GCIA · Question #2
GCIA Question #2: Real Exam Question with Answer & Explanation
The correct answer is A. Checkpoint files B. EDB and STM database files C. Temporary files. Forensic investigation of a Microsoft Exchange server requires reviewing checkpoint files, EDB and STM database files, and temporary files because these collectively contain transaction history, mailbox data, and transient processing artifacts.
Question
Options
- ACheckpoint files
- BEDB and STM database files
- CTemporary files
- Dcookie files
Explanation
Forensic investigation of a Microsoft Exchange server requires reviewing checkpoint files, EDB and STM database files, and temporary files because these collectively contain transaction history, mailbox data, and transient processing artifacts.
Common mistakes.
- D. Cookie files are client-side browser artifacts stored on end-user machines and have no relationship to Exchange server-side email storage or transaction logs.
Concept tested. Microsoft Exchange server forensic file artifacts
Reference. https://learn.microsoft.com/en-us/exchange/architecture/mailbox-servers/managed-availability
Community Discussion
No community discussion yet for this question.