EC Council Certified Incident Handler Exam
Overview UPDATED QUESTIONS AND
CORRECT ANSWERS
Risk - CORRECT ANSWER A measure of possible inability to achieve a goal,
objective, or target within a defined security, cost plan and technical limitations that adversely
affects the organization's operation and revenues.
DDoS Attack - CORRECT ANSWER A more common type of DoS Attack, where a
single system is targeted by a large number of infected machines over the Internet.
Zombies - CORRECT ANSWER Infected systems that are used in a DDoS attack.
Incident Response - CORRECT ANSWER The goal of incident response is to handle
the incident in a way that minimizes damage and reduces recovery time and cost.
High level incident - CORRECT ANSWER An information security incident that must
be handled within a few hours on the same day to maintain business continuity and market
competitiveness.
Business Continuity - CORRECT ANSWER The ability of an organization to continue
to function even after a disastrous event, accomplished through the deployment of redundant
hardware and software, the use of fault tolerant systems, as well as a solid backup and
recovery strategy.
Business Recovery Plan - CORRECT ANSWER A mandatory part of a business
continuity plan.
Incident Analyst - CORRECT ANSWER One of the roles played by personnel of
CSIRT.
,Incident Coordinator - CORRECT ANSWER One of the roles played by personnel of
CSIRT.
Public Relations - CORRECT ANSWER One of the roles played by personnel of
CSIRT.
Incident Recovery Steps - CORRECT ANSWER Steps that help to detect, identify,
respond and manage an incident.
Containment - CORRECT ANSWER The step that focuses on limiting the scope and
extent of an incident.
Trojan - CORRECT ANSWER A malicious program that is masked as a genuine
harmless program and gives the attacker unrestricted access to the user's information and
system.
Quantitative Risk - CORRECT ANSWER The numerical determination of the
probability of an adverse event and the extent of the losses due to the event.
Risk Calculation - CORRECT ANSWER (Probability of Loss) X (Loss)
Incident Recovery Plan - CORRECT ANSWER A statement of actions that should be
taken before, during or after an incident.
Audit Trail Policy - CORRECT ANSWER Collects all audit trails such as series of
records of computer events, about an operating system, application or user activities.
Computer Forensics - CORRECT ANSWER Methodical series of techniques and
procedures for gathering evidence from computing equipment, various storage devices and or
digital media that can be presented in a course of law in a coherent and meaningful format.
, Computer Forensics Process - CORRECT ANSWER Preparation > Collection >
Examination > Analysis > Reporting
Multiple Component Incidents - CORRECT ANSWER Consist of a combination of
two or more attacks in a system.
Evidence Examiner/ Investigator - CORRECT ANSWER Responsible for examining
the evidence acquired and separating the useful evidence.
Network Perimeter Configuration - CORRECT ANSWER Should deny all incoming
and outgoing traffic/services that are not required.
Denial of Service Attack - CORRECT ANSWER A network security incident where
intended authorized users are prevented from using system, network, or applications by
flooding the network with high volume of traffic that consumes all existing network
resources.
DoS Attack - CORRECT ANSWER Denial of Service attack disrupting network
functionality.
Incident Reporting - CORRECT ANSWER Mandatory notification within specified
timeframes post-incident.
CAT 1 - CORRECT ANSWER Incident category for minor events requiring less urgent
response.
CAT 4 - CORRECT ANSWER Requires reporting within four hours of detection.
NIACAP - CORRECT ANSWER National Information Assurance Certification and
Accreditation Process.
Overview UPDATED QUESTIONS AND
CORRECT ANSWERS
Risk - CORRECT ANSWER A measure of possible inability to achieve a goal,
objective, or target within a defined security, cost plan and technical limitations that adversely
affects the organization's operation and revenues.
DDoS Attack - CORRECT ANSWER A more common type of DoS Attack, where a
single system is targeted by a large number of infected machines over the Internet.
Zombies - CORRECT ANSWER Infected systems that are used in a DDoS attack.
Incident Response - CORRECT ANSWER The goal of incident response is to handle
the incident in a way that minimizes damage and reduces recovery time and cost.
High level incident - CORRECT ANSWER An information security incident that must
be handled within a few hours on the same day to maintain business continuity and market
competitiveness.
Business Continuity - CORRECT ANSWER The ability of an organization to continue
to function even after a disastrous event, accomplished through the deployment of redundant
hardware and software, the use of fault tolerant systems, as well as a solid backup and
recovery strategy.
Business Recovery Plan - CORRECT ANSWER A mandatory part of a business
continuity plan.
Incident Analyst - CORRECT ANSWER One of the roles played by personnel of
CSIRT.
,Incident Coordinator - CORRECT ANSWER One of the roles played by personnel of
CSIRT.
Public Relations - CORRECT ANSWER One of the roles played by personnel of
CSIRT.
Incident Recovery Steps - CORRECT ANSWER Steps that help to detect, identify,
respond and manage an incident.
Containment - CORRECT ANSWER The step that focuses on limiting the scope and
extent of an incident.
Trojan - CORRECT ANSWER A malicious program that is masked as a genuine
harmless program and gives the attacker unrestricted access to the user's information and
system.
Quantitative Risk - CORRECT ANSWER The numerical determination of the
probability of an adverse event and the extent of the losses due to the event.
Risk Calculation - CORRECT ANSWER (Probability of Loss) X (Loss)
Incident Recovery Plan - CORRECT ANSWER A statement of actions that should be
taken before, during or after an incident.
Audit Trail Policy - CORRECT ANSWER Collects all audit trails such as series of
records of computer events, about an operating system, application or user activities.
Computer Forensics - CORRECT ANSWER Methodical series of techniques and
procedures for gathering evidence from computing equipment, various storage devices and or
digital media that can be presented in a course of law in a coherent and meaningful format.
, Computer Forensics Process - CORRECT ANSWER Preparation > Collection >
Examination > Analysis > Reporting
Multiple Component Incidents - CORRECT ANSWER Consist of a combination of
two or more attacks in a system.
Evidence Examiner/ Investigator - CORRECT ANSWER Responsible for examining
the evidence acquired and separating the useful evidence.
Network Perimeter Configuration - CORRECT ANSWER Should deny all incoming
and outgoing traffic/services that are not required.
Denial of Service Attack - CORRECT ANSWER A network security incident where
intended authorized users are prevented from using system, network, or applications by
flooding the network with high volume of traffic that consumes all existing network
resources.
DoS Attack - CORRECT ANSWER Denial of Service attack disrupting network
functionality.
Incident Reporting - CORRECT ANSWER Mandatory notification within specified
timeframes post-incident.
CAT 1 - CORRECT ANSWER Incident category for minor events requiring less urgent
response.
CAT 4 - CORRECT ANSWER Requires reporting within four hours of detection.
NIACAP - CORRECT ANSWER National Information Assurance Certification and
Accreditation Process.
