212-89 Practice Questions

James is working as an incident responder at CyberSol Inc. The management instructed James to investigate a cybersecurity incident that recently happened in the company. As a part of the investigation process, James started collecting volatile information from a system running on Windows operating system.

Which of the following commands helps James in determining all the executable files for running processes?

Which of the following are malicious software programs that infect computers and corrupt or delete the data on them?

A national healthcare organization with multiple branches is facing growing cybersecurity challenges due to unmanaged systems, inconsistent configurations, and a lack of asset visibility. In response, leadership has asked the security team to implement a proactive strategy aimed at minimizing exposure across all departments. This includes identifying hardware and software in use, enforcing consistent security settings, and establishing a routine process to detect system weaknesses before they can be exploited.

The security team is seeking a well-established, practical framework that emphasizes prioritized, real-world security practices and can be implemented efficiently with available resources. Which of the following frameworks would BEST support this proactive security initiative?

Meera, part of the Incident Handling & Response (IH&R) team, identifies an ongoing phishing campaign targeting internal employees. She immediately circulates an organization-wide alert, warning staff not to engage with the suspicious email. Along with the alert, she provides visual cues and instructions on how to recognize similar phishing threats in the future. Her goal is to prevent further damage and strengthen employee awareness. What additional action would best align with Meera’s eradication efforts?

Which of the following is not called volatile data?

An attacker traced out and found the kind of websites a target company/individual is

frequently surfing and tested those particular websites to identify any possible

vulnerabilities. When the attacker detected vulnerabilities in the website, the attacker

started injecting malicious script/code into the web application that can redirect the

webpage and download the malware onto the victim’s machine. After infecting the

vulnerable web application, the attacker waited for the victim to access the infected web

application.

Identify the type of attack performed by the attacker.

Miko was hired as an incident handler in XYZ company. His first task was to identify the PING sweep attempts inside the network. For this purpose, he used Wireshark to analyze the traffic. What filter did he use to identify ICMP ping sweep attempts?

Ren is assigned to handle a security incident of an organization. He is tasked with forensics investigation to find the evidence needed by the management. Which of the following steps falls under the investigation phase of the computer forensics investigation process?

Which of the following types of digital evidence is temporarily stored in a digital device that requires constant power supply and is deleted if the power supply is interrupted?

QualTech Solutions is a leading security services enterprise. Dickson works as an incident responder with this firm. He is performing vulnerability assessment to identify

the security problems in the network, using automated tools to identify the hosts, services, and vulnerabilities present in the enterprise network.

Based on the above scenario, identify the type of vulnerability assessment performed by Dickson.