Certified Incident Handler (CIH) Practice Ecam

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the Certified Incident Handler (CIH) Exam. Enhance your knowledge with interactive quizzes and detailed insights into cyber incident handling. Boost your exam readiness with our expert-designed questions!

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

Harry used a tool to capture network traffic during his investigation of an IoT security incident. What is the name of this tool?

Wireshark
Foren6
Tcpdump
Snort

The correct answer is: Foren6

The most appropriate tool for capturing network traffic in the context of an IoT security incident is Wireshark. Wireshark is widely recognized as a powerful network protocol analyzer that allows users to capture and interactively browse the traffic being transmitted over a network. This tool enables incident handlers to dissect packets, view protocols in detail, and analyze traffic patterns, which is crucial in understanding security incidents, especially those involving IoT devices that may transmit and receive various types of network data. While Tcpdump is also a traffic capturing tool, it operates primarily in a command-line interface and may not provide the same level of detail and user-friendly experience as Wireshark. Snort, on the other hand, is an intrusion detection system (IDS) that analyzes traffic but is mainly used for real-time traffic analysis and packet logging, rather than for capturing and analyzing general network traffic. Foren6 does not have direct relevance in this context, as it is not a standard tool recognized for network traffic capture. In summary, Wireshark is the tool that would best assist Harry in capturing and analyzing the network traffic relevant to the IoT security incident, allowing him to gain insights crucial for his investigation.