Certified Incident Handler (CIH) Practice Ecam

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the Certified Incident Handler (CIH) Exam. Enhance your knowledge with interactive quizzes and detailed insights into cyber incident handling. Boost your exam readiness with our expert-designed questions!

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

What malware eradication step involves physically isolating uncompromised subnets?

Network security devices
System Restoration
Behavior Monitoring
Process Termination

The correct answer is: Network security devices

The step that involves physically isolating uncompromised subnets is related to the implementation of network security devices. This process is crucial during a malware eradication effort because it helps contain the threat by preventing the malware from spreading to unaffected parts of the network. By using firewalls, intrusion detection systems, and other security devices, an organization can create barriers that isolate infected systems or segments of the network from those that remain uncompromised. This approach not only helps in protecting clean systems but also provides a controlled environment for remediation efforts on the infected segments. In contrast, the other choices do not specifically involve the physical isolation of network segments. System restoration typically refers to the process of recovering systems to a previous state, behavior monitoring focuses on observing system operations for suspicious activities, and process termination involves stopping specific processes related to the malware. None of these directly address the need for isolating uncompromised subnets as part of a strategic response to an ongoing malware incident.