2025 Valid 212-89 FREE EXAM DUMPS QUESTIONS & ANSWERS [Q18-Q41]

Share

2025 Valid 212-89 FREE EXAM DUMPS QUESTIONS & ANSWERS

Free 212-89 Exam Braindumps EC-COUNCIL  Pratice Exam


The EC Council Certified Incident Handler (ECIH) v2 exam is an industry-recognized certification that validates the skills and knowledge of professionals who can effectively handle and respond to various cybersecurity incidents. EC Council Certified Incident Handler (ECIH v3) certification program is designed to provide participants with practical skills that can be applied in real-world scenarios, enabling them to mitigate risks, prevent data breaches, and protect their systems against cyber-attacks.

 

NEW QUESTION # 18
Rose is an incident-handling person and she is responsible for detecting and eliminating any kind of scanning attempts over the network by any malicious threat actors. Rose uses Wireshark tool to sniff the network and detect any malicious activities going on.
Which of the following Wireshark filters can be used by her to detect TCP Xmas scan attempt by the attacker?

  • A. tcp.flags.reset==1
  • B. tcp.flags==0X029
  • C. tcp.dstport==7
  • D. tcp.flags==0X000

Answer: B


NEW QUESTION # 19
The network perimeter should be configured in such a way that it denies all incoming and outgoing traffic/ services that are not required. Which service listed below, if blocked, can help in preventing Denial of Service attack?

  • A. SAM service
  • B. SMTP service
  • C. Echo service
  • D. POP3 service

Answer: C


NEW QUESTION # 20
Business continuity is defined as the ability of an organization to continue to function even after a disastrous event, accomplished through the deployment of redundant hardware and software, the use of fault tolerant systems, as well as a solid backup and recovery strategy. Identify the plan which is mandatory part of a business continuity plan?

  • A. New business strategy plan
  • B. Business Recovery Plan
  • C. Sales and Marketing plan
  • D. Forensics Procedure Plan

Answer: B


NEW QUESTION # 21
Michael is an incident handler at CyberTech Solutions. He is performing detection and analysis of a cloud security incident. He is analyzing the file systems, slack spaces, and metadata of the storage units to find hidden malware and evidence of malice.
Identify the cloud security incident handled by Michael.

  • A. Server-related incident
  • B. Application-related incident
  • C. Storage-related incident
  • D. Network-related incident

Answer: C

Explanation:
Michael's activities, which involve analyzing file systems, slack spaces, and metadata of storage units to find hidden malware and evidence of malice, indicate that he is handling a storage-related cloud security incident.
This type of incident pertains to unauthorized access, alteration, or exfiltration of data stored in cloud environments. By focusing on the storage aspects such as file systems and metadata, Michael is looking for signs of compromise that specifically affect the storage of data, which is indicative of a storage-related security incident in the cloud.References:Incident Handler (ECIH v3) certification materials cover the various types of cloud security incidents, detailing how to detect and respond to them, including those related to storage where sensitive data might be targeted or compromised.


NEW QUESTION # 22
Which of the following techniques helps incident handlers to detect man-in-the-middle attack by finding the new APs and trying to connect an already established channel, even if the spoofed AP consists similar IP and MAC addresses as of the original AP?

  • A. General wireless traffic monitoring
  • B. Network traffic monitoring
  • C. Wireless client monitoring
  • D. Access point monitoring

Answer: D


NEW QUESTION # 23
A computer Risk Policy is a set of ideas to be implemented to overcome the risk associated with computer security incidents. Identify the procedure that is NOT part of the computer risk policy?

  • A. Provisions for continuing support if there is an interruption in the system or if the system crashes
  • B. Procedure to monitor the efficiency of security controls
  • C. Procedure for the ongoing training of employees authorized to access the system
  • D. Procedure to identify security funds to hedge risk

Answer: C


NEW QUESTION # 24
Sam. an employee of a multinational company, sends emails to third-party organizations with a spoofed email address of his organization. How can you categorize this type of incident?

  • A. Denial-of-service incicent
  • B. Network intrusion incident
  • C. Inappropriate usage incident
  • D. Unauthorized access incident.

