Certified Incident Handler (CIH) Practice Ecam

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the Certified Incident Handler (CIH) Exam. Enhance your knowledge with interactive quizzes and detailed insights into cyber incident handling. Boost your exam readiness with our expert-designed questions!

Start Multiple Choice Practice Test
Start Flash Cards

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

What is an indicator of an AWS-based security incident?

  1. Unusual API call requests from S3

  2. Increased read requests on RDS

  3. Frequent logins from unfamiliar IP addresses

  4. Unexpected CPU usage on EC2 instances

The correct answer is: Unusual API call requests from S3

An unusual API call request from S3 is indeed a strong indicator of a potential security incident in an AWS environment. Such API calls can signify malicious activity, such as unauthorized access attempts, data exfiltration, or attempts to manipulate stored data. Monitoring API calls is essential because they can reveal patterns that deviate from typical usage, which might indicate a breach or other security threat. While increased read requests on RDS may indicate normal usage growth or performance issues, it doesn't inherently signal a security incident. Similarly, frequent logins from unfamiliar IP addresses, though concerning, may not directly indicate a compromise if they are legitimate access attempts (e.g., by remote administrators or users). Finally, unexpected CPU usage on EC2 instances can result from various causes, including legitimate increased workloads or application issues, rather than being a definitive indicator of a security incident without additional context. In contrast, unusual API calls provide more direct evidence of potential malicious behavior, making it a key flag for incident response teams to investigate further.

More Questions Like This