B. File integrity monitor
Explanation:
The "/etc/shadow: Permission denied" error suggests that the tool is trying to access the /etc/shadow file, which stores password hashes on a UNIX system and is highly restricted.
A File Integrity Monitor (FIM) checks system files for unauthorized changes, access attempts, or modifications. Since the security administrator is conducting an audit, a FIM tool is likely being used to ensure that critical system files (like /etc/shadow) have not been altered.
The /etc/shadow file stores encrypted passwords and is protected with strict permissions to prevent unauthorized access.
• Scenario Application:
The error message (Error 13): /etc/shadow: Permission denied indicates that the tool being used attempted to access the /etc/shadow file but failed due to insufficient permissions. This behavior is consistent with a password cracker attempting to retrieve password hashes for analysis or cracking.
Why not D option: a password cracker attempts to crack passwords, not read the file directly. A password cracker typically operates on a copy of the /etc/shadow file (or extracted hashes) and would not generate a “Permission denied” error during its cracking operation.
D. Password cracker: A password cracker tool is used to attempt to recover passwords from hashed password files. In the case of UNIX-based systems, the /etc/shadow file typically stores user passwords in a hashed format. If a security administrator or attacker is trying to analyze this file, they might encounter the "Permission denied" message if they do not have sufficient privileges to access it. This suggests that the tool being used is likely attempting to crack or analyze the passwords stored in the /etc/shadow file, and it's encountering permission issues.
Why not B. File integrity monitor: A file integrity monitor typically checks whether critical system files have been modified. It wouldn't be used to crack passwords or access /etc/shadow in this way, and it wouldn’t typically result in a "Permission denied" error unless there’s an attempt to modify files rather than just monitor them.
D. Password cracker
Explanation: The message /etc/shadow: Permission denied indicates that the tool is attempting to access the /etc/shadow file, which typically contains password hashes for user accounts on a UNIX/Linux system. In a normal scenario, this file is restricted to root or privileged users to prevent unauthorized access.
This kind of message is commonly seen when a password cracker is trying to access the /etc/shadow file to extract password hashes for the purpose of cracking them (typically using brute force or dictionary attacks). The "Permission denied" error indicates that the tool lacks sufficient privileges to access the file, which is a normal security measure to protect sensitive data.
I don't know why so many of you think that a security administrator would use a password cracker during an audit, but I bet there are quite a few more reasons they would use a file integrity monitor during an audit. That would probably need to be given permissions to access a restricted file like /etc/shadow before they ran it, and if they didn't give them, I bet it would kick out a don't touch me error just like this. Answer is B.
While FIM could theoretically generate a "permission denied" error if misconfigured, the presence of the error immediately following access attempts on /etc/shadow is more indicative of a password-cracking attempt than standard FIM activity in this context.
They use password crackers during audits to ensure compliance is actually being honored.
it's far easier to challenge something in an ACTIVE way than it is to defensively go through each system. Not to mention that just because something says it's working means that it actually is.
B. File Integrity Monitoring
The /etc/shadow file stores encrypted user passwords, and you can only access it as root. If you're checking file integrity, you're checking the permissions are still properly set and haven't been changed. You WANT to see 'Permission Denied' if you're auditing the system.
A file integrity monitor would attempt to read the contents of etc/shadow while doing integrity checks, this may fail due to insufficient permissions.
- File Integrity monitor matches the activity of an administrator performing an audit.
- Password Cracking is more aligned with pentesting than auditing.
Copy pasted to ChatGPT and the answer is D. Make sense to me.
upvoted 2 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Cyberity
Highly Voted 7 months agomejestique
Most Recent 1 week, 4 days agodbrowndiver
1 month, 3 weeks agopindinga1
1 month, 3 weeks agoEracle
2 months, 1 week agolaternak26
2 months, 3 weeks agoAndyK2
3 months, 1 week agofmeox567
3 months, 3 weeks agoBevMe
3 months, 4 weeks agocyberWoof
4 months agoc7b3ff0
5 months agooikj
4 months, 1 week ago1798e2e
4 months, 3 weeks agoUser92
5 months, 1 week agoTy13
5 months, 2 weeks agoFrozenCarrot
6 months ago850bc48
6 months, 1 week agoGman530
6 months, 3 weeks agoAZZ99
7 months ago