Certified Incident Handler (CIH) Practice Ecam

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the Certified Incident Handler (CIH) Exam. Enhance your knowledge with interactive quizzes and detailed insights into cyber incident handling. Boost your exam readiness with our expert-designed questions!

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

Which of the following practices will not aid incident handlers during recovery from OT-based security incidents?

Allow connections to the control systems from remote vendors
Conduct thorough post-incident analysis
Ensure all patches are up to date
Restrict access based on the principle of least privilege

The correct answer is: Allow connections to the control systems from remote vendors

Allowing connections to the control systems from remote vendors can introduce significant vulnerabilities during the recovery phase from operational technology (OT) security incidents. This practice poses risks as it potentially opens up the system to unauthorized access, which can lead to further incidents or complications in the recovery process. By granting remote access, incident handlers may inadvertently allow threat actors or malware entry points into an already compromised environment, hampering their ability to effectively secure and restore systems. In contrast, conducting thorough post-incident analysis, ensuring all patches are up to date, and restricting access based on the principle of least privilege are all essential practices that strengthen an organization’s security posture and facilitate effective recovery. These practices involve learning from past incidents, maintaining system integrity by mitigating vulnerabilities, and tightly controlling user permissions to prevent unauthorized actions that could hinder recovery efforts.