Newly Updated 212-89 Dumps (V11.02) for ECIH Exam Preparation 2026: Check 212-89 Free Dumps (Part 1, Q1-Q40) Online

1. According to NITS, what are the 5 main actors in cloud computing?

2. Stanley works as an incident responder at a top MNC based in Singapore. He was asked to investigate a cybersecurity incident that recently occurred in the company. While investigating the incident, he collected evidence from the victim systems. He must present this evidence in a clear and comprehensible manner to the members of a jury so that the evidence clarifies the facts and further helps in obtaining an expert opinion on the incident to confirm the investigation process. In the above scenario, which of the following characteristics of the digital evidence did Stanley attempt to preserve?

3. Which of the following does NOT reduce the success rate of SQL injection?

4. Khai was tasked with examining the logs from a Linux email server. The server uses Sendmail to execute the command to send emails and Syslog to maintain logs. To validate the data within email headers, which of the following directories should Khai check for information such as source and destination IP addresses, dates, and timestamps?

5. Investigator Ian gives you a drive image to investigate.

What type of analysis are you performing?

6. Your company sells SaaS, and your company itself is hosted in the cloud (using it as a PaaS).

In case of a malware incident in your customer's database, who is responsible for eradicating the malicious software?

7. Which of the following is NOT a network forensic tool?

8. Ikeo Corp, hired an incident response team to assess the enterprise security. As part of the incident handling and response process, the IR team is reviewing the current security policies implemented by the enterprise. The IR team finds that employees of the organization do not have any restrictions on Internet access: they are allowed to visit any site, download any application, and access a computer or network from a remote location. Considering this as the main security threat, the IR team plans to change this policy as it can be easily exploited by attackers.

Which of the following security policies is the IR team planning to modify?

9. If the browser does not expire the session when the user fails to logout properly, which of the following OWASP Top 10 web vulnerabilities is caused?

10. Which of the following is a standard framework that provides recommendations for implementing information security controls for organizations that initiate, implement, or maintain information security management systems (ISMSs)?

11. Your company holds a large amount of customer PH. and you want to protect those data from theft or unauthorized modification. Among other actions, you classify and encrypt the data.

In this process, which of the following OWASP security risks are you guarding against?

12. Nervous Nat often sends emails with screenshots of what he thinks are serious incidents, but they always turn out to be false positives. Today, he sends another screenshot, suspecting a nation-state attack. As usual, you go through your list of questions, check your resources for information to determine whether the screenshot shows a real attack, and determine the condition of your network.

Which step of IR did you just perform?

13. During the vulnerability assessment phase, the incident responders perform various steps as below:

1. Run vulnerability scans using tools

2. Identify and prioritize vulnerabilities

3. Examine and evaluate physical security

4. Perform OSINT information gathering to validate the vulnerabilities

5. Apply business and technology context to scanner results

6. Check for misconfigurations and human errors

7. Create a vulnerability scan report

Identify the correct sequence of vulnerability assessment steps performed by the incident responders.

14. Which of the following information security personnel handles incidents from management and technical point of view?

15. Which of the following is not a countermeasure to eradicate cloud security incidents?

16. Which of the following is a term that describes the combination of strategies and services intended to restore data, applications, and other resources to the public cloud or dedicated service providers?

17. Which of the following is the BEST method to prevent email incidents?

18. Eric is an incident responder and is working on developing incident-handling plans and procedures. As part of this process, he is performing an analysis on the organizational network to generate a report and develop policies based on the acquired results.

Which of the following tools will help him in analyzing his network and the related traffic?

19. BadGuy Bob hid files in the slack space, changed the file headers, hid suspicious files in executables, and changed the metadata for all types of files on his hacker laptop.

What has he committed?

20. Richard is analyzing a corporate network. After an alert in the network’s IPS. he identified that all the servers are sending huge amounts of traffic to the website abc.xyz.

What type of information security attack vectors have affected the network?

21. Which of the following is a volatile evidence collecting tool?

22. Which of the following is NOT part of the static data collection process?

23. You are a systems administrator for a company. You are accessing your file server remotely for maintenance. Suddenly, you are unable to access the server. After contacting others in your department, you find out that they cannot access the file server either. You can ping the file server but not connect to it via RDP. You check the Active Directory Server, and all is well. You check the email server and find that emails are sent and received normally.

What is the most likely issue?

24. Which of the following has been used to evade IDS and IPS?

25. QualTech Solutions is a leading security services enterprise. Dickson, who works as an incident responder with this firm, is performing a vulnerability assessment to identify the security problems in the network by using automated tools for identifying the hosts, services, and vulnerabilities in the enterprise network.

In the above scenario, which of the following types of vulnerability assessment is Dickson performing?

26. Which of the following is a technique used by attackers to make a message difficult to understand through the use of ambiguous language?

27. Finn is working in the eradication phase, wherein he is eliminating the root cause of an incident that occurred in the Windows operating system installed in a system. He ran a tool that can detect missing security patches and install the latest patches on the system and networks.

Which of the following tools did he use to detect the missing security patches?

28. Mike is an incident handler for PNP Infosystems Inc. One day, there was a ticket submitted regarding a critical incident and Mike was assigned to handle the incident. During the process of incident handling, at one stage, he performed incident analysis and validation to check whether the incident is a genuine incident or a false positive.

Identify the stage he is currently in.

29. Sam. an employee of a multinational company, sends emails to third-party organizations with a spoofed email address of his organization.

How can you categorize this type of incident?

30. Which of the following is defined as the identification of the boundaries of an IT system along with the resources and information that constitute the system?

31. Which of the following details are included in the evidence bags?

32. Which of the following options describes common characteristics of phishing emails?

33. A colleague wants to minimize their security responsibility because they are in a small organization. They are evaluating a new application that is offered in different forms.

Which form would result in the least amount of responsibility for the colleague?

34. In which of the following phases of the incident handling and response (IH&R) process is the identified security incidents analyzed, validated, categorized, and prioritized?

35. Zaimasoft, a prominent IT organization, was attacked by perpetrators who directly targeted the hardware and caused irreversible damage to the hardware. In result, replacing or reinstalling the hardware was the only solution.

Identify the type of denial-of-service attack performed on Zaimasoft.

36. Ren is assigned to handle a security incident of an organization. He is tasked with forensics investigation to find the evidence needed by the management.

Which of the following steps falls under the investigation phase of the computer forensics investigation process?

37. Malicious Micky has moved from the delivery stage to the exploitation stage of the kill chain. This malware wants to find and report to the command center any useful services on the system.

Which of the following recon attacks is the MOST LIKELY to provide this information?

38. Which of the following is a common tool used to help detect malicious internal or compromised actors?

39. Attackers or insiders create a backdoor into a trusted network by installing an unsecured access point inside a firewall. They then use any software or hardware access point to perform an attack.

Which of the following is this type of attack?

40. John is a professional hacker who is performing an attack on the target organization where he tries to redirect the connection between the IP address and its target server such that when the users type in the Internet address, it redirects them to a rogue website that resembles the original website. He tries this attack using cache poisoning technique. Identify the type of attack John is performing on the target organization.