Certified Incident Handler (CIH) Practice Ecam

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the Certified Incident Handler (CIH) Exam. Enhance your knowledge with interactive quizzes and detailed insights into cyber incident handling. Boost your exam readiness with our expert-designed questions!

Start Multiple Choice Practice Test
Start Flash Cards

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

Which of the following signs is not an indicator of Azure storage-based security incident?

  1. Multiple failed access attempts

  2. Accessing Azure storage account from a usual location

  3. Accessing data from unrecognized devices

  4. Frequent access to sensitive files

The correct answer is: Accessing Azure storage account from a usual location

Accessing an Azure storage account from a usual location is not considered an indicator of a security incident because it suggests normal behavior from a known and trusted source. In security incident response, unusual patterns of access or attempts to reach data from unexpected locations or devices are key indicators of potential unauthorized access or malicious activity. In contrast, the other options indicate potential security risks. Multiple failed access attempts could indicate that someone is trying to brute-force their way into the storage account, suggesting a security incident might be occurring. Accessing data from unrecognized devices raises alarms as it signifies that an unknown or potentially compromised device might be trying to interact with the storage, increasing the likelihood of unauthorized access. Frequent access to sensitive files may also indicate suspicious activity, especially if the access is happening outside of normal business hours or patterns. Thus, the best choice for what does not indicate a potential security incident is accessing the Azure storage account from a usual location, as it generally aligns with expected user behavior and suggests that the access is legitimate.

More Questions Like This