1. Home
  2. Discussions
  3. ECCouncil
  4. CHFI v10
  5. 312-49v10 Discussions
  6. 312-49v10 Exam Topic 18 Question 176 Discussion

ECCouncil Computer Hacking Forensic Investigator (CHFI-v10) 312-49v10 Question # 176 Topic 18 Discussion

 ECCouncil Discussions      Browse All Questions      Go to Exam Detail      Get Premium Access
 Previous
Next  

ECCouncil Computer Hacking Forensic Investigator (CHFI-v10) 312-49v10 Question # 176 Topic 18 Discussion

312-49v10 Exam Topic 18 Question 176 Discussion:
Question #: 176
Topic #: 18

If you see the files Zer0.tar.gz and copy.tar.gz on a Linux system while doing an investigation, what can you conclude?
A.

The system files have been copied by a remote attacker

B.

The system administrator has created an incremental backup

C.

The system has been compromised using a t0rnrootkit

D.

Nothing in particular as these can be operational files

Get Premium 312-49v10 Questions
Actual exam question for ECCouncil 312-49v10 exam by Ember8224 at Aug 3, 2025, 7:56:56 AM

Contribute your Thoughts:


Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.

Submit
 Previous
Next