EC-Council Certified Incident Handler (ECIH V2) Quiz Questions and Answers

Mr. Smith is a lead incident responder of a small financial enterprise having few branches in Australia. Recently, the company suffered a massive attack losing USD 5 million through an inter-banking system. After in-depth investigation on the case, it was found out that the incident occurred because 6 months ago the attackers penetrated the network through a minor vulnerability and maintained the access without any user being aware of it. Then, he tried to delete users’ fingerprints and performed a lateral movement to the computer of a person with privileges in the inter-banking system. Finally, the attacker gained access and did fraudulent transactions. Based on the above scenario, identify the most accurate kind of attack.

Answer :
  • APT attack

Racheal is an incident handler working in InceptionTech organization. Recently, numerous employees are complaining about receiving emails from unknown senders. In order to prevent employees against spoofing emails and keeping security in mind, Racheal was asked to take appropriate actions in this matter. As a part of her assignment, she needs to analyze the email headers to check the authenticity of received emails. Which of the following protocol/authentication standards she must check in email header to analyze the email authenticity?

Answer :
  • DKIM

Bonney’s system has been compromised by a gruesome malware. What is the primary step that is advisable to Bonney in order to contain the malware incident from spreading?

Answer :
  • Turn off the infected machine

Xsecurity Inc. is worried about the latest security incidents and data theft reports. The management wants a comprehensive vulnerability assessment of the complete information system at the company. However, Xsecurity does not have the required resources or capabilities to perform a vulnerability assessment. They decide to hire services of a company that will perform a periodic vulnerability assessment and present reports for management to implement remediation. What vulnerability assessment approach is Xsecurity following?

Answer :
  • Service -based Assessment

Smart Networks Ltd is an internet service provider based in the UK. The company hired Thomson as a penetration tester and asked him to check for vulnerabilities in one of their clients Wi-Fi networks. He performed Android Penetration Testing on the Wi-Fi network using the penetration testing tool. He found that the network is vulnerable and an attacker is able to gain access to some of the employees Android mobiles devices that are connected to the network. Which of the following penetration testing tools did Thomson use to do this?

Answer :
  • zANTI

You have just completed a database security audit and writing the draft pen testing report. Which of the following will you include in the recommendation section to enhance the security of the database server?

Answer :
  • Install a certificate to enable SSL connections

You are working on a pentesting assignment for National Healthcare Inc. The client has specifically asked you for a Data Use Agreement (DUA). What does it indicate?

Answer :
  • You are working with a HIPPA compliant organization

Identify the malicious program that is masked as a genuine harmless program and gives the attacker unrestricted access to the user’s information and system. These programs may unleash dangerous programs that may erase the unsuspecting user’s disk and send the victim’s credit card numbers and passwords to a stranger.

Answer :
  • Trojan

In which of the following phases of incident handling and response (IH&R) process the identified security incidents are analyzed, validated, categorized, and prioritized?

Answer :
  • Incident triage

James, a professional hacker, targeted to exploit the cloud services employed by an organization. In order to achieve this, he created anonymous access to the cloud services to carry out various attacks such as password and key cracking, hosting malicious data, and DDoS attack. Which of the following threats is he posing to the cloud platform?

Answer :
  • Abuse and nefarious use of cloud services