Certified Incident Handler (CIH) Practice Ecam

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the Certified Incident Handler (CIH) Exam. Enhance your knowledge with interactive quizzes and detailed insights into cyber incident handling. Boost your exam readiness with our expert-designed questions!

Start Multiple Choice Practice Test
Start Flash Cards

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

Identify the incident response step in which an incident handler removes the root cause of a security incident.

  1. Containment

  2. Detection

  3. Eradication

  4. Recovery

The correct answer is: Eradication

The phase of incident response where the incident handler removes the root cause of a security incident is known as eradication. This step is crucial because simply containing an incident does not eliminate the underlying threat that caused it. During the eradication phase, the incident handler identifies and eliminates any vulnerabilities, malware, or threats associated with the incident. This might involve actions such as patching software, removing malicious files, and adjusting configurations to prevent the same incident from happening again. The focus is on taking comprehensive measures to ensure that the root cause is addressed, mitigating the risk of recurrence and restoring the integrity of the affected systems. In contrast, containment focuses on limiting the impact of the incident and preventing its spread, while detection involves identifying and recognizing that an incident has occurred. The recovery phase follows eradication and involves restoring systems to normal operations and ensuring they are functioning securely. Each of these phases serves a distinct purpose, but eradication is specifically dedicated to addressing and eliminating the root cause.

More Questions Like This