312-49 · Question #662
312-49 Question #662: Real Exam Question with Answer & Explanation
The correct answer is B: /proc. /proc is a pseudo-filesystem (procfs) in Linux that exists only in RAM and is dynamically populated by the kernel. It exposes real-time system state: running processes (/proc/[PID]/), open file descriptors, network connections (/proc/net/), memory usage (/proc/meminfo), CPU info,
Question
A Linux system is undergoing investigation. In which directory should the investigators look for its current state data if the system is in powered on state?
Options
- A/auth
- B/proc
- C/var/log/debug
- D/var/spool/cron/
Explanation
/proc is a pseudo-filesystem (procfs) in Linux that exists only in RAM and is dynamically populated by the kernel. It exposes real-time system state: running processes (/proc/[PID]/), open file descriptors, network connections (/proc/net/), memory usage (/proc/meminfo), CPU info, and more. Since it is volatile and only exists while the system is running, investigators must collect from /proc before powering off. /var/log/debug contains logged debug messages, /var/spool/cron/ contains scheduled cron jobs, and /auth is not a standard Linux directory.
Topics
Community Discussion
No community discussion yet for this question.