nerdexam
ExamsGCIHQuestions#792
GIAC

GCIH · Question #792

GCIH Question #792: Real Exam Question with Answer & Explanation

The correct answer is A: Squid. Squid is a caching proxy server that logs all web requests passing through it, making it the correct tool for recording websites visited and web applications used during incident response.

Incident Response & Cyber Kill Chain

Question

Which of the following will record web sites visited and web applications used for incident response analysis?

Options

  • ASquid
  • BBerkley Packet Filter
  • CNetcat
  • DNetscan

Explanation

Squid is a caching proxy server that logs all web requests passing through it, making it the correct tool for recording websites visited and web applications used during incident response.

Common mistakes.

  • B. Berkeley Packet Filter is a kernel-level mechanism for filtering raw network packets and does not record or interpret application-layer web browsing history.
  • C. Netcat is a general-purpose TCP/UDP utility for reading and writing raw data across network connections and has no capability to log or record web activity.
  • D. Netscan is a network discovery and port scanning tool used to enumerate hosts and services, not to record web browsing or application usage.

Concept tested. Squid proxy logging for web traffic analysis

Reference. http://www.squid-cache.org/Doc/config/

Topics

#Squid proxy#web logging#incident response#forensic evidence

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GCIH Practice