Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. EC-Council
  5. 212-89

EC-Council 212-89 Exam Questions
EC-Council Certified Incident Handler (Page 6 )

Updated On: 5-Mar-2026
Page 6 of 53
PDF with 272 Questions

Alex is an incident handler for Tech-o-Tech Inc. and he is intended to identify any possible insider threats in his organization.

Which of the following insider threat detection techniques can be used by him to detect insider threats based on the behavior of a doubtful employee both individually and in a group?

  1. Mole detection
  2. Physical detection
  3. Profiling
  4. Behavioral analysis

Answer(s): D



Which of the following is the correct flow of the stages in an incident handling and response (IH&R) process?

  1. Containment--> Incident recording--> Incident triage--> Preparation--> Recovery--> Eradication--> Post- incident activities
  2. Incident recording--> Preparation--> Containment--> Incident triage--> Recovery--> Eradication--> Post- incident activities
  3. Preparation--> Incident recording--> Incident triage--> Containment--> Eradication--> Recovery--> Post- incident activities
  4. Incident triage--> Eradication--> Containment--> Incident recording--> Preparation--> Recovery--> Post- incident activities

Answer(s): C


Reference:

https://www.cm-alliance.com/cybersecurity-blog/what-are-the-6-phases-in-a-cyber-incident- response-plan



For analyzing the system, the browser data can be used to access various credentials.

Which of the following tools is used to analyze the history data files in Microsoft Edge browser?

  1. MZHistoryView
  2. MZCacheView
  3. ChromeHistroryView
  4. BrowsingHistoryView

Answer(s): D


Reference:

https://www.nirsoft.net/articles/view-edge-history.html



Which of the following information security personnel handles incidents from management and technical point of view?

  1. Threat researchers
  2. Incident manager (IM)
  3. Forensic investigators
  4. Network administrators

Answer(s): B


Reference:

https://www.atlassian.com/incident-management/incident-response/incident-commander#2-why-do- teams-need-an-incident-commander



An attacker traced out and found the kind of websites a target company/individual is frequently surfing and tested those particular websites to identify any possible vulnerabilities.
When the attacker detected vulnerabilities in the website, the attacker started injecting malicious script/code into the web application that can redirect the webpage and download the malware onto the victim's machine. After infecting the vulnerable web application, the attacker waited for the victim to access the infected web application.

Identify the type of attack performed by the attacker.

  1. Watering hole
  2. Directory traversal
  3. Cookie/Session Poisoning
  4. Obfuscation application

Answer(s): A


Reference:

https://en.wikipedia.org/wiki/Watering_hole_attack



Viewing page 6 of 53
Viewing questions 26 - 30 out of 272 questions



Post your Comments and Discuss EC-Council 212-89 exam dumps with other Community members:

212-89 Exam Discussions & Posts

AI Tutor