CiscoCisco
200-201 · Question #38
200-201 Question #38: Real Exam Question with Answer & Explanation
The correct answer is D: /var/log/auth.log. The exhibit, displaying authentication-related messages, is found in the /var/log/auth.log file on Debian-based Linux systems.
Submitted by eva_at· Mar 6, 2026Host-Based Analysis
Question
Refer to the exhibit. In which Linux log file is this output found?
Options
- A/var/log/authorization.log
- B/var/log/dmesg
- Cvar/log/var.log
- D/var/log/auth.log
Explanation
The exhibit, displaying authentication-related messages, is found in the /var/log/auth.log file on Debian-based Linux systems.
Common mistakes.
- A.
authorization.logis not a standard or commonly used log file name for authentication on most Linux distributions;auth.logis the correct standard. - B.
/var/log/dmesgcontains kernel ring buffer messages, primarily related to hardware detection, device drivers, and system boot processes, not user authentication. - C.
/var/log/var.logis an incorrect path and file name;varis a directory, not a log file itself.
Concept tested. Linux System Logging (Authentication)
Reference. https://learn.microsoft.com/en-us/azure/sentinel/connect-linux-syslog
Topics
#Linux logs#authentication logs#host-based analysis
Community Discussion
No community discussion yet for this question.