212-89 Practice Questions

Eric works as an incident handler at Erinol software systems. He was assigned a task to protect the organization from any kind of DoS/DDoS attacks.

Which of the following tools can be used by Eric to achieve his objective?

Smith employs various malware detection techniques to thoroughly examine the

network and its systems for suspicious and malicious malware files. Among all

techniques, which one involves analyzing the memory dumps or binary codes for the

traces of malware?

Mr. Smith is a lead incident responder of a small financial enterprise having few

branches in Australia. Recently, the company suffered a massive attack losing USD 5

million through an inter-banking system. After in-depth investigation on the case, it was

found out that the incident occurred because 6 months ago the attackers penetrated the

network through a minor vulnerability and maintained the access without any user

being aware of it. Then, he tried to delete users’ fingerprints and performed a lateral

movement to the computer of a person with privileges in the inter-banking system.

Finally, the attacker gained access and did fraudulent transactions.

Based on the above scenario, identify the most accurate kind of attack.

SpaceTech Innovations, specializing in space exploration software, encountered malware that camouflaged itself within proprietary algorithms. This stealthy malware intermittently transmitted blueprints to an unknown receiver. With a state-of-the-art code analyzer and a network traffic analyzer at hand, what’s the ideal first step?

Which of the following tools helps incident responders effectively contain a potential cloud security incident and gather required forensic evidence?

Raven is a part of an IH&R team and was informed by her manager to handle and lead the removal of the root cause for an incident and to close all attack vectors to prevent similar incidents in the future. Raven notifies the service providers and developers of affected resources. Which of the following steps of the incident handling and response process does Raven need to implement to remove the root cause of the incident?

Mike is an incident handler for PNP Infosystems Inc. One day, there was a ticket submitted regarding a critical incident and Mike was assigned to handle the incident. During the process of incident handling, at one stage, he performed incident analysis and validation to check whether the incident is a genuine incident or a false positive.

Identify the stage he is currently in.

Which of the following tools helps incident handlers to view the file system, retrieve deleted data, perform timeline analysis, web artifacts, etc., during an incident response process?

BadGuy Bob hid files in the slack space, changed the file headers, hid suspicious files in executables, and changed the metadata for all types of files on his hacker laptop. What has he committed?

A large insurance enterprise recently completed an internal phishing simulation to evaluate its incident reporting workflow. Upon reviewing the ticketing system logs, the IR lead discovered that several phishing-related reports submitted by employees had been mistakenly logged as routine IT service requests. This misrouting prevented timely review by the IH&R team, delaying appropriate follow-up actions.

The root cause was traced to frontline support staff misinterpreting subtle incident indicators as generic technical issues. Recognizing the potential risk this poses to early issue detection, the Chief Information Security Officer directed an overhaul of the alert-handling procedures. This included refining the reporting workflow, embedding clearer triage rules within the ticketing platform, and initiating refresher training to strengthen tier-one decision-making when handling ambiguous user reports. Which IR concern is being addressed through this corrective action?