Certified Incident Handler (CIH) Practice Ecam

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the Certified Incident Handler (CIH) Exam. Enhance your knowledge with interactive quizzes and detailed insights into cyber incident handling. Boost your exam readiness with our expert-designed questions!

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

In incident handling, what does the term 'containment' refer to?

Preserving evidence after an incident
Preventing the spread of an incident within the network
Identifying the root cause of an incident
Documenting the incident response process

The correct answer is: Preventing the spread of an incident within the network

Containment in incident handling primarily refers to the actions taken to prevent the spread of an incident within the network. This is crucial because, during a security incident, such as a malware infection or a data breach, it’s essential to isolate affected systems to minimize further damage and protect other systems from being compromised. By implementing containment strategies, incident responders can limit the impact of the incident, control the situation, and begin the process of recovery without allowing the problem to escalate or encompass additional systems. Other aspects like preserving evidence, identifying root causes, or documenting the incident response process, while significant in their own right, relate to different phases of incident response. Preserving evidence is important for post-incident analysis or legal proceedings. Identifying the root cause is part of the follow-up analysis to prevent future occurrences. Documenting the process helps improve future incident response efforts. However, they do not directly address the immediate goal of limiting damage during the incident itself, which is the essence of containment.