Certified Incident Handler (CIH) Practice Ecam

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the Certified Incident Handler (CIH) Exam. Enhance your knowledge with interactive quizzes and detailed insights into cyber incident handling. Boost your exam readiness with our expert-designed questions!

Start Multiple Choice Practice Test
Start Flash Cards

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

Which of the following indicators will not help incident responders detect cloud security incidents?

  1. Increased database read volume

  2. Decreased database read volume

  3. Frequent access to sensitive files

  4. Spike in unauthorized login attempts

The correct answer is: Decreased database read volume

Decreased database read volume is not a reliable indicator for detecting cloud security incidents because it does not necessarily imply malicious activity. Rather, a decrease in database read volume could suggest other benign issues, such as reduced application usage, system downtime, or changes in user behavior that are unrelated to security threats. In contrast, increased database read volume might indicate unusual activity that could be worth investigating, frequent access to sensitive files typically triggers flags for potential data exfiltration or unauthorized access, and a spike in unauthorized login attempts is a well-known indicator of potential intrusion attempts or brute force attacks. Each of these indicators provides actionable insights into possible security incidents, whereas decreased read volume generally does not.

More Questions Like This