Certified Incident Handler (CIH) Practice Ecam

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the Certified Incident Handler (CIH) Exam. Enhance your knowledge with interactive quizzes and detailed insights into cyber incident handling. Boost your exam readiness with our expert-designed questions!

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

What document is crucial for protecting evidence from damage during an incident?

Incident report
Evidence log
Chain-of-Custody
Recovery plan

The correct answer is: Chain-of-Custody

The chain of custody is a fundamental document in incident handling that ensures the integrity and reliability of evidence. It meticulously tracks the movement and handling of evidence from the moment it is collected until it is presented in a legal or investigative context. By documenting who collected, transferred, or analyzed the evidence, the chain of custody helps establish that the evidence has not been tampered with or altered in any way. This is critical because any discrepancies in evidence handling can lead to questions regarding its authenticity, potentially undermining an incident investigation or legal proceedings. Establishing a clear chain of custody is vital for maintaining the admissibility of evidence in court and ensuring that it can be relied upon for decision-making during an incident response. In contrast, while the other documents play important roles in incident management—such as the incident report detailing what occurred or an evidence log that tracks specific pieces of evidence—the chain of custody specifically pertains to the protection and integrity over time of the evidence itself, making it the most crucial in this context. The recovery plan also focuses on restoring systems and operations rather than directly safeguarding evidence.