212-89 Exam Details

  • Exam Code
    :212-89
  • Exam Name
    :EC Council Certified Incident Handler (ECIH v3)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :232 Q&As
  • Last Updated
    :Jul 15, 2026

EC-COUNCIL 212-89 Online Questions & Answers

  • Question 171:

    A methodical series of techniques and procedures for gathering evidence, from computing equipment and various storage devices and digital media, that can be presented in a court of law in a coherent and meaningful format is called:

    A. Forensic Analysis
    B. Computer Forensics
    C. Forensic Readiness
    D. Steganalysis

  • Question 172:

    The individual who recovers, analyzes, and preserves computer and related materials to be presented as evidence in a court of law and identifies the evidence, estimates the potential impact of the malicious activity on the victim, and assesses the intent and identity of the perpetrator is called:

    A. Digital Forensic Examiner
    B. Computer Forensic Investigator
    C. Computer Hacking Forensic Investigator
    D. All the above

  • Question 173:

    If a hacker cannot find any other way to attack an organization, they can influence an employee or a disgruntled staff member. What type of threat is this?

    A. Phishing attack
    B. Insider attack
    C. Footprinting
    D. Identity theft

  • Question 174:

    Shally, an incident handler, is working for a company named Texas Pvt. Ltd. based in Florida. She was asked to work on an incident response plan. As part of the plan, she decided to enhance and improve the security infrastructure of the enterprise. She has incorporated a security strategy that allows security professionals to use several protection layers throughout their information system. Due to multiple layer protection, this security strategy assists in preventing direct attacks against the organization's information system as a break in one layer only leads the attacker to the next layer.

    Identify the security strategy Shally has incorporated in the incident response plan.

    A. Defense-in-depth
    B. Three-way handshake
    C. Covert channels
    D. Exponential backoff algorithm

  • Question 175:

    James has been appointed as an incident handling and response (IHandR) team lead and he was assigned to build an IHandR plan along with his own team in the company. Identify the IHandR process step James is currently working on.

    A. Eradication
    B. Recovery
    C. Preparation
    D. Notification

  • Question 176:

    Elizabeth, who works for OBC organization as an incident responder, is assessing the risks to the organizational security. As part of the assessment process, she is calculating the probability of a threat source exploiting an existing system vulnerability. Which of the following risk assessment steps is Elizabeth currently in?

    A. Vulnerability identification
    B. Impact analysis
    C. Likelihood analysis
    D. System characterization

  • Question 177:

    Which of the following is the BEST method to prevent email incidents?

    A. Installing antivirus rule updates
    B. Disabling HTML in email content fields
    C. Web proxy filtering
    D. End-user training

  • Question 178:

    The free, open source, TCP/IP protocol analyzer, sniffer and packet capturing utility standard across many industries and educational institutions is known as:

    A. Snort
    B. Wireshark
    C. Cain and Able
    D. nmap

  • Question 179:

    Ren is assigned to handle a security incident of an organization. He is tasked with forensics investigation to find the evidence needed by the management. Which of the following steps falls under the investigation phase of the computer forensics investigation process?

    A. Secure the evidence
    B. Risk assessment
    C. Setup a computer forensics lab
    D. Evidence assessment

  • Question 180:

    Which of the following is NOT a network forensic tool?

    A. Capsa Network Analyzer
    B. Tcpdurnp
    C. Advancec NTFS Journaling Parser
    D. Wireshark

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 212-89 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.