• Home
  • Articles
  • [Q50-Q75] Full 212-89 Practice Test and 170 unique questions with explanations waiting just for you!

[Q50-Q75] Full 212-89 Practice Test and 170 unique questions with explanations waiting just for you!

Share

Full 212-89 Practice Test and 170 unique questions with explanations waiting just for you!

ECIH Certification Dumps 212-89 Exam for Full Questions - Exam Study Guide


The ECIH certification program covers topics such as incident handling and response, computer forensics, incident reporting, and incident recovery. 212-89 exam is designed to test an individual's ability to effectively identify, analyze, and respond to security incidents. The ECIH certification program is ideal for IT professionals who want to enhance their knowledge and skills in security incident handling and response. EC Council Certified Incident Handler (ECIH v3) certification is also beneficial for individuals who are interested in pursuing a career in cyber security as it provides a strong foundation for advanced certifications in this field.

 

NEW QUESTION # 50
Incident handling and response steps help you to detect, identify, respond and manage an incident. Which of
the following steps focus on limiting the scope and extent of an incident?

  • A. Identification
  • B. Data collection
  • C. Containment
  • D. Eradication

Answer: C


NEW QUESTION # 51
Investigator lan gives you a drive image to investigate.
What type of analysis are you performing?

  • A. Real-time
  • B. Static
  • C. Live
  • D. Dynamic

Answer: B


NEW QUESTION # 52
John is a professional hacker who is performing an attack on the target organization where he tries to redirect the connection between the IP address and its target server such that when the users type in the Internet address, it redirects them to a rogue website that resembles the original website. He tries this attack using cache poisoning technique. Identify the type of attack John is performing on the target organization.

  • A. Pharming
  • B. War driving
  • C. Skimming
  • D. Pretexting

Answer: A

Explanation:
Pharming is a cyber attack intended to redirect a website's traffic to another, bogus website. By poisoning a DNS server's cache, attackers can redirect users from the site they intended to visit to one that is malicious, without the user's knowledge or any action on their part, such as clicking a deceptive link. This technique is particularly insidious because it can affect well-intentioned users who type the correct URL into their browsers but are still redirected. War driving involves searching for wireless networks from a moving vehicle, skimming refers to stealing credit card information using a device placed on ATMs or point-of-sale terminals, and pretexting is a form of social engineering where the attacker lies to obtain privileged data.References:The Incident Handler (ECIH v3) certification program covers a variety of cyber attacks and techniques, including DNS poisoning and pharming, explaining how attackers exploit vulnerabilities to redirect users to fraudulent sites.


NEW QUESTION # 53
During the vulnerability assessment phase, the incident responders perform various steps as below:
1. Run vulnerability scans using tools
2. Identify and prioritize vulnerabilities
3. Examine and evaluate physical security
4. Perform OSINT information gathering to validate the vulnerabilities
5. Apply business and technology context to scanner results
6. Check for misconfigurations and human errors
7. Create a vulnerability scan report
Identify the correct sequence of vulnerability assessment steps performed by the incident responders.

  • A. 4-->1-->2-->3-->6-->5-->7
  • B. 3-->6-->1-->2-->5-->4-->7
  • C. 2-->1-->4-->7-->5-->6-->3
  • D. 1-->3-->2-->4-->5-->6-->7

Answer: A

Explanation:
The correct sequence of steps performed by incident responders during the vulnerability assessment phase is as follows:
* Perform OSINT information gathering to validate the vulnerabilities (4):Initially, Open Source Intelligence (OSINT) is used to gather information about the organization's digital footprint and
* potential vulnerabilities.
* Run vulnerability scans using tools (1):Next, specialized tools are employed to scan the organization's networks and systems for vulnerabilities.
* Identify and prioritize vulnerabilities (2):The identified vulnerabilities are then analyzed and prioritized based on their severity and potential impact on the organization.
* Examine and evaluate physical security (3):Physical security assessments are also crucial as they can impact the overall security posture and protection of digital assets.
* Check for misconfigurations and human errors (6):This step involves looking for misconfigurations in systems and networks, as well as potential human errors that could lead to vulnerabilities.
* Apply business and technology context to scanner results (5):The results from the scans are evaluated within the context of the business and its technology environment to accurately assess risks.
* Create a vulnerability scan report (7):Finally, a comprehensive report is created, detailing the vulnerabilities, their severity, and recommended mitigation strategies.
This sequence ensures a thorough assessment, prioritizing vulnerabilities that pose the greatest risk and providing actionable insights for mitigation.References:ECIH v3 courses and study guides elaborate on the vulnerability assessment process, detailing the steps involved in identifying, evaluating, and addressing security vulnerabilities within an organization's IT infrastructure.


