212-89 Exam Details

  • Exam Code
    :212-89
  • Exam Name
    :EC Council Certified Incident Handler (ECIH v3)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :232 Q&As
  • Last Updated
    :Jul 15, 2026

EC-COUNCIL 212-89 Online Questions & Answers

  • Question 71:

    The left over risk after implementing a control is called:

    A. Residual risk
    B. Unaccepted risk
    C. Low risk
    D. Critical risk

  • Question 72:

    Drake is an incident handler in Dark CLoud Inc. He is intended to perform log analysis in order to detect traces of malicious activities within the network infrastructure. Which of the following tools Drake must employ in order to view logs in real time and identify malware propagation within the network?

    A. Splunk
    B. HULK
    C. Hydra
    D. LOIC

  • Question 73:

    A forensic analyst creates cryptographic hash values before and after acquiring disk images. What is the primary purpose of this action?

    A. Encrypt the evidence
    B. Compress the evidence
    C. Verify evidence integrity
    D. Improve evidence availability

  • Question 74:

    Adam is an incident handler who intends to use DBCC LOG command to analyze a database and retrieve the active transaction log files for the specified database. The syntax of DBCC LOG command is DBCC LOG(, ), where the output parameter specifies the level of information an incident handler wants to retrieve. If Adam wants to retrieve the full information on each operation along with the hex dump of a current transaction row, which of the following output parameters should Adam use?

    A. 2
    B. 3
    C. 4
    D. 1

  • Question 75:

    Your manager hands you several items of digital evidence and asks you to investigate them in the order of volatility. Which of the following is the MOST volatile?

    A. Cache
    B. Disk
    C. Emails
    D. Temp files

  • Question 76:

    Stenley is an incident handler working for Texa Corp. located in the United States. With the growing concern of increasing emails from outside the organization, Stenley was asked to take appropriate actions to keep the security of the organization intact. In the process of detecting and containing malicious emails, Stenley was asked to check the validity of the emails received by employees. Identify the tools he can use to accomplish the given task.

    A. PointofMail
    B. Email Dossier
    C. PoliteMail
    D. EventLog Analyzer

  • Question 77:

    Alex is an incident handler for Tech-o-Tech Inc. and is tasked to identify any possible insider threats within his organization. Which of the following insider threat detection techniques can be used by Alex to detect insider threats based on the behavior of a suspicious employee, both individually and in a group?

    A. behaviorial analysis
    B. Physical detection
    C. Profiling
    D. Mole detection

  • Question 78:

    Stanley works as an incident responder at a top MNC based out of Singapore. He was asked to investigate a cybersecurity incident that recently occurred in the company.

    While investigating the crime, he collected the evidence from the victim systems. He must present this evidence in a clear and comprehensible manner to the members of jury so that the evidence explains the facts clearly and further helps in obtaining an expert opinion on the same to confirm the investigation process.

    In the above scenario, what is the characteristic of the digital evidence Stanley tried to preserve?

    A. Believable
    B. Complete
    C. Authentic
    D. Admissible

  • Question 79:

    When an employee is terminated from his or her job, what should be the next immediate step taken by an organization?

    A. All access rights of the employee to physical locations, networks, systems, applications and data should be disabled
    B. The organization should enforce separation of duties
    C. The access requests granted to an employee should be documented and vetted by the supervisor
    D. The organization should monitor the activities of the system administrators and privileged users who have permissions to access the sensitive information

  • Question 80:

    SWA Cloud Services added PKI as one of their cloud security controls. What does PKI stand for?

    A. Private key infrastructure
    B. Private key in for ma lion
    C. Public key information
    D. Public key infrastructure

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 212-89 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.