Certified Incident Handler (CIH) Practice Ecam

Identify the correct sequence of steps involved in eradicating a security incident.

• A. 2 -> 3 -> 1 -> 4 -> 5
• B. 1 -> 2 -> 3 -> 4 -> 5
• C. 2 -> 1 -> 4 -> 3 -> 5
• D. 5 -> 3 -> 4 -> 2 -> 1

The correct answer is: 2 -> 1 -> 4 -> 3 -> 5

The correct sequence for eradicating a security incident involves a structured approach to address the issue effectively. The sequence typically starts with identifying the extent of the incident, followed by containment efforts, eradication of the threat, recovery, and finally lessons learned and documentation. In the chosen sequence, beginning with step 2 makes sense as it focuses on identifying the threat and understanding the full scope of the incident. This assessment is crucial for deciding the best containment strategies and for planning the eradication efforts. Moving to step 1 follows logically, as containment is the immediate need to prevent further damage or loss while the threat is being assessed. After containment, progressing to step 4, which is the eradication phase, is a natural next step. This is where the actual removal of the threat occurs, ensuring that any compromised elements are thoroughly cleaned or restored to a secure state. Following eradication with step 3—recovery—allows for the restoration of systems back to normal operation, ensuring that all security measures are in place to prevent future incidents. Concluding with step 5 emphasizes the importance of learning from the incident, improving processes, and updating policies or technology to bolster the security posture going forward. This structured approach ensures that not only is the