Certified Incident Handler (ECIH v3) — Question 21

An incident recovery plan is a statement of actions that should be taken before, during or after an incident. Identify which of the following is NOT an objective of the incident recovery plan?

Answer options

• A. Creating new business processes to maintain profitability after incident
• B. Providing a standard for testing the recovery plan
• C. Avoiding the legal liabilities arising due to incident
• D. Providing assurance that systems are reliable

Correct answer: C

Explanation

The correct answer is C because the incident recovery plan focuses on restoring operations and minimizing impact rather than specifically addressing legal liabilities. Options A, B, and D are all relevant objectives of an incident recovery plan, as they aim to improve business resilience and system reliability during and after an incident.