nerdexam
GIAC

GCIH · Question #792

Which of the following will record web sites visited and web applications used for incident response analysis?

The correct answer is A. Squid. Squid is a caching proxy server that logs all web requests passing through it, making it the correct tool for recording websites visited and web applications used during incident response.

Incident Response & Cyber Kill Chain

Question

Which of the following will record web sites visited and web applications used for incident response analysis?

Options

  • ASquid
  • BBerkley Packet Filter
  • CNetcat
  • DNetscan

How the community answered

(37 responses)
  • A
    95% (35)
  • B
    3% (1)
  • D
    3% (1)

Why each option

Squid is a caching proxy server that logs all web requests passing through it, making it the correct tool for recording websites visited and web applications used during incident response.

ASquidCorrect

Squid maintains detailed access logs of every HTTP and HTTPS request routed through it, capturing URLs, timestamps, client IP addresses, and user agents. These logs allow incident responders to reconstruct browsing history and identify malicious web application usage on compromised hosts. No other tool in the list is designed to record application-layer web activity at the proxy level.

BBerkley Packet Filter

Berkeley Packet Filter is a kernel-level mechanism for filtering raw network packets and does not record or interpret application-layer web browsing history.

CNetcat

Netcat is a general-purpose TCP/UDP utility for reading and writing raw data across network connections and has no capability to log or record web activity.

DNetscan

Netscan is a network discovery and port scanning tool used to enumerate hosts and services, not to record web browsing or application usage.

Concept tested: Squid proxy logging for web traffic analysis

Source: http://www.squid-cache.org/Doc/config/

Topics

#Squid proxy#web logging#incident response#forensic evidence

Community Discussion

No community discussion yet for this question.

Full GCIH Practice