Certified Incident Handler (CIH) Practice Ecam

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the Certified Incident Handler (CIH) Exam. Enhance your knowledge with interactive quizzes and detailed insights into cyber incident handling. Boost your exam readiness with our expert-designed questions!

Start Multiple Choice Practice Test
Start Flash Cards

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

Which of the following steps should an incident handler follow while handling a malware incident?

  1. Make snapshots of the files to easily roll back to a non-infected state

  2. Delete all affected files immediately

  3. Share malware files on public forums

  4. Ignore alerts if the system appears functional

The correct answer is: Make snapshots of the files to easily roll back to a non-infected state

An incident handler should prioritize making snapshots of the files to create a restore point or rollback option when dealing with a malware incident. This step is crucial for several reasons. First, it allows for the preservation of the current state of the affected systems, which is essential for forensic analysis and understanding the nature and impact of the malware. This can include identifying which files were infected and how the malware propagated. Additionally, having snapshots facilitates the recovery process by allowing the organization to revert to a known good state without permanently losing data. It also helps in efficiently analyzing the malware behavior later, giving insights for future prevention strategies. While the other options might seem appealing in isolation, they pose significant risks that can aggravate the situation. Deleting affected files immediately could result in permanent data loss and could eliminate crucial evidence needed for investigation. Sharing malware files on public forums raises ethical and security concerns, potentially helping malicious actors and exacerbating the situation. Lastly, ignoring alerts is dangerous; a functional appearance does not guarantee that the malware is inactive or has not caused further damage. Thus, making snapshots is a thoughtful, strategic step in the malware incident response process.

More Questions Like This