Certified Incident Handler (CIH) Practice Ecam

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the Certified Incident Handler (CIH) Exam. Enhance your knowledge with interactive quizzes and detailed insights into cyber incident handling. Boost your exam readiness with our expert-designed questions!

Start Multiple Choice Practice Test
Start Flash Cards

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

What should incident handlers do with suspicious files found during an investigation?

  1. Delete them immediately

  2. Isolate them for analysis

  3. Ignore them if they seem harmless

  4. Share them with all users

The correct answer is: Isolate them for analysis

Incident handlers should isolate suspicious files for analysis to ensure that a thorough investigation can be conducted without compromising the integrity of the data or the system. Isolating these files helps to prevent potential malware from spreading or further damaging the network. This allows for a controlled environment where the behavior of the files can be safely examined without exposing the organization to additional risk. This approach facilitates a deeper understanding of the file's nature, whether it's benign or malicious, and enables appropriate response measures to be taken based on the findings. Through this careful analysis, incident handlers can make informed decisions on what course of action to pursue next, which might include deletion, quarantine, or patching vulnerabilities that allowed for the suspicious file to exist in the first place. Additionally, handling suspicious files in this way aligns with best practices in incident response and forensic investigations, which prioritize evidence preservation and careful examination before making irreversible decisions.

More Questions Like This