Free Preparation Discussions
MENU
Eccouncil 212-89 Exam Questions
- Topic 1: Introduction to Incident Handling and Response: This section of the exam measures the competency of Cybersecurity Analysts in understanding the core concepts of information security threats, vulnerabilities, and various attack and defense frameworks. It covers foundational knowledge of incidents, their classification, and the incident management lifecycle. Candidates are expected to be familiar with automation and orchestration in response efforts, industry standards, security best practices, and legal compliance frameworks relevant to incident handling.
- Topic 2: Incident Handling and Response Process: This part evaluates IT Security Operations Managers on their understanding of the structured incident handling and response process. It includes the recording, assignment, and triage of incidents, as well as the procedures for notifying stakeholders and containing threats. The module also examines capabilities in forensic evidence gathering, eradication and recovery strategies, post-incident review activities, and the significance of inter-organizational information sharing.
- Topic 3: First Response: This section of the exam assesses Cybersecurity Analysts in their ability to carry out effective first response procedures. It includes securing and documenting crime scenes, evidence collection methodologies, and guidelines for preserving, packaging, and transporting digital and physical evidence in a way that maintains chain of custody and forensic integrity.
- Topic 4: Handling and Responding to Malware Incidents:In this domain, IT Security Operations Managers are tested on their capacity to respond to malware incidents effectively. The focus lies on planning, detecting, containing, and analyzing malware threats. It also includes strategies for eradication and recovery, alongside evaluating real-world malware case studies and identifying applicable best practices to avoid recurrence.
- Topic 5: Handling and Responding to Email Security Incidents: This part evaluates Cybersecurity Analysts on their ability to detect and mitigate email-based threats. It explores preparation, analysis, and containment measures in response to email-related incidents, as well as post-incident recovery steps. Candidates must interpret case studies and apply best practices for protecting enterprise email systems.
- Topic 6: Handling and Responding to Network Security Incidents: This module assesses IT Security Operations Managers in their expertise to manage network-level security breaches. It includes the detection of unauthorized access, misuse, denial-of-service attacks, and wireless network threats. Practical case studies and preventive strategies are included to ensure operational security across distributed environments.
- Topic 7: Handling and Responding to Web Application Security Incidents: This section measures Cybersecurity Analysts' proficiency in managing web application vulnerabilities and incidents. It covers the preparation, detection, containment, and resolution of threats within web-based platforms. Candidates are expected to understand analytical approaches, case-based examples, and protective techniques for securing application infrastructure.
- Topic 8: Handling and Responding to Cloud Security Incidents: Here, IT Security Operations Managers are examined on their familiarity with cloud-specific threats across platforms like Azure, AWS, and Google Cloud. The focus is on recognizing incident types, handling and monitoring procedures, and recovery methods. The use of real-world scenarios helps to demonstrate effective response tactics and reinforce best practices in cloud environments.
- Topic 9: Handling and Responding to Insider Threats: This module evaluates Cybersecurity Analysts on how well they understand and manage internal security risks. It includes detection and containment of insider threats, analysis and eradication procedures, and recovery from internal breaches. A case-study approach is used to test comprehension of best practices and response strategies that align with organizational policy.
- Topic 10: Handling and Responding to Endpoint Security Incidents: This section measures the abilities of IT Security Operations Managers to protect various endpoint devices, including mobile, IoT, and operational technologies. It addresses the identification and mitigation of endpoint threats, with applied case examples to evaluate readiness and response capacity in complex technical environments.
Free Eccouncil 212-89 Exam Actual Questions
Note: Premium Questions for 212-89 were last updated On Jun. 30, 2025 (see below)
[Introduction to Incident Handling and Response]
Alex is an incident handler for Tech-o-Tech Inc. and is tasked to identify any possible insider threats within his organization. Which of the following insider threat detection techniques can be used by Alex to detect insider threats based on the behavior of a suspicious employee, both individually and in a group?
Behavioral analysis is a technique used to detect insider threats by analyzing the behavior of employees, both individually and in group settings, to identify any actions that deviate from the norm. This method relies on monitoring and analyzing data related to user activities, access patterns, and other behaviors that could indicate malicious intent or a potential security risk from within the organization. Behavioral analysis can detect unusual access to sensitive data, abnormal data transfer activities, and other indicators of insider threats. This approach is proactive and can help in identifying potential insider threats before they result in significant harm to the organization.
[Handling and Responding to Cloud Security Incidents]
Which of the following is a term that describes the combination of strategies and services intended to restore data, applications, and other resources to the public cloud or dedicated service providers?
The term that describes the combination of strategies and services intended to restore data, applications, and other resources to the public cloud or dedicated service providers is 'Cloud recovery.' This term encompasses disaster recovery efforts focused on ensuring that an organization's digital assets can be quickly and effectively restored or moved to cloud environments in the event of data loss, system failure, or a disaster. Cloud recovery strategies are part of a broader disaster recovery and business continuity planning, ensuring minimal downtime and data loss by leveraging cloud computing's scalability and flexibility. Mitigation, analysis, and eradication are terms associated with other aspects of incident response and risk management, not specifically with the restoration of resources to cloud environments.
[Introduction to Incident Handling and Response]
Alice is an incident handler and she has been informed by her lead that the data on affected systems must be backed up so that it can be retrieved if it is damaged during the incident response process. She was also told that the system backup can also be used for further investigation of the incident. In which of the following stages of the incident handling and response (IH&R) process does Alice need to do a complete backup of the infected system?
In the incident handling and response (IH&R) process, backing up the data on affected systems is a critical step that usually falls under the Containment phase. The Containment phase is crucial for limiting the scope and severity of an incident, ensuring that it does not spread further or affect additional systems. Backing up affected systems during containment is essential for several reasons: it preserves a snapshot of the system in its current state for forensic analysis, ensures that data is not lost if the system needs to be wiped or altered during the response process, and helps in the recovery process if data is corrupted or lost.
By performing a complete backup of the infected system during the Containment phase, Alice ensures that there is a reliable copy of all data and system states before any major actions, such as eradication or deeper forensic analysis, are taken. This step is also preparatory for the potential use of the backup in analyzing how the incident occurred and in restoring system functionality after the incident is resolved.
Bonney's system has been compromised by a gruesome malware.
What is the primary step that is advisable to Bonney in order to contain the malware
incident from spreading?
Turning off the infected machine is a common immediate response to contain a malware incident and prevent it from spreading to other systems on the network. This action halts any ongoing malicious activities by the malware, thereby limiting the potential for further damage or data exfiltration. However, it is essential to note that this step can lead to the loss of volatile data that might be useful for forensic analysis. Therefore, it is advisable only when it's critical to stop the malware immediately, and there's a strategy in place for forensic investigation that includes handling non-volatile data or when the preservation of volatile data is not possible.
After a recent email attack, Harry is analyzing the incident to obtain important information related to the incident. While investigating the incident, he is trying to
extract information such as sender identity, mail server, sender's IP address, location, and so on.
Which of the following tools Harry must use to perform this task?
Yesware is a tool primarily known for its email tracking capabilities, which can be useful for sales, marketing, and customer relationship management. However, in the context of investigating email attacks and analyzing incidents to extract details such as sender identity, mail server, sender's IP address, and location, a more appropriate tool would be one that specializes in analyzing and extracting detailed header information from emails, providing insights into the path an email took across the internet. While Yesware can provide data related to email interactions, it might not offer the depth of forensic analysis required for incident investigation. Tools like email header analyzers, which are designed specifically for dissecting and interpreting email headers, would be more fitting. In the absence of a direct match from the given options, the description might imply a broader interpretation of tools like Yesware in context but traditionally, tools specifically designed for email forensics would be sought after for this task.
- Select Question Types you want
- Set your Desired Pass Percentage
- Allocate Time (Hours : Minutes)
- Create Multiple Practice tests with Limited Questions
- Customer Support
Percy
4 days agoElmira
5 days agojalolag
1 months agoMari
2 months agoJaime
3 months agoBeckie
3 months agoCurtis
4 months agoDorothy
4 months agoDesirae
4 months agoAndree
5 months agoRosio
5 months agoArletta
5 months agoTeri
6 months agoAugustine
6 months agoQuiana
6 months agoTori
6 months agoKallie
7 months agoAlise
7 months agoMike
7 months agoStaci
7 months agoJulio
7 months agoAnnice
8 months agoAnnabelle
8 months agoElli
8 months agoCarisa
8 months agoEugene
9 months agoAdelina
9 months agoReed
9 months agoCecil
9 months agoPeggie
9 months agoMi
10 months agoLashonda
10 months agoCletus
10 months agoCharlesetta
11 months agoLanie
11 months agoAmos
12 months agoWilford
12 months agoBeckie
1 years agoAleta
1 years agoDaniel
1 years ago