Answer: C

Explanation:
An inappropriate usage incident involves misuse of the organization's resources or violations of its acceptable use policies. Sam's actions, where he sends emails to third-party organizations with a spoofed email address of his employer, constitute misuse of the organization's email system and misrepresentation of the organization.
This behavior can harm the organization's reputation, violate policy, and potentially lead to legal consequences. Inappropriate usage incidents can range from unauthorized use of systems for personal gain to the dissemination of unapproved content.
References:The Incident Handler (ECIH v3) by EC-Council includes discussions on various types of security incidents, emphasizing the importance of addressing and mitigating not just external threats but also internal misuse and policy violations.


NEW QUESTION # 25
Richard is analyzing a corporate network. After an alert in the network's IPS. he identified that all the servers are sending huge amounts of traffic to the website abc.xyz. What type of information security attack vectors have affected the network?

  • A. Advance persistent three Is
  • B. Ransomware
  • C. Botnet
  • D. IOT threats

Answer: C

Explanation:
When a corporate network's servers are sending huge amounts of traffic to a specific website, as detected by the network's Intrusion Prevention System (IPS), this behavior is indicative of a Botnet attack. A Botnet is a network of compromised computers, often referred to as "bots," that are controlled remotely by an attacker, typically without the knowledge of the owners of the computers. The attacker can command these bots to execute distributed denial-of-service (DDoS) attacks, send spam, or conduct other malicious activities. In this scenario, the servers behaving as bots and targeting a website with large volumes of traffic suggests that they have been co-opted into a Botnet to potentially perform a DDoS attack on the website abc.xyz.
References:Incident Handler (ECIH v3) courses and study guides discuss various types of cyber threats and attack vectors, including Botnets and their role in distributed cyber attacks.


NEW QUESTION # 26
According to NITS, what are the 5 main actors in cloud computing?

  • A. Consumer, provider, carrier, auditor, ano broker
  • B. Buyer, consumer, carrier, auditor, and broker
  • C. Provider, carrier, auditor, broker, and seller
  • D. None of these

Answer: A

Explanation:
According to the National Institute of Standards and Technology (NIST), which is a primary source for cloud computing standards and guidelines, the five main actors in cloud computing are Consumer, Provider, Carrier, Auditor, and Broker. These roles are defined as follows:
* Consumer: The person or organization that uses cloud computing services.
* Provider: The entity that provides the cloud services to consumers.
* Carrier: The organization that offers connectivity and transport services to cloud providers and consumers.
* Auditor: An independent party that assesses and verifies the cloud services, security controls, and operations.
* Broker: An entity that manages the use, performance, and delivery of cloud services, and negotiates relationships between cloud providers and consumers.
These actors play critical roles in the ecosystem of cloud computing, ensuring the services are delivered and used securely, efficiently, and effectively.References:NIST's documentation on cloud computing, including the NIST Cloud Computing Standards Roadmap and the NIST Cloud Computing Reference Architecture, detail these roles and their importance in cloud computing frameworks.


NEW QUESTION # 27
If the loss anticipated is greater than the agreed upon threshold; the organization will:

  • A. Mitigate the risk
  • B. Accept the risk
  • C. Do nothing
  • D. Accept the risk but after management approval

Answer: A


NEW QUESTION # 28
Policies are designed to protect the organizational resources on the network by establishing the set rules and procedures. Which of the following policies authorizes a group of users to perform a set of actions on a set of resources?

  • A. Audit trail policy
  • B. Documentation policy
  • C. Access control policy
  • D. Logging policy

Answer: C


NEW QUESTION # 29
Michael is a part of the computer incident response team of a company. One of his responsibilities is to handle email incidents. The company receives an email from an unknown source, and one of the steps that he needs to take is to check the validity of the email. Which of the following tools should he use?

  • A. Yesware
  • B. Email Dossier
  • C. Zendio
  • D. G Suite Toolbox

Answer: B


NEW QUESTION # 30
Attackers or insiders create a backdoor into a trusted network by installing an unsecured access point inside a firewall. They then use any software or hardware access point to perform an attack. Which of the following is this type of attack?

