Certified Incident Handler (CIH) Practice Ecam

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the Certified Incident Handler (CIH) Exam. Enhance your knowledge with interactive quizzes and detailed insights into cyber incident handling. Boost your exam readiness with our expert-designed questions!

Start Multiple Choice Practice Test
Start Flash Cards

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

Which practice should an incident handler avoid to recover from a malware incident?

  1. Utilize safe mode for recovery

  2. Disconnect from the infected network

  3. Connect systems to the infected network to update software

  4. Employ automated recovery tools

The correct answer is: Connect systems to the infected network to update software

Connecting systems to the infected network to update software is a practice that should be avoided in the recovery process from a malware incident. When systems are connected to a network that has been compromised, there is a significant risk of further spreading the malware to other systems, as well as re-infecting previously cleaned or secured systems. Instead, the focus should be on isolating affected systems and ensuring they are not exposed to the malware, which could lead to additional security breaches. Maintaining a disconnected state during recovery allows for a controlled environment to analyze and remediate the issue without the risk of further infection or data loss. Using safe mode, disconnecting from the infected network, and employing automated recovery tools are all prudent measures that facilitate a secure recovery process.

More Questions Like This