Eccouncil Exam 212-82 Topic 3 Question 22 Discussion

Actual exam question for Eccouncil's 212-82 exam

Question #: 22
Topic #: 3

Gideon, a forensic officer, was examining a victim's Linux system suspected to be involved in online criminal activities. Gideon navigated to a directory containing a log file that recorded information related to user login/logout. This information helped Gideon to determine the current login state of cyber criminals in the victim system, identify the Linux log file accessed by Gideon in this scenario.

A/va r/l og /mysq Id. log

B/va r/l og /wt m p

C/ar/log/boot.iog

D/var/log/httpd/

Show Suggested Answer

Suggested Answer: B

/var/log/wtmp is the Linux log file accessed by Gideon in this scenario. /var/log/wtmp is a log file that records information related to user login/logout, such as username, terminal, IP address, and login time. /var/log/wtmp can be used to determine the current login state of users in a Linux system. /var/log/wtmp can be viewed using commands such as last, lastb, or utmpdump1.

by Felix at Feb 14, 2024, 04:01 AM

Limited Time Offer

25%

Off

Get Premium 212-82 Questions as Interactive Web-Based Practice Test or PDF