Curious about Actual Eccouncil ECIH (212-89) Exam Questions?

Here are sample Eccouncil EC-Council Certified Incident Handler v3 (212-89) Exam questions from real exam. You can get more Eccouncil ECIH (212-89) Exam premium practice questions at TestInsights.

Page: 1 /
Total 168 questions
Question 1

Which of the following processes is referred to as an approach to respond to the

security incidents that occurred in an organization and enables the response team by

ensuring that they know exactly what process to follow in case of security incidents?


Correct : B

Incident response orchestration refers to the process and technologies used to coordinate and streamline the response to security incidents. This approach ensures that incident response teams have clear procedures and workflows to follow, enabling them to act swiftly and effectively when dealing with security incidents. By orchestrating the response, organizations can minimize the impact of incidents, ensure consistent and thorough investigation and remediation activities, and improve their overall security posture. Incident response orchestration involves integrating various security tools, automating response actions where possible, and providing a centralized platform for managing incidents.


Options Selected by Other Users:
Mark Question:

Start a Discussions

Submit Your Answer:
0 / 1500
Question 2

In which of the following confidentiality attacks attackers try to lure users by posing themselves as authorized AP by beaconing the WLAN's SSID?


Correct : A

In the described attack, where attackers pose as legitimate access points (APs) by beaconing the WLAN's SSID to lure users, the attack is known as an Evil twin AP attack. This type of attack involves setting up a rogue AP with the same SSID as a legitimate wireless access point, making it appear as an authorized network to users. Unsuspecting users may connect to this malicious AP, allowing attackers to intercept sensitive information, conduct man-in-the-middle attacks, or distribute malware. The Evil twin AP attack exploits the trust users have in known SSIDs to compromise their security. Reference: Incident Handler (ECIH v3) certification materials discuss various confidentiality and network attacks, including Evil twin AP attacks, highlighting their mechanisms and how to defend against them.


Options Selected by Other Users:
Mark Question:

Start a Discussions

Submit Your Answer:
0 / 1500
Question 3

Joseph is an incident handling and response (IH&R) team lead in Toro Network Solutions Company. As a part of IH&R process, Joseph alerted the service providers,

developers, and manufacturers about the affected resources.

Identify the stage of IH&R process Joseph is currently in.


Correct : B

When Joseph, the IH&R team lead, alerted service providers, developers, and manufacturers about the affected resources, he was engaged in the Containment stage of the Incident Handling and Response (IH&R) process. Containment involves taking steps to limit the spread or impact of an incident and to isolate affected systems to prevent further damage. Alerting relevant stakeholders, including service providers and developers, is part of containment efforts to ensure that the threat does not escalate and that measures are taken to protect unaffected resources. This stage precedes eradication and recovery, focusing on immediate response actions to secure the environment. Reference: The ECIH v3 certification program outlines the IH&R process stages, explaining the roles and actions involved in containment, including communication with external and internal stakeholders to manage and mitigate the incident's effects.


Options Selected by Other Users:
Mark Question:

Start a Discussions

Submit Your Answer:
0 / 1500
Question 4

Identify the network security incident where intended or authorized users are prevented from using system, network, or applications by flooding the network with a

high volume of traffic that consumes all existing network resources.


Correct : B

A Denial-of-Service (DoS) attack is characterized by flooding the network with a high volume of traffic to consume all available network resources, preventing intended or authorized users from accessing system, network, or applications. This type of attack aims to overwhelm the target's capacity to handle incoming requests, causing a denial of access to legitimate users. Unlike XSS (Cross-Site Scripting) attacks, URL manipulation, or SQL injection, which exploit vulnerabilities in web applications for unauthorized data access or manipulation, a DoS attack specifically targets the availability of services. Reference: Incident Handler (ECIH v3) courses and study guides cover various types of network security incidents, including Denial-of-Service attacks, detailing their impact on network resources and services.


Options Selected by Other Users:
Mark Question:

Start a Discussions

Submit Your Answer:
0 / 1500
Question 5

Which of the following is not a best practice to eliminate the possibility of insider attacks?


Correct : D

Leaving sensitive business details over voicemail or sending them out through email broadcast messages is not a best practice for security. This approach significantly increases the risk of information leakage and unauthorized access to critical business information. Such practices can be exploited by insiders to conduct malicious activities, including data theft, fraud, or sabotage. The best practices for mitigating insider threats involve implementing strict access controls, monitoring and auditing employee actions, securing communications, and ensuring that sensitive information is only shared through secure and authorized channels. Encouraging or allowing the practice of leaving sensitive business details in such insecure manners contradicts the principles of information security and increases the vulnerability to insider attacks.


Options Selected by Other Users:
Mark Question:

Start a Discussions

Submit Your Answer:
0 / 1500
Page:    1 / 34   
Total 168 questions