212-89 Exam Details

  • Exam Code
    :212-89
  • Exam Name
    :EC Council Certified Incident Handler (ECIH v3)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :232 Q&As
  • Last Updated
    :Jul 07, 2026

EC-COUNCIL 212-89 Online Questions & Answers

  • Question 31:

    A self-replicating malicious code that does not alter files but resides in active memory and duplicates itself, spreads through the infected network automatically and takes advantage of file or information transport features on the system to travel independently is called:

    A. Trojan
    B. Worm
    C. Virus
    D. RootKit

  • Question 32:

    An incident is analyzed for its nature, intensity and its effects on the network and systems. Which stage of the incident response and handling process involves auditing the system and network log files?

    A. Incident recording
    B. Reporting
    C. Containment
    D. Identification

  • Question 33:

    Which principle ensures that digital evidence can be traced from collection through presentation without unauthorized alteration?

    A. Confidentiality
    B. Availability
    C. Chain of custody
    D. Non-repudiation

  • Question 34:

    Ikeo Corp, hired an incident response team to assess the enterprise security. As part of the incident handling and response process, the IR team is reviewing the current security policies implemented by the enterprise. The IR team finds that employees of the organization do not have any restrictions on Internet access: they are allowed to visit any site, download any application, and access a computer or network from a remote location. Considering this as the main security threat, the IR team plans to change this policy as it can be easily exploited by attackers. Which of the following security policies is the IR team planning to modify?

    A. Paranoid policy
    B. Prudent policy
    C. Promiscuous policy
    D. Permissive policy

  • Question 35:

    Eve's is an incident handler in ABC organization. One day, she got a complaint about email hacking incident from one of the employees of the organization. As a part of incident handling and response process, she must follow many recovery steps in order to recover from incident impact to maintain business continuity. What is the first step that she must do to secure employee account?

    A. Restore the email services and change the password
    B. Enable two-factor authentication
    C. Enable scanning of links and attachments in all the emails
    D. Disabling automatic file sharing between the systems

  • Question 36:

    Dash wants to perform a DoS attack over 256 target URLs simultaneously. Which of the following tools can Dash employ to achieve his objective?

    A. HOIC
    B. IDAPro
    C. Ollydbg
    D. OpenVAS

  • Question 37:

    Racheal is an incident handler working in InceptionTech organization. Recently, numerous employees are complaining about receiving emails from unknown senders. In order to prevent employees against spoofing emails and keeping security in mind, Racheal was asked to take appropriate actions in this matter. As a part of her assignment, she needs to analyze the email headers to check the authenticity of received emails. Which of the following protocol/authentication standards she must check in email header to analyze the email authenticity?

    A. DKIM
    B. SNMP
    C. POP
    D. ARP

  • Question 38:

    Richard is analyzing a corporate network. After an alert in the network's IPS. he identified that all the servers are sending huge amounts of traffic to the website abc.xyz. What type of information security attack vectors have affected the network?

    A. Botnet
    B. Advance persistent three Is
    C. Ransomware
    D. IOT threats

  • Question 39:

    The main feature offered by PGP Desktop Email is:

    A. Email service during incidents
    B. End-to-end email communications
    C. End-to-end secure email service
    D. None of the above

  • Question 40:

    Which of the following is a technique used by attackers to make a message difficult to understand through the use of ambiguous language?

    A. Steganography
    B. Spoofing
    C. Encryption
    D. Obfuscation

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 212-89 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.