Certified Incident Handler (CIH) Practice Ecam

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the Certified Incident Handler (CIH) Exam. Enhance your knowledge with interactive quizzes and detailed insights into cyber incident handling. Boost your exam readiness with our expert-designed questions!

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.


Which tool was used by Martin to effectively contain the malware incident?

  1. Cisco Umbrella

  2. Infoblox

  3. Wireshark

  4. Splunk

The correct answer is: Infoblox

The correct answer focuses on the role of Infoblox, which is designed to enhance security and network management capabilities, particularly in the context of malware incidents. Infoblox provides automated DNS security, allowing for real-time visibility into DNS queries and responses. This is crucial during a malware incident since malicious activities often involve DNS communication, such as connecting to command and control servers or employing domain generation algorithms to evade detection. By effectively monitoring and controlling DNS traffic, Infoblox helps in identifying malicious patterns and allows for rapid containment actions like blocking harmful domains. In contrast, while Cisco Umbrella is also a security tool that addresses web traffic and DNS services, its primary focus is on providing secure internet access and threat intelligence rather than directly managing an incident's containment. Wireshark is a network protocol analyzer useful for examining traffic, but it does not offer incident containment capabilities. Splunk serves as a data analysis tool that can aid in monitoring and detecting security incidents through log management and analysis, but it is not specifically designed for immediate containment of malware. Therefore, Infoblox stands out as the most appropriate tool for effectively containing the malware incident.