Trusted Worldwide Questions & Answers
Eccouncil 212-82 Exam Actual Questions
The questions for 212-82 were last updated on Oct 3, 2024.
- Viewing page 1 out of 20 pages.
- Viewing questions 1-5 out of 102 questions
Kaison. a forensic officer, was investigating a compromised system used for various online attacks. Kaison initiated the data acquisition process and extracted the data from the systems DVD-ROM. Which of the following types of data did Kaison acquire in the above scenario?
Archival media is the type of data that Kaison acquired in the above scenario. Archival media is a type of data that is stored on removable media such as DVD-ROMs, CD-ROMs, tapes, or flash drives. Archival media can be used to backup or transfer data from one system to another. Archival media can be acquired using forensic tools that can read and copy the data from the media4. Reference: Archival Media
Jase. a security team member at an organization, was tasked with ensuring uninterrupted business operations under hazardous conditions. Thus, Jase implemented a deterrent control strategy to minimize the occurrence of threats, protect critical business areas, and mitigate the impact of threats. Which of the following business continuity and disaster recovery activities did Jase perform in this scenario?
Prevention is the business continuity and disaster recovery activity performed by Jase in this scenario. Prevention is an activity that involves implementing a deterrent control strategy to minimize the occurrence of threats, protect critical business areas, and mitigate the impact of threats. Prevention can include measures such as backup systems, firewalls, antivirus software, or physical security1. Reference: Prevention Activity in BCDR
An organization's risk management team identified the risk of natural disasters in the organization's current location. Because natural disasters cannot be prevented using security controls, the team suggested to build a new office in another location to eliminate the identified risk. Identify the risk treatment option suggested by the risk management team in this scenario.
Risk avoidance is the risk treatment option suggested by the risk management team in this scenario. Risk avoidance is a risk treatment option that involves eliminating the identified risk by changing the scope, requirements, or objectives of the project or activity. Risk avoidance can be used when the risk cannot be prevented using security controls or when the risk outweighs the benefits2. Reference: Risk Avoidance
The SOC department in a multinational organization has collected logs of a security event as
"Windows.events.evtx". Study the Audit Failure logs in the event log file located in the Documents folder of the
-Attacker Maehine-1" and determine the IP address of the attacker. (Note: The event ID of Audit failure logs is
4625.)
(Practical Question)
The IP address of the attacker is 10.10.1.16. This can be verified by analyzing the Windows.events.evtx file using a tool such as Event Viewer or Log Parser. The file contains several Audit Failure logs with event ID 4625, which indicate failed logon attempts to the system. The logs show that the source network address of the failed logon attempts is 10.10.1.16, which is the IP address of the attacker3. The screenshot below shows an example of viewing one of the logs using Event Viewer4: Reference: Audit Failure Log, [Windows.events.evtx], [Screenshot of Event Viewer showing Audit Failure log]
A disgruntled employee has set up a RAT (Remote Access Trojan) server in one of the machines in the target network to steal sensitive corporate documents. The IP address of the target machine where the RAT is installed is 20.20.10.26. Initiate a remote connection to the target machine from the "Attacker Machine-1" using the Theef client. Locate the "Sensitive Corporate Documents" folder in the target machine's Documents directory and determine the number of files. Mint: Theef folder is located at Z:\CCT-Tools\CCT Module 01 Information Security Threats and Vulnerabilities\Remote Access Trojans (RAT)\Theef of the Attacker Machine1.
The number of files in the ''Sensitive Corporate Documents'' folder is 4. This can be verified by initiating a remote connection to the target machine from the ''Attacker Machine-1'' using Theef client. Theef is a Remote Access Trojan (RAT) that allows an attacker to remotely control a victim's machine and perform various malicious activities. To connect to the target machine using Theef client, one can follow these steps:
Launch Theef client from Z:\CCT-Tools\CCT Module 01 Information Security Threats and Vulnerabilities\Remote Access Trojans (RAT)\Theef on the ''Attacker Machine-1''.
Enter the IP address of the target machine (20.20.10.26) and click on Connect.
Wait for a few seconds until a connection is established and a message box appears saying ''Connection Successful''.
Click on OK to close the message box and access the remote desktop of the target machine.
Navigate to the Documents directory and locate the ''Sensitive Corporate Documents'' folder.
Open the folder and count the number of files in it. The screenshot below shows an example of performing these steps: Reference: [Theef Client Tutorial], [Screenshot of Theef client showing remote desktop and folder]
Unlock All Questions for Eccouncil 212-82 Exam
Full Exam Access, Actual Exam Questions, Validated Answers, Anytime Anywhere, No Download Limits, No Practice Limits
Get All 102 Questions & Answers