Certified Incident Handler (CIH) Practice Ecam

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the Certified Incident Handler (CIH) Exam. Enhance your knowledge with interactive quizzes and detailed insights into cyber incident handling. Boost your exam readiness with our expert-designed questions!

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

Identify the tool used by Jack for investigating an OT-based security incident.

Flowmon
NetworkMiner
Malcolm
Wireshark

The correct answer is: NetworkMiner

In the context of investigating operational technology (OT)-based security incidents, NetworkMiner is particularly well-suited for this purpose due to its capabilities in extracting files, images, and information from packet captures without requiring deep technical expertise. It focuses on reconstructing the traffic captured from a network and allows the investigator to analyze it more effectively. NetworkMiner's strengths lie in its ability to analyze the data from network packets and present it in a user-friendly manner, which is crucial during investigations where quick and efficient response times are necessary. It helps reveal device communications, which can be vital in understanding the context and impact of the security incident within an OT environment. In contrast, the other tools may have different focuses or capabilities that are not as directly aligned with the needs of OT network investigations. For example, Wireshark is very powerful for deep packet analysis, but it requires a strong understanding of networking protocols. Similarly, Flowmon specializes in flow monitoring rather than packet analysis and reconstruction, while Malcolm is a tool designed for larger, more complex network monitoring scenarios. Therefore, NetworkMiner stands out as the appropriate tool for the specific needs of investigating an OT-based security incident.