Certified Incident Handler (CIH) Practice Ecam

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the Certified Incident Handler (CIH) Exam. Enhance your knowledge with interactive quizzes and detailed insights into cyber incident handling. Boost your exam readiness with our expert-designed questions!

Start Multiple Choice Practice Test
Start Flash Cards

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

Which of the following signs is not an indicator of a Google Cloud security incident?

  1. Authorized user agent accessing Google Cloud using an IAM service account

  2. Unauthorized changes to service accounts

  3. Excessive failed login attempts

  4. Public exposure of sensitive data

The correct answer is: Authorized user agent accessing Google Cloud using an IAM service account

The rationale for selecting the option regarding the authorized user agent accessing Google Cloud using an IAM service account as not being an indicator of a security incident lies in the nature of identity and access management (IAM) within the Google Cloud environment. When a legitimate user agent accesses Google Cloud resources through an IAM service account, it is recognized as a normal operation as long as that access is appropriately authorized and follows the principles of least privilege. This activity reflects standard usage within the cloud infrastructure, assuming that the user agent is known and the IAM service account is configured correctly. In contrast, the other options represent potential misconfigurations or unauthorized activities, such as unauthorized changes to service accounts, which could indicate an attempt to escalate privileges or compromise accounts. Excessive failed login attempts typically signify a brute-force attack, and public exposure of sensitive data can lead to data breaches, both of which are clear indicators of security incidents. Thus, the authorized access using an IAM service account does not raise immediate alarm unless accompanied by additional suspicious behaviors or anomalous patterns.

More Questions Like This