• Home
  • Blogs
  • [Full-Version] 2024 New Preparation Guide of EC-COUNCIL 212-89 Exam [Q122-Q144]

[Full-Version] 2024 New Preparation Guide of EC-COUNCIL 212-89 Exam [Q122-Q144]

Share

[Full-Version] 2024 New Preparation Guide of EC-COUNCIL 212-89 Exam

212-89 Practice Exam - 205 Unique Questions


EC-COUNCIL 212-89 certification exam is a globally recognized credential offered by the International Council of E-Commerce Consultants (EC-Council). EC Council Certified Incident Handler (ECIH v2) certification is designed to validate the knowledge and skills of cybersecurity professionals in incident handling and response. The EC-Council Certified Incident Handler (ECIH v2) certification is ideal for professionals who are responsible for managing and responding to security incidents in an organization.

 

NEW QUESTION # 122
Which of the following digital evidence is temporarily stored on a digital device that requires a constant power supply and is deleted if the power supply is interrupted?

  • A. Event logs
  • B. Swap file
  • C. Slack space
  • D. Process memory

Answer: D


NEW QUESTION # 123
Which of the following information security personnel handles incidents from management and technical point of view?

  • A. Threat researchers
  • B. Incident manager (IM)
  • C. Network administrators
  • D. Forensic investigators

Answer: B


NEW QUESTION # 124
A Host is infected by worms that propagates through a vulnerable service; the sign(s) of the presence of the worm include:

  • A. System becomes instable or crashes
  • B. Established connection attempts targeted at the vulnerable services
  • C. Decrease in network usage
  • D. All the above

Answer: A


NEW QUESTION # 125
What is correct about Quantitative Risk Analysis:

  • A. Better than Qualitative Risk Analysis
  • B. Easily automated
  • C. It is Subjective but faster than Qualitative Risk Analysis
  • D. Uses levels and descriptive expressions

Answer: B


NEW QUESTION # 126
Identify the malicious program that is masked as a genuine harmless program and gives the attacker unrestricted access to the users information and system. These programs may unleash dangerous programs that may erase the unsuspecting user's disk and send the victim's credit card numbers and passwords to a stranger.

  • A. Virus
  • B. Adware
  • C. Worm
  • D. Trojan

Answer: D


NEW QUESTION # 127
A methodical series of techniques and procedures for gathering evidence, from computing equipment and various storage devices and digital media, that can be presented in a court of law in a coherent and meaningful format is called:

  • A. Forensic Analysis
  • B. Forensic Readiness
  • C. Steganalysis
  • D. Computer Forensics

Answer: D


NEW QUESTION # 128
Which of the following is a type of malicious code or software that appears legitimate but can take control of your computer?

  • A. Trojan attack
  • B. Password attack
  • C. DDoS
  • D. Phishing attack

Answer: A


NEW QUESTION # 129
Incident handling and response steps help you to detect, identify, respond and manage an incident. Which of
the following steps focus on limiting the scope and extent of an incident?

  • A. Eradication
  • B. Identification
  • C. Containment
  • D. Data collection

Answer: C


NEW QUESTION # 130
An assault on system security that is derived from an intelligent threat is called:

  • A. Attack
  • B. Threat Agent
  • C. Risk
  • D. Vulnerability

Answer: A


NEW QUESTION # 131
You area systems administrator for a company. You are accessing your fileserver remotely for maintenance.
Suddenly, you are unable to access the server. After contacting others in your department, you find out that they cannot access the file server either.
You can ping the file server but not connect to it via RD. You check the Active Directory Server, and all is well.
You check the email server and find that emails are sent and received normally.
What is the most likely issue?

  • A. An admin account issue
  • B. The fileserver has shutdown
  • C. A denial-of-service issue
  • D. An email service issue

Answer: C


NEW QUESTION # 132
Identify a standard national process which establishes a set of activities, general tasks and a management structure to certify and accredit systems that will maintain the information assurance (IA) and security posture of a system or site.

  • A. NIPACP
  • B. NIASAP
  • C. NIACAP
  • D. NIAAAP

Answer: C


NEW QUESTION # 133
The type of relationship between CSIRT and its constituency have an impact on the services provided by the CSIRT. Identify the level of the authority that enables members of CSIRT to undertake any necessary actions on behalf of their constituency?

