EC-CouncilEC-Council
312-50V13 · Question #184
312-50V13 Question #184: Real Exam Question with Answer & Explanation
The correct answer is C: wtmp. This question asks to identify which file from the given options does not primarily log login attempts in a Linux system.
Submitted by lucia.co· Mar 6, 2026System Hacking
Question
You have successfully logged on a Linux system. You want to now cover your trade Your login attempt may be logged on several files located in /var/log. Which file does NOT belongs to the list:
Options
- Auser.log
- Bauth.fesg
- Cwtmp
- Dbtmp
Explanation
This question asks to identify which file from the given options does not primarily log login attempts in a Linux system.
Common mistakes.
- A.
user.logis a general syslog output file that can contain various messages, including some related to user authentication or session activities depending on system configuration. - B. Assuming
auth.fesgis a typo forauth.log, this file records detailed authentication and authorization events, which directly include login attempts. - D.
btmpis a binary log file that specifically records failed login attempts, providing crucial information about unsuccessful authentication processes.
Concept tested. Linux login log files distinction
Reference. https://man7.org/linux/man-pages/man5/syslog.conf.5.html
Topics
#Linux logs#Log analysis#Post-exploitation#Evidence evasion
Community Discussion
No community discussion yet for this question.