Certified Incident Handler (CIH) Practice Ecam

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the Certified Incident Handler (CIH) Exam. Enhance your knowledge with interactive quizzes and detailed insights into cyber incident handling. Boost your exam readiness with our expert-designed questions!

Start Multiple Choice Practice Test
Start Flash Cards

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

Which of the following practices should an incident responder not follow for containing an inappropriate usage incident?

  1. Maximize the user privileges of employee computers and systems

  2. Document all actions taken during the incident response

  3. Revert systems to a previous clean state

  4. Implement incident response protocols effectively

The correct answer is: Maximize the user privileges of employee computers and systems

Maximizing user privileges of employee computers and systems is not a recommended practice when containing an inappropriate usage incident. Such an approach can significantly increase security risks, as it allows users greater access to sensitive systems and data than necessary. This can lead to further abuse or accidental misuse, compounding the incident rather than containing it. In contrast, documenting all actions taken during the incident response is crucial for accountability and for learning from the incident. Reverting systems to a previous clean state helps ensure that any harmful changes made during the incident are undone, preserving the integrity of the systems. Implementing incident response protocols effectively ensures that responders follow a structured approach to incident containment, management, and investigation, minimizing potential damage and improving response times.

More Questions Like This