  • A. Half-level authority
  • B. Full-level authority
  • C. Shared-level authority
  • D. Mid-level authority

Answer: B


NEW QUESTION # 134
Policies are designed to protect the organizational resources on the network by establishing the set rules and procedures. Which of the following policies authorizes a group of users to perform a set of actions on a set of resources?

  • A. Documentation policy
  • B. Audit trail policy
  • C. Logging policy
  • D. Access control policy

Answer: D


NEW QUESTION # 135
After malware is removed from a system and a clean scan is returned, which of the following steps should be taken for the affected device?

  • A. It should be placed in a monitoring environment for review to ensure that malware is removed before being placed in production.
  • B. It should be re-imaged
  • C. It should be sealed in a box and placed in storage for 90 days.
  • D. It should be connected to the domain controller via Ethernet to pull updated information

Answer: A


NEW QUESTION # 136
A user downloaded what appears to be genuine software. Unknown to her, when she installed the application, it executed code that provided an unauthorized remote attacker access to her computer.
What type of malicious threat displays this characteristic?

  • A. Virus
  • B. Backdoor
  • C. Spyware
  • D. Trojan

Answer: D


NEW QUESTION # 137
Which of the following is NOT one of the common techniques used to detect Insider threats:

  • A. Observing employee sick leaves
  • B. Spotting an increase in their performance
  • C. Observing employee tardiness and unexplained absenteeism
  • D. Spotting conflicts with supervisors and coworkers

Answer: B


NEW QUESTION # 138
Which of the following describes the introduction of malicious programs on to a device connected to a campus network (Trojan horse, email bombs, virus, etc.)?

  • A. Authorized access
  • B. Network access
  • C. Unauthorized access
  • D. Inappropriate usage

Answer: B


NEW QUESTION # 139
Otis is an incident handler working in an organization called Delmont. Recently, the organization faced several setbacks in business, whereby its revenues are decreasing. Otis was asked to take charge and look into the matter. While auditing the enterprise security, he found traces of an attack through which proprietary information was stolen from the enterprise network and passed on to their competitors.
Which of the following information se cunty incidents did Delmont face?

  • A. Email-based abuse
  • B. Unauthorized access
  • C. Espionage
  • D. Network and resource abuses

Answer: C


NEW QUESTION # 140
Incident management team provides support to all users in the organization that are affected by the threat or
attack. The organization's internal auditor is part of the incident response team. Identify one of the
responsibilities of the internal auditor as part of the incident response team:

  • A. Coordinate incident containment activities with the information security officer
  • B. Perform necessary action to block the network traffic from suspected intruder
  • C. Configure information security controls
  • D. Identify and report security loopholes to the management for necessary actions

Answer: D


NEW QUESTION # 141
Incident may be reported using/ by:

  • A. All the above
  • B. Facsimile (Fax)
  • C. Phone call
  • D. Email or on-line Web form

Answer: A


NEW QUESTION # 142
Clark, a professional hacker, successfully exploited the web application of a target organization by tampering with form and parameter values. Consequently, Clark gained access to the information assets of the organization.
Which of the following is the web-application vulnerability exploited by the attacker?

  • A. Broken access control
  • B. Security misconfiguration
  • C. Sensitive data exposure
  • D. SQL injection

Answer: D


NEW QUESTION # 143
The left over risk after implementing a control is called:

  • A. Low risk
  • B. Residual risk
  • C. Unaccepted risk
  • D. Critical risk

Answer: B


NEW QUESTION # 144
......


The EC-COUNCIL 212-89 exam is an excellent opportunity for professionals who wish to boost their skills and knowledge in incident handling and response. Successful completion of the ECIH v2 exam assures employers that the individual has an in-depth understanding of incident management and is equipped to handle cyber-security incidents in a professional capacity.

 

Latest Questions 212-89 Guide to Prepare Free Practice Tests: https://www.actualtestsquiz.com/212-89-test-torrent.html

Reliable 212-89 Dumps Questions Available as Web-Based Practice Test Engine: https://drive.google.com/open?id=1lPr4U_Sjm6FVl-SzRjpzioXvIoeDWuqK

Related Blogs

more
EC-COUNCIL 212-89 Certification Practice Exam

ActualTestsQuiz offers best test Quiz materials to help all candidates pass exams and obtain certification successfully all over the world. If you are eager to obtain a certification, we will be your best select.

Latest Update

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 ACTUALTESTSQUIZ.COM. All rights reserved. All trademarks are the property of their respective owners and we don't provide actual questions from any vendor. Privacy Policy