Certified Incident Handler (CIH) Practice Ecam

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the Certified Incident Handler (CIH) Exam. Enhance your knowledge with interactive quizzes and detailed insights into cyber incident handling. Boost your exam readiness with our expert-designed questions!

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

What tool did Adam utilize to monitor malware activities on a Windows machine?

Process Explorer
TCPView
Sysinternals
Netstat

The correct answer is: TCPView

The tool that Adam utilized to monitor malware activities on a Windows machine is TCPView. This tool is part of the Sysinternals Suite and provides detailed information about all current TCP and UDP endpoints on a local machine, including the status of those connections. By using TCPView, Adam would be able to see which processes are using specific network connections, allowing for the identification of any suspicious activity that may be related to malware. TCPView helps in monitoring active connections and ports in real-time, making it an effective tool for detecting malicious network activity, such as unexpected outbound connections that may indicate malware. Users can also terminate processes from within TCPView, which can be useful in stopping any identified malicious activity quickly. While other tools listed have their own relevant functions, they focus on different aspects of system monitoring. For instance, Process Explorer is more adept at providing insights into running processes and their resource usage, Sysinternals is a broader suite of tools that encompasses many systems utilities, and Netstat is primarily a command-line tool that displays network connections and listening ports but lacks the dynamic visual interface and additional features that TCPView offers.