Eccouncil 212-89 practice test

EC-Council Certified Incident Handler v2 Exam


Question 1

A living high level document that states in writing a requirement and directions on how an agency
plans to protect its information technology assets is called:

  • A. Information security Policy
  • B. Information security Procedure
  • C. Information security Baseline
  • D. Information security Standard
Answer:

A

Discussions

Question 2

According to the Evidence Preservation policy, a forensic investigator should make at least
..................... image copies of the digital evidence.

  • A. One image copy
  • B. Two image copies
  • C. Three image copies
  • D. Four image copies
Answer:

B

Discussions

Question 3

Bit stream image copy of the digital evidence must be performed in order to:

  • A. Prevent alteration to the original disk
  • B. Copy the FAT table
  • C. Copy all disk sectors including slack space
  • D. All the above
Answer:

C

Discussions

Question 4

According to the Fourth Amendment of USA PATRIOT Act of 2001; if a search does NOT violate a
persons reasonable or legitimate expectation of privacy then it is considered:

  • A. Constitutional/ Legitimate
  • B. Illegal/ illegitimate
  • C. Unethical
  • D. None of the above
Answer:

A

Discussions

Question 5

Ensuring the integrity, confidentiality and availability of electronic protected health information of a
patient is known as:

  • A. Gramm-Leach-Bliley Act
  • B. Health Insurance Portability and Privacy Act
  • C. Social Security Act
  • D. Sarbanes-Oxley Act
Answer:

B

Discussions

Question 6

The most common type(s) of intellectual property is(are):

  • A. Copyrights and Trademarks
  • B. Patents
  • C. Industrial design rights & Trade secrets
  • D. All the above
Answer:

D

Discussions

Question 7

The product of intellect that has commercial value and includes copyrights and trademarks is called:

  • A. Intellectual property
  • B. Trade secrets
  • C. Logos
  • D. Patents
Answer:

A

Discussions

Question 8

An information security policy must be:

  • A. Distributed and communicated
  • B. Enforceable and Regularly updated
  • C. Written in simple language
  • D. All the above
Answer:

D

Discussions

Question 9

The policy that defines which set of events needs to be logged in order to capture and review the
important data in a timely manner is known as:

  • A. Audit trail policy
  • B. Logging policy
  • C. Documentation policy
  • D. Evidence Collection policy
Answer:

B

Discussions

Question 10

The steps followed to recover computer systems after an incident are:

  • A. System restoration, validation, operation and monitoring
  • B. System restoration, operation, validation, and monitoring
  • C. System monitoring, validation, operation and restoration
  • D. System validation, restoration, operation and monitoring
Answer:

A

Discussions
To page 2