Certified Incident Handler (CIH) Practice Ecam

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the Certified Incident Handler (CIH) Exam. Enhance your knowledge with interactive quizzes and detailed insights into cyber incident handling. Boost your exam readiness with our expert-designed questions!

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

What practice assists an incident responder in containing an email security incident?

Ignore firewall logs
Check the firewall logs to identify suspicious IP addresses and URLs
Disable all email accounts temporarily
Remove email virus definitions

The correct answer is: Check the firewall logs to identify suspicious IP addresses and URLs

Checking the firewall logs to identify suspicious IP addresses and URLs is a vital practice in containing an email security incident. This approach allows the incident responder to analyze traffic patterns and detect potentially malicious activity linked to the email incident. By identifying these suspicious indicators, responders can take appropriate actions such as blocking specific IP addresses or URLs to prevent further compromise and mitigate the incident's impact. This practice is crucial because it provides insight into the source of an attack, the methods used by attackers, and potential pathways for further exploitation. Logging information also allows organizations to understand the extent of the breach and aids in the overall response and recovery process. In contrast, ignoring logs would prevent the responder from recognizing threats, while disabling all email accounts could disrupt critical operations without specifically addressing the incident. Similarly, removing email virus definitions would not be a proactive measure to contain an incident and could leave the system vulnerable.