The Certified Incident Handler 212-89 certification is created to impart essential skills for managing and addressing computer security incidents within an information system. A Certified Incident Handler demonstrates proficiency in handling diverse incident types, employing risk assessment methodologies, and understanding pertinent laws and policies governing incident management. They can develop incident handling and response protocols and address various computer security incidents, including network security issues, malicious code occurrences, and insider threats. Attaining the ECIH certification enhances professionals' industry recognition as seasoned incident handlers.
Who should take the exam?
This exam offers significant benefits to incident handlers, risk assessment administrators, penetration testers, cyber forensic investigators, vulnerability assessment auditors, system administrators, system engineers, firewall administrators, network managers, IT managers, IT professionals, and anyone with an interest in incident handling and response.
Exam Details
Exam Code: 212-89
Exam Name: Certified Incident Handler
Exam Languages: English
Exam Questions: 100 Questions
Time: 3 hours
Passing Score: 60-85%
Course Outline
The Exam covers the given topics -
Topic 1: Learn about the Incident Response and Handling Process 11%
Information Security Incidents
Incident Management
Incident Response Automation and Orchestration
Incident Handling Standards and Frameworks
Incident Handling Laws and Acts
Incident Response and Handling Process
Topic 2: Understand First Response 11%
First Responder
Securing and Documenting the Crime Scene
Collecting Evidence at the Crime Scene
Preserving, Packaging, and Transporting the Evidence
Topic 3: Learn about Malware Incidents 11%
Malware Incidents Handling Preparation
Malware Incidents Detection
Malware Incidents Containment and Eradication
Recovery after Malware Incidents
Guidelines for Preventing Malware Incidents
Topic 4: Email Security Incidents 12%
Types of Email Security Incidents
Preparation for Handling Email Security Incidents
Detection and Containment of Email Security Incidents
Eradication of Email Security Incidents
Recovery after Email Security Incidents
Best Practices against Email Security Incidents
Topic 5: Understand Network Level Incidents
Preparation for Handling Network Security Incidents
Network Security Incidents Detection and Validation
Handling Unauthorized Access Incidents
Handling Inappropriate Usage Incidents
Handling Denial-of-Service Incidents
Handling Wireless Network Security Incidents
Topic 6: Application Level Incidents 11%
Preparation for Handling Web Application Security Incidents
Web Application Security Incidents Detection and Analysis
Containment and Eradication of Web Application Security Incidents
Recovery from Web Application Security Incidents
Best Practices for Securing Web Applications
Topic 7: Learn about Cloud Security Incidents 10%
Challenges in Cloud Incident Handling and Response
Handling Cloud Security Incidents
Handling Azure Security Incidents
Handling AWS Security Incidents
Handling Google Cloud Security Incidents
Best Practices Against Cloud Security Incidents
Topic 8: Insider Threats 11%
Types of Insider Threats
Preparation Steps for Handling Insider Threats
Detection, Containment, and Eradication of Insider Threats