Eccouncil Exam 212-82 Topic 8 Question 24 Discussion

Actual exam question for Eccouncil's 212-82 exam

Question #: 24
Topic #: 8

Gideon, a forensic officer, was examining a victim's Linux system suspected to be involved in online criminal activities. Gideon navigated to a directory containing a log file that recorded information related to user login/logout. This information helped Gideon to determine the current login state of cyber criminals in the victim system, identify the Linux log file accessed by Gideon in this scenario.

A/va r/l og /mysq Id. log

B/va r/l og /wt m p

C/ar/log/boot.iog

D/var/log/httpd/

Show Suggested Answer

Suggested Answer: B

/var/log/wtmp is the Linux log file accessed by Gideon in this scenario. /var/log/wtmp is a log file that records information related to user login/logout, such as username, terminal, IP address, and login time. /var/log/wtmp can be used to determine the current login state of users in a Linux system. /var/log/wtmp can be viewed using commands such as last, lastb, or utmpdump1.

by Alecia at Mar 19, 2024, 11:40 AM

Limited Time Offer

25%

6 months ago

I think the Linux log file accessed by Gideon is /var/log/wtmp.

upvoted 0 times

...