Certified Incident Handler (ECIH v3) — Question 54

Which of the following is NOT one of the techniques used to respond to insider threats:

Answer options

• A. Placing malicious users in quarantine network, so that attack cannot be spread
• B. Preventing malicious users from accessing unclassified information
• C. Disabling the computer systems from network connection
• D. Blocking malicious user accounts

Correct answer: B

Explanation

Option B is the correct answer because preventing malicious users from accessing unclassified information does not directly address the threat posed by insider actions. The other options, A, C, and D, are proactive measures that actively limit the capabilities of malicious users and contain potential damage.