Certified Incident Handler (CIH) Practice Ecam

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the Certified Incident Handler (CIH) Exam. Enhance your knowledge with interactive quizzes and detailed insights into cyber incident handling. Boost your exam readiness with our expert-designed questions!

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

During which stage of incident response is the complete backup of the infected system performed?

Recovery
Identification
Containment
Preparation

The correct answer is: Containment

The correct response highlights that the complete backup of the infected system is performed during the containment stage of incident response. This stage focuses on limiting the damage and preventing the incident from spreading further. When a system is found to be infected, taking a complete backup becomes essential to preserve evidence and data that may be critical for analysis and potential recovery. In this stage, incident handlers prioritize actions that not only mitigate the immediate impact of the incident but also aim to understand the situation better by securing the system's current state. The backup can be used later for forensic analysis, allowing analysts to investigate the attack vector, understand the malware, or even restore data if necessary. Other stages serve different purposes: the preparation stage involves readiness activities and the planning to ensure an effective response, the identification stage focuses on recognizing and confirming the incident, and the recovery stage entails restoring systems and operations to normal after the incident has been contained and dealt with. Each stage has distinct goals and activities, making the containment phase uniquely oriented towards securing and backing up affected systems.