EC-Council ECIH 各章節重點

# EC-Council ECIH 各章節重點更新時間:2024/05/06 通過考試條件 --- - 考試科目:212-89 EC-Council Certified Incident Handler 目前教材版本為v3 - 考試時間3小時，100題 - 單選題(有單選式多選題) - 必須答對70%題目才會PASS - 目前考試支援的語系版本僅只有英文 - 考試地點:Pearson VUE考試中心(基本上建議就跟在恆逸上課、恆逸考試) - 考試費用:有報課程會送考試券一張，沒有報課程單獨考要450美金，如果在恆逸重考有優惠價格各章節(內容敘述僅供參考) --- 考試大綱請參考 ECIH Exam Blueprint v2 https://cert.eccouncil.org/wp-content/uploads/2024/01/ECIH-Exam-Blueprint-v2.pdf ECIH Candidate Handbook v3 https://cert.eccouncil.org/wp-content/uploads/2024/03/ECIH-Handbook-v3.pdf CH1 資安事件危機處理與回應簡介 --- Module 01:Introduction to Incident Handling and Response NIST SP 800-61 Rev. 2, Computer Security Incident Handling Guide Event / Incident Response -> BCP / DRP Hendling -> Steps / Procedure CH2 資安事件危機處理的程序 --- Module 02:Incident Handling and Response Process Incident Handling and Response (IH&R) Process Step 1: Preparation for Incident Handling and Response Step 2: Incident Recording and Assignment Step 3: Incident Triage Step 4: Notification Step 5: Containment Step 6: Evidence Gathering and Forensic Analysis Step 7: Eradication Step 8: Recovery Step 9: Post-Incident Activities Information Sharing Activities CH3 數位鑑識與第一時間反應準則 --- Module 03:Forensic Readiness and First Response Under Investigation -> 調查中 Improper Usage -> 不洽當的行為(合法/且經過驗證) CAT0 : Exercise/Testing : N/A CAT1 : Unauthorized Access :1 hour CAT2 : Denial of Service (DoS) : 2 hours CAT3 : Malicious Code : Daily CAT4 : Improper Usage : Weekly CAT5 : Scans/Probes/Attempted/ Access : Monthly CAT6 : Investigation : N/A CH4 惡意程式所造成的危機事件應對與處理原則 --- Module 04:Handling and Responding to Malware Incidents Malware Incidents CH5 電子郵件所造成的危機事件應對與處理原則 --- Module 05:Handling and Responding to Email Security Incidents Email Security Incidents CH6 網路攻擊所造成的危機事件應對與處理原則 --- Module 06:Handling and Responding to Network Security Incidents Network Security Incidents CH7 網站及網路應用程式所造成的危機事件應對與處理原則 --- Module 07:Handling and Responding to Web Application Security Incidents Web Application Incidents CH8 雲端應用所造成的危機事件應對與處理原則 --- Module 08:Handling and Responding to Cloud Security Incidents Cloud Security Incidents CH9 內部威脅所造成的危機事件應對與處理原則 --- Module 09:Handling and Responding to Insider Threats Insider Threats CH10 端點威脅所造成的危機事件應對與處理原則 --- Reference --- EC-Council ECIH資安危機處理員認證課程 https://www.uuu.com.tw/Course/Show/698/EC-Council-ECIH%E8%B3%87%E5%AE%89%E5%8D%B1%E6%A9%9F%E8%99%95%E7%90%86%E5%93%A1%E8%AA%8D%E8%AD%89%E8%AA%B2%E7%A8%8B EC-Council https://www.eccouncil.org/train-certify/ec-council-certified-incident-handler-ecih/ EC-Council Certified Incident Handler https://cert.eccouncil.org/ec-council-certified-incident-handler.html ECIH Cert Prep: Certified Incident Handler v2 (212-89) https://www.linkedin.com/learning/ecih-cert-prep-certified-incident-handler-v2-212-89 EC-Council ECIH 資安危機處理員認證考試準備心得 https://medium.com/blacksecurity/ecih-813469149d4e ###### tags: `EC-Council` `ECIH`