Certified Incident Handler (CIH) Practice Ecam

Which of the following is NOT considered a multiple component incident?

• A. A distributed denial of service attack
• B. An insider intentionally deleting files
• C. A combination of malware and phishing
• D. A denial of service combined with a data breach

The correct answer is: An insider intentionally deleting files

The situation described in the question involves classifying incidents based on their complexity and the number of components involved. A multiple component incident typically refers to an event that includes more than one distinct factor or threat vector working in conjunction. The event where an insider intentionally deletes files is characterized by the action of an individual within the organization who has authorized access. This situation typically involves a single component: the insider's actions. In this case, while the outcome may be harmful to the organization, it does not involve a combination of multiple components such as different types of attacks or separate threat actors working together. In contrast, the other scenarios involve multiple elements interacting. For example, a distributed denial of service (DDoS) attack can consist of many compromised systems launching attacks simultaneously. A combination of malware and phishing involves two different attack methods that work together to exploit a target. Lastly, a denial of service combined with a data breach involves two distinct threats that can happen in tandem, further complicating the response measures necessary. This differentiation is crucial for incident handling as it impacts the response strategies, resource allocation, and overall management of the incident. Understanding the nature of the incident enables incident handlers to apply appropriate responses tailored to the complexity of the situation.