Exam (elaborations)
ECIHv2 Practice Questions and Answers 2024
- Course
- Institution
ECIHv2 Practice Questions and Answers 2024
[Show more]
Content preview
1ECIHv2 Practice Questions and Answers 2024
Which element of information security includes the trustworthiness of data or resources
in terms of preventing improper or unauthorized changes?
a.) Confidentiality
b.) Authenticity
c.) Availability
d.) Integrity -Answer- B
is a security strategy in which several protection layers are placed
throughout an information system.
a.) Defense-in-depth
b.) Non-repudiation
c.) Information security
d.) Offense-in-depth -Answer- A
Security policies are the foundation of the security infrastructure that defines the basic
security requirements and rules to be implemented in order to protect and secure an
organization's information systems. Which of the following is NOT something security
policies can accomplish?
a.) They reduce or eliminate legal liability of employees and third parties
b.) They protect confidential and proprietary information from theft, misuses,
unauthorized disclosure, or modification
c.) They prevent wastage of the company's computing resources
d.) They can still be effective when added as an afterthought -Answer- D
Anna created her company's security policy to accept the majority of internet traffic,
excluding several known dangerous services and attacks. Which type of security policy
did Anna put into place?
a.) Permissive Policy
b.) Promiscuous Policy
c.) Prudent Policy
d.) Paranoid Policy -Answer- A
A(n) policy defines a standard to handle application traffic, such as web
or email.
a.) Remote access
b.) Network connection
c.) Firewall management
d.) Access control -Answer- C
1
,2
What kind of policy contains a set of rules that defines authorized connections?
a.) User account
b.) Special access
c.) Remote access
d.) Password -Answer- C
Motive (Goal) + Method + Vulnerability =
a.) Security policy
b.) Attacks
c.) Defense-in-depth
d.) Access control -Answer- B
Dwayne wants to acquire account information from a competitor company, so he sends
an illegitimate email to the Payroll Specialist claiming to be the CEO. What type of
security attack would this be?
a.) IoT threats
b.) Web application threats
c.) Phishing
d.) Ransomware -Answer- C
Spoofing, Session Hijacking, DoS Attacks, Firewall and IDS Attacks are all considered
what type of information security threat?
a.) Network threat
b.) Application threat
c.) Host threat
d.) System threat -Answer- A
Which of the following is NOT a common cause for system vulnerabilities?
a.) Software bugs
b.) Strong passwords
c.) Use of broken algorithms
d.) Complexity of the system -Answer- B
Which phase of the risk management process includes a strategical approach to
prepare for handling risks and reduce its impact on organizations? This phase
addresses and treats the risk according to their severity level.
a.) Risk assessment
b.) Risk mitigation
c.) Risk management plan evaluation
d.) Risk determination -Answer- B
2
, 3
Abiding laws are important while dealing with the incident since an organization can
face legal issues if it does not maintain legality while dealing with security incidents.
Sometimes, incident handling also involves investigating private information of
individuals, which hampers their right to privacy. Which legal compliance act protects
this type of information?
a.) Health Insurance Portability and Accountability Act (HIPAA)
b.) Occupational Safety and Health (OSHA)
c.) Resource Conversation and Recovery Act (RCRA)
d.) Freedom of Information Act (FOIA) -Answer- A
There are several different phases of IH&R. In the phase, the incident
information will be informed to various stakeholders, including management, third-party
vendors, and clients.
a.) Containment
b.) Notification
c.) Forensic analysis
d.) Incident triage -Answer- B
Documentation, Impact Assessment, and Incident Disclosure are all part of which step?
a.) Step 6: Evidence Gathering
b.) Step 7: Eradication
c.) Step 8: Recovery
d.) Step 9: Post-Incident Activities -Answer- D
John is creating a statement that reflects his organization's mid=term and long-term
goals for incident management capabilities. What type of statement is he creating?
a.) Vision statement
b.) Mission statement
c.) Declarative statement
d.) Imperative statement -Answer- A
When dealing with IH&R it is important to determine the fundind.) Proceduresg
requirements based on empirical assumptions of various components. Which of the
following is NOT considered an IH&R component that incurs cost?
a.) Space
b.) Team staffing
c.) Toolkits
d.) Procedures -Answer- D
3
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller TutorExpert. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $12.49. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
82956 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now