Certified Incident Handler (ECIH) — Question 35

Warren, a member of IH&R team at an organization, was tasked with handling a malware attack launched on one of servers connected to the organization's network. He immediately implemented appropriate measures to stop the infection from spreading to other organizational assets and to prevent further damage to the organization.
Identify the IH&R step performed by Warren in the above scenario.

Answer options

• A. Containment
• B. Recovery
• C. Eradication
• D. Incident triage

Correct answer: A

Explanation

Warren's actions are classified as 'Containment' because he aimed to limit the malware's spread and mitigate further damage. 'Recovery' refers to restoring systems after an attack, 'Eradication' involves removing the malware, and 'Incident triage' is about assessing the incident's severity, which were not the focus of Warren's immediate actions.