Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Eccouncil Exam 212-82 Topic 3 Question 22 Discussion

Actual exam question for Eccouncil's 212-82 exam
Question #: 22
Topic #: 3
[All 212-82 Questions]

Gideon, a forensic officer, was examining a victim's Linux system suspected to be involved in online criminal activities. Gideon navigated to a directory containing a log file that recorded information related to user login/logout. This information helped Gideon to determine the current login state of cyber criminals in the victim system, identify the Linux log file accessed by Gideon in this scenario.

Show Suggested Answer Hide Answer
Suggested Answer: B

/var/log/wtmp is the Linux log file accessed by Gideon in this scenario. /var/log/wtmp is a log file that records information related to user login/logout, such as username, terminal, IP address, and login time. /var/log/wtmp can be used to determine the current login state of users in a Linux system. /var/log/wtmp can be viewed using commands such as last, lastb, or utmpdump1.


Contribute your Thoughts:

Carlee
7 months ago
I would choose /var/log/httpd/ as well, it makes the most sense in this scenario
upvoted 0 times
...
Marla
7 months ago
I agree with Dominque, because HTTPD logs typically contain user login/logout information
upvoted 0 times
...
Dominque
7 months ago
I think the Linux log file accessed by Gideon is /var/log/httpd/
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77