Certified Incident Handler (CIH) Practice Ecam

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the Certified Incident Handler (CIH) Exam. Enhance your knowledge with interactive quizzes and detailed insights into cyber incident handling. Boost your exam readiness with our expert-designed questions!

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

Which of the following describes the correct sequence to shut down a Windows system after collecting evidence?

1 -> 2 -> 3 -> 4 -> 5 -> 6
3 -> 4 -> 6 -> 1 -> 2 -> 5
6 -> 5 -> 1 -> 2 -> 3 -> 4
4 -> 3 -> 2 -> 1 -> 6 -> 5

The correct answer is: 3 -> 4 -> 6 -> 1 -> 2 -> 5

The correct sequence to shut down a Windows system after collecting evidence is critically important in incident response to ensure that the integrity of the collected data is maintained and to minimize any further alterations. The sequence represented by option B shows that the system is properly prepared and shut down with a focus on forensic integrity. This sequence typically involves shutting down non-essential services and applications first to minimize any activities that could alter the state of the system or the evidence collected. Once these are stopped, the next steps include ensuring that any volatile data has been captured and stored securely before finally performing a controlled shutdown of the operating system. This process helps in preserving any crucial information that may still reside in memory or temporary storage. Following this methodological approach also aids in maintaining a clear chain of custody for the evidence gathered, which can be critical if the case is escalated into legal proceedings. Each step is designed to systematically mitigate risks and safeguard the integrity of the evidence collected during the incident handling process.