CompTIA Online Training

212-89 EC Council Certified Incident Handler (ECIH v2) Exam

October 2, 2019 by admin

EC-Council Certified Incident Handler

What is an Incident Handler?
Incident handler is a term used to describe the activities of an organization to identify, analyze, and correct hazards to prevent a future reoccurrence. These incidents within a structured organization are normally dealt with by a either an Incident Response Team (IRT), or an Incident Management Team (IMT). These teams are often either designated beforehand, or during the event and are placed in control of the organization while the incident is dealt with, in order to retain business processes.

Become a Certified Incident Handler

The EC-Council Certified Incident Handler certification is designed to provide the fundamental skills to handle and respond to computer security incidents in an information system.

A Certified Incident Handler is a skilled professional who is able to handle various types of incidents, risk assessment methodologies, and various laws and policies related to incident handling. A certified Incident Handler will be able to create incident handling and response policies and deal with various types of computer security incidents such as network security incidents, malicious code incidents, and insider attack threats.

The ECIH certification will provide professionals with greater industry acceptance as the seasoned incident handler.

Certification Target Audience
This course will significantly benefit incident handlers, risk assessment administrators, penetration testers, cyber forensic investigators, venerability assessment auditors, system administrators, system engineers, firewall administrators, network managers, IT managers, IT professionals, and anyone who is interested in incident handling and response.

Exam Information
ECIH (Prefix 212-89) exam is available at the ECC Exam Center.

EC-Council reserves the right to revoke the certification status of candidates that do not comply with all EC-Council examination policies found here.
ECIH Exam Details
Duration 3 Hours
Questions 100

Clause: Age Requirements and Policies Concerning Minors
The age requirement for attending the training or attempting the exam is restricted to any candidate that is at least 18 years old.

If the candidate is under the age of 18, they are not eligible to attend the official training or eligible to attempt the certification exam unless they provide the accredited training center/EC-Council a written consent of their parent/legal guardian and a supporting letter from their institution of higher learning. Only applicants from nationally accredited institution of higher learning shall be considered.

Disclaimer: EC-Council reserves the right to impose additional restriction to comply with the policy. Failure to act in accordance with this clause shall render the authorized training center in violation of their agreement with EC-Council. EC-Council reserves the right to revoke the certification of any person in breach of this requirement.


ECIH Exam Blueprint v1

Incident Response and Handling
•Information Security
•Computer Security
•Threat intelligence
•Risk Management
•Incident Handling
•Security Policies

Process Handling
•Incident Handling and Response
•Incident Readiness
•Security Auditing
•Security Incidents
•Forensic Investigation
•Eradication and Recovery

Forensic Readiness and First Response
•Computer Forensics
•Digital Evidence
•Forensic Readiness
•Preservation of Electronic Evidence
•Volatile Evidence
•Static Evidence
•Anti-forensics

Email Security Incidents
•Email Security
•Deceptive and Suspicious Email
•Email Incidents
•Phishing email

Application Level Incidents
•Web Application Threats & Vulnerabilities
•Web Attack
•Eradication of Web Applications

Network & Mobile Incidents
•Network Attacks
•Unauthorized Access
•Inappropriate Usage
•Denial-of-Service
•Wireless Network
•Mobile Platform Vulnerabilities and Risks
•Eradication of Mobile Incidents & Recovery

Insider Threats
•Insider Threats
•Eradication
•Detecting and Preventing Insider Threats
•Employee Monitoring Tools

Malware Incidents
• Malware
• Malware Incident Triage
• Malicious Code

Incidents Occurred in a Cloud Environment
• Cloud Computing Threats
• Security in Cloud Computing
• Eradication
• Recovery in Cloud

Question: 1
Which of the following terms may be defined as “a measure of possible inability to achieve a goal,
objective, or target within a defined security, cost plan and technical limitations that adversely
affects the organization’s operation and revenues?

