Free EC-COUNCIL 212-89 Exam Dumps Questions & Answers


Exam Code/Number:	212-89Join the discussion
Exam Name:	EC Council Certified Incident Handler (ECIH v3)
Certification:	EC-COUNCIL
Free Question Number:	305
Publish Date:	Jun 01, 2026
# of views:	11753
Rating 100%

Page: 1 / 61
Total 305 questions

Question 1

John is performing memory dump analysis in order to find out the traces of malware.
He has employed volatility tool in order to achieve his objective.
Which of the following volatility framework commands he will use in order to analyze running process from the memory dump?

A.python vol.py hivelist --profile=Win2008SP1x86 -f /root/Desktop/memdump.mem
B.python vol.py imageinfo -f /root/Desktop/memdump.mem
C.python vol.py pslist --profile=Win2008SP1x86 -f /root/Desktop/memdump.mem
D.python vol.py svcscan --profile=Win2008SP1x86 -f /root/Desktop/memdump.mem | more

Question 2

At a major healthcare provider, staff received phishing emails impersonating HR. Reporting via email failed due to mail system issues. The IR team introduced VOIP and SMS-based reporting mechanisms. Which preparatory step was implemented?

A.Training on phishing indicators
B.Creating backup archives
C.Establishing out-of-band communication
D.Email content filtering

Question 3

Jason, a cybersecurity analyst in the incident response team, begins investigating several complaints from employees who received emails urgently requesting wire transfers to an overseas account. The emails appeared to come from the company's CEO, using a tone of authority and pressure to bypass standard procedures. Upon closer inspection, Jason identifies that the sender's email address includes a minor alteration in the domain name-a form of domain spoofing. He examines the email headers, confirms the falsified sender identity, and cross-checks with the actual CEO's activity logs to ensure there was no internal compromise. Immediately, Jason blocks the sender's IP address at the firewall level, alerts the finance department to prevent any unauthorized transactions, and issues a company-wide advisory about the impersonation attempt. What type of phishing is Jason handling?

A.Spimming
B.Whaling
C.Credential stuffing
D.Mail bombing

Question 4

An employee at a pharmaceutical company loses their organization-issued mobile device while attending an international conference. The device contained access to corporate email, cloud storage apps, and internal communication tools. Upon being informed, the company's incident response team attempts to take control of the device and protect sensitive data. However, they quickly discover that no centralized management setup or security controls had been established on the device, preventing them from locking the system or removing its stored information. Which preparation step would have enabled containment in this situation?

A.Install custom VPN protocols for mobile web access.
B.Configure remote wipe functionality for mobile assets.
C.Deploy mobile app wrapping tools for containerized code execution.
D.Integrate biometric login across all endpoint systems.

Question 5

Which of the following is NOT a network forensic tool?

A.Tcpdurnp
B.Wireshark
C.Advancec NTFS Journaling Parser
D.Capsa Network Analyzer

212-89 Dumps Other Version	QA's	Publish Date
EC-COUNCIL.212-89.v2024-08-08.q102	102	Aug 08, 2024
EC-COUNCIL.212-89.v2024-01-15.q131	131	Jan 15, 2024
EC-COUNCIL.212-89.v2023-11-28.q132	132	Nov 28, 2023
EC-COUNCIL.212-89.v2023-04-24.q125	125	Apr 24, 2023
EC-COUNCIL.212-89.v2022-08-09.q78	78	Aug 09, 2022
EC-COUNCIL.212-89.v2022-04-11.q72	72	Apr 11, 2022