Certified Incident Handler (CIH) Practice Ecam

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the Certified Incident Handler (CIH) Exam. Enhance your knowledge with interactive quizzes and detailed insights into cyber incident handling. Boost your exam readiness with our expert-designed questions!

Start Multiple Choice Practice Test
Start Flash Cards

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

Which of the following guidelines helps an incident handler eradicate insider threats caused due to privileged users?

  1. Monitor employee internet usage

  2. Disable the default administrative accounts to ensure accountability

  3. Allow unrestricted access to sensitive data

  4. Provide minimal training for privileged users

The correct answer is: Disable the default administrative accounts to ensure accountability

Disabling default administrative accounts is a critical guideline for incident handlers addressing insider threats posed by privileged users. Default administrative accounts often come with generic usernames and passwords, which can be easily exploited by malicious insiders or external attackers. By disabling these accounts, organizations can enforce the creation of unique credentials for each administrative user, leading to improved accountability. When privileged users have individualized accounts, tracking their actions becomes easier, allowing for better monitoring of user activity. This approach helps ensure that any suspicious or unauthorized access can be traced back to a specific individual, making it more difficult for potential insider threats to go undetected. Consequently, disabling default accounts is a vital measure in safeguarding against misuse of privileged access, thereby enhancing the overall security posture of the organization. In contrast, the other options either do not effectively address the accountability and monitoring needed for privileged users or might lead to increased risk. Monitoring internet usage alone does not specifically target insider threats and may overlook the actions taken within the organization's secure environment. Allowing unrestricted access to sensitive data significantly raises the risk of unauthorized disclosures or changes. Providing minimal training to privileged users could result in a lack of understanding of security protocols, further increasing the likelihood of misuse or accidental breaches.

More Questions Like This