ECIHv2 Academia Questions

Question 1

What are the Information Security Threat Categories?

Answer 1

Host Threats
Network Threats
Application Threats

Question 2

DNS and ARP Poisoning is what type of Information Security Threat Category?

Answer 2

Network Threats

Question 3

A person or entity that is responsible for the incidents or has the potential to impact the security of an organization’s network is what type of actor?

Answer 3

Threat Actor

Question 4

Script Kiddies, Organized Hackers and State Sponsored Attackers are all part of what?

Answer 4

Threat Actors

Question 5

Recovery, Process Review and Practice are all part of which Incident Management guidelines?

Answer 5

OWASP

Question 6

Jenny works on an Incident Response team for her organization. After a major incident, she is asked to check and verify as much as possible to get a positive confirmation from each party that in their opinion, everything is operating normally again. What Practice is Jenny taking part in?

Answer 6

Eradication and Recovery

Question 7

Which standard specifies the requirements for establishing, implementing, maintaining, and continually improving an information security management system within the context of the organization?

Answer 7

ISO/IEC 27001:2013

Question 8

The NERC 1300 Cyber Security standard stands for what?

Answer 8

North American Electric Reliability Corporation

Question 9

Federal law requires federal agencies to report incidents to the which Incident Response Center?

Answer 9

Federal Computer Incident Repsonse Center

Question 10

Accurately detecting and assessing incidents are the most challenging and essential part of…

Answer 10

Signs of an Incident

Question 11

What are the advantages of an Incident Response Orchestration?

Answer 11

It includes automated alarms that detect the incident and alert the response personnel with details

It allows responders to remotely assess the incident analysis results and manage the actions

It allows responders to configure different solutions to interact and streamline incident response action

Question 12

Loss of productive hours, loss of business, and loss of theft of resources are considered…

Answer 12

Tangible Costs

Question 13

What are the benefits when it comes to Incident handling and response (IH&R)?

Answer 13

The IH&R process provides a focused and structured approach for restoring normal business operations as quickly as possible after an incident

The decision to establish IH&R process is affected by inputs, complaints, and queries from all the stakeholders involved in the organization’s business processes

IH&R processes differ from organization to organization according to their business and operating environment

Question 14

IH&R mission statements define the ____ and _____ of the planned incident handling and response capabilities

Answer 14

Purpose and Scope

Question 15

Incident response procedures, also referred to as ___________, provide detailed processes to implement guidelines defined by IH&R plan and policy

Answer 15

Standard operating procedures (SOPs)

Question 16

Which group is responsible for examining the computer network traffic for signs of incidents or attacks such as DoS, DDoS, firewall breach, or other malicious code?

Answer 16

Network Administrators

Question 17

Organizations must implement several security controls. Which security control ensures that only selected or eligible employees have access to sensitive data, critical devices, and other necessary resources required to accomplish the assigned tasks?

Answer 17

Access Controls

Question 18

Organizations must secure the network communications by implementing Packet Filters, IPsec, Virtual Private Network, and Secure Shell. Which is responsible for authenticating and validating the packets during transmission?

Answer 18

IPsec

Question 19

A successful backup strategy must have two key features:

Answer 19

Security & Real-Time Offsite Backup

Question 20

_______ refers to a contract between the organization and an insurer to protect related individuals from different threats and risks

Answer 20

Cyber Insurance

Question 21

ManageEngine ServiceDesk Plus and AlienVault OSSIM are both websites used as

Answer 21

Ticketing Tools

Question 22

Loss of personal password, failure to download antivirus signatures, and unsuccessful scans and probes in the networks are considered incidents at a _______

Answer 22

Low Level

Question 23

Denial-of-Service attacks, the presence of harmful viruses, worms, and Trojan horse, or Suspected break-in in any computer of a company are all considered incidents at a _______

Answer 23

High Level

Question 24

Report writing tools help incident handlers to generate efficient reports on detected incidents during incident handling and response process. What website is considered a note taking application that works on Windows, Linux, and MacOS X?

Answer 24

keepnote.org

Question 25

What are examples of the objective of computer forensics?

Answer 25

Identify, gather, and preserve the evidence of a cyber crime

Find vulnerabilities and security loopholes

Recover deleted and hidden files

Question 26

What is an important guideline for building an investigation team?

Answer 26

To appoint a person as a technical lead among the team members

Question 27

James is a part of an incident response team that wants to ensure proper reaction against any mishap. Being forensically ready will allow him and his team to:

Answer 27

Eliminate the threat of repeated incidents

Question 28

What refers to the first action performed after occurrence of a security incident?

