GCIH · Question #792
Which of the following will record web sites visited and web applications used for incident response analysis?
The correct answer is A. Squid. Squid is a caching proxy server that logs all web requests passing through it, making it the correct tool for recording websites visited and web applications used during incident response.
Question
Which of the following will record web sites visited and web applications used for incident response analysis?
Options
- ASquid
- BBerkley Packet Filter
- CNetcat
- DNetscan
How the community answered
(37 responses)- A95% (35)
- B3% (1)
- D3% (1)
Why each option
Squid is a caching proxy server that logs all web requests passing through it, making it the correct tool for recording websites visited and web applications used during incident response.
Squid maintains detailed access logs of every HTTP and HTTPS request routed through it, capturing URLs, timestamps, client IP addresses, and user agents. These logs allow incident responders to reconstruct browsing history and identify malicious web application usage on compromised hosts. No other tool in the list is designed to record application-layer web activity at the proxy level.
Berkeley Packet Filter is a kernel-level mechanism for filtering raw network packets and does not record or interpret application-layer web browsing history.
Netcat is a general-purpose TCP/UDP utility for reading and writing raw data across network connections and has no capability to log or record web activity.
Netscan is a network discovery and port scanning tool used to enumerate hosts and services, not to record web browsing or application usage.
Concept tested: Squid proxy logging for web traffic analysis
Source: http://www.squid-cache.org/Doc/config/
Topics
Community Discussion
No community discussion yet for this question.