Certified Incident Handler (CIH) Practice Ecam

Which practice helps incident responders eradicate watering hole attacks?

• A. Configure antivirus software to run regular scans
• B. Configure plug-ins and add-ons in browsers with "click-to-play" to avoid them running automatically
• C. Implement network intrusion detection systems
• D. Use strong passwords for all accounts

The correct answer is: Configure plug-ins and add-ons in browsers with "click-to-play" to avoid them running automatically

Choosing the practice of configuring plug-ins and add-ons in browsers with a "click-to-play" feature is particularly effective against watering hole attacks. Watering hole attacks occur when attackers compromise a specific website that is likely to be visited by a targeted group, and they use this compromised site to deliver malware or exploit vulnerabilities on visitors' systems. By enabling the "click-to-play" setting for plug-ins and add-ons, users maintain control over when these features are activated. This significantly reduces the risk of inadvertently executing malicious code that may be embedded in compromised websites. Attackers often rely on exploiting browser vulnerabilities and executing scripts without user knowledge, making this proactive measure a critical defense mechanism. In contrast, while antivirus software and network intrusion detection systems are important components of an overall security strategy, they may not specifically address the unique risks associated with watering hole attacks. Strong passwords contribute to account security but do not prevent users from visiting compromised sites or executing potentially harmful scripts. Therefore, managing browser behaviors directly through configuration is the most targeted and effective approach to mitigate the risks posed by watering hole attacks.