Certified Incident Handler (CIH) Practice Ecam

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the Certified Incident Handler (CIH) Exam. Enhance your knowledge with interactive quizzes and detailed insights into cyber incident handling. Boost your exam readiness with our expert-designed questions!

Start Multiple Choice Practice Test
Start Flash Cards

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

What practice helps incident responders in recovering resources after a web application security incident?

  1. Increase the log storage limit and increase the disk space

  2. Remove all existing backups

  3. Disable logging to speed up recovery

  4. Limit user access to the system

The correct answer is: Increase the log storage limit and increase the disk space

Increasing the log storage limit and increasing disk space is crucial for incident responders in recovering resources after a web application security incident. Logs are invaluable during and after such incidents because they provide detailed information about what has occurred, including the actions taken by users, the nature of system responses, and any unauthorized access or anomalies. By ensuring that there is ample log storage, responders can retain important data necessary for investigation, analysis, and legal proceedings if necessary. This practice allows for a better understanding of the sequence of events, identification of vulnerabilities, and assessment of the impact of the incident, ultimately facilitating a more efficient recovery process. The other options would be counterproductive for incident recovery: removing backups would eliminate critical restoration points; disabling logging would hinder insight into the incident and any further forensic analysis; and limiting user access may temporarily isolate the problem but could also restrict efficient recovery and remediation processes. Each of these alternatives undermines the incident response process by either removing essential information or preventing necessary actions to understand and resolve the incident.

More Questions Like This