ECCouncil Updated 212-89 Exam Questions and Answers by jennifer

The term "broken account management" refers to vulnerabilities in the account management functions of web applications, which can weaken valid authentication schemes. This can include issues with how accounts are created, updated, managed, and deleted, as well as how users recover forgotten passwords or perform password resets. Poorly implemented account management functions can allow attackers to bypass authentication, elevate privileges, or assume the identity of another user. This weakness is a significant security concern because it directly impacts the ability of a system to safeguard user data and maintain operational integrity.

Comprehensive and Detailed Explanation (ECIH-aligned):

Rachel is applying the forensic principle of preserving volatile and screen-based digital evidence, which is a core concept in the ECIH First Response and Digital Forensics modules. When a mobile device is powered on and unlocked, the data visible on the screen—such as messages, timestamps, sender details, and session states—constitutes volatile evidence that may be lost permanently if the device locks, reboots, or powers off.

ECIH guidance instructs first responders to document the live state of a device before any interaction that could alter its condition. Photographing the screen captures evidence that may not be recoverable later due to encryption or session expiration. Maintaining power ensures the device does not enter a locked or encrypted state during transport.

Option A refers to forensic analysis, not first response. Option C would destroy evidence and violates forensic principles. Option D risks loss of volatile data.

Preserving screen-based evidence ensures integrity, admissibility, and continuity of evidence, making Option B correct.

The statement "Do not download or execute applications from trusted sources" is incorrect and not considered a good practice for maintaining information security and eradicating malware incidents. In contrast, downloading or executing applications from trusted sources is a fundamental security best practice. Trusted sources are vetted and are generally considered safe for downloading software, updates, and applications. This practice helps to minimize the risk of introducing malware into the organizational environment. The other options (A, B, C) represent good practices that help in reducing the likelihood of malware infections by avoiding potentially harmful actions.

Racheal should check for DKIM (DomainKeys Identified Mail) in the email headers to analyze the authenticity of received emails. DKIM is an email authentication method designed to detect email spoofing. It provides a way for the receiver to check that an email claimed to have come from a specific domain was indeed authorized by the owner of that domain. It achieves this by affixing a digital signature, linked to a domain name, to each outgoing email message. The recipient can verify this signature to confirm that the email was not altered during its transmission and that it indeed comes from the specified domain, thereby helping to prevent email spoofing. Other options like SNMP (Simple Network Management Protocol), POP (Post Office Protocol), and ARP (Address Resolution Protocol) are not directly related to email authenticity checks.