Certified Incident Handler (CIH) Practice Ecam

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the Certified Incident Handler (CIH) Exam. Enhance your knowledge with interactive quizzes and detailed insights into cyber incident handling. Boost your exam readiness with our expert-designed questions!

Start Multiple Choice Practice Test
Start Flash Cards

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

What is not an indicator of a Linux-based security incident?

  1. Unauthorized changes to system files

  2. Suspicious account access patterns

  3. Authorized creation of an SSH key

  4. Unusual CPU usage spikes

The correct answer is: Authorized creation of an SSH key

The correct response identifies that the authorized creation of an SSH key is not an indicator of a Linux-based security incident. This is because the creation of SSH keys is a legitimate administrative action that users with the appropriate permissions are expected to carry out as part of normal operations. When an authorized user generates an SSH key, it typically signifies that they are simply enabling secure access to systems rather than signaling any malicious or suspicious behavior. In contrast, unauthorized changes to system files, suspicious account access patterns, and unusual CPU usage spikes are all potential signs of a security incident. Unauthorized changes to system files could indicate tampering or compromise of system integrity, while suspicious account access patterns may suggest unauthorized access or attempts to exploit user accounts. Unusual CPU usage spikes can be indicative of malicious activities, such as a Distributed Denial of Service (DDoS) attack or the presence of malware running processes that consume excessive resources. These indicators warrant further investigation as they might reveal underlying security threats.

More Questions Like This