Certified Incident Handler (CIH) Practice Ecam

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the Certified Incident Handler (CIH) Exam. Enhance your knowledge with interactive quizzes and detailed insights into cyber incident handling. Boost your exam readiness with our expert-designed questions!

Start Multiple Choice Practice Test
Start Flash Cards

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

Which step of incident handling focuses on limiting the scope of an incident?

  1. Identification

  2. Containment

  3. Eradication

  4. Recovery

The correct answer is: Containment

The step that focuses on limiting the scope of an incident is containment. During the containment phase, the primary goal is to prevent further damage and stop the incident from spreading. This may involve isolating systems, blocking malicious traffic, or applying temporary patches. By effectively containing the incident, incident handlers can minimize impact on the organization, protect sensitive data, and maintain essential services while further investigation and eradication efforts are planned. Containment is crucial because it helps to stabilize the situation before moving on to later phases such as eradication, where the root cause of the incident is addressed, and recovery, where normal operations are restored. The containment step is often initiated quickly after identification to ensure that the incident is controlled and does not escalate, helping to safeguard the organization's assets.

More Questions Like This