Free Preparation Discussions
MENU
Eccouncil 212-89 Exam Questions
- Topic 1: Handling and Responding to Insider Threats/ Forensic Readiness and First Response
- Topic 2: Handling and Responding to Cloud Security Incidents/ Incident Handling and Response Process
- Topic 3: Handling and Responding to Web Application Security Incidents/ Introduction to Incident Handling and Response
- Topic 4: Handling and Responding to Network Security Incidents/ Handling and Responding to Malware Incidents
- Topic 5: Handling and Responding to Email Security Incidents
Free Eccouncil 212-89 Exam Actual Questions
Note: Premium Questions for 212-89 were last updated On Apr. 15, 2025 (see below)
After a recent email attack, Harry is analyzing the incident to obtain important information related to the incident. While investigating the incident, he is trying to
extract information such as sender identity, mail server, sender's IP address, location, and so on.
Which of the following tools Harry must use to perform this task?
Yesware is a tool primarily known for its email tracking capabilities, which can be useful for sales, marketing, and customer relationship management. However, in the context of investigating email attacks and analyzing incidents to extract details such as sender identity, mail server, sender's IP address, and location, a more appropriate tool would be one that specializes in analyzing and extracting detailed header information from emails, providing insights into the path an email took across the internet. While Yesware can provide data related to email interactions, it might not offer the depth of forensic analysis required for incident investigation. Tools like email header analyzers, which are designed specifically for dissecting and interpreting email headers, would be more fitting. In the absence of a direct match from the given options, the description might imply a broader interpretation of tools like Yesware in context but traditionally, tools specifically designed for email forensics would be sought after for this task.
Bonney's system has been compromised by a gruesome malware.
What is the primary step that is advisable to Bonney in order to contain the malware
incident from spreading?
Turning off the infected machine is a common immediate response to contain a malware incident and prevent it from spreading to other systems on the network. This action halts any ongoing malicious activities by the malware, thereby limiting the potential for further damage or data exfiltration. However, it is essential to note that this step can lead to the loss of volatile data that might be useful for forensic analysis. Therefore, it is advisable only when it's critical to stop the malware immediately, and there's a strategy in place for forensic investigation that includes handling non-volatile data or when the preservation of volatile data is not possible.
An organization's customers are experiencing either slower network communication or unavailability of services. In addition, network administrators are receiving alerts from security tools such as IDS/IPS and firewalls about a possible DoS/DDoS attack. In result, the organization requests the incident handling and response (IH&R) team further investigates the incident. The IH&R team decides to use manual techniques to detect DoS/DDoS attack.
Which of the following commands helps the IH&R team to manually detect DoS/DDoS attack?
The netstat -an command is used to display network connections, routing tables, and a number of network interface statistics. It is particularly useful for identifying unusual volumes of traffic to and from a system, which can be indicative of a DoS/DDoS attack. The option -a shows all active connections and the TCP and UDP ports on which the computer is listening, and -n displays addresses and port numbers in numerical form. This can help the incident handling and response (IH&R) team to identify suspicious patterns, such as a large number of connections from a single source or to a specific port, which are common during DoS/DDoS attacks.
Robert is an incident handler working for Xsecurity Inc. One day, his organization
faced a massive cyberattack and all the websites related to the organization went
offline. Robert was on duty during the incident and he was responsible to handle the
incident and maintain business continuity. He immediately restored the web application
service with the help of the existing backups.
According to the scenario, which of the following stages of incident handling and
response (IH&R) process does Robert performed?
Restoring web application services with the help of existing backups, as performed by Robert, falls under the Recovery stage of the Incident Handling and Response (IH&R) process. The Recovery stage involves actions taken to return the organization to normal operations after an incident, which includes restoring systems to their operational state using backups, patching vulnerabilities, and ensuring that all systems are clean and secure before being brought back online. This step is crucial for resuming business operations and mitigating the impact of the incident.
Francis received a spoof email asking for his bank information. He decided to use a tool to analyze the email headers. Which of the following should he use?
MxToolbox is a comprehensive tool designed for analyzing email headers and diagnosing various email delivery issues. When Francis received a spoofed email asking for his bank information, using MxToolbox to analyze the email headers would be appropriate. This tool helps in examining the source of the email, tracking the email's path across the internet from the sender to the receiver, and identifying any signs of email spoofing or malicious activity. It provides detailed information about the email servers encountered along the way and can help in verifying the authenticity of the email sender. Other options like EventLog Analyzer, Email Checker, and PoliteMail are tools used for different purposes such as analyzing system event logs, checking email address validity, and managing email communications, respectively, and do not specifically focus on analyzing email headers to the extent required for investigating a spoofed email incident. Reference: The use of MxToolbox in incident handling and email security analysis is commonly recommended in Incident Handler (ECIH v3) study materials as a practical tool for email header analysis and spoofing investigation.
- Select Question Types you want
- Set your Desired Pass Percentage
- Allocate Time (Hours : Minutes)
- Create Multiple Practice tests with Limited Questions
- Customer Support
Jaime
22 days agoBeckie
26 days agoCurtis
1 months agoDorothy
2 months agoDesirae
2 months agoAndree
2 months agoRosio
3 months agoArletta
3 months agoTeri
3 months agoAugustine
3 months agoQuiana
4 months agoTori
4 months agoKallie
4 months agoAlise
4 months agoMike
5 months agoStaci
5 months agoJulio
5 months agoAnnice
5 months agoAnnabelle
5 months agoElli
6 months agoCarisa
6 months agoEugene
6 months agoAdelina
6 months agoReed
7 months agoCecil
7 months agoPeggie
7 months agoMi
7 months agoLashonda
7 months agoCletus
8 months agoCharlesetta
8 months agoLanie
9 months agoAmos
9 months agoWilford
9 months agoBeckie
10 months agoAleta
10 months agoDaniel
11 months ago