212-89 Exam Dumps : EC Council Certified Incident Handler (ECIH v3)

In a disassociation attack, the attacker sends disassociation frames to a wireless access point (AP) using a spoofed MAC address of a client or to the client pretending to be the AP. This forces the target to disconnect and often reconnect, causing a disruption in the wireless connectivity. Such attacks can be used to create a denial-of-service condition for the client, making the network resource unavailable. The primary objective of this attack is not to eavesdrop but to disrupt the normal operation of the wireless connection between the client and the AP.

ECIH cloud incident handling guidance emphasizes that containment must be immediate and within the organization’s control. Modifying cloud security groups allows responders to restrict network access instantly, preventing further data exfiltration.

Option D is correct because it is actionable without CSP dependency and directly limits attacker movement. Option A may take time. Option B is investigative. Option C is regulatory and premature.

Containment through security group modification is therefore the most critical first step.

Pharming is a cyber attack intended to redirect a website's traffic to another, bogus website. By poisoning a DNS server's cache, attackers can redirect users from the site they intended to visit to one that is malicious, without the user's knowledge or any action on their part, such as clicking a deceptive link. This technique is particularly insidious because it can affect well-intentioned users who type the correct URL into their browsers but are still redirected. War driving involves searching for wireless networks from a moving vehicle, skimming refers to stealing credit card information using a device placed on ATMs or point-of-sale terminals, and pretexting is a form of social engineering where the attacker lies to obtain privileged data.