CERTIFIED INCIDENT HANDLER 212-89 Practice Exam
The Certified Incident Handler 212-89 certification is created to impart essential skills for managing and addressing computer security incidents within an information system. A Certified Incident Handler demonstrates proficiency in handling diverse incident types, employing risk assessment methodologies, and understanding pertinent laws and policies governing incident management. They can develop incident handling and response protocols and address various computer security incidents, including network security issues, malicious code occurrences, and insider threats. Attaining the ECIH certification enhances professionals' industry recognition as seasoned incident handlers.
Who should take the exam?
This exam offers significant benefits to incident handlers, risk assessment administrators, penetration testers, cyber forensic investigators, vulnerability assessment auditors, system administrators, system engineers, firewall administrators, network managers, IT managers, IT professionals, and anyone with an interest in incident handling and response.
Exam Details
- Exam Code: 212-89
- Exam Name: Certified Incident Handler
- Exam Languages: English
- Exam Questions: 100 Questions
- Time: 3 hours
- Passing Score: 60-85%
Course Outline
The Exam covers the given topics -
Topic 1: Learn about the Incident Response and Handling Process 11%
- Information Security Incidents
- Incident Management
- Incident Response Automation and Orchestration
- Incident Handling Standards and Frameworks
- Incident Handling Laws and Acts
- Incident Response and Handling Process
Topic 2: Understand First Response 11%
- First Responder
- Securing and Documenting the Crime Scene
- Collecting Evidence at the Crime Scene
- Preserving, Packaging, and Transporting the Evidence
Topic 3: Learn about Malware Incidents 11%
- Malware Incidents Handling Preparation
- Malware Incidents Detection
- Malware Incidents Containment and Eradication
- Recovery after Malware Incidents
- Guidelines for Preventing Malware Incidents
Topic 4: Email Security Incidents 12%
- Types of Email Security Incidents
- Preparation for Handling Email Security Incidents
- Detection and Containment of Email Security Incidents
- Eradication of Email Security Incidents
- Recovery after Email Security Incidents
- Best Practices against Email Security Incidents
Topic 5: Understand Network Level Incidents
- Preparation for Handling Network Security Incidents
- Network Security Incidents Detection and Validation
- Handling Unauthorized Access Incidents
- Handling Inappropriate Usage Incidents
- Handling Denial-of-Service Incidents
- Handling Wireless Network Security Incidents
Topic 6: Application Level Incidents 11%
- Preparation for Handling Web Application Security Incidents
- Web Application Security Incidents Detection and Analysis
- Containment and Eradication of Web Application Security Incidents
- Recovery from Web Application Security Incidents
- Best Practices for Securing Web Applications
Topic 7: Learn about Cloud Security Incidents 10%
- Challenges in Cloud Incident Handling and Response
- Handling Cloud Security Incidents
- Handling Azure Security Incidents
- Handling AWS Security Incidents
- Handling Google Cloud Security Incidents
- Best Practices Against Cloud Security Incidents
Topic 8: Insider Threats 11%
- Types of Insider Threats
- Preparation Steps for Handling Insider Threats
- Detection, Containment, and Eradication of Insider Threats
- Recovery After Insider Attacks
- Best Practices against Insider Threats
Topic 9: Understand Endpoint Security Incidents 11%
- Need for Endpoint Security Incident Handling and Response
- Preparation for Handling Endpoint Security Incidents
- Detection and Validation of Endpoint Security Incidents
- Handling Mobile-based Security Incidents
- Handling IoT-based Security Incidents
- Handling OT-based Security Incidents