attack, where the proprietary information was stolen

from the enterprise network and was passed onto the competitors.

Which of the following information security incidents Delmont organization faced?

You are a systems administrator for a company. You are accessing your file server remotely for maintenance. Suddenly, you are unable to access the server. After contacting others in your department, you find out that they cannot access the file server either. You can ping the file server but not connect to it via RDP. You check the Active Directory Server, and all is well. You check the email server and find that emails are sent and received normally. What is the most likely issue?