Certified Incident Handler (CIH) Practice Ecam

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the Certified Incident Handler (CIH) Exam. Enhance your knowledge with interactive quizzes and detailed insights into cyber incident handling. Boost your exam readiness with our expert-designed questions!

Start Multiple Choice Practice Test
Start Flash Cards

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

Which of the following signs is an indicator of a security incident on a Linux-based Azure platform?

  1. Disabling "auditd" logging

  2. Implementing regular updates

  3. Ensuring firewalls are active

  4. Using standard user accounts

The correct answer is: Disabling "auditd" logging

Disabling "auditd" logging is a strong indicator of a security incident on a Linux-based Azure platform because auditd provides crucial logging capabilities that track system events, user activity, and potential security breaches. When audit logging is disabled, it can suggest that someone is trying to hide their tracks or is attempting to compromise the system without leaving a trace. This action significantly reduces the visibility and monitoring capability for suspicious activities, making it a red flag for potential security incidents. In contrast, implementing regular updates, ensuring firewalls are active, and using standard user accounts are all best practices in system security management. Regular updates help patch vulnerabilities, active firewalls prevent unauthorized access, and using standard user accounts minimizes the risk associated with administrative privileges. Therefore, these practices do not indicate a security incident, while disabling audit logging directly raises concerns about the integrity and security of the environment.

More Questions Like This