Welcome to TestSimulate

Pass Your Next Certification Exam Fast!

Everything you need to prepare, learn & pass your certification exam easily.

365 days free updates. First attempt guaranteed success.

  • Home
  • Blogs
  • Try 212-89 Exam Valid Dumps with Instant Download Free Updates [Q28-Q53]

Try 212-89 Exam Valid Dumps with Instant Download Free Updates [Q28-Q53]

Share

Try 212-89 Exam Valid Dumps with Instant Download Free Updates

212-89 Dumps First Attempt Guaranteed Success


The EC-Council Certified Incident Handler (ECIH v2) certification exam is suitable for IT professionals who want to specialize in incident handling and response. This certification is ideal for security professionals, network administrators, system administrators, and IT professionals who want to advance their careers in incident handling and response.


The ECIH v2 certification exam is an internationally recognized credential that is highly valued by employers in the IT security industry. This certification demonstrates that the candidate has the knowledge, skills, and abilities to handle and respond to computer security incidents, and can effectively manage network security operations. The certification exam is designed to help individuals enhance their careers in IT security and to provide employers with a reliable way to assess the qualifications of potential employees.

 

NEW QUESTION # 28
The sign(s) of the presence of malicious code on a host infected by a virus which is delivered via e-mail could
be:

  • A. Antivirus software detects the infected files
  • B. Increase in the number of e-mails sent and received
  • C. All the above
  • D. System files become inaccessible

Answer: C


NEW QUESTION # 29
James is working as an incident responder at Cyber Sol Inc. The management instructed James to invest gate a cybersecurity incident that recently happened in the company. As a part of the investigation process, James started collecting volatile information from a system running on Windows operating system.
Which of the following commands helps James in determining all the executable files for running processes?

  • A. netstat-ab
  • B. top
  • C. dos key/history
  • D. date/t&time/t

Answer: A


NEW QUESTION # 30
Tom received a phishing email and accidentally open its attachment. This resulted to redirection of all traffics to a fraudulent website.
What type of phishing attack happens?

  • A. Sphear Phising
  • B. Whaling
  • C. Spimming
  • D. P hamming

Answer: A


NEW QUESTION # 31
A software application in which advertising banners are displayed while the program is running that delivers ads to display pop-up windows or bars that appears on a computer screen or browser is called:

  • A. Trojan
  • B. Virus
  • C. RootKit
  • D. Worm
  • E. adware (spelled all lower case)

Answer: E


NEW QUESTION # 32
According to US-CERT; if an agency is unable to successfully mitigate a DOS attack it must be reported within:

  • A. One (1) hour of discovery/detection if the successful attack is still ongoing
  • B. Two (2) hours of discovery/detection if the successful attack is still ongoing
  • C. Four (4) hours of discovery/detection if the successful attack is still ongoing
  • D. Three (3) hours of discovery/detection if the successful attack is still ongoing

Answer: B


NEW QUESTION # 33
In NIST risk assessment/ methodology; the process of identifying the boundaries of an IT system along with
the resources and information that constitute the system is known as:

  • A. Asset valuation
  • B. System classification
  • C. Asset Identification
  • D. System characterization

Answer: D


NEW QUESTION # 34
Identify the malicious program that is masked as a genuine harmless program and gives the attacker unrestricted access to the user's information and system. These programs may unleash dangerous programs that may erase the unsuspecting user's disk and send the victim's credit card numbers and passwords to a stranger.

  • A. Virus
  • B. Worm
  • C. Cookie tracker
  • D. Trojan

Answer: D


NEW QUESTION # 35
Which of the following service(s) is provided by the CSIRT:

  • A. Vulnerability handling
  • B. Development of security tools
  • C. All the above
  • D. Technology watch

Answer: C


NEW QUESTION # 36
He must present this evidence in a clear and comprehensible manner to the members of jury so that the evidence explains the facts clearly and further helps in obtaining an expert opinion on the same to confirm the investigation process.
In the above scenario, what is the characteristic of the digital evidence Stanley tried to preserve?

  • A. Believable
  • B. Complete
  • C. Authentic
  • D. Admissible

Answer: A


NEW QUESTION # 37
The state of incident response preparedness that enables an organization to maximize its potential to use
digital evidence while minimizing the cost of an investigation is called:

  • A. Forensic Readiness
  • B. Digital Forensic Policy
  • C. Computer Forensics
  • D. Digital Forensic Analysis

Answer: A


NEW QUESTION # 38
Alexis is working as an incident responder in XYZ organization. She was asked to identify and attribute the actors behind an attack that took place recently. In order to do so, she is performing threat attribution that deals with the identification of the specific person, society, or country sponsoring a well-planned and executed intrusion or attack on its target.
Which of the following types of threat attributions has Alexis performed?

  • A. Nation-state attribution
  • B. True attribution
  • C. Campaign attribution
  • D. Intrusion-set attribution

Answer: A


NEW QUESTION # 39
Elizabeth, who works for OBC organization as an incident responder, is assessing the risks to the organizational security. As part of the assessment process, she is calculating the probability of a threat source exploiting an existing system vulnerability.
Which of the following risk assessment steps is Elizabeth currently in?

  • A. Likelihood analysis
  • B. Impact analysis
  • C. Vulnerability identification
  • D. System characterization

Answer: C


NEW QUESTION # 40
Elizabeth, working for OBC organization as an incident responder, is assessing the risks facing the organizational security. During the assessment process, she calculates the probability of a threat source exploiting an existing system vulnerability.
Identify the risk assessment step Elizabeth is currently in.

