Conducting Forensic Analysis and Incident Response Using Cisco Technologies (CBRFIR) — Question 28

An engineer is analyzing a ticket for an unexpected server shutdown and discovers that the web-server ran out of useable memory and crashed.
Which data is needed for further investigation?

Answer options

Correct answer: B

Explanation

The correct choice, /var/log/messages.log, contains critical system messages that can reveal the reasons behind the server's shutdown, including memory issues. The other logs, while useful for different purposes, do not provide the same level of detail regarding system-level events that caused the crash.