212-89 Exam Dumps : EC Council Certified Incident Handler (ECIH v3)

The technique described, where an attacker applies a magnetic field to a digital media device to clean it of any previously stored data, is known as disk degaussing. Degaussing is a method used to erase a disk or tape by exposing it to a strong magnetic field, destroying the magnetic data storage mechanism and leaving the device clean of any data. This process is effectively used for wiping digital evidence in a way that makes recovery impossible, serving as a method of anti-forensics. Unlike file wiping utilities or disk cleaning utilities, which overwrite or delete data (potentially leaving traces that can be recovered), degaussing physically alters the storage medium itself, making data recovery unfeasible.

Comprehensive and Detailed Explanation (ECIH-aligned):

Insider threats are among the most difficult risks to detect because insiders often operate within legitimate access boundaries. The ECIH Insider Threat module emphasizes that behavioral analytics is the most effective approach for identifying sophisticated, low-and-slow insider activity.

Option B is correct because behavioral analytics correlates user actions over time to detect anomalies such as unusual transaction patterns, abnormal access times, or deviations from job role norms. This allows detection of malicious behavior that traditional rule-based monitoring may miss.

Options A, C, and D are invasive, unethical, and often illegal, and they contradict ECIH guidance on lawful, proportional monitoring.

ECIH stresses that insider threat programs must balance security, privacy, and legality while providing meaningful detection. Behavioral analytics meets these requirements and provides actionable insights, making Option B the correct answer.

Incident triage is the phase in the Incident Handling and Response (IH&R) process where identified security incidents are analyzed, validated, categorized, and prioritized. This step is crucial for determining the severity of incidents and deciding on the order in which they should be addressed. During triage, incident handlers assess the impact, urgency, and potential harm of an incident to prioritize their response efforts effectively. This ensures that resources are allocated efficiently, and the most critical incidents are handled first. Incident recording and assignment involve logging incidents and assigning them to handlers, containment focuses on limiting the extent of damage, and notification involves informing stakeholders about the incident.