
Ace EC-COUNCIL 212-89 Certification with Actual Questions Mar 03, 2026 Updated
2026 The Most Effective 212-89 with 174 Questions Answers
NEW QUESTION # 63
The Linux command used to make binary copies of computer media and as a disk imaging tool if given a raw disk device as its input is:
- A. "dd" command
- B. "find" command
- C. "netstat" command
- D. "nslookup" command
Answer: A
NEW QUESTION # 64
Raven is a part of an IH&R team and was informed by her manager to handle and lead the removal of the root cause for an incident and to close all attack vectors to prevent similar incidents in the future. Raven notifies the service providers and developers of affected resources. Which of the following steps of the incident handling and response process does Raven need to implement to remove the root cause of the incident?
- A. Eracicotion
- B. Incident triage
- C. Evidence gathering and forensic analysis
- D. Containment
Answer: A
NEW QUESTION # 65
Malicious downloads that result from malicious office documents being manipulated are caused by which of the following?
- A. Click jacking
- B. Macro abuse
- C. Registry key manipulation
- D. Impersonation
Answer: B
NEW QUESTION # 66
In which of the following types of insider threats an insider who is uneducated on potential security threats or simply bypasses general security procedures to meet workplace efficiency?
- A. Professional insider
- B. Negligent insider
- C. Malicious insider
- D. Compromised insider
Answer: B
NEW QUESTION # 67
Richard is analyzing a corporate network. After an alert in the network's IPS. he identified that all the servers are sending huge amounts of traffic to the website abc.xyz. What type of information security attack vectors have affected the network?
- A. IOT threats
- B. Advance persistent three Is
- C. Botnet
- D. Ransomware
Answer: C
Explanation:
When a corporate network's servers are sending huge amounts of traffic to a specific website, as detected by the network's Intrusion Prevention System (IPS), this behavior is indicative of a Botnet attack. A Botnet is a network of compromised computers, often referred to as "bots," that are controlled remotely by an attacker, typically without the knowledge of the owners of the computers. The attacker can command these bots to execute distributed denial-of-service (DDoS) attacks, send spam, or conduct other malicious activities. In this scenario, the servers behaving as bots and targeting a website with large volumes of traffic suggests that they have been co-opted into a Botnet to potentially perform a DDoS attack on the website abc.xyz.
References:Incident Handler (ECIH v3) courses and study guides discuss various types of cyber threats and attack vectors, including Botnets and their role in distributed cyber attacks.
NEW QUESTION # 68
Which of the following is a common tool used to help detect malicious internal or compromised actors?
- A. User behavior analytics
- B. SOC2 compliance report
- C. Syslog configuration
- D. Log forward ng
Answer: A
Explanation:
User Behavior Analytics (UBA) is a cybersecurity process or tool that utilizes machine learning, algorithms, and statistical analyses to detect potentially harmful activities within an organization's network by comparing them against established patterns of users' behavior. It is particularly effective in identifying malicious internal actors or compromised users who may be conducting activities that deviate from their normal behavior patterns, such as accessing unauthorized data or systems, excessive file downloads, or unusual login times. UBA tools can flag these activities for further investigation, often before traditional security tools detect a breach. In contrast, SOC2 compliance reports, log forwarding, and syslog configuration are important for maintaining and auditing security standards and for infrastructure monitoring, but they are not primarily focused on detecting malicious behavior based on deviations from established user behavior patterns.
References:The Incident Handler (ECIH v3) curriculum discusses various tools and methodologies for detecting and responding to security incidents, highlighting User Behavior Analytics as a key tool for identifying insider threats and compromised accounts through behavioral monitoring and analysis.
NEW QUESTION # 69
A payroll system has a vulnerability that cannot be exploited by current technology. Which of the following is correct about this scenario:
- A. The risk must be transferred immediately
- B. The risk must be urgently mitigated
- C. The risk is not present at this time
- D. The risk is accepted
Answer: C
NEW QUESTION # 70
___________________ record(s) user's typing.
- A. Virus
- B. Spyware
- C. Malware
- D. adware
Answer: B
NEW QUESTION # 71
Mr. Smith is a lead incident responder of a small financial enterprise having few branches in Australi a. Recently, the company suffered a massive attack losing USD 5 million through an inter-banking system. After in-depth investigation on the case, it was found out that the incident occurred because 6 months ago the attackers penetrated the network through a minor vulnerability and maintained the access without any user being aware of it. Then, he tried to delete users' fingerprints and performed a lateral movement to the computer of a person with privileges in the inter-banking system.