Answer 28

First Response

Question 29

The _____ ensure that the evidence is stored, examined, preserved, and examined in a way that protects the reliability and correctness of the evidence.

Answer 29

Principles of digital evidence collection

Question 30

If the victim computer has an internet connection, the first responder must?

Answer 30

Unplug the network cable from the router and modem

Question 31

What is the process of imaging or collecting information from various media in accordance with certain standards for analyzing its forensic value?

Answer 31

Forensic Data Acquisition

Question 32

Volatile data is fragile and lost when the system loses power or the user switches it off. Where can this data be found?

Answer 32

Registries
Cache
RAM

Question 33

What are tools used to calculate the hash value?

Answer 33

HashCalc
MD5 Calculator
HashMyFiles

Question 34

The incident responder should collect information regarding network connections to and from the affected system, immediately after the report of any incident. What is a tool that can help gather this information?

Answer 34

Netstat

Question 35

The first responder needs to prepare and check several prerequisites such as the availability of tools, reporting requirement, and ______ in order to conduct a successful investigation

Answer 35

Legal clearances

Question 36

Andrea is a first responder and she wants to use forensics analysis tools to help her with collecting, managing, transferring, and storing necessary information required during forensics investigation. Which would be a beneficial tool for her to use?

Answer 36

Helix3

Question 37

What is the most common type of attacks against any enterprise?

Answer 37

Malware

Question 38

Which type of Malware is used to trick the victim into performing predefined action?

Answer 38

Trojan Horse

Question 39

Which type of malware is access the victim’s computer or a network without the user’s knowledge?

Answer 39

Backdoor

Question 40

What is considered a huge network of compromised systems used by attackers to perform denial-of-service (DoS) attacks?

Answer 40

Botnet

Question 41

A type of Trojan that downloads other malware (or) malicious code and files from the internet on to the PC or device?

Answer 41

Downloader

Question 42

Instant messenger applications, network propagation, email attachments, and decoy applications are all common ways attackers can _____?

Answer 42

Send a malware into a system

Question 43

Jose is an incident responder who wants to eradicate malware security incidents. What steps should he include?

Answer 43

Content Filtering Tools & Network Security Devices

Blacklist & Antivirus

Manual Scan & Fixing Devices

Question 44

What actions must take place in restoring email services after a malware incident?

Answer 44

Change passwords and enable scanning of links and attachments

Question 45

When building a testbed there are some tools required for testing. What is an important tool for testing?

Answer 45

Sandbox

Question 46

There are a ton of indications of malware incidents. What’s an important technique for users, tech support, administrators, and incident responders to help be able to identify?

Answer 46

Memory Dump/Static Analysis

Question 47

John prefers using tools such as Mirekusoft and SysAnalyzer to help him at work. What is the primary use of these tools?

Answer 47

To monitor installation of malicious executables

Question 48

________ is a built-in Windows tool that comes inbuilt in Windows 10/8/7 and searches for unsigned drivers on a system.

Answer 48

SIGVERIF

Question 49

Email crimes can be categorized in two ways either by sending emails or supported by emails. What is a crime supported by Emails?

Answer 49

Cyberstalking

Question 50

What crime refers to the unsolicited or undesired emails used to distribute malicious links and attachments, cause network congestion, perform phishing and financial frauds, and so on?

Answer 50

Spamming

Question 51

There are several types of phishing that can occur. Which type targets high profile executives like CEO, CFO, politicians, and celebrities?

Answer 51

Whaling

Question 52

Unavailability of the email server, sudden increase of advertising and spam emails, and change in email template and signature are all indicators of what?

Answer 52

Email Attacks

Question 53

Netcraft,and PhishTank are tools for detecting _____&_____?

Answer 53

Phishing/Spam

Question 54

Removing malware, isolating the critical systems infected with malware, blocking the compromised email accounts, and performing other email security hardening measures are all a part of _____.

Answer 54

Eradication

Question 55

What are guidelines to prevent spam?

Answer 55

Avoid giving email ID to unnecessary or unsecured websites

Do not use or subscribe to sites that access email contact list

Use long email ID with numbers and underscore to prevent spammers

Question 56

Identity theft occurs when someone uses your personal information in a malicious way. What is the best way to avoid identity theft from happening?