NEW QUESTION # 54
A Host is infected by worms that propagates through a vulnerable service; the sign(s) of the presence of the
worm include:

  • A. All the above
  • B. Decrease in network usage
  • C. Established connection attempts targeted at the vulnerable services
  • D. System becomes instable or crashes

Answer: D


NEW QUESTION # 55
What command does a Digital Forensic Examiner use to display the list of all IP addresses and their associated MAC addresses on a victim computer to identify the machines that were communicating with it:

  • A. "dd" command
  • B. "netstat -an" command
  • C. "arp" command
  • D. "ifconfig" command

Answer: C


NEW QUESTION # 56
Your manager hands you several items of digital evidence and asks you to investigate them in the order of volatility. Which of the following is the MOST volatile?

  • A. Temp files
  • B. Emails
  • C. Disk
  • D. Cache

Answer: D


NEW QUESTION # 57
Francis received a spoof email asking for his bank information. He decided to use a tool to analyze the email headers. Which of the following should he use?

  • A. EventLog Analyzer
  • B. Email Checker
  • C. PoliteMail
  • D. MxTooIbox

Answer: D

Explanation:
MxToolbox is a comprehensive tool designed for analyzing email headers and diagnosing various email delivery issues. When Francis received a spoofed email asking for his bank information, using MxToolbox to analyze the email headers would be appropriate. This tool helps in examining the source of the email, tracking the email's path across the internet from the sender to the receiver, and identifying any signs of email spoofing or malicious activity. It provides detailed information about the email servers encountered along the way and can help in verifying the authenticity of the email sender. Other options like EventLog Analyzer, Email Checker, and PoliteMail are tools used for different purposes such as analyzing system event logs, checking email address validity, and managing email communications, respectively, and do not specifically focus on analyzing email headers to the extent required for investigating a spoofed email incident.References:The use of MxToolbox in incident handling and email security analysis is commonly recommended in Incident Handler (ECIH v3) study materials as a practical tool for email header analysis and spoofing investigation.


NEW QUESTION # 58
The process of rebuilding and restoring the computer systems affected by an incident to normal operational stage including all the processes, policies and tools is known as:

  • A. Incident Response
  • B. Incident Management
  • C. Incident Recovery
  • D. Incident Handling

Answer: C


NEW QUESTION # 59
Tom received a phishing email and accidentally opened its attachment. This resulted in the redirection of all traffic to a fraudulent website.
What type of phishing attack occurred in this scenario?

  • A. Whaling
  • B. Spear phishing
  • C. Pharming
  • D. Spimming

Answer: B


NEW QUESTION # 60
Except for some common roles, the roles in an IRT are distinct for every organization. Which among the
following is the role played by the Incident Coordinator of an IRT?

  • A. Focuses on the incident and handles it from management and technical point of view
  • B. Applies the appropriate technology and tries to eradicate and recover from the incident
  • C. Links the groups that are affected by the incidents, such as legal, human resources, different business
    areas and management
  • D. Links the appropriate technology to the incident to ensure that the foundation's offices are returned to
    normal operations as quickly as possible

Answer: C


NEW QUESTION # 61
Digital evidence must:

  • A. Cast doubt on the authenticity and veracity of the evidence
  • B. Not prove the attackers actions
  • C. Be Authentic, complete and reliable
  • D. Be Volatile

Answer: C


NEW QUESTION # 62
Ensuring the integrity, confidentiality and availability of electronic protected health information of a patient is known as:

  • A. Gramm-Leach-Bliley Act
  • B. Social Security Act
  • C. Health Insurance Portability and Privacy Act
  • D. Sarbanes-Oxley Act

Answer: C


NEW QUESTION # 63
The following steps describe the key activities in forensic readiness planning:
1. Train the staff to handle the incident and preserve the evidence
2. Create a special process for documenting the procedure
3. Identify the potential evidence required for an incident
4. Determine the source of the evidence
5. Establish a legal advisory board to guide the investigation process
6. Identify if the incident requires full or formal investigation
7. Establish a policy for securely handing and storing the collected evidence
8. Define a policy that determines the pathway to legally extract electronic evidence with minimal disruption
Identify the correct sequence of steps involved in forensic readiness planning.