Finally, the attacker gained access and did fraudulent transactions.
Based on the above scenario, identify the most accurate kind of attack.
- A. Phishing
- B. Ransomware attack
- C. Denial-of-service attack
- D. APT attack
Answer: D
NEW QUESTION # 72
Your manager hands you several items of digital evidence and asks you to investigate them in the order of volatility. Which of the following is the MOST volatile?
- A. Disk
- B. Cache
- C. Emails
- D. Temp files
Answer: B
Explanation:
In the context of digital evidence investigation, volatility refers to how quickly data can change or be lost when power is removed or systems are altered. Among the options provided, cache is the most volatile because it is temporary storage that is designed to speed up access to data and is frequently overwritten. Cache data resides in RAM and includes things like memory buffers, system and network information, and process execution data, which are lost upon reboot or power loss. This contrasts with disks, emails, and temp files, which are considered less volatile because they are stored on permanent or semi-permanent media and are less likely to be immediately lost or overwritten.References:The Incident Handler (ECIH v3) curriculum includes principles of digital evidence handling, which emphasizes the importance of collecting evidence in descending order of volatility to ensure that the most ephemeral data is preserved before it's lost.
NEW QUESTION # 73
John is a professional hacker who is performing an attack on the target organization where he tries to redirect the connection between the IP address and its target server such that when the users type in the Internet address, it redirects them to a rogue website that resembles the original website. He tries this attack using cache poisoning technique.
Identify the type of attack John is performing on the target organization.
- A. Skimming
- B. Pharming
- C. War driving
- D. Pre texting
Answer: B
NEW QUESTION # 74
Which of the following is an attack that attempts to prevent the use of systems, networks, or applications by the intended users?
- A. Fraud and theft
- B. Denial of service (DoS) attack
- C. Malicious code or insider threat attack
- D. Unauthorized access
Answer: B
Explanation:
A Denial of Service (DoS) attack aims to make a computer resource, network, or application unavailable to its intended users, thereby preventing legitimate users from using the service. This is achieved by overwhelming the target with a flood of internet traffic or sending information that triggers a crash. In contrast, fraud and theft involve the unauthorized acquisition of data or assets, unauthorized access refers to gaining entry into systems without permission, and malicious code or insider threat attacks relate to software designed to cause harm or unauthorized actions by trusted users within the organization. The specific intent of a DoS attack is to disrupt service, making it a distinct category focused on denial of availability.
References:The Incident Handler (ECIH v3) certification materials discuss various types of cybersecurity threats, including DoS attacks, outlining their methods, objectives, and impacts on targeted systems or networks.
NEW QUESTION # 75
Which of the following is a term that describes the combination of strategies and services intended to restore data, applications, and other resources to the public cloud or dedicated service providers?
- A. Eradication
- B. Mitigation
- C. Analysis
- D. Cloud recovery
Answer: D
Explanation:
The term that describes the combination of strategies and services intended to restore data, applications, and other resources to the public cloud or dedicated service providers is "Cloud recovery." This term encompasses disaster recovery efforts focused on ensuring that an organization's digital assets can be quickly and effectively restored or moved to cloud environments in the event of data loss, system failure, or a disaster. Cloud recovery strategies are part of a broader disaster recovery and business continuity planning, ensuring minimal downtime and data loss by leveraging cloud computing's scalability and flexibility. Mitigation, analysis, and eradication are terms associated with other aspects of incident response and risk management, not specifically with the restoration of resources to cloud environments.References:The Incident Handler (ECIH v3) curriculum includes discussions on disaster recovery and business continuity planning, highlighting cloud recovery as a vital component of ensuring organizational resilience against disruptions.
NEW QUESTION # 76
If a hacker cannot find any other way to attack an organization, they can influence an employee or a disgruntled staff member. What type of threat is this?
- A. Identity theft
- B. Footprinting
- C. Insider attack
- D. Phishing attack
Answer: C
Explanation:
If a hacker influences an employee or a disgruntled staff member to gain access to an organization's resources or sensitive information, this is classified as an insider attack.Insider attacks are perpetrated by individuals within the organization, such as employees, contractors, or business associates, who have inside information concerning the organization's security practices, data, and computer systems. The threat from insiders can be intentional, as in the case of a disgruntled employee seeking to harm the organization, or unintentional, where an employee is manipulated or coerced by external parties without realizing the implications of their actions.
Phishing attacks, footprinting, and identity theft represent different types of cybersecurity threats where the attacker's method or objective differs from that of insider attacks.References:The ECIH v3 certification program addresses various types of threats, including insider threats, emphasizing the importance of recognizing and mitigating risks posed by individuals within the organization.
NEW QUESTION # 77
Which of the following are malicious software programs that infect computers and corrupt or deletethe data on them?
- A. Spyware
- B. Trojans
- C. Virus
- D. Worms
Answer: C
Explanation:
Viruses are a type of malicious software program designed to infect legitimate software programs. Once a virus is executed, it can corrupt or delete data on a computer, replicate itself, and spread to other files and systems. Unlike worms, which can spread across networks on their own, viruses usually require some form of user interaction, such as opening an infected email attachment or downloading and executing a malicious file, to propagate. Trojans and spyware, while also malicious software, serve different malicious purposes, such as creating backdoors for attackers (Trojans) or spying on users' activities (Spyware).References:The Incident Handler (ECIH v3) certification materials categorize various forms of malware and explain their behaviors, impacts, and propagation methods. Viruses are specifically highlighted for their ability to attach to legitimate programs and files, causing damage or data loss upon execution.
NEW QUESTION # 78
Which of the following is not a best practice to eliminate the possibility of insider attacks?
- A. Disable the users from installing unauthorized software or accessing malicious websites using the corporate network
- B. Monitor employee behaviors and the computer systems used by employees
- C. Always leave business details over voicemail or email broadcast message
- D. Implement secure backup and disaster recovery processes for business continuity
Answer: C
Explanation:
Leaving sensitive business details over voicemail or sending them out through email broadcast messages is not a best practice for security. This approach significantly increases the risk of information leakage and unauthorized access to critical business information. Such practices can be exploited by insiders to conduct malicious activities, including data theft, fraud, or sabotage. The best practices for mitigating insider threats involve implementing strict access controls, monitoring and auditing employee actions, securing communications, and ensuring that sensitive information is only shared through secure and authorized channels. Encouraging or allowing the practice of leaving sensitive business details in such insecure manners contradicts the principles of information security and increases the vulnerability to insider attacks.
References:ECIH v3 courses and study materials stress the importance of implementing strong security policies and practices to mitigate the risk of insider threats. These include controlling access to information, monitoring use of corporate resources, and securingcommunication channels to ensure that sensitive information is not exposed or mishandled within the organization.
NEW QUESTION # 79
Employee monitoring tools are mostly used by employers to find which of the following?
- A. Malicious insider threats
- B. Lost registry keys
- C. Conspiracies
- D. Stolen credentials
Answer: A
NEW QUESTION # 80
ZYX company experienced a DoS/DDoS attack on their network. Upon investigating the incident, they concluded that the attack is an application-layer attack. Which of the following attacks did the attacker use?
- A. Slowloris attack
- B. SYN flood attack
- C. UDP flood attack
- D. Ping of ceath
Answer: A
NEW QUESTION # 81
Unusual logins, accessing sensitive information not used for the job role, and the use of personal external storage drives on company assets are all signs of which of the following?
- A. Insider threat
- B. Lack of job rotation
- C. Security breach
- D. Over-working
Answer: A
NEW QUESTION # 82
An incident handler is analyzing email headers to find out suspicious emails.
Which of the following tools he/she must use in order to accomplish the task?
- A. Barracuda Email Security Gateway
- B. Gophish
- C. SPAMfighter
Answer: A
Explanation:
The Barracuda Email Security Gateway is designed to manage and filter inbound and outbound email traffic to protect organizations from email-borne threats and data leaks. As an incident handler analyzing email headers to find out suspicious emails, using a tool like the Barracuda Email Security Gateway would be appropriate. This tool can help identify and block spam, phishing, malware, and other malicious email threats, making it easier to focus on analyzing potentially harmful emails more closely.
NEW QUESTION # 83
The program that helps to train people to be better prepared to respond to emergency situations in their communities is known as:
- A. Incident Response Team (IRT)
- B. Community Emergency Response Team (CERT)
- C. All the above
- D. Security Incident Response Team (SIRT)
Answer: B
NEW QUESTION # 84
......
Try Free and Start Using Realistic Verified 212-89 Dumps Instantly.: https://www.real4dumps.com/212-89_examcollection.html
212-89 Actual Questions - Instant Download 174 Questions: https://drive.google.com/open?id=1BVQ0E7sGjvsiCjfyyWmaR5Cyxoz_IY2z

