Computer Hacking Forensic Investigator (CHFI v10) — Question 431

A multinational company has recently fallen victim to a severe cyberattack. As part of the incident response team, you are analyzing the Apache web server logs to track the attacker s activities. You notice that modifications are made to the HTTP.REQUEST component of the Apache core, suggesting changes in request handling. To discern the type of modifications made, which of the following elements of the Apache web server architecture would you focus on examining?

Answer options

• A. Apache modules: To uncover extended functionalities that may have been tampered with
• B. http_protocol module: To identify the client and server data exchange details
• C. http_config module: To check alterations in configuration files and modules management
• D. http_main module: To identify server startups and timeouts

Correct answer: A

Explanation

The correct answer is A because examining Apache modules will reveal any extended functionalities that could have been altered during the attack. The other options, while relevant to different aspects of server operation, do not directly address the modifications in request handling highlighted in the logs.