Certified Incident Handler (CIH) Practice Ecam

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the Certified Incident Handler (CIH) Exam. Enhance your knowledge with interactive quizzes and detailed insights into cyber incident handling. Boost your exam readiness with our expert-designed questions!

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

What practice will not help an incident responder while restoring resources after a web application security incident?

Do not restart any services that were terminated as part of the containment process
Monitor the application for unusual activity
Restore from a secure backup
Reconfigure firewall settings after an incident

The correct answer is: Do not restart any services that were terminated as part of the containment process

In the context of incident response, particularly after a web application security incident, it's essential to understand the importance of service restoration in ensuring the overall security and functionality of the application. The practice of not restarting any services that were terminated as part of the containment process is crucial. When services are halted during the containment phase, it's generally to isolate the incident and prevent further damage, such as data loss or unauthorized access. However, as part of the recovery and restoration process, some of these services may need to be restarted carefully and in a controlled manner. If services are not restarted when necessary, this can lead to prolonged downtime, impact user experience, and potentially leave the application in a vulnerable state if any underlying issues remain unresolved during containment. Therefore, avoiding the restarting of necessary services can hinder recovery and can result in failure to restore normal operations of the application, leading to greater issues down the line.