Certified Incident Handler (CIH) Practice Ecam

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the Certified Incident Handler (CIH) Exam. Enhance your knowledge with interactive quizzes and detailed insights into cyber incident handling. Boost your exam readiness with our expert-designed questions!

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

What should an incident handler do after identifying a malware incident?

Stop all network activities immediately
Eradicate the threat before taking further steps
Immediately shut down all systems
Notify all users to ignore the incident

The correct answer is: Eradicate the threat before taking further steps

After identifying a malware incident, it is critical for an incident handler to focus on eradicating the threat effectively. This step is essential to prevent the malware from spreading further within the organization and to protect sensitive data and system integrity. Eradication may involve removing the malware from affected systems, cleaning or restoring compromised files, and applying necessary patches or updates to close any vulnerabilities that facilitated the attack. Addressing the threat before taking any further steps allows for a more controlled response, minimizing damage and the likelihood of future incidents. If eradication is not performed before stabilizing or recovering systems, there is a risk of the malware lingering and potentially leading to further exploitation or data loss. Other responses, such as stopping all network activities or shutting down all systems, could lead to significant disruption of business operations and may not be necessary if the incident can be contained while still active. Additionally, notifying users to ignore the incident would undermine the seriousness of the situation and could prevent users from taking proper precautions, possibly exacerbating the incident.