  • A. Email infection
  • B. Malware attack
  • C. Password-based attack
  • D. Rogue- access point attack

Answer: D

Explanation:
A rogue-access point attack occurs when attackers or insiders install an unsecured access point within a trusted network, typically behind a firewall, to create a backdoor. This allows them to bypass network security measures and perform various malicious activities undetected. The use of any software or hardware access point to gain unauthorized access and conduct an attack characterizes a rogue-access point attack. This contrasts with password-based attacks, malware attacks, and email infections, which involve different methodologies and objectives, such as stealing credentials, distributing malicious software, or propagating through email systems, respectively.
References:The ECIH v3 certification materials discuss various types of network attacks, including rogue- access point attacks, highlighting the risk they pose by providing unauthorized network access to attackers.


NEW QUESTION # 31
Which of the following terms refers to vulnerable account management functions, including account update, recovery of forgotten or lost passwords, and password reset, that might weaken valid authentication schemes?

  • A. Directory traversal
  • B. SQL injection
  • C. Broken account management
  • D. Cross-site scripting

Answer: C

Explanation:
The term "broken account management" refers to vulnerabilities in the account management functions of web applications, which can weaken valid authentication schemes. This can include issues with how accounts are created, updated, managed, and deleted, as well as how users recover forgotten passwords or perform password resets. Poorly implemented account management functions can allow attackers to bypass authentication, elevate privileges, or assume the identity of another user. This weakness is a significant security concern because it directly impacts the ability of a system to safeguard user data and maintain operational integrity.
References:In its training materials, the ECIH v3 program addresses various web application vulnerabilities, including broken account management, emphasizing the importance of secure development practices and regular security assessments to prevent such issues.


NEW QUESTION # 32
Which of the following is the ECIH phase that involves removing or eliminating the root cause of an incident and closing all attack vectors to prevent similar incidents in the future?

  • A. Vulnerability management phase
  • B. Containment
  • C. Recovery
  • D. Eradication

Answer: D

Explanation:
Eradication is the phase in the incident response process where the root cause of an incident is removed or eliminated, and all attack vectors are closed to prevent similar incidents in the future. This step follows the containment phase, where the immediate threat is isolated to prevent further damage, and precedes the recovery phase, where normal operations are restored. Eradication involves thoroughly removing malware, unauthorized access mechanisms, or any other elements used in the attack, and securing any vulnerabilities that were exploited. The goal is to ensure that the threat cannot re-emerge and that the systems are secure before they are returned to operational status.References:The EC-Council's Incident Handler (ECIH v3) certification guide outlines the incident response process, including the specific tasks involved in the eradication phase, to ensure that incident handlers are prepared to effectively remove threats from an organization's environment.


NEW QUESTION # 33
Francis is an incident handler and security expert. He works at MorisonTech Solutions based in Sydney, Australia. He was assigned a task to detect phishing/spam mails for the client organization.
Which of the following tools can assist Francis to perform the required task?

  • A. Netcraft
  • B. Cain and Abel
  • C. BTCrack
  • D. Nessus

Answer: A

Explanation:
Netcraft is a tool that provides internet security services, including the detection of phishing and spam emails.
It offers a range of services that can help organizations identify fraudulent websites and phishing activities by analyzing web content and email messages for known phishing signatures and heuristics. This makes it a useful tool for incident handlers like Francis, who is tasked with detecting phishing and spam emails for client organizations. Other options listed, such as Nessus (a vulnerability scanner), BTCrack (a Bluetooth pin and link-key cracker), and Cain and Abel (a password recovery tool), do not specialize in detecting phishing or spam emails but serve different purposes in cybersecurity.
References:The Incident Handler (ECIH v3) curriculum includes discussions on tools and methodologies for detecting and mitigating various cyber threats, including phishing and spam, highlighting tools like Netcraft for their utility in these areas.


NEW QUESTION # 34
Stanley works as an incident responder at a top MNC based out of Singapore. He was asked to investigate a cybersecurity incident that recently occurred in the company.
While investigating the crime, he collected the evidence from the victim systems. He must present this evidence in a clear and comprehensible manner to the members of jury so that the evidence explains the facts clearly and further helps in obtaining an expert opinion on the same to confirm the investigation process.
In the above scenario, what is the characteristic of the digital evidence Stanley tried to preserve?

