Certified Incident Handler (CIH) Practice Ecam

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the Certified Incident Handler (CIH) Exam. Enhance your knowledge with interactive quizzes and detailed insights into cyber incident handling. Boost your exam readiness with our expert-designed questions!

Start Multiple Choice Practice Test
Start Flash Cards

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

Which action should an incident responder avoid while restoring the network after a DoS/DDoS attack?

  1. Stopping the Border Gateway Protocol (BGP)

  2. Reinstalling the operating system

  3. Resetting the network devices

  4. Changing security policies

The correct answer is: Stopping the Border Gateway Protocol (BGP)

An incident responder should avoid stopping the Border Gateway Protocol (BGP) when restoring the network after a DoS/DDoS attack because BGP is critical for routing traffic between networks on the internet. Stopping BGP can lead to significant disruptions in network communication, as it may prevent the proper routing of data to and from the affected network. This can exacerbate the impact of the attack, potentially isolating the organization from other networks and causing additional downtime. By keeping BGP operational, responses can focus on mitigating the effects of the attack without further complicating the network infrastructure or hindering recovery efforts. In contrast, reinstalling the operating system, resetting network devices, or changing security policies may be necessary steps taken to eliminate any backdoors or vulnerabilities exploited during the attack and to strengthen the overall security posture of the network post-incident. However, BGP must remain functional to ensure that traffic can flow appropriately during recovery.

More Questions Like This