Certified Incident Handler (CIH) Practice Ecam

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the Certified Incident Handler (CIH) Exam. Enhance your knowledge with interactive quizzes and detailed insights into cyber incident handling. Boost your exam readiness with our expert-designed questions!

Start Multiple Choice Practice Test
Start Flash Cards

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

What is one of the first actions John took after identifying the security breach alert?

  1. Document the incident

  2. Contain the incident

  3. Communicate with stakeholders

  4. Perform forensics

The correct answer is: Contain the incident

One of the first actions taken after identifying a security breach alert is to contain the incident. Containment is a critical step in the incident response process because it aims to limit the impact of the breach and prevent further damage. By quickly isolating affected systems or networks, responders can stop the spread of the breach, secure sensitive information, and maintain the integrity of remaining systems. This action is crucial in minimizing losses and ensuring that any threat is managed effectively. The containment step typically occurs before documenting the incident, communicating with stakeholders, or performing forensics. While those actions are important and follow containment, they assume that measures have been taken to first address the immediate threat. Immediate containment helps establish a foundation for further investigation and recovery efforts.

More Questions Like This