Computer Hacking Forensic Investigator (CHFI v10) — Question 570

An international corporation is targeted by a severe data breach, resulting in massive corruption in its MySQL database. The forensic investigator is responsible for recovering the corrupted data and tracing the perpetrators. During the investigation, the team detected a high number of unauthorized access attempts from several hostnames and usernames that coincided with the attack. Which MySQL utility program would most suitably validate these access attempts in this scenario?

Answer options

• A. Mysqlaccess, due to its ability to check and validate the access privileges defined for a hostname or username
• B. Myisamlog, for its functionality to process the contents of the MyISAM log file and perform recovery operations
• C. Mysqlbinlog, due to its ability to read and display binary log files in text format
• D. Mysqldump, for its capacity to dump a database or a collection of databases for backup and restore purposes

Correct answer: A

Explanation

The correct answer is A, Mysqlaccess, as it specifically checks and validates access privileges for different hostnames and usernames, making it ideal for identifying unauthorized access. Options B, C, and D serve different purposes: Myisamlog focuses on MyISAM log recovery, Mysqlbinlog deals with binary log files, and Mysqldump is used for database backups, none of which directly validate access attempts.