212-89 Exam Details

  • Exam Code
    :212-89
  • Exam Name
    :EC Council Certified Incident Handler (ECIH v3)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :232 Q&As
  • Last Updated
    :Jul 15, 2026

EC-COUNCIL 212-89 Online Questions & Answers

  • Question 51:

    Which of the following incidents are reported under CAT -5 federal agency category?

    A. Exercise/ Network Defense Testing
    B. Malicious code
    C. Scans/ probes/ Attempted Access
    D. Denial of Service DoS

  • Question 52:

    A malicious security-breaking code that is disguised as any useful program that installs an executable programs when a file is opened and allows others to control the victim's system is called:

    A. Trojan
    B. Worm
    C. Virus
    D. RootKit

  • Question 53:

    Your company holds a large amount of customer PH. and you want to protect those data from theft or unauthorized modification. Among other actions, you classify and encrypt the data. In this process, which of the following OWASP security risks are you guarding against?

    A. Insecure deserialization
    B. Security misconfiguration
    C. Broken authentication
    D. Sensitive data exposure

  • Question 54:

    The network perimeter should be configured in such a way that it denies all incoming and outgoing traffic/ services that are not required. Which service listed below, if blocked, can help in preventing Denial of Service attack?

    A. SAM service
    B. POP3 service
    C. SMTP service
    D. Echo service

  • Question 55:

    You are talking to a colleague who Is deciding what information they should include in their organization's logs to help with security auditing. Which of the following items should you tell them to NOT log?

    A. Timestamp
    B. Session ID
    C. Source IP eddross
    D. userid

  • Question 56:

    Which of the following encoding techniques replaces unusual ASCII characters with "%" followed by the character's two-digit ASCII code expressed in hexadecimal?

    A. URL encoding
    B. Unicode encoding
    C. Base64 encoding
    D. HTML encoding

  • Question 57:

    An audit trail policy collects all audit trails such as series of records of computer events, about an operating system, application or user activities. Which of the following statements is NOT true for an audit trail policy:

    A. It helps calculating intangible losses to the organization due to incident
    B. It helps tracking individual actions and allows users to be personally accountable for their actions
    C. It helps in compliance to various regulatory laws, rules,and guidelines
    D. It helps in reconstructing the events after a problem has occurred

  • Question 58:

    QualTech Solutions is a leading security services enterprise. Dickson, who works as an incident responder with this firm, is performing a vulnerability assessment to identify the security problems in the network by using automated tools for identifying the hosts, services, and vulnerabilities in the enterprise network. In the above scenario, which of the following types of vulnerability assessment is Dickson performing?

    A. Active assessment
    B. External assessment
    C. Internal assessment
    D. Passive assessment

  • Question 59:

    The following steps describe the key activities in forensic readiness planning:

    1. Train the staff to handle the incident and preserve the evidence

    2. Create a special process for documenting the procedure

    3. Identify the potential evidence required for an incident

    4. Determine the source of the evidence

    5. Establish a legal advisory board to guide the investigation process

    6. Identify if the incident requires full or formal investigation

    7. Establish a policy for securely handling and storing the collected evidence

    8. Define a policy that determines the pathway to legally extract electronic evidence with minimal disruption Identify the correct sequence of steps involved in forensic readiness planning.

    A. 2-->3-->1-->4-->6-->5-->7-->8
    B. 3-->4-->8-->7-->6-->1-->2-->5
    C. 3-->1-->4-->5-->8-->2-->6-->7
    D. 1-->2-->3-->4-->5-->6-->7-->8

  • Question 60:

    The flow chart gives a view of different roles played by the different personnel of CSIRT. Identify the incident response personnel denoted by A, B, C, D, E, F and G.

    A. A-Incident Analyst, B- Incident Coordinator, C- Public Relations, D-Administrator, E- Human Resource, F-Constituency, G-Incident Manager
    B. A- Incident Coordinator, B-Incident Analyst, C- Public Relations, D-Administrator, E- Human Resource, F-Constituency, G-Incident Manager
    C. A- Incident Coordinator, B- Constituency, C-Administrator, D-Incident Manager, E- Human Resource, F-Incident Analyst, G-Public relations
    D. A- Incident Manager, B-Incident Analyst, C- Public Relations, D-Administrator, E- Human Resource, F- Constituency, G-Incident Coordinator

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 212-89 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.