Certified Incident Handler (CIH) Practice Ecam

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the Certified Incident Handler (CIH) Exam. Enhance your knowledge with interactive quizzes and detailed insights into cyber incident handling. Boost your exam readiness with our expert-designed questions!

Start Multiple Choice Practice Test
Start Flash Cards

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

Which of the following practices should an incident responder not follow while recovering after an email security incident?

  1. Change the passwords of the affected email accounts

  2. Document the incident for future reference

  3. Notify all users about the incident

  4. Stop all outgoing emails from the affected accounts

The correct answer is: Change the passwords of the affected email accounts

Changing the passwords of the affected email accounts is actually a critical step in incident recovery, especially after an email security incident. When an account has been compromised, resetting the password helps to prevent further unauthorized access and ensures that the attacker can no longer exploit that account. In the context of incident response, documenting the incident is vital for future reference and understanding what went wrong, while notifying all users about the incident helps raise awareness and ensures they remain vigilant against potential phishing attempts or follow-up attacks. Stopping all outgoing emails from the affected accounts can prevent additional malicious activity and limit the potential impact on other users. Therefore, the practice of changing passwords should indeed be followed as part of effective recovery procedures, as it directly addresses the security of the compromised accounts.

More Questions Like This