CySA+ CS0-001 – Q. 331

0
44

An analyst is examining a system that is suspected of being involved in an intrusion. The analyst uses the command ‘cat/etc/passwd’ and receives the following partial output:

Based on the above output, which of the following should the analyst investigate further?

A. User ‘daemon’ should not have a home directory of /usr/sbin
B. User ‘root’ should not have a home directory of /root
C. User ‘news’ should not have a default shell of /bin/bash
D. User ‘mail’ should not have a default shell of /usr/sbin/nologin

LEAVE A REPLY

Please enter your comment!
Please enter your name here