EC-Council Certified Incident Handler Exam Information

Incident Handler Exam (212-89)



Credit Towards Certification

EC-Council Certified Incident Handler

Exam Details

  • Exam Code: 212-89
  • Number of Questions: 50
  • Passing Score: 70%
  • Test Duration: 2 hours
  • Test Format: Multiple choice
  • Delivery: EC-Council Exam Center

Test Objectives ECIH v1



Introduction to Incident Response and Handling

  • Defines computer security incident
  • Discusses the importance of data classification
  • Discusses information warfare
  • Discusses  the key concepts of information security
  • Explains various vulnerability, threat, and attacks on information systems
  • Discusses types of computer security incidents with example
  • Explains different incident categories
  • Discusses incident prioritization issues
  • Explains incident response, incident handling and computer forensics












Risk Assessment

  • Explains risk policy
  • Discusses the risk assessment methodology
  • Outlines different steps to assess and mitigate risks at work place
  • Describes risk analysis
  • Discusses different risk mitigation strategies
  • Explains the importance of cost/benefit analysis in risk assessment process
  • Discusses various issues involved with control implementation
  • Explains the risk mitigation methodology
  • Discusses residual risk
  • Showcases risk assessment tools












Incident Response and Handling Steps

  • Explains the need for incident response
  • Describes the incident response process
  • Explains the incident response components
  • Describes incident response methodology
  • Explains various incident response and handling stages
  • Defines the incident response plan
  • Outlines the steps for incident response plan
  • Discusses the importance of training and awareness for incident response and handling
  • Provides security awareness and training checklists
  • Explains incident response policy
  • Discusses about incident management and the purpose of incident management
  • Explains about incident response team structure, personnel, team dependencies and team services
  • Defines the relationship between incident response, incident handling, and incident management
  • Discusses about incident response best practices


CSIRT

  • Discusses the need of an Incident Response Team (IRT)
  • Explains CSIRT goals and strategy
  • Explains CSIRT  mission and vision
  • Explains CSIRT constituency
  • Discusses about the CSIRT place in the organization
  • Explains the CSIRT relationship with peers
  • Defines the types of CSIRT environments
  • Explains the best practices for creating a CSIRT
  • Explains the role of CSIRTs
  • Defines the roles in an Incident Response Team
  • Illustrates different CSIRT services
  • Explains about CSIRT policies and procedures
  • Explains how CSIRT handles a case









Handling Network Security Incidents

  • Defines DoS and DDoS attacks
  • Explains incident handling preparation for DoS attacks
  • Discusses different types of unauthorized access incident
  • Explains various stages involved in incident handling preparation for unauthorized access incident
  • Discusses different types of inappropriate usage incidents
  • Explains different steps of incident handling preparation for inappropriate usage incidents
  • Discusses about the multiple component incidents
  • Explains steps involved in incident handling preparation for multiple component incidents
  • Showcases network security assessment tools such as Nmap and Wireshark









Handling Malicious Code Incidents

  • Explains about virus, worms, trojans and spywares
  • Explains the incident handling preparation for malicious code incidents
  • Discusses about the incident prevention, detection and analysis of malicious code incidents
  • Explains the containment strategy for the t malicious code incidents
  • Explains the method of  evidence gathering and handling the malicious code incidents
  • Defines the method of eradication and recovery from the malicious code incidents
  • Explains various countermeasures for the malicious code incidents













Handling Insider Threats

  • Defines insider threats
  • Explains the anatomy of an insider attack
  • Explains different techniques for the insider threat detection
  • Explains the insider threats response
  • Describes the insider’s incident response plan
  • Provides guidelines for overcoming insider threats
  • Demonstrates various employee monitoring tools

















Forensic Analysis and Incident Response

  • Discusses computer forensics
  • Explains the objectives of forensics analysis
  • Discusses about the role of forensics analysis in incident response
  • Explains the types of computer forensics
  • Discusses about computer forensic investigator and other people involved in computer forensics
  • Defines the computer forensics process
  • Explains about the forensic policies
  • Discusses about the forensics in the information system life cycle
  • Demonstrates forensic analysis tools such as Helix and Sysinternals tools













Incident Reporting

  • Defines the incident reporting
  • Outlines the details to be reported
  • Provides report formats
  • Discusses the information disclosure issues
  • Explains the issues involved in reporting work place incidents
  • Discusses about the federal agency incident categories
  • Provides the incident reporting guidelines















Incident Recovery

  • Defines the incident recovery
  • Explains the principles of incident recovery
  • Illustrates different  steps of incident recovery
  • Discusses about contingency/continuity of operations planning
  • Discusses about business continuity planning and business impact analysis
  • Describes the incident recovery plan
  • Discusses about the incident recovery planning team
  • Defines the incident recovery testing














Security Policies and Laws

  • Defines the security policy
  • Explains the key elements of security policy
  • Describes the goals of a security policy
  • Explains the purpose of a security policy
  • Explains the characteristics of a security policy
  • Discusses about the implementation of security policies
  • Explains the access control policy and its importance
  • Explains the administrative security policy, asset control policy, audit trail policy, logging policy, documentation policy, evidence collection policy, information security policy, National Information Assurance Certification & Accreditation Process (NIACAP) policy, and physical security policy
  • Provides the physical security guidelines
  • Discusses about the  personnel security policies & guidance
  • Explains the role of laws in incident handling
  • Discusses about the  legal issues when dealing with an incident
  • Discusses about the  law enforcement agencies