Certified Incident Handler (CIH) Practice Ecam

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the Certified Incident Handler (CIH) Exam. Enhance your knowledge with interactive quizzes and detailed insights into cyber incident handling. Boost your exam readiness with our expert-designed questions!

Start Multiple Choice Practice Test
Start Flash Cards

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

What is a step that should not be taken by an incident handler during a malware containment effort?

  1. Unblock all host and firewall ports

  2. Analyze logs for suspicious activity

  3. Employ containment tools

  4. Isolate affected systems

The correct answer is: Unblock all host and firewall ports

In a malware containment effort, it is crucial to maintain as much control over the infected environment as possible. Unblocking all host and firewall ports would allow potentially malicious traffic to flow freely, which could exacerbate the situation by enabling the malware to communicate with external command-and-control servers or propagate to other systems on the network. Keeping ports blocked is a fundamental practice to reduce the spread of the threat and limit the incident's impact. In contrast, analyzing logs for suspicious activity, employing containment tools, and isolating affected systems are all critical steps in effectively managing a malware incident. Analyzing logs helps identify the entry point and scope of the infection, containment tools aid in managing and mitigating the threat, and isolating affected systems prevents the malware from spreading further within the network.

More Questions Like This