Certified Incident Handler (ECIH) — Question 15

Nancy, a security specialist, was instructed to identify issues related to unexpected shutdown and restarts on a Linux machine. To identify the incident cause, Nancy navigated to a directory on the Linux system and accessed a log file to troubleshoot problems related to improper shutdowns and unplanned restarts.
Identify the Linux log file accessed by Nancy in the above scenario.

Answer options

• A. /var/log/secure
• B. /var/log/kern.log
• C. /var/log/boot.log
• D. /var/log/lighttpd/

Correct answer: C

Explanation

The correct answer is C, /var/log/boot.log, because it specifically logs information about the boot process and any issues that occur during startup, which would include unexpected shutdowns. Options A and B are related to security and kernel messages respectively, which would not provide the direct information needed for shutdown and restart issues. Option D is a directory for the Lighttpd web server and does not contain relevant log information for this scenario.