Eccouncil 212-89 Exam - Topic 5 Question 90 Discussion

Actual exam question for Eccouncil's 212-89 exam

Question #: 90
Topic #: 5

A cybersecurity analyst at a technology firm discovers suspicious activity on a network segment dedicated to research and development. The initial indicators suggest a possible compromise of several endpoints with potential intellectual property theft. Given the sensitive nature of the data involved, what is the most effective method for the analyst to detect and validate the security incident?

DConduct a network-wide vulnerability scan.
Comprehensive and Detailed Explanation (ECIH-aligned):
The ECIH Endpoint Security module stresses that modern endpoint incidents require advanced detection capabilities beyond traditional antivirus or manual inspection. Intellectual property theft often involves stealthy techniques that evade basic controls.
Option C is correct because an Endpoint Detection and Response (EDR) solution provides deep visibility into endpoint behavior, including process execution, memory activity, file changes, and lateral movement. EDR enables analysts to detect, investigate, and validate incidents efficiently across multiple endpoints.
Option B is slow and error-prone. Option A is premature without validation. Option D identifies vulnerabilities, not active compromise.
ECIH highlights EDR as a cornerstone technology for endpoint incident detection and validation, especially in high-value environments such as R&D networks.

CDeploy an endpoint detection and response (EDR) solution to identify and investigate suspicious activities.

BIsolate the affected network segment and manually inspect each endpoint.

AImmediately notify law enforcement and regulatory bodies.

Show Suggested Answer

Suggested Answer: C

by Fairy at Jan 25, 2026, 09:39 PM

Limited Time Offer

25%

1 month ago

Hmm, this seems like a tricky one. I'd start by reviewing the network logs and endpoint activity in detail to look for any anomalies or unusual behavior.

upvoted 0 times

...