Certified Incident Handler (CIH) Practice Ecam

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the Certified Incident Handler (CIH) Exam. Enhance your knowledge with interactive quizzes and detailed insights into cyber incident handling. Boost your exam readiness with our expert-designed questions!

Start Multiple Choice Practice Test
Start Flash Cards

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

Which practice should an incident responder avoid during the containment of email security incidents?

  1. Isolate affected email accounts

  2. Allow automatic email forwarding to remote domains

  3. Change employee email passwords

  4. Notify relevant stakeholders

The correct answer is: Allow automatic email forwarding to remote domains

In the context of incident response, particularly during the containment phase of email security incidents, allowing automatic email forwarding to remote domains is a practice that should be avoided. This action can facilitate unauthorized access to sensitive information, as it may enable attackers to receive copies of all emails sent to and from the compromised account. This can further exacerbate the situation by allowing attackers to maintain control over the information exchange and potentially exploit it for malicious purposes. On the other hand, isolating affected email accounts, changing employee email passwords, and notifying relevant stakeholders are all critical practices that enhance security. Isolating affected accounts helps to prevent further unauthorized access, changing passwords can cut off the attackers' access, and notifying stakeholders ensures that those who need to respond to or be aware of the incident can take appropriate action.

More Questions Like This