Certified Incident Handler (CIH) Practice Ecam

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the Certified Incident Handler (CIH) Exam. Enhance your knowledge with interactive quizzes and detailed insights into cyber incident handling. Boost your exam readiness with our expert-designed questions!

Start Multiple Choice Practice Test
Start Flash Cards

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

Which of the following actions should not be taken to eradicate Azure-based security incidents?

  1. Regularly changing passwords

  2. Never reset the krbtgt account

  3. Conducting malware scans

  4. Implementing two-factor authentication

The correct answer is: Never reset the krbtgt account

The action of not resetting the krbtgt account is crucial in mitigating the impact of certain types of incidents, particularly those involving Kerberos authentication in Active Directory environments. The krbtgt account is a service account used by the Kerberos authentication protocol, and it plays a vital role in security. Failure to reset this account when a security breach is suspected can lead to persistent unauthorized access, as it allows attackers to generate valid Kerberos tickets. Therefore, underlining this practice as one that should not be taken to eradicate Azure-based security incidents highlights its importance in maintaining the integrity of authentication mechanisms and ensuring that any compromised credentials are revoked. In contrast, regularly changing passwords, conducting malware scans, and implementing two-factor authentication are all proactive measures that enhance security and help prevent incidents or reduce their impact. Regular password changes can limit the exposure when credentials are compromised, malware scans can identify and mitigate malicious threats, and two-factor authentication adds an additional layer of security by requiring users to provide two forms of verification before accessing systems. These actions are essential components of a comprehensive security strategy.

More Questions Like This