212-89 Exam Details

  • Exam Code
    :212-89
  • Exam Name
    :EC Council Certified Incident Handler (ECIH v3)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :232 Q&As
  • Last Updated
    :Jul 07, 2026

EC-COUNCIL 212-89 Online Questions & Answers

  • Question 11:

    In which of the following confidentiality attacks attackers try to lure users by posing themselves as authorized AP by beaconing the WLAN's SSID?

    A. Evil twin AP
    B. Session hijacking
    C. Honeypot AP
    D. Masqueradin

  • Question 12:

    Darwin is an attacker residing within the organization and is performing network sniffing by running his system in promiscuous mode. He is capturing and viewing all the network packets transmitted within the organization. Edwin is an incident handler in the same organization. In the above situation, which of the following Nmap commands Edwin must use to detect Darwin's system that is running in promiscuous mode?

    A. nmap -sV -T4 -O -F -version-light
    B. nmap -sU -p 500
    C. nmap --script=sniffer-detect [Target IP Address/Range of IP addresses]
    D. nmap --script hostmap

  • Question 13:

    John is performing memory dump analysis in order to find out the traces of malware.

    He has employed volatility tool in order to achieve his objective.

    Which of the following volatility framework commands he will use in order to analyze running process from the memory dump?

    A. python vol.py svcscan --profile=Win2008SP1x86 -f /root/Desktop/memdump.mem | more
    B. python vol.py pslist --profile=Win2008SP1x86 -f /root/Desktop/memdump.mem
    C. python vol.py hivelist --profile=Win2008SP1x86 -f /root/Desktop/memdump.mem
    D. python vol.py imageinfo -f /root/Desktop/memdump.mem

  • Question 14:

    Clark, a professional hacker, exploited the web application of a target organization by tampering the form and parameter values. He successfully exploited the web application and gained access to the information assets of the organization. Identify the vulnerability in the web application exploited by the attacker.

    A. Broken access control
    B. Security misconfiguration
    C. SQL injection
    D. Sensitive data exposure

  • Question 15:

    Which of the following techniques prevent or mislead incident-handling process and may also affect the collection, preservation, and identification phases of the forensic investigation process?

    A. Scanning
    B. Footprinting
    C. Enumeration
    D. Anti-forensics

  • Question 16:

    Business Continuity provides a planning methodology that allows continuity in business operations:

    A. Before and after a disaster
    B. Before a disaster
    C. Before, during and after a disaster
    D. During and after a disaster

  • Question 17:

    Which of the following tools helps incident handlers to view the file system, retrieve deleted data, perform timeline analysis, web artifacts, etc., during an incident response process?

    A. Autopsy
    B. netstat
    C. Process Explorer
    D. nblslal

  • Question 18:

    Ross is an incident manager (IM) at an organization, and his team provides support to all users in the organization who are affected by threats or attacks. David, who is the organization's internal auditor, is also part of Ross's incident response team. Which of the following is David's responsibility?

    A. Configure information security controls.
    B. Identify and report security loopholes to the management for necessary action.
    C. Coordinate incident containment activities with the information security officer (ISO).
    D. Perform the- necessary action to block the network traffic from the suspectoc intruder.

  • Question 19:

    An organization implemented an encoding technique to eradicate SQL injection attacks. In this technique, if a user submits a request using single-quote and some values, then the encoding technique will convert it into numeric digits and letters ranging from a to f. This prevents the user request from performing SQL injection attempt on the web application. Identify the encoding technique used by the organization.

    A. Unicode encoding
    B. Base64 encoding
    C. Hex encoding
    D. URL encoding

  • Question 20:

    Which of the following best describes an email issued as an attack medium, in which several messages are sent to a mailbox to cause overflow?

    A. Email-bombing
    B. Masquerading
    C. Spoofing
    D. Smurf attack

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 212-89 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.