Certified Incident Handler (CIH) Practice Ecam

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the Certified Incident Handler (CIH) Exam. Enhance your knowledge with interactive quizzes and detailed insights into cyber incident handling. Boost your exam readiness with our expert-designed questions!

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.


What is the step called where different threat sources are defined?

  1. Risk analysis

  2. Threat identification

  3. Vulnerability assessment

  4. Incident categorization

The correct answer is: Threat identification

The process of defining different threat sources is known as threat identification. This step is crucial in cybersecurity because it involves recognizing and categorizing potential threats that could exploit vulnerabilities within a system or organization. By identifying these threats, organizations can better understand what risks they face, allowing them to prioritize their security measures effectively. Threat identification typically involves the examination of various types of threats, which could include malicious actors (such as hackers), environmental factors (like natural disasters), and internal threats (such as employees with ill intent). By accurately pinpointing and defining these sources, organizations lay a foundation for developing a comprehensive risk management strategy and implementing appropriate countermeasures. The other options revolve around aspects of risk management and incident handling but do not focus specifically on defining threat sources. Risk analysis encompasses evaluating the potential impact and likelihood of identified risks, vulnerability assessment involves examining weaknesses in systems, and incident categorization pertains to classifying incidents to manage their impact effectively. Each of these plays a role in the broader context of threat management but does not specifically address the definition of different threat sources as thoroughly as threat identification does.