EC-Council 212-89 EC Council Certified Incident Handler (ECIH v2) Online Training
EC-Council 212-89 Online Training
The questions for 212-89 were last updated at Dec 24,2024.
- Exam Code: 212-89
- Exam Name: EC Council Certified Incident Handler (ECIH v2)
- Certification Provider: EC-Council
- Latest update: Dec 24,2024
Patrick is doing a cyber forensic investigation. He is in the process of collecting physical evidence at the crime scene.
Which of the following elements he must consider while collecting physical evidence?
- A . Published nameservers and web application source code
- B . DNS information including domain and subdomains
- C . Removable media, cable, and publications
- D . Open ports, services, and operating system (OS) vulnerabilities
Eric works as a system administrator at ABC organization and previously granted several users with access privileges to the organizations systems with unlimited permissions. These privileged users could prospectively misuse their rights unintentionally, maliciously, or could be deceived by attackers that could trick them to perform malicious activities.
Which of the following guidelines would help incident handlers eradicate insider at tacks by privileged users?
- A . Do not allow administrators to use unique accounts during the installation process
- B . Do not use encryption methods to prevent administrators and privileged users from accessing backup tapes and sensitive information
- C . Do not control the access to administrators and privileged users
- D . Do not enable default administrative accounts to ensure accountability
Which of the following email security tools can be used by an incident handler to prevent the organization against evolving email threats?
- A . Mx Toolbox
- B . G Suite Toolbox
- C . Email Header Analyzer
- D . Gpg4win
Racheal is an incident handler working at an organization called Inception Tech. Recently, numerous employees have been complaining about receiving emails from unknown senders. In order to prevent employees from spoof ng emails and keeping security in mind, Racheal was asked to take appropriate actions in this matter. As a part of her assignment, she needs to analyze the email headers to check the authenticity of received emails.
Which of the following protocol/authentication standards she must check in email header to analyze the email authenticity?
- A . POP
- B . SNMP
- C . DKIM
- D . ARP
Bonney’s system has been compromised by a gruesome malware.
What is the primary step that is advisable to Bonney in order to contain the malware incident from spreading?
What is the cause of this issue?
- A . Complaint to police in a formal way regarding the incident
- B . Turnoff the infected machine
- C . Leave it to the network administrators to handle
- D . Call the legal department in the organization and info m about the incident
Which one of the following is Inappropriate Usage Incidents?
- A . Denial of Service Attack
- B . Reconnaissance Attack
- C . Access Control Attack
- D . Insider Threat
Rinni is an incident handler and she is performing memory dump analysis.
Which of following tools she can use in order to perform a memory dump analysis?
- A . iNetSim
- B . OllyDbg and IDA Pro
- C . Proc mon and Process Explorer
- D . Scylla and Olly DumpEx
Rose is an incident-handler and is responsible for detecting and eliminating any kind of scanning attempts over the network by malicious threat actors. Rose uses Wire shark to sniff the network and detect any malicious activities going on.
Which of the following Wireshark filters can be used by her to detect TCP Xmas scan attempt by the attacker?
- A . tcp.flags.reset== 1
- B . tcp.flags==0X 000
- C . tcp.flags==0X 029
- D . tcp.dstport== 7
Which of the following is not a countermeasure to eradicate cloud security incidents?
- A . Checking for data protection at both design and runtime
- B . Disabling security options such as two factor authentication and CAPTCHA
- C . Patching the database vulnerabilities and improving the isolation mechanism
- D . Removing the malware files and traces from the affected components
Who is mainly responsible for providing proper network services and handling network-related incidents in each cloud service model?
- A . Cloud brokers
- B . Cloud service provider
- C . Cloud consumer
- D . Cloud auditor