Certified Incident Handler (CIH) Practice Ecam

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the Certified Incident Handler (CIH) Exam. Enhance your knowledge with interactive quizzes and detailed insights into cyber incident handling. Boost your exam readiness with our expert-designed questions!

Start Multiple Choice Practice Test
Start Flash Cards

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

During recovery after an OT-based security incident, incident responders should:

  1. Allow only real-time connectivity to the organizational networks

  2. Grant unrestricted access to all network segments

  3. Use default passwords for easy access

  4. Permit connections from unknown vendors

The correct answer is: Allow only real-time connectivity to the organizational networks

Allowing only real-time connectivity to the organizational networks during the recovery phase of an operational technology (OT)-based security incident is a crucial best practice. This approach helps to minimize the risk of further compromise by limiting external connections and ensuring that only the necessary communication is taking place. It helps incident responders maintain tighter control over the network environment, enabling them to monitor traffic more effectively and ensure that any ongoing malicious activities are detected and contained. In this context, restricting connectivity while focusing on real-time operations allows the organization to assess the integrity of their systems and gradually restore services without exposing them to additional threats. The emphasis on real-time connectivity means that priority is given to essential functions that support recovery efforts and operational continuity, rather than allowing unrestricted access that could introduce vulnerabilities or lead to further incidents. This method also aligns with best practices in incident recovery, which prioritize securing the environment before expanding access or reintroducing more complex functionalities.

More Questions Like This