312-50v13 Exam Dumps - Certified Ethical Hacker Exam (CEHv13)

The preparation phase of incident handling is the proactive phase where organizations:

Develop and define incident response policies and rules

Assign roles and responsibilities

Design backup and disaster recovery strategies

Train staff and test response plans via drills or tabletop exercises

This phase ensures that the organization is ready to respond effectively when an incident occurs.

Reference – CEH v13 Official Study Guide:

Module 18: Incident Response and Computer Forensics

Quote:

“In the preparation phase, organizations define rules, set up an incident response team, perform training, and establish and test incident handling procedures.”

Incorrect Options:

B. Containment is about stopping the spread of an active incident

C. Identification is when the incident is first detected

D. Recovery is for restoring systems post-incident

===========

A covert channel is a communication method used to transfer information in a way that violates security policy, often by repurposing legitimate protocols or functions for unauthorized communication.

From CEH v13 Official Courseware:

Module 6: Malware Threats

Topic: Covert Communication and Data Exfiltration Techniques

CEH v13 Study Guide states:

“A covert channel exploits unintended uses of legitimate communication protocols. It allows data to be transmitted without detection by hiding the communication inside seemingly benign traffic.”

Incorrect Options:

A: A non-standard port may aid in hiding services, but doesn’t constitute a covert channel.

C: Multiplexing is a normal communication mechanism.

D: WEP is insecure, but this isn’t related to covert channels.