Answer 56

Review your credit card reports regularly

Question 57

When it comes to email incidents changing passwords, informing banks, contacting law enforcement, and making an insurance claim are all a part of which step?

Answer 57

Recovery

Question 58

David is an incident handler and wants to determine the email origin by matching the domain name for an IP address. Which website would he use?

Answer 58

arin.net

Question 59

This type of identity theft occurs when a victim’s bank account and credit card information are stolen and used illegally by a thief.

Answer 59

Financial

Question 60

Organizations must be able to handle and respond to various email attacks by developing and implementing proper incident response plan against the known attacks. This includes email filtering, email monitoring tools, and ________.

Answer 60

Developing an acceptable email usage policy

Question 61

When discussing common network security incidents, these threats prevent the authorized users from accessing network resources.

Answer 61

Denial-of-Service Incidents

Question 62

Reconnaissance attacks, sniffing and spoofing attacks, firewall attacks, and brute forcing attacks are all types of _______.

Answer 62

Unauthorized Access Incidents

Question 63

There are many indications of unauthorized access incidents. Which indication would be applicable if there are suspicious tools or exploits and unpredicted open ports?

Answer 63

Changes in system configuration

Question 64

User reports regarding network or system unavailability, System status changes, Misplaced hardware parts, and Unauthorized hardware found are all indications of _____.

Answer 64

Physical Intrusion

Question 65

There are four main common types of reconnaissance attacks that are attempted by the attackers in order to exploit the networks. Which type tricks people into revealing sensitive information?

Answer 65

Social Engineering

Question 66

A ______ is a basic network scanning technique that is employed to determine which range of IP addresses map to live hosts (computers).

Answer 66

Ping Sweeping

Question 67

The most common way of networking computers is through a _______

Answer 67

Ethernet

Question 68

What is a guideline for network security measures to prevent an unauthorized access incident?

Answer 68

Design the network in such a way that it blocks the suspicious traffic

Question 69

Jane is an incident responder who wants to detect and access the malware present in the network and then eliminate it. Which website could she use to view logs in real time and identify malware propagation?

Answer 69

kiwisyslog.com

Question 70

In a DoS attack, attackers flood the victim system with ___________ or traffic to overload its resources.

Answer 70

Non-legitimate Service Requests

Question 71

Crashing a service by interacting with it in an unexpected way and Hanging a system by causing it to go into an infinite loop are examples of?

Answer 71

DoS attacks

Question 72

Permanent DoS, also known as ________, refers to attacks that cause irreversible damage to system hardware

Answer 72

Phlashing

Question 73

Insecure Coding, Configuration Errors, Platform Vulnerabilities, and Logic Errors are all causes of what?

Answer 73

Web Incidents

Question 74

________ is an international organization that provides top 10 vulnerabilities and flaws of web applications.

Answer 74

OWASP

Question 75

Kevin is an attacker who is exploiting vulnerabilities by performing an XSS attack. What are two types of exploitations that he can perform?

Answer 75

Data Theft and Data Manipulation

Question 76

What method is an attack in which an authenticated user is made to perform certain tasks on the web application that an attacker chooses? For example, a user clicking on a link sent through an email or chat

Answer 76

Cross-Site Forgery

Question 77

Sarah is a hacker who is using a method called __________ on victim systems to analyze users’ surfing habits and sell that information to other attackers or to launch various attacks on the victims’ web applications.

Answer 77

Cookie Snooping

Question 78

If a hacker is identifying the kinds of websites a target company is frequently surfing and injecting malicious code that redirects the page to downloading malware, what kind of attack are they pursuing?

Answer 78

Watering Hole Attacks

Question 79

What is another name for Cross-Site Request Forgery (CSRF)?

Answer 79

One-click Attack

Question 80

_________ can contain session-specific data such as user IDs, passwords, account numbers, links to shopping cart contents, supplied private information, and session IDs.

Answer 80

Cookies

Question 81

What is the name of the primary tool placed on the edge of a network and assists in filtering or blocking malicious content from entering or leaving web applications?

Answer 81

Web Application Firewall (WAF)

Question 82

Proxy Servers act as doorways between the user and the web application that are browsed by the user. What are they used to prevent?

Answer 82

IP blocking and Maintain Anonymity.

Question 83

Limiting the length of user input, using custom error messages, and disabling commands like xp_cmdshell are all different ways to eradicate _______.

Answer 83

SQL Injection Attacks

Question 84

Charles is an incident handler who wants to eradicate insecure deserialization attacks. Which measure should he take?

