Certified Incident Handler (CIH) Practice Ecam

What is a primary goal of an incident handler during a malware incident?

• A. To prevent users from accessing the network
• B. To identify, contain, and eradicate the threat
• C. To ignore small incidents
• D. To inform users of system updates

The correct answer is: To identify, contain, and eradicate the threat

During a malware incident, the primary goal of an incident handler is to identify, contain, and eradicate the threat. This involves several critical steps: 1. **Identification**: The incident handler must determine the nature of the malware incident and its impact on the organization's systems. This involves analyzing indicators of compromise (IOCs) and assessing the extent of the infection. 2. **Containment**: Once the threat is identified, the incident handler needs to contain the incident to prevent further spread. This may include isolating affected systems from the network or restricting certain access points to protect unaffected areas. 3. **Eradication**: After containment, the malware must be eradicated. This typically involves removing malicious software, closing vulnerabilities, and ensuring that no remnants of the threat remain that could lead to re-infection. Successfully completing these steps protects the organization's data, infrastructure, and reputation while minimizing operational disruption. The other options do not align with the proactive and protective approach required during an incident response. For instance, preventing users from accessing the network may lead to a halt in business operations, ignoring small incidents can allow them to escalate, and merely informing users about system updates does not address the immediate threat posed by malware.