ExamTopics Logo
Mail Us[email protected]
Menu
Eccouncil Discussions
exam questions

Exam 312-49 All Questions

View all questions & answers for the 312-49 exam
Go to Exam

Exam 312-49 topic 1 question 45 discussion

Actual exam question from ECCouncil's 312-49
Question #: 45
Topic #: 1
[All 312-49 Questions]

If you see the files Zer0.tar.gz and copy.tar.gz on a Linux system while doing an investigation, what can you conclude?

  • A. The system files have been copied by a remote attacker
  • B. The system administrator has created an incremental backup
  • C. The system has been compromised using a t0rnrootkit
  • D. Nothing in particular as these can be operational files
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by Pet at June 15, 2019, 1:56 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Ariel235788
5 months, 2 weeks ago
Anything can be named Zer0.tar.gz ... just because a program generates a specific file theres no guarantee these are them
upvoted 2 times
...
Fabsauro
1 year, 3 months ago
It seems to be the letter C http://honeynet.onofri.org/scans/scan19/scan/som8/Honeynet.htm
upvoted 1 times
...
deadguy1000
1 year, 4 months ago
The answer is D, The Tornrookit does not create those files
upvoted 2 times
...
linuxer
2 years, 1 month ago
I think the answer is D
upvoted 3 times
...
haymaths
2 years, 9 months ago
My source says C
upvoted 1 times
...
Pet
2 years, 12 months ago
Answer shd be C
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago