| Exam Name: | EC Council Certified Incident Handler (ECIH v3) | ||
| Exam Code: | 212-89 Dumps | ||
| Vendor: | ECCouncil | Certification: | ECIH |
| Questions: | 272 Q&A's | Shared By: | layla-rose |
Farheen is an incident responder at reputed IT Firm based in Florida. Farheen was asked to investigate a recent cybercrime faced by the organization. As part of this process, she collected static data from a victim system. She used DD tool command to perform forensic duplication to obtain an NTFS image of the original disk. She created a sector-by-sector mirror imaging of the disk and saved the output image file as image.dd.
Identify the static data collection process step performed by Farheen while collecting static data.
An IT security analyst at a logistics firm is alerted to unusual outbound traffic originating from an employee’s mobile device connected to the corporate VPN. Antivirus scans fail to remove the malware, indicating persistence. The organization cannot afford further data leakage. Which action should the incident handler take next?
Which one of the following is the correct flow of the stages in an incident handling and response (IH&R) process?
Meera, part of the Incident Handling & Response (IH&R) team, identifies an ongoing phishing campaign targeting internal employees. She immediately circulates an organization-wide alert, warning staff not to engage with the suspicious email. Along with the alert, she provides visual cues and instructions on how to recognize similar phishing threats in the future. Her goal is to prevent further damage and strengthen employee awareness. What additional action would best align with Meera’s eradication efforts?
TESTED 08 Feb 2026
