The EC-Council exam coded 212-89 is necessary for obtaining the EC-Council Certified Incident Handler (ECIH) certification. It helps applicants develop the fundamental abilities to effectively manage and respond to security incidents that might appear in a business scenario.

Target Audience for EC-Council 212-89 Exam

The candidates who decide to enroll in this certification test are interested in learning how they prevent cybersecurity attacks and, in case they appear, how to manage them to have a minimum impact. Besides, the target audience for this test has medium competence in managing such situations and has already had some experience in a role dedicated to information security. In addition, the applicants need to understand how to develop a risk assessment methodology that will deliver results as well as implement policies and laws related to this domain. Some examples of specialists who are interested in the 212-89 exam, in particular, are risk assessment administrators, vulnerability assessment auditors, system engineers, and administrators, or IT managers and professionals. Note that the candidates are eligible for the formal evaluation if they have previously attended the training dedicated to this topic. This training comes in different formats such as academic learning, instructor-led learning, or online. In case they cannot attend it, the candidates can be exam eligible once they demonstrate that they have at best one year of hands-on experience in information security. In this case, they need to fill in a specific form and confirm the payment of $100 as an eligibility fee.

Overview of EC-Council 212-89

Straight to the point, the 212-89 test developed by EC-Council includes 100 questions. Their format is multiple-choice, and the allotted time for all candidates is 3 hours. The required passing score depends on different factors. Thus, EC-Council has a group of experts who check whether the inquiries are not only relevant but also valid and reliable. Besides, this group of experts, different from those who write the exam questions, will rate all inquiries and decide the required passing score. Once they have a final approval scheme, they will publish the test beta version. The candidates will also sit the beta version exam scheme and their results will determine the structure and difficulty level of the final test. Based on their performance and feedback, the approval committee will decide which items will be used in the live evaluation.

Exam Blueprint

All in all, the EC-Council 212-89 blueprint includes nine topics that validate the applicants’ knowledge of information security topics, as follows:

• Handling and Responding to Incidents

  Through this exam, the test-takers will have the opportunity to improve their knowledge of how they should react after an attack and immediately evaluate the impact it had on the business. Also, they will learn about information and computer security, together with the management of threat intelligence solutions and risk management policies. Besides, through security policies, the certified candidates will be able to reduce the financial and reputational effects that cyberattacks might have on a business.

• Dealing with Processes

  Within this chapter, the examinees will learn how to prevent security incidents and perform security audits. In addition, they will improve their competence in performing forensic investigation and determine solutions in case they need to eradicate attacks and implement recovery policies. Besides, the same topic focuses on incident readiness as well. So, the applicants who aim to get certified will become capable of handling incidents and come with an immediate response to limit their effects on the business as much as possible.

• Delivering First Response and Preparing Forensic Readiness

  Within such an area, the official 212-89 test handles the volatile and static evidence topics. In addition, the test-takers will understand how to manage digital evidence and computer forensics. The professionals who succeed to get the passing score in this exam will be capable of explaining how electronic evidence preservation works, and what they can do when it comes to identifying and managing information security attacks.

• Management of Incidents in Email Security

  Security incidents are very common these days, the professionals who want to get certified will have the opportunity to consolidate their skills in email security. What is more, they will become experts in detecting suspicious and deceptive emails as well as helping their colleagues identify them when they appear. This module also includes subtopics dedicated to phishing emails as well as incident management.

• Incidents in Application Level

  Within this chapter, the specialists who want to pass the EC-Council 212-89 exam will learn about web application vulnerabilities and threats. Besides, they will become experienced in preventing and reducing the impacts of web attacks. Finally, they will gain expertise in web application eradication.

• Handling Mobile and Network Incidents

  The management of unauthorized access and inappropriate usage are some of the subchapters included in this section. In addition, the individuals who aim to become skilled network security professionals will validate their skills on mobile platform risks and vulnerabilities identification as well as the management of the wireless networks. In addition, they will focus on the methods they can use to eradicate incidents that might appear on mobile devices and implement recovery strategies quickly.

• Insider Threats

  To keep attacks’ impacts to a minimum and prevent them as much as possible, the applicants will learn how to implement employee monitoring tools. Thus, they will quickly identify the employees’ browsing history and implement eradication solutions to keep the company’s software protected from potential threats.

• Malware Incident Management

  Such a section handles topics related to malware identification and the development of malicious code. Moreover, the examinees will consolidate their knowledge of malware incident triage solutions.

• Handling of Incidents That Occur in Cloud Environment

  The final topic included in the official 212-89 exam handles eradication and recovery solutions that apply in the cloud environment. What is more, the test-takers will identify the methods that can be applied when it comes to securing cloud computing and preventing potential threats.

Career Prospects

The professionals who succeed in getting the passing score in the EC-Council 212-89 exam can apply to different roles, such as:

• Network Security Engineer;
• Penetration Tester.

According to the research performed by Payscale.com, the annual salary for a Network Security Engineer can reach the level of $88k. On the other hand, a professional who applies for the position of Penetration Tester can receive an offer of $87k as payment per year.

Certification Path

Once they pass the EC-Council 212-89 test and attain the ECIH designation, the candidates can take their security incident skills to the next level with other certifications. For example, they can apply for the Certified SOC Analyst certificate from the house of EC-Council as well.