What information can be obtained from DHCP logs?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Enhance your knowledge as a Computer Hacking Forensic Investigator with the CHFI v11 Test. Use flashcards and multiple-choice questions, complete with hints and detailed explanations, to prepare effectively and ace your exam!

Multiple Choice

What information can be obtained from DHCP logs?

Explanation:
DHCP logs focus on the DHCP transaction and tie it to the client’s hardware address. When a device joins the network, it sends a DHCP Discover that includes its MAC address, and the DHCP server records that MAC along with the IP it offers, the IP it eventually leases, lease duration, and timestamps. Because the MAC is part of each log entry, you can identify which device requested a lease and link activity to that specific device on the network. OS details, actual IP traffic between devices, and NIC states like promiscuous mode aren’t provided by DHCP logs; those require other sources such as OS fingerprints, packet captures, or monitoring tools.

DHCP logs focus on the DHCP transaction and tie it to the client’s hardware address. When a device joins the network, it sends a DHCP Discover that includes its MAC address, and the DHCP server records that MAC along with the IP it offers, the IP it eventually leases, lease duration, and timestamps. Because the MAC is part of each log entry, you can identify which device requested a lease and link activity to that specific device on the network. OS details, actual IP traffic between devices, and NIC states like promiscuous mode aren’t provided by DHCP logs; those require other sources such as OS fingerprints, packet captures, or monitoring tools.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy