1. Home
  2. EC-COUNCIL
  3. 212-89

EC-Council Certified Incident Handler (ECIH)

Exam Details

  • Exam Code
    :212-89
  • Exam Name
    :EC-Council Certified Incident Handler (ECIH)
  • Certification
    :EC-COUNCIL Certifications
  • Vendor
    :EC-COUNCIL
  • Total Questions
    :163 Q&As
  • Last Updated
    :Apr 08, 2025

EC-COUNCIL EC-COUNCIL Certifications 212-89 Questions & Answers

  • Question 11:

    Business Continuity provides a planning methodology that allows continuity in business operations:

    A. Before and after a disaster

    B. Before a disaster

    C. Before, during and after a disaster

    D. During and after a disaster

  • Question 12:

    The ability of an agency to continue to function even after a disastrous event, accomplished through the deployment of redundant hardware and software, the use of fault tolerant systems, as well as a solid backup and recovery strategy is known as:

    A. Business Continuity Plan

    B. Business Continuity

    C. Disaster Planning D. Contingency Planning

  • Question 13:

    The process of rebuilding and restoring the computer systems affected by an incident to normal operational stage including all the processes, policies and tools is known as:

    A. Incident Management

    B. Incident Response

    C. Incident Recovery

    D. Incident Handling

  • Question 14:

    Business Continuity planning includes other plans such as:

    A. Incident/disaster recovery plan

    B. Business recovery and resumption plans

    C. Contingency plan

    D. All the above

  • Question 15:

    Which test is conducted to determine the incident recovery procedures effectiveness?

    A. Live walk-throughs of procedures

    B. Scenario testing

    C. Department-level test

    D. Facility-level test

  • Question 16:

    Incident may be reported using/ by:

    A. Phone call

    B. Facsimile (Fax)

    C. Email or on-line Web form

    D. All the above

  • Question 17:

    To whom should an information security incident be reported?

    A. It should not be reported at all and it is better to resolve it internally

    B. Human resources and Legal Department

    C. It should be reported according to the incident reporting and handling policy

    D. Chief Information Security Officer

  • Question 18:

    Agencies do NOT report an information security incident is because of:

    A. Afraid of negative publicity

    B. Have full knowledge about how to handle the attack internally

    C. Do not want to pay the additional cost of reporting an incident

    D. All the above

  • Question 19:

    According to US-CERT; if an agency is unable to successfully mitigate a DOS attack it must be reported within:

    A. One (1) hour of discovery/detection if the successful attack is still ongoing

    B. Two (2) hours of discovery/detection if the successful attack is still ongoing

    C. Three (3) hours of discovery/detection if the successful attack is still ongoing

    D. Four (4) hours of discovery/detection if the successful attack is still ongoing

  • Question 20:

    A. Forensic Analysis

    B. Computer Forensics

    C. Forensic Readiness

    D. Steganalysis

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 212-89 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.