Certified Incident Handler (ECIH) — Question 33

The IH&R team in an organization was handling a recent malware attack on one of the hosts connected to the organization's network. Edwin, a member of the IH&R team, was involved in reinstating lost data from the backup media. Before performing this step, Edwin ensured that the backup does not have any traces of malware.
Identify the IH&R step performed by Edwin in the above scenario.

Answer options

• A. Eradication
• B. Incident containment
• C. Notification
• D. Recovery

Correct answer: D

Explanation

The correct answer is D: Recovery, as Edwin is focused on restoring data from backups after ensuring they are clean of malware. The other options do not accurately describe the action taken; Eradication refers to removing malware, Incident containment involves limiting the impact of the attack, and Notification would imply informing stakeholders about the incident.