Certified Incident Handler (CIH) Practice Ecam

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the Certified Incident Handler (CIH) Exam. Enhance your knowledge with interactive quizzes and detailed insights into cyber incident handling. Boost your exam readiness with our expert-designed questions!

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

Which practice will not aid in eradicating IoT-based security incidents?

Removing malware from devices
Conducting thorough forensics on the affected devices
Retaining the registry files of malware on the device firmware
Rebooting affected IoT devices

The correct answer is: Retaining the registry files of malware on the device firmware

The practice of retaining the registry files of malware on the device firmware does not contribute to eradicating IoT-based security incidents. In fact, keeping such files can be detrimental as it allows the malware to persist and potentially re-establish itself after any remediation attempts. Effective incident response aims to eliminate all traces of malware to ensure that the system is clean and secure for future use. On the other hand, removing malware from devices is crucial as it directly addresses and eliminates the threat. Conducting thorough forensics on the affected devices is also vital for understanding the scope of the incident, identifying vulnerabilities, and gathering evidence for further action. Rebooting affected IoT devices may help in some cases by resetting temporary states but does not remove malware from the system. The key takeaway is that retaining malware registry files contradicts the fundamental goal of incident response – complete eradication of threats, making it clear why this practice would not aid in resolving IoT security incidents.