Certified Incident Handler (CIH) Practice Ecam

Which step should not be considered by an incident handler when preparing for network security incidents?

• A. Implement a distributed logging mechanism to backup logs from all devices
• B. Establish communication with the physical security team
• C. Analyze past incidents to improve response time
• D. Define incident management protocols and procedures

The correct answer is: Implement a distributed logging mechanism to backup logs from all devices

Implementing a distributed logging mechanism to back up logs from all devices is an essential step in preparing for network security incidents. Proper logging is critical in ensuring that an organization can effectively analyze actions taken within its network and respond to incidents accurately. Logs provide valuable information that can be crucial for forensic investigations, enabling incident handlers to track unauthorized access, identify anomalies, and understand the sequence of events during an incident. While the other options are also important aspects of incident preparation, they do not encompass the same foundational necessity that logging provides. Establishing communication with the physical security team is vital for holistic incident response but revolves around collaboration rather than the direct handling of network security incidents. Analyzing past incidents is crucial for gaining insights and improving processes, but without a robust logging mechanism, the lessons learned might be less comprehensive. Defining incident management protocols and procedures lays the groundwork for response operations but does not directly enhance the ability to gather and analyze data in real-time, as effective logging does. Thus, the importance of logging as a key step in preparing for and responding to incidents underscores why it should not be overlooked or deemed unnecessary in an incident handler's preparations.