Certified Incident Handler (CIH) Practice Ecam

Which tool did Elaine use to detect suspicious behavior in network traffic during her investigation?

• A. ArcSight Enterprise Security Manager
• B. dotDefender
• C. Splunk
• D. Wireshark

The correct answer is: dotDefender

In analyzing the scenario related to detecting suspicious behavior in network traffic, one must consider the functions and capabilities of the tools listed. The most suitable option for this specific task is a tool that specializes in monitoring and analyzing network traffic. Wireshark is a leading network protocol analyzer, making it the tool of choice for examining the details behind network traffic and identifying any anomalies or suspicious activities. It allows users to capture and interactively browse traffic on a computer network, providing deep insight into packet changes, network behavior, and potential security breaches. Given the intent of detecting suspicious behavior in network traffic, a tool like Wireshark is directly equipped for this function. Though other tools mentioned may have roles in security incident management, their primary functionalities differ. For instance, Splunk is a powerful data processing and visualization platform, often used for security information and event management (SIEM), but it does not specialize solely in raw network traffic analysis. ArcSight Enterprise Security Manager is similar; it aggregates and manages security-related data but may not focus on real-time packet analysis. dotDefender typically focuses on web application security rather than in-depth network traffic examination. Thus, having Wireshark as the foremost choice aligns perfectly with the goal of detecting suspicious network activity through packet analysis