nerdexam
ExamsXK0-005Questions#72
CompTIACompTIA

XK0-005 · Question #72

XK0-005 Question #72: Real Exam Question with Answer & Explanation

The correct answer is C: pam_tally2. The pam_tally2 utility is the primary tool used to display and manage the count of failed login attempts for users on a Linux system.

Security

Question

An administrator is analyzing a Linux server which was recently hacked. Which of the following will the administrator use to find all unsuccessful login attempts?

Options

  • Ansswitch
  • Bfaillock
  • Cpam_tally2
  • Dpasswd

Explanation

The pam_tally2 utility is the primary tool used to display and manage the count of failed login attempts for users on a Linux system.

Common mistakes.

  • A. nsswitch refers to the nsswitch.conf file, which configures the order of name service lookups, not for reporting login attempts.
  • B. faillock (or pam_faillock) is a PAM module that locks user accounts after a certain number of failed attempts; while it tracks failures, pam_tally2 is the command-line tool for auditing these counts.
  • D. passwd is a command used to change user passwords and related account information, not for finding or reporting unsuccessful login attempts.

Concept tested. PAM failed login auditing

Reference. https://linux.die.net/man/8/pam_tally2

Topics

#Linux security#Failed logins#PAM#System auditing

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full XK0-005 PracticeBrowse All XK0-005 Questions