Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Eccouncil Exam 212-82 Topic 3 Question 22 Discussion

Actual exam question for Eccouncil's 212-82 exam
Question #: 22
Topic #: 3
[All 212-82 Questions]

Gideon, a forensic officer, was examining a victim's Linux system suspected to be involved in online criminal activities. Gideon navigated to a directory containing a log file that recorded information related to user login/logout. This information helped Gideon to determine the current login state of cyber criminals in the victim system, identify the Linux log file accessed by Gideon in this scenario.

Show Suggested Answer Hide Answer
Suggested Answer: B

/var/log/wtmp is the Linux log file accessed by Gideon in this scenario. /var/log/wtmp is a log file that records information related to user login/logout, such as username, terminal, IP address, and login time. /var/log/wtmp can be used to determine the current login state of users in a Linux system. /var/log/wtmp can be viewed using commands such as last, lastb, or utmpdump1.


Contribute your Thoughts:

Carlee
6 months ago
I would choose /var/log/httpd/ as well, it makes the most sense in this scenario
upvoted 0 times
...
Marla
6 months ago
I agree with Dominque, because HTTPD logs typically contain user login/logout information
upvoted 0 times
...
Dominque
6 months ago
I think the Linux log file accessed by Gideon is /var/log/httpd/
upvoted 0 times
...

Save Cancel