
EC-COUNCIL EC Council Certified Incident Handler (ECIH v3) - 212-89 Exam Questions
QUESTION NO: 1
In which of the following types of fuzz testing strategies the new data will be generated from scratch and the amount of data to be generated are predefined based on the testing model?
In which of the following types of fuzz testing strategies the new data will be generated from scratch and the amount of data to be generated are predefined based on the testing model?
Correct Answer: D
Explanation: Only visible for Pass4Test members. You can sign-up / login (it's free).
QUESTION NO: 2
Jake, a senior incident responder in a financial institution's SOC, receives a high-severity alert from the intrusion detection system (IDS). The alert indicates a flood of SYN packets targeting the internal web server, which has now become sluggish and unresponsive to legitimate client requests. The sudden surge in half-open connections is causing resource exhaustion on the server. Suspecting a SYN flood attack-a type of denial-of- service (DoS) attack-Jake needs to verify the source and nature of the traffic to determine the appropriate containment and mitigation strategy while preserving system integrity and uptime. What step should Jake take first in response to this suspected DoS incident?
Jake, a senior incident responder in a financial institution's SOC, receives a high-severity alert from the intrusion detection system (IDS). The alert indicates a flood of SYN packets targeting the internal web server, which has now become sluggish and unresponsive to legitimate client requests. The sudden surge in half-open connections is causing resource exhaustion on the server. Suspecting a SYN flood attack-a type of denial-of- service (DoS) attack-Jake needs to verify the source and nature of the traffic to determine the appropriate containment and mitigation strategy while preserving system integrity and uptime. What step should Jake take first in response to this suspected DoS incident?
Correct Answer: D
Explanation: Only visible for Pass4Test members. You can sign-up / login (it's free).
QUESTION NO: 3
In which of the following phases of the incident handling and response (IH&R) process is the identified security incidents analyzed, validated, categorized, and prioritized?
In which of the following phases of the incident handling and response (IH&R) process is the identified security incidents analyzed, validated, categorized, and prioritized?
Correct Answer: C
Explanation: Only visible for Pass4Test members. You can sign-up / login (it's free).
QUESTION NO: 4
A multinational SaaS provider detects a major security breach involving unauthorized access to customer billing data in its EU and APAC servers. After triage and legal review, the IH&R team confirms data exfiltration impacting regulated regions. In response, the CISO, with legal and compliance teams, initiates a structured communication protocol-informing affected clients, notifying data protection authorities under laws such as GDPR, and preparing media responses with public affairs. All communications are securely routed, reviewed for legal accuracy, and sent only with executive approval to mitigate risk and misinformation. What type of communication is emphasized in this scenario?
A multinational SaaS provider detects a major security breach involving unauthorized access to customer billing data in its EU and APAC servers. After triage and legal review, the IH&R team confirms data exfiltration impacting regulated regions. In response, the CISO, with legal and compliance teams, initiates a structured communication protocol-informing affected clients, notifying data protection authorities under laws such as GDPR, and preparing media responses with public affairs. All communications are securely routed, reviewed for legal accuracy, and sent only with executive approval to mitigate risk and misinformation. What type of communication is emphasized in this scenario?
Correct Answer: D
Explanation: Only visible for Pass4Test members. You can sign-up / login (it's free).
QUESTION NO: 5
Johnson an incident handler is working on a recent web application attack faced by the organization. As part of this process, he performed data preprocessing in order to analyzing and detecting the watering hole attack. He preprocessed the outbound network traffic data collected from firewalls and proxy servers and started analyzing the user activities within a certain time period to create time-ordered domain sequences to perform further analysis on sequential patterns.
Identify the data-preprocessing step performed by Johnson.
Johnson an incident handler is working on a recent web application attack faced by the organization. As part of this process, he performed data preprocessing in order to analyzing and detecting the watering hole attack. He preprocessed the outbound network traffic data collected from firewalls and proxy servers and started analyzing the user activities within a certain time period to create time-ordered domain sequences to perform further analysis on sequential patterns.
Identify the data-preprocessing step performed by Johnson.
Correct Answer: C
Explanation: Only visible for Pass4Test members. You can sign-up / login (it's free).
QUESTION NO: 6
A cloud security analyst identifies a complex multi-vector attack targeting cloud-hosted applications (DDoS + phishing + malware infiltration). In cloud incident handling, what is the most critical challenge to overcome to respond effectively?
A cloud security analyst identifies a complex multi-vector attack targeting cloud-hosted applications (DDoS + phishing + malware infiltration). In cloud incident handling, what is the most critical challenge to overcome to respond effectively?
Correct Answer: A
Explanation: Only visible for Pass4Test members. You can sign-up / login (it's free).
QUESTION NO: 7
Your company sells SaaS, and your company itself is hosted in the cloud (using it as a PaaS). In case of a malware incident in your customer's database, who is responsible for eradicating the malicious software?
Your company sells SaaS, and your company itself is hosted in the cloud (using it as a PaaS). In case of a malware incident in your customer's database, who is responsible for eradicating the malicious software?
Correct Answer: D
Explanation: Only visible for Pass4Test members. You can sign-up / login (it's free).
QUESTION NO: 8
Ren is assigned to handle a security incident of an organization. He is tasked with forensics investigation to find the evidence needed by the management. Which of the following steps falls under the investigation phase of the computer forensics investigation process?
Ren is assigned to handle a security incident of an organization. He is tasked with forensics investigation to find the evidence needed by the management. Which of the following steps falls under the investigation phase of the computer forensics investigation process?
Correct Answer: D
Explanation: Only visible for Pass4Test members. You can sign-up / login (it's free).
QUESTION NO: 9
Which of the following is a technique used by attackers to make a message difficult to understand through the use of ambiguous language?
Which of the following is a technique used by attackers to make a message difficult to understand through the use of ambiguous language?
Correct Answer: A
Explanation: Only visible for Pass4Test members. You can sign-up / login (it's free).
QUESTION NO: 10
Malicious downloads that result from malicious office documents being manipulated are caused by which of the following?
Malicious downloads that result from malicious office documents being manipulated are caused by which of the following?
Correct Answer: A
Explanation: Only visible for Pass4Test members. You can sign-up / login (it's free).




