Eccouncil Exam 212-89 Topic 3 Question 76 Discussion

Actual exam question for Eccouncil's 212-89 exam

Question #: 76
Topic #: 3

[All 212-89 Questions]

Robert is an incident handler working for Xsecurity Inc. One day, his organization

faced a massive cyberattack and all the websites related to the organization went

offline. Robert was on duty during the incident and he was responsible to handle the

incident and maintain business continuity. He immediately restored the web application

service with the help of the existing backups.

According to the scenario, which of the following stages of incident handling and

response (IH&R) process does Robert performed?

AEvidence gathering and forensics analysis

BEradication

CNotification

DRecovery

Show Suggested Answer

Suggested Answer: C

Threat correlation is a method used by incident responders to analyze and associate various indicators of compromise (IoCs) and alerts to identify genuine threats. By correlating data from multiple sources and applying intelligence to distinguish between unrelated events and coordinated attack patterns, responders can significantly reduce the rate of false-positive alerts. This enables teams to prioritize their efforts on the most critical and likely threats, thereby reducing potential risks and corporate liabilities. Effective threat correlation involves the use of sophisticated security information and event management (SIEM) systems, threat intelligence platforms, and analytical techniques to identify relationships between seemingly disparate security events and alerts.

by Paris at Feb 07, 2025, 12:33 AM

Limited Time Offer

25%

24 days ago

I think Robert performed the Recovery stage.

upvoted 0 times

...