Eccouncil 212-89 Exam - Topic 5 Question 90 Discussion

Actual exam question for Eccouncil's 212-89 exam

Question #: 90
Topic #: 5

A cybersecurity analyst at a technology firm discovers suspicious activity on a network segment dedicated to research and development. The initial indicators suggest a possible compromise of several endpoints with potential intellectual property theft. Given the sensitive nature of the data involved, what is the most effective method for the analyst to detect and validate the security incident?

DConduct a network-wide vulnerability scan.
Comprehensive and Detailed Explanation (ECIH-aligned):
The ECIH Endpoint Security module stresses that modern endpoint incidents require advanced detection capabilities beyond traditional antivirus or manual inspection. Intellectual property theft often involves stealthy techniques that evade basic controls.
Option C is correct because an Endpoint Detection and Response (EDR) solution provides deep visibility into endpoint behavior, including process execution, memory activity, file changes, and lateral movement. EDR enables analysts to detect, investigate, and validate incidents efficiently across multiple endpoints.
Option B is slow and error-prone. Option A is premature without validation. Option D identifies vulnerabilities, not active compromise.
ECIH highlights EDR as a cornerstone technology for endpoint incident detection and validation, especially in high-value environments such as R&D networks.

CDeploy an endpoint detection and response (EDR) solution to identify and investigate suspicious activities.

BIsolate the affected network segment and manually inspect each endpoint.

AImmediately notify law enforcement and regulatory bodies.

Show Suggested Answer

Suggested Answer: C

by Fairy at Jan 25, 2026, 09:39 PM

Limited Time Offer

25%

Off

Get Premium 212-89 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Phung

1 day ago

Haha, just unplug the whole network. That'll stop the breach, right?

upvoted 0 times

...

Felicitas

6 days ago

Network traffic monitoring and analysis. Might catch the attacker in the act.

upvoted 0 times

...

Dominga

11 days ago

Forensic analysis of the affected endpoints. Can't miss any crucial evidence.

upvoted 0 times

...

Mitsue

17 days ago

Incident response plan, for sure. Gotta act fast to contain the breach.

upvoted 0 times

...

Salome

22 days ago

I feel like we should also consider using endpoint detection and response (EDR) solutions to get a clearer picture of the compromise.

upvoted 0 times

...

Beckie

27 days ago

This sounds similar to a practice question we did on incident response. I think the key is to prioritize the endpoints involved first.

upvoted 0 times

...

Mollie

2 months ago

I'm not entirely sure, but I think correlating logs from different endpoints could provide more context about the suspicious activity.

upvoted 0 times

...

Desmond

2 months ago

I remember we discussed using network traffic analysis tools to spot anomalies. That might help in validating the incident.

upvoted 0 times

...

Jesus

2 months ago

Hmm, not sure where I'd start on this one. Validating the security incident seems crucial, so I guess I'd focus on gathering as much data as possible from the affected systems and the network.

upvoted 0 times

...

Vinnie

2 months ago

Alright, let's see. Detecting and validating the incident - that's the key here. I'd probably start with network monitoring and traffic analysis to try to identify the source and scope of the compromise.

upvoted 0 times

...

Thaddeus

2 months ago

Oof, this is a sensitive one with intellectual property at risk. I'd recommend a thorough investigation, maybe even bringing in some specialized incident response expertise to ensure we handle this properly.

upvoted 0 times

...

Bea

3 months ago

Okay, so we need to validate the security incident and detect the potential compromise. I think I'd focus on collecting forensic data from the affected endpoints to analyze for signs of intrusion.

upvoted 0 times

...

Lonny

3 months ago

Hmm, this seems like a tricky one. I'd start by reviewing the network logs and endpoint activity in detail to look for any anomalies or unusual behavior.

upvoted 0 times

...