Which action would an attacker take to ensure logs cannot be used for prosecution by removing traces?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the Certified Ethical Hacker Version 11 Exam with a comprehensive test featuring flashcards and multiple choice questions, each accompanied by hints and explanations to ensure a thorough understanding. Ace your ethical hacking exam with confidence!

Multiple Choice

Which action would an attacker take to ensure logs cannot be used for prosecution by removing traces?

Explanation:
Removing traces from logs is about erasing evidence of activity. Clearing logs directly deletes the event records, which is exactly what an attacker would want to do to prevent prosecution by showing what happened. Disabling auditing would stop future logging but leaves already existing records intact, so it doesn’t remove past traces. Auditpol is a command to change what gets logged, not to erase logs. Wevtutil is a tool to manage event logs and could clear them, but the action described refers to the act of clearing logs itself, which is the direct method to remove traces.

Removing traces from logs is about erasing evidence of activity. Clearing logs directly deletes the event records, which is exactly what an attacker would want to do to prevent prosecution by showing what happened.

Disabling auditing would stop future logging but leaves already existing records intact, so it doesn’t remove past traces. Auditpol is a command to change what gets logged, not to erase logs. Wevtutil is a tool to manage event logs and could clear them, but the action described refers to the act of clearing logs itself, which is the direct method to remove traces.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy