212-89 Dumps Questions With Answers
                     212-89
EC Council Certified Incident Handler (ECIH v2)
Don’t you want to succeed in your first attempt at getting ECIH 
certification? If so, then grab on this chance to train better with 
Dumpspedia. We will provide you with all the basic essential to ace 
the exam in just one try given that you train through our EC Council 
Certified Incident Handler (ECIH v2) Practice Exam Dumps there is 
nothing that can stop you from passing. We have specially 
collaborated with high professionals to get you these fantastic 
ECCouncil 212-89 Practice Test Questions.
212-89 Questions and Answers
Exam 
Anxiety
212-89 Questions and Answers
I don’t remember
How to answer
What do I
these questions
Do now?!
212-89 Questions and Answers
Un wariness
Of actual
Exam Scenario
212-89 Questions and Answers
Free
 Demo 
 Questions
212-89 Questions and Answers
Question NO 1
Incidents are reported in order to:
A. Provide stronger protection for systems and data
B. Deal properly with legal issues
C. Be prepared for handling future incidents
D. All the above
Answer: D
www..dumpspediia..iinfo/212-89-questions-dumps..htmll  
Question NO 2
Business Continuity planning includes other plans such as:
A. Incident/disaster recovery plan
B. Business recovery and resumption plans
C. Contingency plan
D. All the above
Answer: D
www..dumpspediia..iinfo/212-89-questions-dumps..htmll  
Question NO 3
An audit trail policy collects all audit trails such as series of records of computer events, about an 
operating system, application or user activities. Which of the following statements is NOT true for an 
audit trail policy:
A. It helps calculating intangible losses to the organization due to incident
B. It helps tracking individual actions and allows users to be personally accountable for their actions
C. It helps in compliance to various regulatory laws, rules,and guidelines
D. It helps in reconstructing the events after a problem has occurred
Answer: A
www..dumpspediia..iinfo/212-89-questions-dumps..htmll  
Question NO 4
Which among the following CERTs is an Internet provider to higher education institutions and 
various other research institutions in the Netherlands and deals with all cases related to computer 
security incidents in which a customer is involved either as a victim or as a suspect?
A. NET-CERT
B. DFN-CERT
C. Funet CERT
D. SURFnet-CERT
Answer: D
www..dumpspediia..iinfo/212-89-questions-dumps..htmll  
Question NO 5
The insider risk matrix consists of technical literacy and business process knowledge vectors. 
Considering the matrix, one can conclude that:
A. If the insider’s technical literacy is low and process knowledge is high, the risk posed by the 
threat will be insignificant.
B. If the insider’s technical literacy and process knowledge are high, the risk posed by the threat will 
be insignificant.
C. If the insider’s technical literacy is high and process knowledge is low, the risk posed by the 
threat will be high.
D. If the insider’s technical literacy and process knowledge are high, the risk posed by the threat will 
be high.
Answer: D
www..dumpspediia..iinfo/212-89-questions-dumps..htmll  
Question NO 6
Which policy recommends controls for securing and tracking organizational 
resources:
A. Access control policy
B. Administrative security policy
C. Acceptable use policy
D. Asset control policy
Answer: D
www..dumpspediia..iinfo/212-89-questions-dumps..htmll  
Question NO 7
An incident recovery plan is a statement of actions that should be taken before, 
during or after an incident. Identify which of the following is NOT an objective of 
the incident recovery plan?
A. Creating new business processes to maintain profitability after incident
B. Providing a standard for testing the recovery plan
C. Avoiding the legal liabilities arising due to incident
D. Providing assurance that systems are reliable
Answer: A
www..dumpspediia..iinfo/212-89-questions-dumps..htmll  
Question NO 8
An active vulnerability scanner featuring high speed discovery, configuration 
auditing, asset profiling, sensitive data discovery, and vulnerability analysis is called:
A. Nessus
B. CyberCop
C. EtherApe
D. nmap
Answer: A
www..dumpspediia..iinfo/212-89-questions-dumps..htmll  
Question NO 9
A security policy will take the form of a document or a collection of documents, depending on the 
situation or usage. It can become a point of reference in case a violation occurs that results in 
dismissal or other penalty. Which of the following is NOT true for a good security policy?
A. It must be enforceable with security tools where appropriate and with sanctions where actual 
prevention is not technically feasible
B. It must be approved by court of law after verifications of the stated terms and facts
C. It must be implemented through system administration procedures, publishing of acceptable use 
guide lines or other appropriate methods
D. It must clearly define the areas of responsibilities of the users, administrators and management
Answer: B
www..dumpspediia..iinfo/212-89-questions-dumps..htmll  
Question NO 10
What command does a Digital Forensic Examiner use to display the list of all IP addresses and their 
associated MAC addresses on a victim computer to identify the machines that were communicating 
with it:
A. “arp” command
B. “netstat –an” command
C. “dd” command
D. “ifconfig” command
Answer: A
www..dumpspediia..iinfo/212-89-questions-dumps..htmll  
212-89 Questions and Answers
212-89 Questions and Answers
212-89 Questions and Answers
212-89 Questions and Answers
www..dumpspediia..iinfo/212-89-questions-dumps..htmll