Digital Forensic Certification Practice Exam 2025 – Comprehensive Test Preparation

The field that indicates the user wanted to download a file from a folder in an IIS log entry is the cs-uri-stem. This field represents the actual requested resource from the server, which includes the path to the file or folder that the user is trying to access. When a user attempts to download a file, the cs-uri-stem will contain the specific URL or file path that correlates with that request, providing clarity on the exact resource being targeted.

Contextually, the other fields serve different purposes: the sc-status field indicates the status of the HTTP response code (such as success or failure), the c-ip field records the client IP address that made the request, and the sc-bytes field reflects the number of bytes sent in the response. While these fields provide important information about the request and the server's response, they do not specifically indicate what file or folder the user intends to download, making the cs-uri-stem field the critical one for identifying the user's file download intentions.