Amazon
Avaya
Checkpoint
Cisco®
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL®
Juniper
Microsoft
Okta
Palo Alto Networks
Salesforce
All Vendors
  1. Home
  2. EC-Council
  3. 212-89

EC-Council 212-89 Exam (page: 4)
EC-Council Certified Incident Handler
Updated on: 25-Dec-2025

Viewing Page 4 of 34
212-89 PDF 258 Questions

Computer forensics is methodical series of techniques and procedures for gathering evidence from computing equipment, various storage devices and or digital media that can be presented in a course of law in a coherent and meaningful format. Which one of the following is an appropriate flow of steps in the computer forensics process?

  1. Examination> Analysis > Preparation > Collection > Reporting
  2. Preparation > Analysis > Collection > Examination > Reporting
  3. Analysis > Preparation > Collection > Reporting > Examination
  4. Preparation > Collection > Examination > Analysis > Reporting

Answer(s): D



Multiple component incidents consist of a combination of two or more attacks in a system. Which of the following is not a multiple component incident?

  1. An insider intentionally deleting files from a workstation
  2. An attacker redirecting user to a malicious website and infects his system with Trojan
  3. An attacker infecting a machine to launch a DDoS attack
  4. An attacker using email with malicious code to infect internal workstation

Answer(s): A



Computer Forensics is the branch of forensic science in which legal evidence is found in any computer or any digital media device. Of the following, who is responsible for examining the evidence acquired and separating the useful evidence?

  1. Evidence Supervisor
  2. Evidence Documenter
  3. Evidence Manager
  4. Evidence Examiner/ Investigator

Answer(s): D



The network perimeter should be configured in such a way that it denies all incoming and outgoing traffic/ services that are not required. Which service listed below, if blocked, can help in preventing Denial of Service attack?

  1. SAM service
  2. POP3 service
  3. SMTP service
  4. Echo service

Answer(s): D



A US Federal agency network was the target of a DoS attack that prevented and impaired the normal authorized functionality of the networks. According to agency’s reporting timeframe guidelines, this incident should be reported within two (2) HOURS of discovery/detection if the successful attack is still ongoing and the agency is unable to successfully mitigate the activity. Which incident category of the US Federal Agency does this incident belong to?

  1. CAT 5
  2. CAT 1
  3. CAT 2
  4. CAT 6

Answer(s): C



Viewing Page 4 of 34



Share your comments for EC-Council 212-89 exam with other users:

Priscila 7/22/2022 9:59:00 AM

i find the xengine test engine simulator to be more fun than reading from pdf.
GERMANY