Certified Incident Handler (CIH) Practice Ecam

Which tool is best for analyzing network packets during incident response?

• A. Ekran System
• B. Nuix Adaptive Security
• C. Vectra Cognito
• D. Wireshark

The correct answer is: Wireshark

Wireshark is widely regarded as the best tool for analyzing network packets during incident response due to its robust capabilities in capturing and dissecting network traffic. It operates at a low level, allowing analysts to view the details of packet data in real-time or from previously captured files. This level of detail is crucial for incident handlers tasked with identifying the nature of potential attacks, understanding the flow of data, and tracing malicious activities along the network. Wireshark supports a wide variety of network protocols, providing rich insights into network communications. It also offers powerful filtering options, enabling users to isolate specific packets that may be relevant to an investigation. This is particularly beneficial during incident response, where time is of the essence and precise information is needed to identify compromised systems or malicious traffic patterns. In contrast, while other tools mentioned may serve important functions in security and incident management, they may not specialize in packet-level analysis to the same extent as Wireshark. For instance, Ekran System focuses more on user activity monitoring, Nuix Adaptive Security offers capabilities centered around threat detection and incident response, and Vectra Cognito emphasizes network detection and response using machine learning techniques. However, none of these tools provide the granular packet-level analysis that is fundamental during an incident