210-255 · Question #143
Which event artifact can be used to identify HTTP GET requests for a specific file?
The correct answer is D. URI. The URI (Uniform Resource Identifier) within an HTTP request contains the specific file path being requested, making it the key artifact for identifying GET requests targeting a particular file.
Question
Which event artifact can be used to identify HTTP GET requests for a specific file?
Options
- AHTTP status code
- BTCP ACK
- Cdestination IP
- DURI
How the community answered
(32 responses)- B6% (2)
- C3% (1)
- D91% (29)
Why each option
The URI (Uniform Resource Identifier) within an HTTP request contains the specific file path being requested, making it the key artifact for identifying GET requests targeting a particular file.
An HTTP status code reflects the server's response outcome (e.g., 200 OK, 404 Not Found) and does not identify which specific file was requested.
A TCP ACK is a transport-layer acknowledgment flag confirming packet receipt and carries no application-layer information about which HTTP resource was requested.
The destination IP identifies the server being contacted but does not specify which file or resource path is being requested on that server.
In an HTTP GET request, the URI specifies the exact resource path being requested on the server, such as '/files/malware.exe' or '/images/logo.png'. Analyzing URI fields in HTTP logs or packet captures allows a security analyst to filter and identify all requests made for a specific file by name and path. This makes the URI the most direct artifact for correlating requests to a particular resource.
Concept tested: HTTP request artifacts and URI analysis
Source: https://developer.mozilla.org/en-US/docs/Web/HTTP/Messages
Topics
Community Discussion
No community discussion yet for this question.