Certified Incident Handler (CIH) Practice Ecam

What tool did Tony use to control the usage of web applications in the network during an incident response?

• A. ManageEngine Application Control Plus
• B. ClamAV
• C. BrowseControl
• D. Atomic OSSEC

The correct answer is: ManageEngine Application Control Plus

Tony used ManageEngine Application Control Plus to control the usage of web applications during an incident response because this tool is specifically designed for managing and controlling applications in a network environment. It enables administrators to block or allow specific applications, monitor their usage, and enforce compliance policies. This functionality is crucial during an incident response as it helps in restricting potentially harmful applications that could exacerbate a security breach or data loss. This tool not only provides application whitelisting capabilities but also helps in monitoring application usage patterns, which can be invaluable for detecting unauthorized application activity associated with security incidents. By utilizing ManageEngine Application Control Plus, Tony could effectively minimize the attack surface during the incident, ensuring that only trusted applications were accessible to users on the network. Other options, while they may have different functionalities, do not serve the same specific purpose of managing web application usage in the way ManageEngine Application Control Plus does. For example, ClamAV is an antivirus tool focused on malware detection, while BrowseControl is more about user access to web content. Atomic OSSEC functions primarily as a host intrusion detection system rather than an application control tool.