EC-Council Certified Incident Handler (ECIH V2) Quiz Questions and Answers
You have just completed a database security audit and writing the draft pen testing report.
Which of the following will you include in the recommendation section to enhance the security of the
database server?
Answer :
Install a certificate to enable SSL connections
Bonney’s system has been compromised by a gruesome malware.
What is the primary step that is advisable to Bonney in order to contain the malware incident
from spreading?
Answer :
Turn off the infected machine
Racheal is an incident handler working in InceptionTech organization. Recently, numerous
employees are complaining about receiving emails from unknown senders. In order to
prevent employees against spoofing emails and keeping security in mind, Racheal was
asked to take appropriate actions in this matter. As a part of her assignment, she needs to
analyze the email headers to check the authenticity of received emails.
Which of the following protocol/authentication standards she must check in email header to
analyze the email authenticity?
Answer :
DKIM
Mr. Smith is a lead incident responder of a small financial enterprise having few branches in
Australia. Recently, the company suffered a massive attack losing USD 5 million through an
inter-banking system. After in-depth investigation on the case, it was found out that the
incident occurred because 6 months ago the attackers penetrated the network through a
minor vulnerability and maintained the access without any user being aware of it. Then, he
tried to delete users’ fingerprints and performed a lateral movement to the computer of a
person with privileges in the inter-banking system. Finally, the attacker gained access and
did fraudulent transactions.
Based on the above scenario, identify the most accurate kind of attack.
Answer :
APT attack
An attacker after performing an attack decided to wipe evidences using artifact wiping techniques to evade forensic investigation. He applied magnetic field to the digital media device, resulting in an entirely clean device of any previously stored data.
Answer :
Disk degaussing/destruction
Which of the following information security personnel handles incidents from management and technical point of view?
Answer :
Incident manager (IM)
Bran is an incident handler who is assessing the network of the organization. In the process, he wants to detect ping sweep attempts on the network using Wireshark tool.Which of the following Wireshark filter he must use to accomplish this task?
Answer :
icmp.type==8
Which of the following details are included in the evidence bags?
Answer :
Date and time of seizure, exhibit number, and name of incident responder
In which of the following confidentiality attacks attackers try to lure users by posing themselves as authorized AP by beaconing the WLAN's SSID?
Answer :
Evil twin AP
Which of the following digital evidence temporarily stored on a digital device that requires a constant power supply and is deleted if the power supply is interrupted?
