GIAC
GPEN · Question #293
GPEN Question #293: Real Exam Question with Answer & Explanation
The correct answer is C. elsave.exe D. WinZapper. Two tools capable of clearing Windows 2000 event logs are elsave.exe and WinZapper, both used by attackers to erase evidence of intrusion from Windows NT/2000 systems.
Question
John works as a professional Ethical Hacker. He is assigned a project to test the security of placed a backdoor in the network. Now, he wants to clear all event logs related to previous hacking attempts. Which of the following tools can John use if we-are-secure.com is using the Windows 2000 server? Each correct answer represents a complete solution. Choose two.
Options
- AAuditPol
- BBlindside
- Celsave.exe
- DWinZapper
Explanation
Two tools capable of clearing Windows 2000 event logs are elsave.exe and WinZapper, both used by attackers to erase evidence of intrusion from Windows NT/2000 systems.
Common mistakes.
- A. AuditPol is a command-line utility for configuring Windows audit policies - enabling or disabling which events are audited - not for deleting or clearing existing event log entries.
- B. Blindside is not a recognized Windows event log clearing tool and has no established function related to event log manipulation on Windows 2000 servers.
Concept tested. Windows event log clearing tools for intrusion cover
Community Discussion
No community discussion yet for this question.