Last Attempt 212-89 Questions

Comprehensive and Detailed Explanation (ECIH-aligned):

This scenario describes a Remote File Inclusion (RFI) vulnerability. RFI occurs when user-controlled input is used to load external resources into server-side execution contexts. Attackers often use numeric IP addresses and malformed parameters to evade basic filtering.

ECIH identifies RFI as a high-risk web application attack that can lead to malware execution, data leakage, and system compromise. Because the application dynamically loads external content without validation, Option D is correct.

The port scanning technique that involves resetting the TCP connection between the client and server abruptly before the completion of the three-way handshake, thereby leaving the connection half-open, is known as a Stealth scan (also referred to as a SYN scan). This technique allows the scanner to inquire about the status of a port without establishing a full TCP connection, making the scan less detectible to intrusion detection systems and less likely to be logged by the target. It's a method used to discreetly discover open ports on a target machine without establishing a full connection that would be visible in logs.

Incident response orchestration refers to the process and technologies used to coordinate and streamline the response to security incidents. This approach ensures that incident response teams have clear procedures and workflows to follow, enabling them to act swiftly and effectively when dealing with security incidents. By orchestrating the response, organizations can minimize the impact of incidents, ensure consistent and thorough investigation and remediation activities, and improve their overall security posture. Incident response orchestration involves integrating various security tools, automating response actions where possible, and providing a centralized platform for managing incidents.

Comprehensive and Detailed Explanation (ECIH-aligned):

This question focuses on post-incident recovery and resilience, a key ECIH concept. After restoring services, organizations must strengthen defenses to prevent recurrence.

Option B is correct because Content Delivery Networks (CDNs) distribute traffic and absorb volumetric attacks, while blackhole routing discards malicious traffic upstream. ECIH identifies these as industry-standard controls for DDoS resilience.

Options A, C, and D weaken security or increase attack surface and contradict ECIH guidance.

ECIH stresses that recovery is not complete until preventive measures are implemented. CDN deployment and upstream traffic control significantly improve availability during future attacks.