  • A. Impact analysis
  • B. Vulnerability identification
  • C. System characterization
  • D. Likelihood analysis

Answer: D


NEW QUESTION # 41
Which policy recommends controls for securing and tracking organizational resources:

  • A. Asset control policy
  • B. Acceptable use policy
  • C. Administrative security policy
  • D. Access control policy

Answer: A

Explanation:
Explanation/Reference:


NEW QUESTION # 42
Overall Likelihood rating of a Threat to Exploit a Vulnerability is driven by :

  • A. Existence and effectiveness of the current controls
  • B. Nature of the vulnerability
  • C. All the above
  • D. Threat-source motivation and capability

Answer: C


NEW QUESTION # 43
Alice is a disgruntled employee. She decided to acquire critical information from her organization for financial benefit.
To accomplish this, Alice started running a virtual machine on the same physical host as her victim's virtual machine and took advantage of shared physical resources (processor cache) to steal data (cryptographic key/plaintext secrets) from the victim machine. Identify the type of attack Alice is performing in the above scenario.

  • A. Man-in-the-cloud attack
  • B. Side channel attack
  • C. SQL injection attack
  • D. Service hijacking

Answer: B


NEW QUESTION # 44
Otis is an incident handler working in an organization called Delmont. Recently, the organization faced several setbacks in business, whereby its revenues are decreasing. Otis was asked to take charge and look into the matter. While auditing the enterprise security, he found traces of an attack through which proprietary information was stolen from the enterprise network and passed on to their competitors.
Which of the following information se cunty incidents did Delmont face?

  • A. Espionage
  • B. Unauthorized access
  • C. Email-based abuse
  • D. Network and resource abuses

Answer: A


NEW QUESTION # 45
The main difference between viruses and worms is:

  • A. Viruses require a host file to propagate while Worms don't
  • B. Viruses and worms are common names for the same malware
  • C. Viruses don't require user interaction; they are self-replicating malware
  • D. Worms require a host file to propagate while viruses don't

Answer: A


NEW QUESTION # 46
The flow chart gives a view of different roles played by the different personnel of CSIRT. Identify the incident response personnel denoted by A, B, C, D, E, F and G.

  • A. A- Incident Coordinator, B- Constituency, C-Administrator, D-Incident Manager, E- Human Resource, F-Incident Analyst, G-Public relations
  • B. A- Incident Manager, B-Incident Analyst, C- Public Relations, D-Administrator, E- Human Resource, F-Constituency, G-Incident Coordinator
  • C. A- Incident Coordinator, B-Incident Analyst, C- Public Relations, D-Administrator, E- Human Resource, F-Constituency, G-Incident Manager
  • D. A-Incident Analyst, B- Incident Coordinator, C- Public Relations, D-Administrator, E- Human Resource, F-Constituency, G-Incident Manager

Answer: A


NEW QUESTION # 47
A US Federal Agency network was the target of a DoS attack that prevented and impaired the normal authorized functionality of the networks. According to the agency's reporting timeframe guidelines, this incident should be reported within 2h of discovery/detection if the successful attack is still ongoing and the agency is unable to successfully mitigate the activity.
Which incident category of US Federal Agency does this incident belong to?

  • A. CAT 2
  • B. CAT 6
  • C. CAT 5
  • D. CAT 1

Answer: A


NEW QUESTION # 48
Multiple component incidents consist of a combination of two or more attacks in a system.
Which of the following is not a multiple component incident?

  • A. An attacker using email with malicious code to infect internal workstation
  • B. An attacker redirecting user to a malicious website and infects his system with Trojan
  • C. An attacker infecting a machine to launch a DDoS attack
  • D. An insider intentionally deleting files from a workstation

Answer: D


NEW QUESTION # 49
A user downloaded what appears to be genuine software. Unknown to her, when she installed the application, it executed code that provided an unauthorized remote attacker access to her computer.
What type of malicious threat displays this characteristic?

  • A. Spyware
  • B. Virus
  • C. Backdoor
  • D. Trojan

Answer: D


NEW QUESTION # 50
Rossi san incident manager (IM) and his team provides support to all users in the organization that are affected by the threat or attack. David, who is the organizational internal auditor, is also part of the Ross's incident response team.
Among the following duties, identify one of the responsibilities of David.

  • A. Configure information security controls
  • B. Identify and report security loopholes to management for necessary action
  • C. Coordinate incident containment activities with the information security officer (ISO)
  • D. Preform the necessary action required to block the network traffic from the suspected intruder

Answer: B


NEW QUESTION # 51
Rossi san incident manager (IM) at an organization, and his team provides support to all users in the
organization who are affected by threats or attacks. David, who is the organization's intemal auditor, is also part of Ross's incident response team.
Which of the following is David's responsibility?

  • A. Configure information security controls.
  • B. Preform the necessary action to block the network traffic from the suspected intruder.
  • C. Identify and report security loopholes to the management for necessary action.
  • D. Coordinate incident containment activities with the information security officer (ISO).

Answer: C


NEW QUESTION # 52
Which of the following is an attack that attempts to prevent the use of systems, networks, or applications by the intended users?

  • A. Fraud and theft
  • B. Malicious code or insider threat attack
  • C. Unauthorized access
  • D. Denial of service (DoS) attack

Answer: D


NEW QUESTION # 53
......

100% Guarantee Download 212-89 Exam Dumps PDF Q&A: https://www.testsimulate.com/212-89-study-materials.html

Related Blogs

more
Go To 212-89 Questions

Copyright © 2026 TESTSIMULATE.COM. All rights reserved. All trademarks are the property of their respective owners and we don't provide actual questions from any vendor.