Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: get65

ECCouncil Updated 212-89 Exam Questions and Answers by olly

Page: 7 / 22

ECCouncil 212-89 Exam Overview :

Exam Name: EC Council Certified Incident Handler (ECIH v3)
Exam Code: 212-89 Dumps
Vendor: ECCouncil Certification: ECIH
Questions: 305 Q&A's Shared By: olly
Question 28

Richard is analyzing a corporate network. After an alert in the network’s IPS. he identified that all the servers are sending huge amounts of traffic to the website abc.xyz. What type of information security attack vectors have affected the network?

Options:

A.

Botnet

B.

Advance persistent three Is

C.

Ransomware

D.

IOT threats

Discussion
Fatima
Hey I passed my exam. The world needs to know about it. I have never seen real exam questions on any other exam preparation resource like I saw on Cramkey Dumps.
Niamh Jun 4, 2026
That's true. Cramkey Dumps are simply the best when it comes to preparing for the certification exam. They have all the key information you need and the questions are very similar to what you'll see on the actual exam.
Ari
Can anyone explain what are these exam dumps and how are they?
Ocean Jun 20, 2026
They're exam preparation materials that are designed to help you prepare for various certification exams. They provide you with up-to-date and accurate information to help you pass your exams.
Laila
They're such a great resource for anyone who wants to improve their exam results. I used these dumps and passed my exam!! Happy customer, always prefer. Yes, same questions as above I know you guys are perfect.
Keira Jun 8, 2026
100% right….And they're so affordable too. It's amazing how much value you get for the price.
Hassan
Highly Recommended Dumps… today I passed my exam! Same questions appear. I bought Full Access.
Kasper Jun 4, 2026
Hey wonderful….so same questions , sounds good. Planning to write this week, I will go for full access today.
Question 29

MegaHealth, a global healthcare provider, experienced a sudden malfunction in its MRI machines. Investigations revealed malware that tweaked MRI results and communicated with an external command-and-control server. With tools like an advanced endpoint protection system and a network monitor, what should be the first step?

Options:

A.

Inform the patients about a potential compromise of their data.

B.

Use the network monitor to identify and block the C&C server communication.

C.

Update the MRI machines' firmware and software.

D.

Deploy the endpoint protection on MRI machines to detect and halt the malware.

Discussion
Question 30

In response to suspicious communications originating from executive accounts, the organization's response team traced the root cause to spoofed identity relays exploiting unsecured DNS entries. The attack had triggered internal alerts but required deeper remediation to eliminate recurring forged message injections and restore the integrity of interdepartmental mail routing. What action reflects an appropriate eradication strategy in this context?

Options:

A.

Requesting legal review of communication failures post-incident

B.

Investigating the delay in threat detection due to analysis

C.

Sharing phishing indicators with external peer communities

D.

Strengthening SPF, DKIM, and DMARC configurations

Discussion
Question 31

During an internal audit following a surge in unauthorized financial transactions, a multinational investment firm's IR team uncovers evidence of an orchestrated campaign targeting senior staff. The attackers had pieced together fragments of sensitive data by mining executive digital footprints, reviewing online publications, and analyzing company-related mentions on external platforms. Later, they engaged directly with employees under fabricated personas, conducting scripted interviews to extract missing identifiers. With the assembled profile data, the adversaries submitted diversion requests for financial correspondence and used these to impersonate executives and execute fraudulent transfers. Forensic analysis revealed no signs of malware infection or system-level compromise. Which technique best aligns with the adversary's method of obtaining the initial sensitive information?

Options:

A.

Phishing through spoofed emails embedded with malicious macros targeting employee laptops

B.

Social engineering using open-source intelligence followed by pretexting

C.

Pharming attack that redirected login traffic from internal systems to malicious replicas

D.

Skimming magnetic card data through modified payment devices in the company cafeteria

Discussion
Page: 7 / 22
Title
Questions
Posted

212-89
PDF

$36.75  $104.99

212-89 Testing Engine

$43.75  $124.99

212-89 PDF + Testing Engine

$57.75  $164.99