In a DHCP-enabled network, which logs should you examine to determine which system (MAC address) held a specific IP address at a given time?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards

From $9.99Unlock all

Enhance your knowledge as a Computer Hacking Forensic Investigator with the CHFI v11 Test. Use flashcards and multiple-choice questions, complete with hints and detailed explanations, to prepare effectively and ace your exam!

Multiple Choice

In a DHCP-enabled network, which logs should you examine to determine which system (MAC address) held a specific IP address at a given time?

DHCP servers keep a lease database that ties each leased IP to a specific device’s MAC address, along with the time the lease started and ended. To figure out which system held a particular IP at a given moment, you need to inspect the DHCP server logs because they record the assignment events and the exact MAC-IP mapping with timestamps. The ARP cache on a single host is local and often fleeting, so it doesn’t reliably show who had the IP at a past time across the network. Web server logs only show which IPs connected to the server, not the MAC addresses or the historical lease details. Therefore, DHCP server logs provide the authoritative record needed to determine the MAC address associated with an IP at a specific time.

In a DHCP-enabled network, which logs should you examine to determine which system (MAC address) held a specific IP address at a given time?

Enhance your knowledge as a Computer Hacking Forensic Investigator with the CHFI v11 Test. Use flashcards and multiple-choice questions, complete with hints and detailed explanations, to prepare effectively and ace your exam!

In a DHCP-enabled network, which logs should you examine to determine which system (MAC address) held a specific IP address at a given time?

Get the latest from Examzify