Certified Incident Handler (CIH) Practice Ecam

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the Certified Incident Handler (CIH) Exam. Enhance your knowledge with interactive quizzes and detailed insights into cyber incident handling. Boost your exam readiness with our expert-designed questions!

Start Multiple Choice Practice Test
Start Flash Cards

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

Which tool did Edward use to intercept and record system calls by a process?

  1. Wireshark

  2. strace

  3. Procmon

  4. Sysinternals

The correct answer is: strace

Edward used strace to intercept and record system calls made by a process. Strace is a powerful command-line tool in Unix and Linux-based systems that allows users to trace system calls and signals received by processes. By utilizing strace, Edward could monitor all the interactions between a process and the kernel, providing insights into what files the process is accessing, what CPU time it is consuming, and how it is managing resources. This tool is especially useful for debugging and performance analysis because it helps you understand the behavior of a process in detail. It's ideal for identifying issues related to system calls, such as incorrect file operations. Wireshark, while a valuable tool for network analysis, focuses specifically on capturing and analyzing network traffic rather than system calls. Procmon, a tool from Microsoft's Sysinternals suite, does offer system monitoring capabilities, but it primarily operates at a Windows level and provides a more user-friendly interface without command-line interface features that strace provides. Sysinternals itself is a collection of tools for Windows system troubleshooting but does not specifically function to trace system calls like strace does.

More Questions Like This