ECCouncil Updated 212-89 Exam Questions and Answers by olly

The GPG18 and Forensic readiness planning (SPF) principles outline various guidelines to enhance an organization's readiness for forensic investigation and response. Principle 5, which suggests that organizations should adopt a scenario-based Forensic Readiness Planning approach that learns from experience gained within the business, emphasizes the importance of being prepared for a wide range of potential incidents by leveraging lessons learned from past experiences. This approach helps in continuously improving forensic readiness and response capabilities by adapting to the evolving threat landscape and organizational changes.

Explanation (fixing IDOR correctly):

IDOR is fundamentally an authorization flaw: the application exposes object identifiers (IDs) and fails to enforce that the requesting user is allowed to access that object. The primary remediation is to implement robust authorization checks—commonly RBAC (C) plus object-level access control—so every request verifies user identity and privileges against the requested resource.

(A) WAFs can help with certain injection patterns, but default WAF rules rarely fix logical authorization flaws like IDOR. A WAF also risks false positives and doesn’t replace secure design. (B) pen testing is important for assurance, but it’s not the primary patch; it helps validate the fix later. (D) encryption protects confidentiality in transit/at rest, but it does not prevent an authenticated user from accessing another user’s records if authorization checks are missing.

Therefore (C) is the correct first-line fix: enforce authorization server-side, avoid predictable identifiers, and ensure access control is consistently applied across all endpoints (including APIs).

In the scenario described, Stanley's effort to present evidence in a clear and comprehensible manner to the members of a jury, with the intention of clarifying facts and aiding in obtaining expert opinion, aligns with the characteristic of admissibility. The admissibility of digital evidence pertains to its acceptability in a court of law, which hinges on the evidence being collected, handled, and presented in a manner that complies with legal standards and procedures. This includes ensuring the evidence is relevant, reliable, and not overly prejudicial. By preparing to present the evidence in a way that the jury can understand and use to confirm the investigation process, Stanley is focusing on ensuring that the evidence meets the criteria for admissibility in the legal proceedings. Completeness, believability, and authenticity are also important characteristics of digital evidence, but the context provided indicates that Stanley's primary focus is on meeting the legal requirements for the evidence to be considered valid in court.

Comprehensive and Detailed Explanation (ECIH-aligned):

The scenario describes consequences extending beyond technical remediation into reputational, financial, and stakeholder trust impacts. According to ECIH risk assessment and post-incident analysis guidance, these outcomes are classified as intangible business effects.

Option C is correct because customer loss, investor confidence decline, and reputational damage cannot be easily quantified yet often exceed direct incident response costs. ECIH emphasizes that post-incident reviews must consider both tangible and intangible impacts to accurately assess business risk.

Options A, B, and D describe operational or technical impacts, which were resolved quickly in this scenario. The lasting damage occurred at the business and market perception level.

Understanding intangible impacts is critical for executive reporting, risk management, and long-term resilience planning, making Option C correct.