Certified Incident Handler (CIH) Practice Ecam

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the Certified Incident Handler (CIH) Exam. Enhance your knowledge with interactive quizzes and detailed insights into cyber incident handling. Boost your exam readiness with our expert-designed questions!

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

What is an indicator that helps an incident responder detect network-based DoS/DDoS attacks?

High bandwidth consumption
Slow access to local or remote files
Increased uptime of servers
Consistent network speed

The correct answer is: Slow access to local or remote files

The most relevant indicator for detecting network-based DoS (Denial of Service) or DDoS (Distributed Denial of Service) attacks is high bandwidth consumption. In a DoS or DDoS attack, the intent is often to overwhelm the targeted system or network with excessive traffic, which can lead to network congestion and degrade service quality. High bandwidth consumption indicates that the network is experiencing unusually high levels of incoming traffic, which is characteristic of these types of attacks. Monitoring for high levels of bandwidth usage can help incident responders identify abnormal patterns that suggest a potential attack. If a network typically operates at a certain bandwidth level and suddenly spikes, it could signal an ongoing DoS/DDoS attack that requires immediate attention. The other indicators, such as slow access to local or remote files, could be a symptom of several issues, not necessarily exclusively indicative of an attack. Increased uptime of servers may suggest stability, rather than an attack's presence, while consistent network speed usually indicates normal operations. Understanding these distinctions is crucial for effective incident response and threat management.