Certified Incident Handler (CIH) Practice Ecam

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the Certified Incident Handler (CIH) Exam. Enhance your knowledge with interactive quizzes and detailed insights into cyber incident handling. Boost your exam readiness with our expert-designed questions!

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

Which of the following signs is not an indicator of a Windows-based Azure security incident?

Unusual system slowdowns
Use of rundll32.exe windows utility to execute a process containing the legitimate name
Unexpected system restarts
Multiple failed login attempts

The correct answer is: Use of rundll32.exe windows utility to execute a process containing the legitimate name

The presence of rundll32.exe executing a process with a legitimate name does not inherently indicate a security incident in a Windows-based Azure environment. rundll32.exe is a legitimate Windows utility that can be used to run functions that are stored in DLLs. While it can be misused by attackers to run malicious code, its usage alone, especially with a seemingly legitimate name, does not provide enough evidence of malicious intent. In contrast, other signs like unusual system slowdowns, unexpected system restarts, and multiple failed login attempts are typically more direct indicators of potential security issues. Unusual system slowdowns might suggest that malicious processes are consuming system resources, while unexpected restarts could be the result of unauthorized access or attempts to manipulate the system. Multiple failed login attempts, on the other hand, are often a clear sign of brute force attacks or unauthorized access attempts. Thus, these indicators are more closely associated with the potential occurrence of a security incident than the usage of rundll32.exe with a legitimate name.