212-89 Exam Details

  • Exam Code
    :212-89
  • Exam Name
    :EC Council Certified Incident Handler (ECIH v3)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :232 Q&As
  • Last Updated
    :Jul 07, 2026

EC-COUNCIL 212-89 Online Questions & Answers

  • Question 21:

    In which of the following stages of the incident handling and response (IHandR) process do the incident handlers try to find the root cause of the incident along with the threat actors behind the incidents, threat vectors, etc.?

    A. Evidence gathering and forensics analysis
    B. Incident triage
    C. Incident recording and assignment
    D. Post-incident activities

  • Question 22:

    John, a professional hacker, is attacking an organization, where he is trying to destroy the connectivity between an AP and client to make the target unavailable to other wireless devices. Which of the following attacks is John performing in this case?

    A. Routing attack
    B. EAP failure
    C. Disassociation attack
    D. Denial-of-service

  • Question 23:

    An information security incident is

    A. Any real or suspected adverse event in relation to the security of computer systems or networks
    B. Any event that disrupts normal today's business functions
    C. Any event that breaches the availability of information assets
    D. All of the above

  • Question 24:

    Which attack technique involves sending fragmented packets to bypass intrusion detection systems?

    A. Replay attack
    B. Packet fragmentation attack
    C. DNS poisoning
    D. Smurf attack

  • Question 25:

    Joseph is an incident handling and response (IHandR) team lead in Toro Network Solutions Company. As a part of IHandR process, Joseph alerted the service providers, developers, and manufacturers about the affected resources. Identify the stage of IHandR process Joseph is currently in.

    A. Eradication
    B. Containment
    C. Incident triage
    D. Recovery

  • Question 26:

    Removing or eliminating the root cause of the incident is called:

    A. Incident Eradication
    B. Incident Protection
    C. Incident Containment
    D. Incident Classification

  • Question 27:

    An attacker tricks users into visiting a legitimate-looking website by manipulating DNS records. What type of attack is this?

    A. Spoofing
    B. Pharming
    C. Phishing
    D. Pretexting

  • Question 28:

    Eric works as a system administrator at ABC organization and previously granted several users with access privileges to the organizations systems with unlimited permissions. These privileged users could prospectively misuse their rights unintentionally, maliciously, or could be deceived by attackers that could trick them to perform malicious activities. Which of the following guidelines would help incident handlers eradicate insider attacks by privileged users?

    A. Do not allow administrators to use unique accounts during the installation process
    B. Do not enable default administrative accounts to ensure accountability
    C. Do not control the access to administrator ano privileged users
    D. Do not use encryption methods to prevent, administrators and privileged users from accessing backup tapes and sensitive information

  • Question 29:

    Which of the following digital evidence temporarily stored on a digital device that requires a constant power supply and is deleted if the power supply is interrupted?

    A. Swap file
    B. Event logs
    C. Slack space
    D. Process memory

  • Question 30:

    Which of the following is a common tool used to help detect malicious internal or compromised actors?

    A. User behavior analytics
    B. SOC2 compliance report
    C. Log forward ng
    D. Syslog configuration

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 212-89 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.