  • A. Believable
  • B. Admissible
  • C. Authentic
  • D. Complete

Answer: D


NEW QUESTION # 35
The correct sequence of incident management process is:

  • A. Prepare, protect, detect, triage and respond
  • B. Prepare, protect, detect, respond and triage
  • C. Prepare, protect, triage, detect and respond
  • D. Prepare, detect, protect, triage and respond

Answer: A


NEW QUESTION # 36
In which of the following stages of incident handling and response (IH&R) process do the incident handlers try to find out the root cause of the incident along with the threat actors behind the incidents, threat vectors, etc.?

  • A. Incident triage
  • B. Post-incident activities
  • C. Incident recording and assignment
  • D. Evidence gathering and forensics analysis

Answer: D


NEW QUESTION # 37
Patrick is doing a cyber forensic investigation. He is in the process of collecting physical evidence at the crime scene.
Which of the following elements he must consider while collecting physical evidence?

  • A. DNS information including domain and subdomains
  • B. Published name servers and web application source code
  • C. Removable media, cable, and publications
  • D. Open ports, services, and operating system (OS) vulnerabilities

Answer: C

Explanation:
In the context of collecting physical evidence during a cyber forensic investigation, Patrick must consider items like removable media, cables, and publications. These items can contain crucial information related to the crime, such as data storage devices (USB drives, external hard drives), cables connected to potentially relevant devices, and any printed materials that might have information or clues about the incident. Open ports, services, and OS vulnerabilities, DNS information, and published name servers and web application source code, while important in digital forensics, do not constitute physical evidence in the traditional sense.References:Incident Handler (ECIH v3) study guides and courses detail the process of evidence collection in cyber forensic investigations, emphasizing the importance of securing physical evidence that could support digital forensic analysis.


NEW QUESTION # 38
An attacker after performing an attack decided to wipe evidence using artifact wiping techniques to evade forensic investigation. He applied a magnetic field to the digital media device, resulting in a device entirely cleaned of any previously stored data.
Identify the artifact wiping technique used by the attacker.

  • A. Disk cleaning utilities
  • B. Disk degaussing/destruction
  • C. File wiping utilities
  • D. Syscall proxying

Answer: B


NEW QUESTION # 39
Francis received a spoof email asking for his bank information. He decided to use a tool to analyze the email headers. Which of the following should he use?

  • A. Email Checker
  • B. MxTooIbox
  • C. PoliteMail
  • D. EventLog Analyzer

Answer: B

Explanation:
MxToolbox is a comprehensive tool designed for analyzing email headers and diagnosing various email delivery issues. When Francis received a spoofed email asking for his bank information, using MxToolbox to analyze the email headers would be appropriate. This tool helps in examining the source of the email, tracking the email's path across the internet from the sender to the receiver, and identifying any signs of email spoofing or malicious activity. It provides detailed information about the email servers encountered along the way and can help in verifying the authenticity of the email sender. Other options like EventLog Analyzer, Email Checker, and PoliteMail are tools used for different purposes such as analyzing system event logs, checking email address validity, and managing email communications, respectively, and do not specifically focus on analyzing email headers to the extent required for investigating a spoofed email incident.
References:The use of MxToolbox in incident handling and email security analysis is commonly recommended in Incident Handler (ECIH v3) study materials as a practical tool for email header analysis and spoofing investigation.


NEW QUESTION # 40
A security policy will take the form of a document or a collection of documents, depending on the situation or
usage. It can become a point of reference in case a violation occurs that results in dismissal or other penalty.
Which of the following is NOT true for a good security policy?

  • A. It must be approved by court of law after verifications of the stated terms and facts
  • B. It must be enforceable with security tools where appropriate and with sanctions where actual prevention is
    not technically feasible
  • C. It must be implemented through system administration procedures, publishing of acceptable use guide lines
    or other appropriate methods
  • D. It must clearly define the areas of responsibilities of the users, administrators and management

Answer: A


NEW QUESTION # 41
......

Prepare For Realistic 212-89 Dumps PDF - 100% Passing Guarantee: https://www.topexamcollection.com/212-89-vce-collection.html

Practice Test for 212-89 Certification Real 2025 Mock Exam: https://drive.google.com/open?id=1EecqwBFa34tz765XIaH3xmk0Ayap61TS