  • A. 3-->4-->8->7->6->1-->2-->5
  • B. 1-->2-->3->4->5->6-->7-->8
  • C. 3-->1-->4->5->8->2-->6-->7
  • D. 2-->3-->1->4->6->5-->7-->8

Answer: A


NEW QUESTION # 64
Darwin is an attacker within an organization and is performing network sniffing by running his system in promiscuous mode. He is capturing and viewing all the network packets transmitted within the organization. Edwin is an incident handler in the same organization.
In the above situation, which of the following Nmap commands Edwin must use to detect Darwin's system that is running in promiscuous mode?

  • A. nmap -sV -T4 -O -F -version-light
  • B. nmap --script=sniffer-detect [Target IP Address/Range of IP addresses]
  • C. nmap -sU -p 500
  • D. nmap --script host map

Answer: B


NEW QUESTION # 65
Your company holds a large amount of customer PH. and you want to protect those data from theft or unauthorized modification. Among other actions, you classify and encrypt the data. In this process, which of the following OWASP security risks are you guarding against?

  • A. Broken authentication
  • B. Sensitive data exposure
  • C. Insecure deserialization
  • D. Security misconfiguration

Answer: B

Explanation:
By classifying and encrypting customer Personally Identifiable Information (PHI), you are specifically guarding against the risk of Sensitive Data Exposure. This OWASP security risk involves the accidental or unlawful exposure of protected data to unauthorized individuals. Encryption serves as a critical defense mechanism by ensuring that, even if data is accessed without authorization, it remains unintelligible and useless to the attacker without the decryption keys. Data classification further supports this by identifying which data is sensitive and requires such protections, ensuring that appropriate security controls are applied to prevent exposure.References:OWASP Top 10, a widely respected document that outlines the most critical web application security risks, identifies Sensitive Data Exposure as a key risk area. Incident Handler (ECIH v3) courses and study guides often refer to the OWASP Top 10 to explain common web security risks and appropriate countermeasures, including the importance of encrypting sensitive data.


NEW QUESTION # 66
In which of the following confidentiality attacks attackers try to lure users by posing themselves as authorized AP by beaconing the WLAN's SSID?

  • A. Evil twin AP
  • B. Masqueradin
  • C. Session hijacking
  • D. Honeypot AP

Answer: A

Explanation:
In the described attack, where attackers pose as legitimate access points (APs) by beaconing the WLAN's SSID to lure users, the attack is known as an Evil twin AP attack. This type of attack involves setting up a rogue AP with the same SSID as a legitimate wireless access point, making it appear as an authorized network to users. Unsuspecting users may connect to this malicious AP, allowing attackers to intercept sensitive information, conduct man-in-the-middle attacks, or distribute malware. The Evil twin AP attack exploits the trust users have in known SSIDs to compromise their security.References:Incident Handler (ECIH v3) certification materials discuss various confidentiality and network attacks, including Evil twin AP attacks, highlighting their mechanisms and how to defend against them.


NEW QUESTION # 67
An information security policy must be:

  • A. Distributed and communicated
  • B. All the above
  • C. Enforceable and Regularly updated
  • D. Written in simple language

Answer: B


NEW QUESTION # 68
In which of the following phases of the incident handling and response (IH&R) process is the identified security incidents analyzed, validated, categorized, and prioritized?

