Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. EC-Council
  5. 212-89

EC-Council 212-89 Exam Questions
EC-Council Certified Incident Handler (Page 2 )

Updated On: 19-Apr-2026
Page 2 of 53
PDF with 272 Questions

The following steps describe the key activities in forensic readiness planning:

1. Train the staff to handle the incident and preserve the evidence
2. Create a special process for documenting the procedure
3. Identify the potential evidence required for an incident
4. Determine the source of the evidence
5. Establish a legal advisory board to guide the investigation process
6. Identify if the incident requires full or formal investigation
7. Establish a policy for securely handling and storing the collected evidence
8. Define a policy that determines the pathway to legally extract electronic evidence with minimal disruption

Identify the correct sequence of steps involved in forensic readiness planning.

  1. 2-->3-->1-->4-->6-->5-->7-->8
  2. 3-->1-->4-->5-->8-->2-->6-->7
  3. 3-->4-->8-->7-->6-->1-->2-->5
  4. 1-->2-->3-->4-->5-->6-->7-->8

Answer(s): C


Reference:

https://info-savvy.com/forensic-readiness-planning/



Bob, an incident responder at CyberTech Solutions, is investigating a cybercrime attack occurred in the client company. He acquired the evidence data, preserved it, and started performing analysis on acquired evidentiary data to identify the source of the crime and the culprit behind the incident.

Identify the forensic investigation phase in which Bob is currently in.

  1. Post-investigation phase
  2. Vulnerability assessment phase
  3. Pre-investigation phase
  4. Investigation phase

Answer(s): D


Reference:

https://resources.infosecinstitute.com/topic/computer-forensics-investigation-case-study/



John is a professional hacker who is performing an attack on the target organization where he tries to redirect the connection between the IP address and its target server such that when the users type in the Internet address, it redirects them to a rogue website that resembles the original website. He tries this attack using cache poisoning technique.

Identify the type of attack John is performing on the target organization.

  1. Pharming
  2. War driving
  3. Skimming
  4. Pretexting

Answer(s): A


Reference:

https://usa.kaspersky.com/resource-center/definitions/pharming



Otis is an incident handler working in Delmont organization. Recently, the organization is facing several setbacks in the business and thereby its revenues are going down. Otis was asked to take the charge and look into the matter.
While auditing the enterprise security, he found the traces of an attack, where the proprietary information was stolen from the enterprise network and was passed onto the competitors.

Which of the following information security incidents Delmont organization faced?

  1. Network and resource abuses
  2. Unauthorized access
  3. Espionage
  4. Email-based abuse

Answer(s): C


Reference:

https://www.vmware.com/topics/glossary/content/cyber-espionage.html



Identify the malicious program that is masked as a genuine harmless program and gives the attacker unrestricted access to the user's information and system. These programs may unleash dangerous programs that may erase the unsuspecting user's disk and send the victim's credit card numbers and passwords to a stranger.

  1. Virus
  2. Adware
  3. Worm
  4. Trojan

Answer(s): D


Reference:

https://www.techtarget.com/searchsecurity/definition/Trojan-horse



Viewing page 2 of 53
Viewing questions 6 - 10 out of 272 questions



Post your Comments and Discuss EC-Council 212-89 exam dumps with other Community members:

212-89 Exam Discussions & Posts

AI Tutor AI Tutor 👋 I’m here to help!