Free Preparation Discussions
MENU
Eccouncil 212-89 Exam Questions
- Topic 1: Handling and Responding to Insider Threats/ Forensic Readiness and First Response
- Topic 2: Handling and Responding to Cloud Security Incidents/ Incident Handling and Response Process
- Topic 3: Handling and Responding to Web Application Security Incidents/ Introduction to Incident Handling and Response
- Topic 4: Handling and Responding to Network Security Incidents/ Handling and Responding to Malware Incidents
- Topic 5: Handling and Responding to Email Security Incidents
Free Eccouncil 212-89 Exam Actual Questions
Note: Premium Questions for 212-89 were last updated On Feb. 25, 2025 (see below)
Which of the following methods help incident responders to reduce the false-positive
alert rates and further provide benefits of focusing on topmost priority issues reducing
potential risk and corporate liabilities?
Threat correlation is a method used by incident responders to analyze and associate various indicators of compromise (IoCs) and alerts to identify genuine threats. By correlating data from multiple sources and applying intelligence to distinguish between unrelated events and coordinated attack patterns, responders can significantly reduce the rate of false-positive alerts. This enables teams to prioritize their efforts on the most critical and likely threats, thereby reducing potential risks and corporate liabilities. Effective threat correlation involves the use of sophisticated security information and event management (SIEM) systems, threat intelligence platforms, and analytical techniques to identify relationships between seemingly disparate security events and alerts.
Clark is investigating a cybercrime at TechSoft Solutions. While investigating the case,
he needs to collect volatile information such as running services, their process IDs,
startmode, state, and status.
Which of the following commands will help Clark to collect such information from
running services?
WMIC (Windows Management Instrumentation Command-line) is a command-line tool that provides a unified interface for Windows management tasks, including the collection of system information. It allows administrators and forensic investigators to query the live system for information about running services, their process IDs, start modes, states, and statuses, among other data. The use of WMIC is particularly valuable in incident response scenarios for gathering volatile information from a system without having to install additional software, which might alter the state of the system being investigated. By executing specific WMIC commands, Clark can extract detailed information about the services running on a system at the time of the investigation, making it an essential tool for collecting volatile data in a forensically sound manner.
Shally, an incident handler, is working for a company named Texas Pvt. Ltd. based in
Florid
a. She was asked to work on an incident response plan. As part of the plan, she
decided to enhance and improve the security infrastructure of the enterprise. She has
incorporated a security strategy that allows security professionals to use several
protection layers throughout their information system. Due to multiple layer protection,
this security strategy assists in preventing direct attacks against the organization's
information system as a break in one layer only leads the attacker to the next layer.
Identify the security strategy Shally has incorporated in the incident response plan.
Shally has incorporated the Defense-in-depth strategy into the incident response plan for Texas Pvt. Ltd. Defense-in-depth is a layered security approach that involves implementing multiple security measures and controls throughout an information system. This strategy is designed to provide several defensive barriers to protect against threats and attacks, ensuring that if one layer is compromised, others still provide protection. The goal is to create a multi-faceted defense that addresses potential vulnerabilities in various areas, including physical security, network security, application security, and user education. Reference: The Incident Handler (ECIH v3) courses and study guides often emphasize the importance of a Defense-in-depth strategy in creating robust security infrastructures to protect against a wide range of cyber threats.
Clark is investigating a cybercrime at TechSoft Solutions. While investigating the case,
he needs to collect volatile information such as running services, their process IDs,
startmode, state, and status.
Which of the following commands will help Clark to collect such information from
running services?
WMIC (Windows Management Instrumentation Command-line) is a command-line tool that provides a unified interface for Windows management tasks, including the collection of system information. It allows administrators and forensic investigators to query the live system for information about running services, their process IDs, start modes, states, and statuses, among other data. The use of WMIC is particularly valuable in incident response scenarios for gathering volatile information from a system without having to install additional software, which might alter the state of the system being investigated. By executing specific WMIC commands, Clark can extract detailed information about the services running on a system at the time of the investigation, making it an essential tool for collecting volatile data in a forensically sound manner.
Patrick is doing a cyber forensic investigation. He is in the process of collecting physical
evidence at the crime scene.
Which of the following elements he must consider while collecting physical evidence?
In the context of collecting physical evidence during a cyber forensic investigation, Patrick must consider items like removable media, cables, and publications. These items can contain crucial information related to the crime, such as data storage devices (USB drives, external hard drives), cables connected to potentially relevant devices, and any printed materials that might have information or clues about the incident. Open ports, services, and OS vulnerabilities, DNS information, and published name servers and web application source code, while important in digital forensics, do not constitute physical evidence in the traditional sense. Reference: Incident Handler (ECIH v3) study guides and courses detail the process of evidence collection in cyber forensic investigations, emphasizing the importance of securing physical evidence that could support digital forensic analysis.
- Select Question Types you want
- Set your Desired Pass Percentage
- Allocate Time (Hours : Minutes)
- Create Multiple Practice tests with Limited Questions
- Customer Support
Andree
11 days agoRosio
17 days agoArletta
26 days agoTeri
30 days agoAugustine
1 months agoQuiana
2 months agoTori
2 months agoKallie
2 months agoAlise
2 months agoMike
3 months agoStaci
3 months agoJulio
3 months agoAnnice
3 months agoAnnabelle
3 months agoElli
3 months agoCarisa
4 months agoEugene
4 months agoAdelina
4 months agoReed
5 months agoCecil
5 months agoPeggie
5 months agoMi
5 months agoLashonda
5 months agoCletus
6 months agoCharlesetta
6 months agoLanie
7 months agoAmos
7 months agoWilford
7 months agoBeckie
8 months agoAleta
8 months agoDaniel
9 months ago