Certified Incident Handler (CIH) Practice Ecam

Disable ads (and more) with a membership for a one time $4.99 payment

Prepare for the Certified Incident Handler (CIH) Exam. Enhance your knowledge with interactive quizzes and detailed insights into cyber incident handling. Boost your exam readiness with our expert-designed questions!

Practice this question and more.


Which approach is effective in the initial response to a malware infection?

  1. Immediately disconnecting affected systems

  2. Searching for new security tools online

  3. Redesigning the entire network layout

  4. Removing all user access to the system

The correct answer is: Immediately disconnecting affected systems

Immediately disconnecting affected systems is an effective approach in the initial response to a malware infection because it helps to contain the threat and prevent further spread of the malware throughout the network. By isolating the compromised system, you can limit the damage, protect other devices, and secure sensitive data from potential exfiltration or manipulation. This action is critical in the early stages of incident response as it allows for a clearer assessment of the situation without the risk of ongoing infection or lateral movement of the malware to other systems. In cybersecurity best practices, the first step is often to contain the incident, and disconnecting the affected systems serves that purpose well. Other options, such as searching for new security tools online, redesigning the entire network layout, or removing all user access to the system, may be part of a longer-term response strategy but do not address the immediate threat effectively. Searching for tools does not provide immediate containment, redesigning the network can be a lengthy process that cannot be executed in response to a live incident, and removing user access may not effectively contain the malware spread either.