  • A. Incident triage
  • B. Incident recording and assignment
  • C. Containment
  • D. Notification

Answer: A

Explanation:
Incident triage is the phase in the Incident Handling and Response (IH&R) process where identified security incidents are analyzed, validated, categorized, and prioritized. This step is crucial for determining the severity of incidents and deciding on the order in which they should be addressed. During triage, incident handlers assess the impact, urgency, and potential harm of an incident to prioritize their response efforts effectively.
This ensuresthat resources are allocated efficiently, and the most critical incidents are handled first. Incident recording and assignment involve logging incidents and assigning them to handlers, containment focuses on limiting the extent of damage, and notification involves informing stakeholders about the incident.References:The Incident Handler (ECIH v3) courses and study guides detail the IH&R process, emphasizing the importance of triage in managing and responding to security incidents effectively.


NEW QUESTION # 69
Employee monitoring tools are mostly used by employers to find which of the following?

  • A. Lost registry keys
  • B. Conspiracies
  • C. Stolen credentials
  • D. Malicious insider threats

Answer: D


NEW QUESTION # 70
Which of the following DOES NOT expose a cloud application to hacking?

  • A. Contract with a cloud service vendor
  • B. Inappropriate technical issue
  • C. Lack of experience in manipulating cloud systems
  • D. Configuration error

Answer: A


NEW QUESTION # 71
Which of the following processes is referred to as an approach to respond to the security incidents that occurred in an organization and enables the response team by ensuring that they know exactly what process to follow in case of security incidents?

  • A. Risk assessment
  • B. Threat assessment
  • C. Incident response orchestration
  • D. Vulnerability management

Answer: A


NEW QUESTION # 72
Which of the following are malicious software programs that infect computers and corrupt or deletethe data on them?

  • A. Spyware
  • B. Worms
  • C. Trojans
  • D. Virus

Answer: D

Explanation:
Viruses are a type of malicious software program designed to infect legitimate software programs. Once a virus is executed, it can corrupt or delete data on a computer, replicate itself, and spread to other files and systems. Unlike worms, which can spread across networks on their own, viruses usually require some form of user interaction, such as opening an infected email attachment or downloading and executing a malicious file, to propagate. Trojans and spyware, while also malicious software, serve different malicious purposes, such as creating backdoors for attackers (Trojans) or spying on users' activities (Spyware).References:The Incident Handler (ECIH v3) certification materials categorize various forms of malware and explain their behaviors, impacts, and propagation methods. Viruses are specifically highlighted for their ability to attach to legitimate programs and files, causing damage or data loss upon execution.


NEW QUESTION # 73
Khai was tasked with examining the logs from a Linux email server. The server uses Sendmail to execute the command to send emailsand Syslog to maintain logs. To validate the data within email headers, which of the following directories should Khai check for information such as source and destination IP addresses, dates, and timestamps?

  • A. /va r/log/sendmail/mailog
  • B. /var/log/sendmail
  • C. /va r/log/mai11og
  • D. /Var/log/mailog

Answer: C


NEW QUESTION # 74
ZYX company experienced a DoS/DDoS attack on their network. Upon investigating the incident, they concluded that the attack is an application-layer attack.
Which of the following attacks did the attacker use?

  • A. SIowloris attack
  • B. Ping of death
  • C. SYN flood attack
  • D. UDP flood attack

Answer: A


NEW QUESTION # 75
......


The ECIH certification exam covers a wide range of topics, including incident handling and response, computer forensics, and network security. 212-89 exam is designed to test an individual’s knowledge and skills in each of these areas, and is intended to be challenging and comprehensive. 212-89 exam consists of 50 multiple-choice questions, and candidates have 2 hours to complete the exam. In order to pass the exam, candidates must achieve a score of at least 70%.

 

Authentic Best resources for 212-89 Online Practice Exam: https://www.torrentvalid.com/212-89-valid-braindumps-torrent.html

Get the superior quality 212-89 Dumps Questions from TorrentValid: https://drive.google.com/open?id=17bjtPH7oc6z71VIMfkDsKtgK9HqTqsK-

Related Articles

more
EC-COUNCIL 212-89 Certification Practice Exam

Our Latest and Valid Exam Torrent is a comprehensive self-study tool for preparing for the coming Actual Test. Just Download the Update Free Valid Demo for a try. Your pressure will be relieved and the actual test is Easy to Pass.

Contact Us

Our Working Time: ( GMT 0:00-15:00 )   From Monday to Saturday

Contact now

Copyright © 2026 TorrentValid NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy