Certified Incident Handler (CIH) Practice Ecam

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the Certified Incident Handler (CIH) Exam. Enhance your knowledge with interactive quizzes and detailed insights into cyber incident handling. Boost your exam readiness with our expert-designed questions!

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

Which activity should an incident handler not perform while addressing email security incidents?

Restore from a reliable backup
Restore affected systems from an untrusted backup
Analyze email access logs
Communicate with email service providers

The correct answer is: Restore affected systems from an untrusted backup

Restoring affected systems from an untrusted backup is a critical activity that an incident handler should avoid when addressing email security incidents. When dealing with security incidents, particularly those related to email, the integrity and trustworthiness of backups are paramount. Using an untrusted backup can lead to reintroducing compromised data or systems, which could perpetuate the security breach or introduce new vulnerabilities. In an incident response situation, it is essential first to ensure that any backups used for restoration are verified and known to be secure, as they might contain malware or other malicious artifacts that the previous incident allowed to infiltrate. By relying on untrusted backups, there is a significant risk of further compromising the environment rather than recovering from the incident effectively. In contrast, restoring from a reliable backup, analyzing email access logs, and communicating with email service providers are sound practices that contribute to identifying the scope of the incident, recovering from it effectively, and ensuring better defenses against future incidents.