ECCouncil EC Council Certified Incident Handler (ECIH v3) 212-89 Question # 60 Topic 7 Discussion

212-89 Exam Topic 7 Question 60 Discussion:

Question #: 60

Topic #: 7

Following a security alert, the incident response team at a legal consulting firm suspects that an employee used a USB storage device to exfiltrate confidential client data. To confirm which USB device was connected and gather timestamps and identifiers, which method is most effective?

Check Windows registry entries under Enum\USB.

Scan network logs for USB file upload patterns.

Review Windows SetupAPI.dev.log file entries.

Use WHOIS lookup to trace USB activity.

Get Premium 212-89 Questions

Actual exam question for ECCouncil 212-89 exam by Nyx65127 at Feb 15, 2026, 10:11:00 PM

Contribute your Thoughts:

Chosen Answer: A B C D
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.

Spring Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: simple70

ECCouncil EC Council Certified Incident Handler (ECIH v3) 212-89 Question # 60 Topic 7 Discussion

ECCouncil EC Council Certified Incident Handler (ECIH v3) 212-89 Question # 60 Topic 7 Discussion

Correct Answer:

Options Selected by Other Users:

Contribute your Thoughts:

Spring Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: simple70

ECCouncil EC Council Certified Incident Handler (ECIH v3) 212-89 Question # 60 Topic 7 Discussion

ECCouncil EC Council Certified Incident Handler (ECIH v3) 212-89 Question # 60 Topic 7 Discussion

Correct Answer:

Options Selected by Other Users:

Contribute your Thoughts:

Awaiting moderator approval