212-89 Exam Information and Guideline
EC-Council Certified Incident Handler (ECIH v2)
Below are complete topics detail with latest syllabus and course outline, that will help you good knowledge about exam objectives and topics that you have to prepare. These contents are covered in questions and answers pool of exam.
E|CIH allows cybersecurity professionals to demonstrate their mastery of the knowledge and skills required for Incident Handling
Exam Title EC-Council Certified Incident Handler
Exam Code 212-89
Number of Questions 100
Duration 3 hours
Availability EC-Council Exam Portal
Test Format Multiple Choice
Passing Score 70%
The Purpose of E|CIH is
To enable individuals and organizations with the ability to handle and respond to different types of cybersecurity incidents in a systematic way.
To ensure that organization can identify, contain, and recover from an attack.
To reinstate regular operations of the organization as early as possible and mitigate the negative impact on the business operations.
To be able to draft security policies with efficacy and ensure that the quality of services is maintained at the agreed levels.
To minimize the loss and after-effects breach of the incident.
For individuals: To enhance skills on incident handling and boost their employability.
Learning Objectives of E|CIH Program
Understand the key issues plaguing the information security world
Learn to combat different types of cybersecurity threats, attack vectors, threat actors and their motives
Learn the fundamentals of incident management including the signs and costs of an incident
Understand the fundamentals of vulnerability management, threat assessment, risk management, and incident response automation and orchestration
Master all incident handling and response best practices, standards, cybersecurity frameworks, laws, acts, and regulations
Decode the various steps involved in planning an incident handling and response program
Gain an understanding of the fundamentals of computer forensics and forensic readiness
Comprehend the importance of the first response procedure including evidence collection, packaging, transportation, storing, data acquisition, volatile and static evidence collection, and evidence analysis
Understand anti-forensics techniques used by attackers to find cybersecurity incident cover-ups
Apply the right techniques to different types of cybersecurity incidents in a systematic manner including malware incidents, email security incidents, network security incidents, web application security incidents, cloud security incidents, and insider threat-related incidents