ECCouncil Computer Hacking Forensic Investigator (CHFI) 312-49 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the ECCouncil CHFI 312-49 exam and earn ECCouncil CHFI 312-49 certification.
Question
Exam Question
In a Linux-based system, what does the command `Last -F` display?
A. Login and logout times and dates of the system
B. Last run processes
C. Last functions performed
D. Recently opened files
Correct Answer
A. Login and logout times and dates of the system
Explanation 1
The command last -F in Linux-based systems displays the login and logout times and dates of the system. It searches back through the file /var/log/wtmp (or the file designated by the -f flag) and displays a list of all users logged in (and out) since that file was created. Names of users and tty’s can be given, in which case last shows only those entries matching the arguments.
Therefore, the correct answer is A.
Explanation 2
In a Linux-based system, the command `last -F` displays the login and logout times and dates of the system for all users. This command can be useful for monitoring user activity and troubleshooting system issues. The `-F` option adds the full login and logout times and dates to the output, including the year and seconds. The output also shows the hostname or IP address of the user, the terminal used, and the duration of the session. If the user is still logged in, the output shows `still logged in` instead of the logout time. To limit the output to a specific user, you can use `last -F username`. To limit the output to a specific number of lines, you can use `last -n number -F`.
Explanation 3
In a Linux-based system, the `last -F` command does not display any information. The correct command to display the login and logout times and dates of the system is simply `last`. The `-F` option is not a valid option for the `last` command in Linux.
Explanation 4
The correct answer is: A. Login and logout times and dates of the system.
The `last` command in Linux displays a list of all logins and logouts that have occurred on the system. The `-F` flag tells `last` to display the full login and logout times and dates, as well as the username and hostname of the user who logged in or out.
For example, the following command would display the last 10 logins on the system:
last -F | head -10
The output would look something like this:
root tty1 2023-05-26 08:00:00 - 2023-05-26 08:05:00 (00:05)
root tty2 2023-05-26 08:05:00 - 2023-05-26 08:10:00 (00:05)
root tty3 2023-05-26 08:10:00 - 2023-05-26 08:15:00 (00:05)
root tty4 2023-05-26 08:15:00 - 2023-05-26 08:20:00 (00:05)
root tty5 2023-05-26 08:20:00 - 2023-05-26 08:25:00 (00:05)
root tty6 2023-05-26 08:25:00 - 2023-05-26 08:30:00 (00:05)
root tty7 2023-05-26 08:30:00 - 2023-05-26 08:35:00 (00:05)
root tty8 2023-05-26 08:35:00 - 2023-05-26 08:40:00 (00:05)
root tty9 2023-05-26 08:40:00 - 2023-05-26 08:45:00 (00:05)
The `last` command can be a useful tool for troubleshooting system problems or for tracking user activity.
Explanation 5
The correct answer is A. The `last -F` command displays the login and logout times and dates of the system. The `-F` flag tells the `last` command to display the full login and logout times, including the date and time.
The `last` command is a useful tool for system administrators to track who has been logging in and out of the system. It can also be used to identify potential security threats, such as unauthorized access attempts.
Here is an example of the output of the `last -F` command:
$ last -F
root tty1 2023-05-26 17:21:11 still logged in
root tty1 2023-05-26 17:20:01 - 17:20:03 (00:02)
jemmons pts/1 192.168.1.112 2023-05-26 17:19:59 still logged in
The first line shows that the user `root` is currently logged in on the console (`tty1`). The second line shows that `root` logged in on the console at 17:20:01 and logged out at 17:20:03. The third line shows that the user `jemmons` is currently logged in on a remote terminal (`pts/1`) from the IP address `192.168.1.112`.
Explanation 6
The correct answer is A.
The `last -F` command in Linux displays the login and logout times and dates of the system. The `-F` flag tells the `last` command to display the full login and logout times, including the year, month, day, hour, minute, and second.
For example, the following command will display the last 10 logins to the system:
last -F -n 10
The output of this command will look something like this:
root tty1 2023-05-26 17:21:11 still logged in
root tty1 2023-05-26 17:20:11 - 2023-05-26 17:21:01 (00:00)
jemmons pts/1 192.168.1.112 2023-05-26 17:10 still logged in
oracle pts/1 192.168.1.112 2023-05-26 11:54 - 2023-05-26 12:09 (00:14)
oracle pts/0 192.168.1.112 2023-05-26 11:40 still logged in
The `last` command can also be used to display information about specific users. For example, the following command will display the last 10 logins for the user `oracle`:
last -F -n 10 oracle
The output of this command will look something like this:
oracle pts/1 192.168.1.112 2023-05-26 11:54 - 2023-05-26 12:09 (00:14)
oracle pts/0 192.168.1.112 2023-05-26 11:40 still logged in