Which of the following tools traces all or specific activities of a user on a computer?
A.
Task Manager
B.
Event Viewer
C.
Network Monitor
D.
Keylogger
Explanation:
A keylogger is a software tool that traces all or specific activities of a user on a computer. Once a
keylogger is installed on a victim’s computer, it can be used for recording all keystrokes on the
victim’s computer in a predefined log file. An attacker can configure a log file in such a manner that it
can be sent automatically to a predefined e-mail address. Some of the main features of a keylogger
are as follows:
It can record all keystrokes.
It can capture all screenshots.
It can record all instant messenger conversations.
It can be remotely installed.
It can be delivered via FTP or e-mail.Answer A is incorrect. Task Manager is a utility that is used for managing applications, processes,
and the general system performance and also for viewing the networking and user statistics. The
Task Manager utility is used to run or end programs or applications. Administrators use this tool to
quickly identify and terminate a rogue application.This utility can be run by invoking a Windows Security menu by using the Ctrl+Alt+Delkey
combination and then clicking the Task Manager button or by right-clicking the task bar and then
clicking the Task Managermenu option.Answer B is incorrect. Event Viewer is an administrative utility that displays the event log of a
computer running Windows NT. Event Viewer displays the following categories of events:
Error: These events show significant problems, such as loss of data or loss of functionality.
Warning: These events are not necessarily significant but indicate possible problems.
Information: These events describe the successful operation of an application, driver, or service.
Success Audit: These events show successful audited security access attempts.
Failure Audit: These events show failed audited security access attempts.Answer C is incorrect. Network Monitor (Netmon) is a protocol analyzer. It is used to analyze the
network traffic. It is installed by default during the installation of the operating system. It can be
installed by using Windows Components Wizard in the Add or Remove Programs tool in Control
Panel. Network Monitor is used to perform the following tasks:
1.Capture frames directly from the network.
2.Display and filter captured frames immediately after capture or a later time.
3.Edit captured frames and transmit them on the network.
4.Capture frames from a remote computer.