Certified Incident Handler (CIH) Practice Ecam

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the Certified Incident Handler (CIH) Exam. Enhance your knowledge with interactive quizzes and detailed insights into cyber incident handling. Boost your exam readiness with our expert-designed questions!

Start Multiple Choice Practice Test
Start Flash Cards

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

What is the first step incident responders take after detecting a security incident in the network?

  1. Investigation

  2. Containment

  3. Eradication

  4. Recovery

The correct answer is: Containment

The first step incident responders take after detecting a security incident on the network is containment. This action is crucial as it aims to limit the extent of the incident to prevent further damage or unauthorized access to sensitive data. By securing the affected systems, network segments, or devices, responders can mitigate the threat and ensure that the incident does not spread, thereby protecting other parts of the network. Containment usually entails isolating impacted systems from the network, blocking malicious traffic, or implementing temporary measures to reduce the risk while a more thorough investigation can take place. Following containment, the incident response can move on to investigation, eradication, and recovery, but without effective containment, these subsequent steps can be compromised by ongoing impacts from the incident.

More Questions Like This