212-89 Exam Details

  • Exam Code
    :212-89
  • Exam Name
    :EC Council Certified Incident Handler (ECIH v3)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :232 Q&As
  • Last Updated
    :Jul 15, 2026

EC-COUNCIL 212-89 Online Questions & Answers

  • Question 61:

    Finn is working in the eradication phase, wherein he is eliminating the root cause of an incident that occurred in the Windows operating system installed in a system. He ran a tool that can detect missing security patches and install the latest patches on the system and networks. Which of the following tools did he use to detect the missing security patches?

    A. Microsoft Cloud App Security
    B. Offico360 Advanced Throat Protection
    C. Microsoft Advanced Threat Analytics
    D. Microsoft Baseline Security Analyzer

  • Question 62:

    The state of incident response preparedness that enables an organization to maximize its potential to use digital evidence while minimizing the cost of an investigation is called:

    A. Computer Forensics
    B. Digital Forensic Analysis
    C. Forensic Readiness
    D. Digital Forensic Policy

  • Question 63:

    An incident handler is analyzing email headers to find out suspicious emails. Which of the following tools he/she must use in order to accomplish the task?

    A. Barracuda Email Security Gateway
    B. Gophish
    C. SPAMfighter

  • Question 64:

    An organization performs a post-incident review to document lessons learned and improve future response capabilities. Which phase of incident handling does this activity belong to?

    A. Recovery
    B. Eradication
    C. Post-incident activity
    D. Detection

  • Question 65:

    John is a professional hacker who is performing an attack on the target organization where he tries to redirect the connection between the IP address and its target server such that when the users type in the Internet address, it redirects them to a rogue website that resembles the original website. He tries this attack using cache poisoning technique. Identify the type of attack John is performing on the target organization.

    A. War driving
    B. Pharming
    C. Skimming
    D. Pretexting

  • Question 66:

    Jacob is an employee at a firm called Dolphin Investment. While he was on duty, he identified that his computer was facing some problems, and he wanted to convey the issue to the concerned authority in his organization. However, this organization currently does not have a ticketing system to address such types of issues. In the above scenario, which of the following ticketing systems can be employed by Dolphin Investment to allow Jacob to inform the concerned team about the incident?

    A. IBM XForco Exchange
    B. ThreatConnect
    C. MISP
    D. ManageEngine ServiceDesk Plus

  • Question 67:

    Johnson an incident handler is working on a recent web application attack faced by the organization. As part of this process, he performed data preprocessing in order to analyzing and detecting the watering hole attack. He preprocessed the outbound network traffic data collected from firewalls and proxy servers and started analyzing the user activities within a certain time period to create time-ordered domain sequences to perform further analysis on sequential patterns. Identify the data-preprocessing step performed by Johnson.

    A. Filtering invalid host names
    B. Identifying unpopular domains
    C. Host name normalization
    D. User-specific sessionization

  • Question 68:

    Robert is an incident handler working for Xsecurity Inc. One day, his organization faced a massive cyberattack and all the websites related to the organization went offline. Robert was on duty during the incident and he was responsible to handle the incident and maintain business continuity. He immediately restored the web application service with the help of the existing backups. According to the scenario, which of the following stages of incident handling and response (IHandR) process does Robert performed?

    A. Evidence gathering and forensics analysis
    B. Eradication
    C. Notification
    D. Recovery

  • Question 69:

    Nervous Nat often sends emails with screenshots of what he thinks are serious incidents, but they always turn out to be false positives. Today, he sends another screenshot, suspecting a nation-state attack. As usual, you go through your list of questions, check your resources for information to determine whether the screenshot shows a real attack, and determine the condition of your network. Which step of IR did you just perform?

    A. Recovery
    B. Preparation
    C. Remediation
    D. Detection anc analysis (or identification)

  • Question 70:

    What command does a Digital Forensic Examiner use to display the list of all IP addresses and their associated MAC addresses on a victim computer to identify the machines that were communicating with it:

    A. "arp" command
    B. "netstat n" command
    C. "dd" command
    D. "ifconfig" command

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 212-89 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.