• Home
  • Articles
  • EC-COUNCIL New 2024 212-89 Test Tutorial (Updated 205 Questions) [Q106-Q131]

EC-COUNCIL New 2024 212-89 Test Tutorial (Updated 205 Questions) [Q106-Q131]

Share

EC-COUNCIL New 2024 212-89 Test Tutorial (Updated 205 Questions)

212-89 Exam Questions Dumps, Selling EC-COUNCIL Products


Becoming Certified Incident Handler

If you opt to become a Certified Incident Handler, your job scope will fall under one of Incident Management Team (IMT) or Incident Response Team (IRT). The ECIH certificate is meant to equip you with the skills you need to deal with and manage computer security issues within a certain information system. In the modern IT environments, a Certified Incident Handler is expected to become a knowledgeable professional who can manage different kinds of incidents and understand the methodologies of risk assessment, including the common policies associated with incident handling. In many organizations, an incident handler will be responsible for creating incident handling policies & dealing with different forms of incidents for security comprising insider attack threats and incidents for malicious code. Therefore, getting certified will earn you recognition as the designated and highly respected incident handler in your company.

 

NEW QUESTION # 106
Which of the following DOES NOT expose a cloud application to hacking?

  • A. Configuration error
  • B. Contract with a cloud service vendor
  • C. Lack of experience in manipulating cloud systems
  • D. Inappropriate technical issue

Answer: B


NEW QUESTION # 107
The free, open source, TCP/IP protocol analyzer, sniffer and packet capturing utility standard across many industries and educational institutions is known as:

  • A. Snort
  • B. Wireshark
  • C. Cain & Able
  • D. nmap

Answer: B


NEW QUESTION # 108
Bit stream image copy of the digital evidence must be performed in order to:

  • A. Prevent alteration to the original disk
  • B. All the above
  • C. Copy the FAT table
  • D. Copy all disk sectors including slack space

Answer: D


NEW QUESTION # 109
Tom received a phishing email and accidentally opened its attachment. This resulted in the redirection of all traffic to a fraudulent website.
What type of phishing attack occurred in this scenario?

  • A. Pharming
  • B. Spimming
  • C. Spear phishing
  • D. Whaling

Answer: C


NEW QUESTION # 110
An estimation of the expected losses after an incident helps organization in prioritizing and formulating their
incident response. The cost of an incident can be categorized as a tangible and intangible cost. Identify the
tangible cost associated with virus outbreak?

  • A. Loss of goodwill
  • B. Psychological damage
  • C. Lost productivity damage
  • D. Damage to corporate reputation

Answer: C


NEW QUESTION # 111
identify the Sarbanes-Oxley Act (SOX) Title, which consists of only one section, that includes measures designed to help restore investor confidence in the reporting of securities analysts.

  • A. Title VII: Studies and Reports
  • B. Title VIII: Corporate and Criminal Fraud Accountability
  • C. Title V: Analyst Conflicts of Interest
  • D. Title IX: White-Collar-Crime Penalty Enhancement

Answer: C


NEW QUESTION # 112
Which of the following tools helps incident responders effectively contain a potential cloud security incident and gather required forensic evidence?

  • A. Cloud Passage Halo
  • B. Qualys Cloud Platform
  • C. Alert Logic
  • D. Cloud Passage Quarantine

Answer: A


NEW QUESTION # 113
As an IT security officer, what is the first step you will take after discovering a successful email compromise?

  • A. Report the incident to the organization's computer incident response team.
  • B. Test the infected system to ensure security
  • C. Isolate the compromised system or take steps to contain the attack.
  • D. Investigate similar hosts to determine whether the attacker has compromised other systems.

Answer: C


NEW QUESTION # 114
An organization faced an information security incident where a disgruntled employee passed sensitive access control information to a competitor. The organization's incident response manager, upon investigation, found that the incident must be handled within a few hours on the same day to maintain business continuity and market competitiveness. How would you categorize such information security incident?

  • A. Low level incident
  • B. Middle level incident
  • C. Ultra-High level incident
  • D. High level incident

Answer: D


NEW QUESTION # 115
Which of the following GPG 18 and Forensic readiness planning (SPF) principles states that "organizations should adopt a scenario based Forensic Readiness Planning approach that learns from experience gained within the business"?

  • A. Principle 5
  • B. Principle 7
  • C. Principle 3
  • D. Principle 2

Answer: A


NEW QUESTION # 116
An organization named Sam Morison Inc. decided to use cloud-based services to reduce the cost of their maintenance. They first identified various risks and threats associated with cloud service adoption and migrating critical business data to third party systems. Hence, the organization decided to deploy cloud-based security tools to prevent upcoming threats.
Which of the following tools would help the organization to secure cloud resources and services?

  • A. Burp Suite
  • B. Alert Logic
  • C. Nmap
  • D. Wire shark

Answer: B


NEW QUESTION # 117
The open source TCP/IP network intrusion prevention and detection system (IDS/IPS), uses a rule-driven
language, performs real-time traffic analysis and packet logging is known as:

  • A. Wireshark
  • B. SAINT
  • C. Snort
  • D. Nessus

Answer: C

Explanation:
Explanation


NEW QUESTION # 118
Which of the following are malicious software programs that infect computers and corruptor delete the data on them?

