Certified Incident Handler (CIH) Practice Ecam

Which of the following guidelines will not help an incident handler eradicate insider threats related to privileged users?

• A. Implement logging for all administrative activities
• B. Enable the default administrative accounts to ensure accountability
• C. Mandate strong passwords for administrative accounts
• D. Regularly review the activity of privileged users

The correct answer is: Enable the default administrative accounts to ensure accountability

The option that does not help an incident handler eradicate insider threats related to privileged users is enabling default administrative accounts. Default administrative accounts are often well-known and therefore more susceptible to unauthorized use or exploitation. By relying on these accounts, an organization may inadvertently expose itself to greater risks, as they can serve as a target for attackers seeking to exploit known weaknesses. On the other hand, implementing logging for all administrative activities is essential for tracking actions taken by privileged users, allowing anomalies to be detected and investigated quickly. Mandating strong passwords for administrative accounts helps mitigate unauthorized access, thus enhancing security. Regularly reviewing the activities of privileged users serves as a check on their actions, assisting in identifying any potential misconduct or anomalies. Each of these practices strengthens the oversight and control over privileged user's actions, whereas enabling default administrative accounts does not contribute to security and can significantly weaken it.