EC-Council Certified Incident Handler (ECIH V2) Quiz Questions and Answers

Mr. Smith is a lead incident responder of a small financial enterprise having few branches in Australia. Recently, the company suffered a massive attack losing USD 5 million through an inter-banking system. After in-depth investigation on the case, it was found out that the incident occurred because 6 months ago the attackers penetrated the network through a minor vulnerability and maintained the access without any user being aware of it. Then, he tried to delete users’ fingerprints and performed a lateral movement to the computer of a person with privileges in the inter-banking system. Finally, the attacker gained access and did fraudulent transactions. Based on the above scenario, identify the most accurate kind of attack.

Answer :
  • APT attack

Racheal is an incident handler working in InceptionTech organization. Recently, numerous employees are complaining about receiving emails from unknown senders. In order to prevent employees against spoofing emails and keeping security in mind, Racheal was asked to take appropriate actions in this matter. As a part of her assignment, she needs to analyze the email headers to check the authenticity of received emails. Which of the following protocol/authentication standards she must check in email header to analyze the email authenticity?

Answer :
  • DKIM

Bonney’s system has been compromised by a gruesome malware. What is the primary step that is advisable to Bonney in order to contain the malware incident from spreading?

Answer :
  • Turn off the infected machine

Xsecurity Inc. is worried about the latest security incidents and data theft reports. The management wants a comprehensive vulnerability assessment of the complete information system at the company. However, Xsecurity does not have the required resources or capabilities to perform a vulnerability assessment. They decide to hire services of a company that will perform a periodic vulnerability assessment and present reports for management to implement remediation. What vulnerability assessment approach is Xsecurity following?

Answer :
  • Service -based Assessment

Which of the following statements highlights the difference between a vulnerability assessment and a penetration test?

Answer :
  • A vulnerability assessment identifies and ranks the vulnerabilities, and a penetration test exploits the identified vulnerabilities for validation and to determine impact.

Richard, a penetration tester was asked to assess a web application. During the assessment, he discovered a file upload field where users can upload their profile pictures. While scanning the page for vulnerabilities, Richard found a file upload exploit on the web site. Richard wants to test the web application by uploading a malicious PHP shell, but the web page denied the file upload. Trying to get around the security, Richard added the ) pg' extension to the end of the file. The new file name ended with '.php.jpg'. He then used the Burp suite tool and removed the lpg' extension from the request while uploading the file. This enabled him to successfully upload the PHP shell. Which of the following techniques has Richard implemented to upload the PHP shell?

Answer :
  • Parameter tampering

You have just completed a database security audit and writing the draft pen testing report. Which of the following will you include in the recommendation section to enhance the security of the database server?

Answer :
  • Install a certificate to enable SSL connections

You are working on a pentesting assignment for National Healthcare Inc. The client has specifically asked you for a Data Use Agreement (DUA). What does it indicate?

Answer :
  • You are working with a HIPPA compliant organization

Joseph, a penetration tester, was hired by Xsecurity Services. Joseph was asked to perform a pen test on a client's network. He was not provided with any information about the client organization except the company name. Identify the type of testing Joseph is going to perform for the client organization?

Answer :
  • Black -box Penetration Testing

Why is an appliance -based firewall more secure than those implemented on top of a commercial operating system (Software based)?

Answer :
  • Hardware appliances do not suffer from security vulnerabilities associated with the underlying operating system