Certified Incident Handler (CIH) Practice Ecam

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the Certified Incident Handler (CIH) Exam. Enhance your knowledge with interactive quizzes and detailed insights into cyber incident handling. Boost your exam readiness with our expert-designed questions!

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

Which of the following steps should an incident handler not follow while handling a malware incident?

Store malware files in a public repository
Analyze the malware in a controlled environment
Keep a log of all actions taken
Use threat intelligence for guidance

The correct answer is: Store malware files in a public repository

Storing malware files in a public repository poses significant risks to both the organization handling the incident and the broader community. Public exposure of malware can lead to unintended consequences, including further distribution of the malware, facilitating attacks on other entities, and exposure of sensitive information. A responsible incident handler understands the importance of maintaining a secure environment to limit potential damage and prevent the malware from spreading. In contrast, the other steps—analyzing the malware in a controlled environment, keeping a log of all actions taken, and using threat intelligence for guidance—are all best practices in incident handling. Analyzing malware in a controlled environment mitigates the risk of further infection while allowing for a thorough understanding of the malware's behavior. Keeping logs of actions taken provides an essential record that helps in learning from the incident and improving future responses. Utilizing threat intelligence enhances decision-making by providing context about known threats and possible remediation strategies, making it a critical part of the incident response process.