Certified Incident Handler (CIH) Practice Ecam

Which of the following steps should an incident handler not follow while handling a malware incident?

• A. Use public channels for transferring malware files
• B. Encrypt malware files before transfer
• C. Monitor network traffic for anomalies
• D. Use secure channels for communication

The correct answer is: Use public channels for transferring malware files

Using public channels for transferring malware files is highly inadvisable due to the associated risks. Public channels pose significant security threats, such as unauthorized access, data interception, and the potential for data leakage. Sharing malware through such channels can also inadvertently cause further infections or compromise sensitive systems, as these environments lack the necessary safeguards to protect the malware's integrity or confidentiality. In contrast, encrypting malware files before transfer is a critical step for ensuring that even if the files are intercepted, they remain unreadable to unauthorized recipients. Monitoring network traffic for anomalies allows incident handlers to identify unusual behaviors that could indicate a malware spread or other security threats, thus enhancing the overall security posture. Using secure channels for communication is essential as it helps to protect sensitive information and maintain the confidentiality and integrity of data being exchanged. Thus, transferring malware files through public channels directly undermines the fundamental principles of secure communications and incident handling, making it the most inappropriate action to take in the context of managing a malware incident.