PT0-002 Question #294: Real Exam Question with Answer & Explanation

The correct answer is D: /var/log/lastlog. {"question_number": 2, "correct_answer": "D", "explanation": "/var/log/lastlog is a standard Linux binary log file that records the most recent login time for every user account on the system. The 'lastlog' command reads this file and displays it in a human-readable format. /var/

Post-exploitation and lateral movement

Question

A penetration tester was able to compromise a web server and move laterally into a Linux web server. The tester now wants to determine the identity of the last user who signed in to the web server. Which of the following log files will show this activity?

Options

A/var/log/messages
B/var/log/last_user
C/var/log/user_log
D/var/log/lastlog

Explanation

{"question_number": 2, "correct_answer": "D", "explanation": "/var/log/lastlog is a standard Linux binary log file that records the most recent login time for every user account on the system. The 'lastlog' command reads this file and displays it in a human-readable format. /var/log/messages contains general kernel and system messages, while /var/log/last_user and /var/log/user_log are not standard Linux log files. For full login history (all logins, not just last), a tester would use /var/log/wtmp (read via the 'last' command), but for the most recent login per user, /var/log/lastlog is the correct answer.", "generated_by": "claude-sonnet", "llm_judge_score": 4}

Topics

#Linux logging#Post-exploitation reconnaissance#User activity logs#File system analysis

Community Discussion

No community discussion yet for this question.

Full PT0-002 Practice Browse All PT0-002 Questions