Certified Incident Handler (CIH) Practice Ecam

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the Certified Incident Handler (CIH) Exam. Enhance your knowledge with interactive quizzes and detailed insights into cyber incident handling. Boost your exam readiness with our expert-designed questions!

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

Which of the following signs is not an indicator of an Azure App Service based security incident?

Frequent traffic from unknown sources
Usual communication with legitimate domains
Increased CPU usage than normal
Unusual request patterns

The correct answer is: Usual communication with legitimate domains

The choice of usual communication with legitimate domains stands out as not being an indicator of a security incident within an Azure App Service. Typically, legitimate communication patterns with known, trusted domains are expected and do not suggest any malicious activity or compromise. Such interaction is a standard operational feature and can often be associated with normal application behavior, suggesting that the app is functioning as intended. In contrast, the other signs mentioned—frequent traffic from unknown sources, increased CPU usage than normal, and unusual request patterns—are all red flags that may indicate a security incident. For example, frequent traffic from unknown sources could suggest an attack or unauthorized access attempts, while increased CPU usage may indicate that the system is under strain from a denial of service (DoS) attack or other exploitation. Similarly, unusual request patterns can point to abnormal behavior that often accompanies malicious activities or exploit attempts. Identifying these key indicators allows for more effective monitoring and incident response in the context of Azure App Services.