Certified Incident Handler (CIH) Practice Ecam

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the Certified Incident Handler (CIH) Exam. Enhance your knowledge with interactive quizzes and detailed insights into cyber incident handling. Boost your exam readiness with our expert-designed questions!

Start Multiple Choice Practice Test
Start Flash Cards

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

Which tool helps incident responders capture and analyze Modbus/TCP traffic on OT/ICS networks?

  1. Wireshark

  2. Registry Recon

  3. Flowmon

  4. NetworkMiner

The correct answer is: Wireshark

Wireshark is widely recognized as a powerful network protocol analyzer that allows users to capture and interactively browse the traffic running on a computer network. It supports a vast array of protocols, including Modbus/TCP, which is specifically used in operational technology (OT) and industrial control systems (ICS) environments. When incident responders are dealing with OT/ICS networks, the ability to analyze Modbus/TCP traffic is crucial for various reasons, including detecting anomalies, understanding communication between devices, and troubleshooting issues. Wireshark provides deep packet inspection capabilities, allowing responders to see individual packets and understand the data flow and protocols involved. While other tools mentioned may be effective for different networking tasks or environments, they may not support the specific protocol parsing and analysis that Wireshark provides for Modbus/TCP traffic analysis. This capability makes Wireshark the ideal choice for incident responders focusing on OT/ICS networks.

More Questions Like This