Free 212-89 Practice Test Questions and Answers (2026) | Cert Empire

[Incident Handling and Response Process] Alice is a disgruntled employee. She decided to acquire critical information from her organization for financial benefit. To acccomplish this, Alice started running a virtual machine on the same physical host as her victim's virtual machine and took advantage of shared physical resources (processor cache) to steal data (cryptographic key/plain text secrets) from the victim machine. Identify the type of attack Alice is performing in the above scenario.

[Introduction to Incident Handling and Response] Which of the following GPG18 and Forensic readiness planning (SPF) principles states that “organizations should adopt a scenario based Forensic Readiness Planning approach that learns from experience gained within the business”?

[Introduction to Incident Handling and Response] ZYX company experienced a DoS/DDoS attack on their network. Upon investigating the incident, they concluded that the attack is an application-layer attack. Which of the following attacks did the attacker use?

[Introduction to Incident Handling and Response] An insider threat response plan helps an organization minimize the damage caused by malicious insiders. One of the approaches to mitigate these threats is setting up controls from the human resources department. Which of the following guidelines can the human resources department use?

[Introduction to Incident Handling and Response] Which of the following is the BEST method to prevent email incidents?

[Introduction to Incident Handling and Response] Which of the following techniques prevent or mislead incident-handling process and may also affect the collection, preservation, and identification phases of the forensic investigation process?

[Handling and Responding to Web Application Attacks] Oscar receives an email from an unknown source containing his domain name oscar.com. Upon checking the link, he found that it contains a malicious URL that redirects to the website evilsite.org. What type of vulnerability is this?

[Introduction to Incident Handling and Response] Darwin is an attacker residing within the organization and is performing network sniffing by running his system in promiscuous mode. He is capturing and viewing all the network packets transmitted within the organization. Edwin is an incident handler in the same organization. In the above situation, which of the following Nmap commands Edwin must use to detect Darwin’s system that is running in promiscuous mode?

[Handling and Responding to Email Security Incidents] Francis received a spoof email asking for his bank information. He decided to use a tool to analyze the email headers. Which of the following should he use?

[Introduction to Incident Handling and Response] Farheen is an incident responder at reputed IT Firm based in Florid a. Farheen was asked to investigate a recent cybercrime faced by the organization. As part of this process, she collected static data from a victim system. She used DD tool command to perform forensic duplication to obtain an NTFS image of the original disk. She created a sector-by-sector mirror imaging of the disk and saved the output image file as image.dd. Identify the static data collection process step performed by Farheen while collecting static data.