Certified Incident Handler (CIH) Practice Ecam

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the Certified Incident Handler (CIH) Exam. Enhance your knowledge with interactive quizzes and detailed insights into cyber incident handling. Boost your exam readiness with our expert-designed questions!

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

Identify the practice that will not help incident responders eradicate AWS security incidents.

Regularly backing up data in S3
Implementing IAM role restrictions
Never delete encrypted S3 objects
Maintaining secure access logs

The correct answer is: Never delete encrypted S3 objects

The practice of never deleting encrypted S3 objects is unlikely to aid in eradicating AWS security incidents. This approach does not address the foundational issues that lead to incidents, such as vulnerabilities in configuration, access control, or potential data exposure due to mismanagement. While retaining encrypted data may seem protective, it can complicate incident response if an incident does occur. For instance, if sensitive information is compromised, retaining the data without assessing it could leave organizations exposed to further risks, as they may not be able to adequately evaluate the impact of the incident. In contrast, regularly backing up data provides a safety net for recovery, allowing for restoration of data should an incident lead to loss or corruption. Implementing IAM role restrictions helps enforce the principle of least privilege, significantly minimizing the access potential for users and applications and thus reducing the risk of unauthorized access. Maintaining secure access logs is crucial for tracking and analyzing incidents, enabling responders to understand the nature and scope of security events, which is essential for effective remediation.