212-89 Exam Details

  • Exam Code
    :212-89
  • Exam Name
    :EC Council Certified Incident Handler (ECIH v3)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :232 Q&As
  • Last Updated
    :Jul 07, 2026

EC-COUNCIL 212-89 Online Questions & Answers

  • Question 1:

    Which of the following port scanning techniques involves resetting the TCP connection between client and server abruptly before completion of the three-way handshake signals, making the connection half-open?

    A. Null scan
    B. Full connect scan
    C. Stealth scan
    D. Xmas scan

  • Question 2:

    Which of the following terms refers to vulnerable account management functions, including account update, recovery of forgotten or lost passwords, and password reset, that might weaken valid authentication schemes?

    A. SQL injection
    B. Broken account management
    C. Directory traversal
    D. Cross-site scripting

  • Question 3:

    Which of the following options describes common characteristics of phishing emails?

    A. Written in French
    B. Sent from friends or colleagues
    C. Urgency, threatening, or promising subject lines
    D. No BCC fields

  • Question 4:

    An attacker exploits a web application flaw that allows unauthorized users to execute commands on the server hosting the application. Which phase of incident handling focuses on identifying how this vulnerability was exploited?

    A. Containment
    B. Detection and analysis
    C. Recovery
    D. Incident disclosure

  • Question 5:

    Keyloggers do NOT:

    A. Run in the background
    B. Alter system files
    C. Secretly records URLs visited in browser, keystrokes, chat conversations, ...etc
    D. Send log file to attacker's email or upload it to an ftp server

  • Question 6:

    Which of the following GPG18 and Forensic readiness planning (SPF) principles states that "organizations should adopt a scenario based Forensic Readiness Planning approach that learns from experience gained within the business"?

    A. Principle 3
    B. Principle 2
    C. Principle 5
    D. Principle 7

  • Question 7:

    Which type of malware enables an attacker to maintain long-term, covert access to a compromised system?

    A. Worm
    B. Logic bomb
    C. Backdoor
    D. Adware

  • Question 8:

    Bran is an incident handler who is assessing the network of the organization. In the process, he wants to detect ping sweep attempts on the network using Wireshark tool. Which of the following Wireshark filter he must use to accomplish this task?

    A. icmp.seq
    B. icmp.redir_gw
    C. icmp.type==8
    D. icmp.ident

  • Question 9:

    CSIRT can be implemented at:

    A. Internal enterprise level
    B. National, government and military level
    C. Vendor level
    D. All the above

  • Question 10:

    James is a professional hacker and is employed by an organization to exploit their cloud services. In order to achieve this, James created anonymous access to the cloud services to carry out various attacks such as password and key cracking, hosting malicious data, and DDoS attacks. Which of the following threats is he posing to the cloud platform?

    A. Insecure interface and APIs
    B. Data breach/loss
    C. Insufficient duo diligence
    D. Abuse end nefarious use of cloud services

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 212-89 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.