EC-Council Certified Incident Handler

Here you have the best ECCouncil 212-89 practice exam questions

  • You have 163 total questions to study from
  • Each page has 5 questions, making a total of 33 pages
  • You can navigate through the pages using the buttons at the bottom
  • This questions were last updated on October 27, 2025
  • This site is not affiliated with or endorsed by ECCouncil.
Question 1 of 163
Which of the following terms may be defined as "a measure of possible inability to achieve a goal, objective, or target within a defined security, cost plan and technical limitations that adversely affects the organization's operation and revenues?
    Correct Answer: A

    The term that best fits the definition of 'a measure of possible inability to achieve a goal, objective, or target within a defined security, cost plan and technical limitations that adversely affects the organization's operation and revenues' is 'Risk'. Risk refers to the potential for losses or adverse effects on an organization's operations and revenues due to various factors, including security vulnerabilities, technical issues, and cost constraints.

Question 2 of 163
A distributed Denial of Service (DDoS) attack is a more common type of DoS Attack, where a single system is targeted by a large number of infected machines over the Internet. In a DDoS attack, attackers first infect multiple systems which are known as:
    Correct Answer: B

    In a Distributed Denial of Service (DDoS) attack, the multiple systems that are infected and used to target a single system are known as 'Zombies'. These zombies form a botnet, which attackers use to overload the target system with traffic, causing a denial of service.

Question 3 of 163
The goal of incident response is to handle the incident in a way that minimizes damage and reduces recovery time and cost. Which of the following does NOT constitute a goal of incident response?
    Correct Answer: A

    Dealing with human resources department and various employee conflict behaviors does not constitute a goal of incident response. The purpose of incident response includes using information gathered during incident handling to enhance future response and provide better protection (B), helping personnel to recover quickly and efficiently from security incidents (C), and properly addressing any legal issues that may arise (D).

Question 4 of 163
An organization faced an information security incident where a disgruntled employee passed sensitive access control information to a competitor. The organization's incident response manager, upon investigation, found that the incident must be handled within a few hours on the same day to maintain business continuity and market competitiveness. How would you categorize such information security incident?
    Correct Answer: B

    This incident should be categorized as a middle level incident. Middle level incidents require action within a few hours to mitigate potential moderate threats to the organization. The fact that the incident must be handled within a few hours on the same day aligns with the characteristics of middle level incidents.

Question 5 of 163
Business continuity is defined as the ability of an organization to continue to function even after a disastrous event, accomplished through the deployment of redundant hardware and software, the use of fault tolerant systems, as well as a solid backup and recovery strategy. Identify the plan which is mandatory part of a business continuity plan?
    Correct Answer: B