Certified Incident Handler (CIH) Practice Ecam

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the Certified Incident Handler (CIH) Exam. Enhance your knowledge with interactive quizzes and detailed insights into cyber incident handling. Boost your exam readiness with our expert-designed questions!

Start Multiple Choice Practice Test
Start Flash Cards

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

Which of the following signs is not an indicator of an AWS-based security incident?

  1. Creation of authorized IAM users, roles, keys, resources, and policies in the AWS organization account

  2. Unauthorized access attempts from unknown IP addresses

  3. Modification of security group rules that allow public access

  4. Deletion of critical logs in AWS CloudTrail

The correct answer is: Creation of authorized IAM users, roles, keys, resources, and policies in the AWS organization account

The creation of authorized IAM users, roles, keys, resources, and policies within an AWS organization account does not indicate a security incident. This activity typically reflects legitimate administrative tasks performed by authorized personnel for managing access control and resource management in an AWS environment. Organizations must regularly create and update IAM users and permissions to ensure that they follow security best practices, such as adhering to the principle of least privilege. In contrast, unauthorized access attempts from unknown IP addresses, modification of security group rules that allow public access, and deletion of critical logs in AWS CloudTrail represent suspicious activities that could indicate malicious behavior or a security breach. Each of these actions typically signifies a compromise or a potential risk to the security posture of the organization, warranting further investigation.

More Questions Like This