212-89 Online Practice Questions and Answers

Multiple component incidents consist of a combination of two or more attacks in a system. Which of the following is not a multiple component incident?

A. An insider intentionally deleting files from a workstation

B. An attacker redirecting user to a malicious website and infects his system with Trojan

C. An attacker infecting a machine to launch a DDoS attack

D. An attacker using email with malicious code to infect internal workstation

A threat source does not present a risk if NO vulnerability that can be exercised for a particular threat source. Identify the step in which different threat sources are defined:

A. Identification Vulnerabilities

B. Control analysis

C. Threat identification

D. System characterization

An assault on system security that is derived from an intelligent threat is called:

A. Threat Agent

B. Vulnerability

C. Attack

D. Risk

The IDS and IPS system logs indicating an unusual deviation from typical network traffic flows; this is called:

A. A Precursor

B. An Indication

C. A Proactive

D. A Reactive

An information security incident is

A. Any real or suspected adverse event in relation to the security of computer systems or networks

B. Any event that disrupts normal today's business functions

C. Any event that breaches the availability of information assets

D. All of the above

What is the best staffing model for an incident response team if current employees' expertise is very low?

A. Fully outsourced

B. Partially outsourced

C. Fully insourced

D. All the above

Which of the following is a characteristic of adware?

A. Gathering information

B. Displaying popups

C. Intimidating users

D. Replicating

Which of the following is NOT one of the common techniques used to detect Insider threats:

A. Spotting an increase in their performance

B. Observing employee tardiness and unexplained absenteeism

C. Observing employee sick leaves

D. Spotting conflicts with supervisors and coworkers

Insiders understand corporate business functions. What is the correct sequence of activities performed by Insiders to damage company assets:

A. Gain privileged access, install malware then activate

B. Install malware, gain privileged access, then activate

C. Gain privileged access, activate and install malware

D. Activate malware, gain privileged access then install malware

Insiders may be:

A. Ignorant employees

B. Carless administrators

C. Disgruntled staff members

D. All the above