Certified Incident Handler (ECIH v3) — Question 49

Incident handling and response steps help you to detect, identify, respond and manage an incident. Which of the following helps in recognizing and separating the infected hosts from the information system?

Answer options

• A. Configuring firewall to default settings
• B. Inspecting the process running on the system
• C. Browsing particular government websites
• D. Sending mails to only group of friends

Correct answer: B

Explanation

The correct answer is B, as inspecting the processes running on the system allows for the identification of any malicious activity or infections. Options A, C, and D do not directly contribute to recognizing infected hosts; configuring a firewall or browsing websites does not provide insight into the current system's processes.