A. Risk
B. Vulnerability
C. Threat
D. Incident Response

Answer: A

Question: 2
A distributed Denial of Service (DDoS) attack is a more common type of DoS Attack, where a single
system is targeted by a large number of infected machines over the Internet. In a DDoS attack,
attackers first infect multiple systems which are known as:

A. Trojans
B. Zombies
C. Spyware
D. Worms

Answer: B

Question: 3
The goal of incident response is to handle the incident in a way that minimizes damage and reduces
recovery time and cost. Which of the following does NOT constitute a goal of incident response?

A. Dealing with human resources department and various employee conflict behaviors.
B. Using information gathered during incident handling to prepare for handling future incidents in a better way and to provide stronger protection for systems and data.
C. Helping personal to recover quickly and efficiently from security incidents, minimizing loss or theft and disruption of services.
D. Dealing properly with legal issues that may arise during incidents.

Answer: A

Question: 4
An organization faced an information security incident where a disgruntled employee passed
sensitive access control information to a competitor. The organization’s incident response manager,
upon investigation, found that the incident must be handled within a few hours on the same day to
maintain business continuity and market competitiveness. How would you categorize such
information security incident?

A. High level incident
B. Middle level incident
C. Ultra-High level incident
D. Low level incident

Answer: A

Question: 5
Business continuity is defined as the ability of an organization to continue to function even after a
disastrous event, accomplished through the deployment of redundant hardware and software, the
use of fault tolerant systems, as well as a solid backup and recovery strategy. Identify the plan which
is mandatory part of a business continuity plan?

A. Forensics Procedure Plan
B. Business Recovery Plan
C. Sales and Marketing plan
D. New business strategy plan

Answer: B

Question: 6
The flow chart gives a view of different roles played by the different personnel of CSIRT. Identify the
incident response personnel denoted by A, B, C, D, E, F and G.

A. A-Incident Analyst, B- Incident Coordinator, C- Public Relations, D-Administrator, E- Human
Resource, F-Constituency, G-Incident Manager
B. A- Incident Coordinator, B-Incident Analyst, C- Public Relations, D-Administrator, E- Human
Resource, F-Constituency, G-Incident Manager
C. A- Incident Coordinator, B- Constituency, C-Administrator, D-Incident Manager, E- Human
Resource, F-Incident Analyst, G-Public relations
D. A- Incident Manager, B-Incident Analyst, C- Public Relations, D-Administrator, E- Human Resource,
F-Constituency, G-Incident Coordinator

Answer: C

Question: 7
Which of the following is an appropriate flow of the incident recovery steps?

A. System Operation-System Restoration-System Validation-System Monitoring
B. System Validation-System Operation-System Restoration-System Monitoring
C. System Restoration-System Monitoring-System Validation-System Operations
D. System Restoration-System Validation-System Operations-System Monitoring

Answer: D

Question: 8
A computer Risk Policy is a set of ideas to be implemented to overcome the risk associated with
computer security incidents. Identify the procedure that is NOT part of the computer risk policy?

A. Procedure to identify security funds to hedge risk
B. Procedure to monitor the efficiency of security controls
C. Procedure for the ongoing training of employees authorized to access the system
D. Provisions for continuing support if there is an interruption in the system or if the system crashes

Answer: C

Question: 9
Identify the network security incident where intended authorized users are prevented from using
system, network, or applications by flooding the network with high volume of traffic that consumes
all existing network resources.

A. URL Manipulation
B. XSS Attack
C. SQL Injection
D. Denial of Service Attack

Answer: D

Question: 10
Incident handling and response steps help you to detect, identify, respond and manage an incident.
Which of the following steps focus on limiting the scope and extent of an incident?

A. Eradication
B. Containment
C. Identification
D. Data collection

Answer: B

Click here to view complete Q&A of 212-89 exam
Certkingdom Review, Certkingdom PDF Torrents

Best ECCouncil ECIH 212-89 Certification, ECCouncil ECIH 212-89 Training at certkingdom.com

Comments |0|