Answer 84

Guard sensitive data during deserialization

Question 85

Resource pooling, rapid elasticity, distributed storage, and broad network access are all characteristics of _______?

Answer 85

Cloud Computing

Question 86

What would be considered a limitation of cloud computing?

Answer 86

Security, privacy, and compliance issues

Prone to outages and other technical issues

Contracts and lock-ins

Question 87

This cloud computing service enables subscribers to use on demand fundamental IT resources such as computing power, virtualization, data storage, network, and so on. Some of the advantages from this service include global accessibility, policy-based services, and guaranteed uptime.

Answer 87

Infrastructure-as-a-Service (IaaS)

Question 88

What would be considered an advantage and a disadvantage when comparing a private cloud to a public cloud?

Answer 88

A private cloud is more expensive but is also more secure

Question 89

Attackers use __________ (e.g., Wireshark, Cain and Abel) to capture sensitive data such as passwords, session cookies, and other web service-related security configurations

Answer 89

Packet Sniffers

Question 90

Chad is an incident responder who wants to monitor user and network activities, changes in files, and registry entries. What tool should he use to accomplish these tasks?

Answer 90

Tripwire

Question 91

________ is the cloud server security platform with all the security functions you need to safely deploy servers in public and hybrid clouds

Answer 91

CloudPassage Halo

Question 92

There are various threats to be aware of when dealing with cloud computing. Which type of threat arises because of incomplete and non-transparent terms of use, hidden dependency created by cross-cloud applications, inappropriate CSP selection, and lack of supplier redundancy?

Answer 92

Supply Chain Failure

Question 93

There are four types of Domain Name System (DNS) attacks. Which type Involves conducting phishing scams by registering a domain name that is similar to that of a cloud service provider?

Answer 93

Cybersquatting

Question 94

There are four types of Domain Name System (DNS) attacks. Which type involves registering an elapsed domain name?

Answer 94

Domain Snipping

Question 95

Insecure or obsolete encryption makes cloud services susceptible to what type of attack?

Answer 95

Cryptanalysis

Question 96

_________ refers to ability of a single cloud to handle data, accounts, systems, and applications of various organizations

Answer 96

Elasticity

Question 97

Megan is a disgruntled employee who wants to take her companies secrets and send the data to competitors by using a steganography. Which type of attack would she be committing?

Answer 97

Insider Attack

Question 98

What would be considered a harmful insider who uses their technical knowledge to identify the weaknesses and vulnerabilities of the company’s network and sell the confidential information to the competitors or black-market bidders?

Answer 98

Professional

Question 99

There are several indicators of insider threats. The most common indicator of an insider threat is lack of awareness of employees against security measures. Examples of this may include_________.

Answer 99

Multiple Failed Login Attempts

Question 100

Responders can figure out who is leaking information to the public or to another entity by giving a person a piece of data and waiting to see if the information makes it way to the public domain. What is the name of this technique?

Answer 100

Mole Detection

Question 101

Incident handlers can employ tools such as _________, _________, and _________, to monitor, collect, detect, and analyze different activities of users on the network

Answer 101

User Behavior Analytics (UBA)
SIEM
DLP Technologies

Question 102

Analyzing log files help incident handlers to detect the perpetrator. Analyzing _______ logs will help incident handler in understanding established connections, uploads, downloads, and requested URLs.

Answer 102

Network

Question 103

Dhru is an incident handler who needs to perform a network traffic analysis. Which website will help him in detecting established malicious connections, the type and number of devices accessed, and exfiltrated data?

Answer 103

Wireshark

Question 104

What command may give the incident responder valuable insight into what is happening within the server system? This command allows the incident handler to view and retrieve the active transaction log files for a specific database.

Answer 104

Database Consistency Checker (DBCC)

Question 105

ObserveIT, Ekran System and DataRobot are both important tools that detect ______.

Answer 105

Insider Threats

Question 106

What is a common technique that incident responders can use to secure the confidential data of a company from spies and eradicate different insider threats?

Answer 106

Limiting and controlling access

Question 107

What are examples of best practices to avoid insider threats?

Answer 107

Monitor employee behaviors and the computer systems used by employees

Implement secure backup and disaster recovery processes for business continuity

Disable remote access and screen sharing activities for all the users

Question 108

Joe is an employee who attacked his company to make a political statement by publicizing the company’s sensitive information. What is the driving force behind this insider attack?

Answer 108

Hacktivism