  • A. Trojans
  • B. Worms
  • C. Spyware
  • D. Virus

Answer: D


NEW QUESTION # 119
Quantitative risk is the numerical determination of the probability of an adverse event and the extent of the losses due to the event. Quantitative risk is calculated as:

  • A. (Probability of Loss) / (Loss)
  • B. (Probability of Loss) X (Loss)
  • C. Significant Risks X Probability of Loss X Loss
  • D. (Loss) / (Probability of Loss)

Answer: B


NEW QUESTION # 120
Rose is an incident-handler and is responsible for detecting and eliminating any kind of scanning attempts over the network by malicious threat actors. Rose uses Wire shark to sniff the network and detect any malicious activities going on.
Which of the following Wireshark filters can be used by her to detect TCP Xmas scan attempt by the attacker?

  • A. tcp.flags.reset== 1
  • B. tcp.dstport== 7
  • C. tcp.flags==0X 029
  • D. tcp.flags==0X 000

Answer: C


NEW QUESTION # 121
Which of the following terms may be defined as "a measure of possible inability to achieve a goal, objective, or target within a defined security, cost plan and technical limitations that adversely affects the organization's operation and revenues?

  • A. Threat
  • B. Incident Response
  • C. Risk
  • D. Vulnerability

Answer: C


NEW QUESTION # 122
Miko was hired as an incident handler in XYZ company. His first task was to identify the PING sweep attempts inside the network. For this purpose, he used Wire shark to analyze the traffic.
What filter did he use to identify ICMP ping sweep attempts?

  • A. tcp.type==icmp
  • B. icmp.type ==8 or icmp.type== 0
  • C. udp.type== 7
  • D. icmp.type==icmp

Answer: B


NEW QUESTION # 123
Alexis an incident handler for Tech-o-Tech Inc. and is tasked to identify any possible insider threats within his organization.
Which of the following insider threat detection techniques can be used by Alex to detect insider threats based on the behavior of a suspicious employee, both individually and in a group?

  • A. Mole detection
  • B. Physical detection
  • C. Profiling
  • D. Behavioral analysis

Answer: D


NEW QUESTION # 124
Identify the network security incident where intended authorized users are prevented from using system, network, or applications by flooding the network with high volume of traffic that consumes all existing network resources.

  • A. XSS Attack
  • B. Denial of Service Attack
  • C. URL Manipulation
  • D. SQL Injection

Answer: B


NEW QUESTION # 125
He must present this evidence in a clear and comprehensible manner to the members of jury so that the evidence explains the facts clearly and further helps in obtaining an expert opinion on the same to confirm the investigation process.
In the above scenario, what is the characteristic of the digital evidence Stanley tried to preserve?

  • A. Believable
  • B. Authentic
  • C. Admissible
  • D. Complete

Answer: A


NEW QUESTION # 126
Changing the web server contents, Accessing the workstation using a false ID and Copying sensitive data without authorization are examples of:

  • A. Social Engineering attacks
  • B. Unauthorized access attacks
  • C. DDoS attacks
  • D. Malware attacks

Answer: B


NEW QUESTION # 127
The flow chart gives a view of different roles played by the different personnel of CSIRT. Identify the incident
response personnel denoted by A, B, C, D, E, F and G.

  • A. A- Incident Coordinator, B-Incident Analyst, C- Public Relations, D-Administrator, E- Human Resource, F-
    Constituency, G-Incident Manager
  • B. A- Incident Coordinator, B- Constituency, C-Administrator, D-Incident Manager, E- Human Resource, F-
    Incident Analyst, G-Public relations
  • C. A- Incident Manager, B-Incident Analyst, C- Public Relations, D-Administrator, E- Human Resource, F-
    Constituency, G-Incident Coordinator
  • D. A-Incident Analyst, B- Incident Coordinator, C- Public Relations, D-Administrator, E- Human Resource, F-
    Constituency, G-Incident Manager

Answer: B


NEW QUESTION # 128
An active vulnerability scanner featuring high speed discovery, configuration auditing, asset profiling, sensitive data discovery, and vulnerability analysis is called:

  • A. Nessus
  • B. CyberCop
  • C. EtherApe
  • D. nmap

Answer: A


NEW QUESTION # 129
Oscar receives an email from an unknown source containing his domain name oscar.com. Upon checking the link, he found that it contains a malicious URL that redirects to the website evil site.org.
What type of vulnerability is this?

  • A. Botnet
  • B. Malware
  • C. Unvalidated redirects and forwards
  • D. SQL injection

Answer: C


NEW QUESTION # 130
Spyware tool used to record malicious user's computer activities and keyboard stokes is called:

  • A. adware
  • B. Rootkit
  • C. Keylogger
  • D. Firewall

Answer: C


NEW QUESTION # 131
......

212-89 Cert Guide PDF 100% Cover Real Exam Questions: https://actualtests.troytecdumps.com/212-89-troytec-exam-dumps.html

Related Articles

more
EC-COUNCIL 212-89 Certification Practice Exam

Copyright © 2026 TroytecDumps NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy