Weekend Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmaspas7

Easiest Solution 2 Pass Your Certification Exams

212-89 ECCouncil EC Council Certified Incident Handler (ECIH v3) Free Practice Exam Questions (2025 Updated)

Prepare effectively for your ECCouncil 212-89 EC Council Certified Incident Handler (ECIH v3) certification with our extensive collection of free, high-quality practice questions. Each question is designed to mirror the actual exam format and objectives, complete with comprehensive answers and detailed explanations. Our materials are regularly updated for 2025, ensuring you have the most current resources to build confidence and succeed on your first attempt.

Page: 3 / 3
Total 172 questions

You are a systems administrator for a company. You are accessing your file server remotely for maintenance. Suddenly, you are unable to access the server. After contacting others in your department, you find out that they cannot access the file server either. You can ping the file server but not connect to it via RDP. You check the Active Directory Server, and all is well. You check the email server and find that emails are sent and received normally. What is the most likely issue?

A.

An e-mail service issue

B.

The file server has shut down

C.

A denial-of-service issue

D.

An admin account issue

In which of the following confidentiality attacks attackers try to lure users by posing themselves as authorized AP by beaconing the WLAN's SSID?

A.

Evil twin AP

B.

Session hijacking

C.

Honeypot AP

D.

Masqueradin

Stanley works as an incident responder at a top MNC based out of Singapore. He was asked to investigate a cybersecurity incident that recently occurred in the company.

While investigating the crime, he collected the evidence from the victim systems. He must present this evidence in a clear and comprehensible manner to the members of

jury so that the evidence explains the facts clearly and further helps in obtaining an expert opinion on the same to confirm the investigation process.

In the above scenario, what is the characteristic of the digital evidence Stanley tried to preserve?

A.

Believable

B.

Complete

C.

Authentic

D.

Admissible

Andrew, an incident responder, is performing risk assessment of the client organization.

As a part of risk assessment process, he identified the boundaries of the IT systems,

along with the resources and the information that constitute the systems.

Identify the risk assessment step Andrew is performing.

A.

Control analysis

B.

System characterization

C.

Likelihood determination

D.

Control recommendations

An insider threat response plan helps an organization minimize the damage caused by malicious insiders. One of the approaches to mitigate these threats is setting up controls from the human resources department. Which of the following guidelines can the human resources department use?

A.

Access granted to users should be documented and vetted by a supervisor.

B.

Disable the default administrative account to ensure accountability.

C.

Implement a person-to-person rule to secure the backup process and physical media.

D.

Monitor and secure the organization's physical environment.

Which of the following techniques prevent or mislead incident-handling process and may also affect the collection, preservation, and identification phases of the forensic

investigation process?

A.

Scanning

B.

Footprinting

C.

Enumeration

D.

Anti-forensics

In which of the following phases of the incident handling and response (IH&R) process is the identified security incidents analyzed, validated, categorized, and prioritized?

A.

Incident triage

B.

Incident recording and assignment

C.

Containment

D.

Notification

Alice is a disgruntled employee. She decided to acquire critical information from her organization for financial benefit. To acccomplish this, Alice started running a virtual machine on the same physical host as her victim's virtual machine and took advantage of shared physical resources (processor cache) to steal data (cryptographic key/plain text secrets) from the victim machine. Identify the type of attack Alice is performing in the above scenario.

A.

Side channel attack

B.

Service hijacking

C.

SQL injection attack

D.

Man-in-the-cloud attack

After a recent email attack, Harry is analyzing the incident to obtain important information related to the incident. While investigating the incident, he is trying to

extract information such as sender identity, mail server, sender’s IP address, location, and so on.

Which of the following tools Harry must use to perform this task?

A.

Clamwin

B.

Logly

C.

Yesware

D.

Sharp

Identify the network security incident where intended or authorized users are prevented from using system, network, or applications by flooding the network with a

high volume of traffic that consumes all existing network resources.

A.

XSS attack

B.

Denial-of-service

C.

URL manipulation

D.

SQL injection

An incident handler is analyzing email headers to find out suspicious emails.

Which of the following tools he/she must use in order to accomplish the task?

A.

Barracuda Email Security Gateway

B.

Gophish

C.

SPAMfighter

Page: 3 / 3
Total 172 questions
Copyright © 2014-2025 Solution2Pass. All Rights Reserved