Exam 212-89 Topic 1 Question 126 Discussion

Actual exam question for EC-COUNCIL's 212-89 exam
Question #: 126
Topic #: 1
During routine checks, EduSoft, an educational software provider, identified malware within their digital examination tools. This malware not only provided answers to students but mined personal data. With a digital forensic tool and an encryption protocol tool, what's the ideal primary action?

Suggested Answer: C Vote an answer

Once malware is identified, ECIH guidance requires responders to analyze before eradication to understand scope, infection vectors, persistence mechanisms, and data impact. This ensures effective removal and prevents reinfection.
Option C is correct because forensic analysis allows investigators to determine how the malware entered the system, what data was accessed, and whether additional components are compromised. Without this understanding, containment and recovery efforts may be incomplete or ineffective.
Option A is a containment step but does not address root cause. Option B is a notification step that must be supported by verified facts. Option D protects future data but does not address the active malware.
Therefore, forensic analysis is the ideal primary action following detection, as emphasized in the ECIH malware handling process.

by Sandy at Jun 23, 2026, 08:58 AM

Limited Time Offer

15%

Off

Get Premium 212-89 Questions as Interactive Self Test Engine or PDF

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Nick name: Submit Cancel
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
0
0
0
10