Exam Details
Exam Code
:212-89Exam Name
:EC-Council Certified Incident Handler (ECIH)Certification
:EC-COUNCIL CertificationsVendor
:EC-COUNCILTotal Questions
:163 Q&AsLast Updated
:Apr 08, 2025
EC-COUNCIL EC-COUNCIL Certifications 212-89 Questions & Answers
-
Question 31:
Which of the following is NOT a digital forensic analysis tool:
A. Access Data FTK
B. EAR/ Pilar
C. Guidance Software EnCase Forensic
D. Helix
-
Question 32:
What command does a Digital Forensic Examiner use to display the list of all open ports and the associated IP addresses on a victim computer to identify the established connections on it:
A. "arp" command
B. "netstat 璦n" command
C. "dd" command
D. "ifconfig" command
-
Question 33:
The state of incident response preparedness that enables an organization to maximize its potential to use digital evidence while minimizing the cost of an investigation is called:
A. Computer Forensics
B. Digital Forensic Analysis
C. Forensic Readiness
D. Digital Forensic Policy
-
Question 34:
Lack of forensic readiness may result in:
A. Loss of clients thereby damaging the organization's reputation
B. System downtime
C. Data manipulation, deletion, and theft
D. All the above
-
Question 35:
Insiders may be:
A. Ignorant employees
B. Carless administrators
C. Disgruntled staff members
D. All the above
-
Question 36:
Which of the following may be considered as insider threat(s):
A. An employee having no clashes with supervisors and coworkers
B. Disgruntled system administrators
C. An employee who gets an annual 7% salary raise
D. An employee with an insignificant technical literacy and business process knowledge
-
Question 37:
Spyware tool used to record malicious user's computer activities and keyboard stokes is called:
A. adware
B. Keylogger
C. Rootkit
D. Firewall
-
Question 38:
Insiders understand corporate business functions. What is the correct sequence of activities performed by Insiders to damage company assets:
A. Gain privileged access, install malware then activate
B. Install malware, gain privileged access, then activate
C. Gain privileged access, activate and install malware
D. Activate malware, gain privileged access then install malware
-
Question 39:
The USB tool (depicted below) that is connected to male USB Keyboard cable and not detected by anti- spyware tools is most likely called:
A. Software Key Grabber
B. Hardware Keylogger
C. USB adapter
D. Anti-Keylogger
-
Question 40:
Which is the incorrect statement about Anti-keyloggers scanners: A. Detect already installed Keyloggers in victim machines
B. Run in stealthy mode to record victims online activity
C. Software tools
Related Exams:
112-51
EC-Council Certified Network Defense Essentials (NDE)212-77
EC-Council Certified Linux Security212-81
EC-Council Certified Encryption Specialist (ECES)212-82
EC-Council Certified Cybersecurity Technician (C|CT)212-89
EC-Council Certified Incident Handler (ECIH)312-38
EC-Council Certified Network Defender (CND)312-39
EC-Council Certified SOC Analyst (CSA)312-40
EC-Council Certified Cloud Security Engineer (CCSE)312-49
ECCouncil Computer Hacking Forensic Investigator (V9)312-49V10
EC-Council Certified Computer Hacking Forensic Investigator (V10)
Tips on How to Prepare for the Exams
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 212-89 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.