212-89 Dumps With Exact Questions and Answers

Advanced persistent threats require coordinated, intelligence-driven response. ECIH emphasizes that APT investigations generate massive volumes of telemetry across endpoints, networks, and cloud platforms.

Option D is correct because Incident Response Automation and Orchestration (IRAO) tools correlate disparate data sources, automate enrichment, and accelerate threat hunting. This enables responders to identify hidden persistence mechanisms and attacker TTPs efficiently.

Options A, B, and C are important but not immediate investigative actions.

ECIH explicitly recommends orchestration platforms for complex, multi-vector incidents such as APTs.

The GPG18 and Forensic readiness planning (SPF) principles outline various guidelines to enhance an organization's readiness for forensic investigation and response. Principle 5, which suggests that organizations should adopt a scenario-based Forensic Readiness Planning approach that learns from experience gained within the business, emphasizes the importance of being prepared for a wide range of potential incidents by leveraging lessons learned from past experiences. This approach helps in continuously improving forensic readiness and response capabilities by adapting to the evolving threat landscape and organizational changes.

The EC-Council Incident Handler (ECIH) curriculum explains that insider data exfiltration frequently occurs through legitimate channels such as HTTPS to bypass traditional firewall rules. When encrypted traffic is not inspected, sensitive data can be transmitted without detection.

Data Loss Prevention (DLP) tools monitor, detect, and block unauthorized transmission of sensitive information across endpoints, networks, and cloud services. DLP solutions can inspect encrypted traffic (when integrated with SSL/TLS inspection mechanisms) and enforce policies that prevent confidential data from leaving the organization.

The absence of deep packet inspection allowed encrypted HTTPS traffic to evade detection. Implementing DLP would provide content-aware monitoring and policy-based enforcement, reducing insider exfiltration risk.

Option A (biometric authentication) controls access, not outbound data flows. Option C (secure coding) relates to software development security. Option D (USB blocking) addresses removable media exfiltration, not encrypted network traffic.

Therefore, implementing Data Loss Prevention (DLP) tools is the appropriate eradication control.