both B and D could theoretically trigger the error, the context of a security audit strongly aligns with File integrity monitor (B). FIM tools are standard components of audits to ensure file integrity, whereas password crackers are more situational and less likely to be the focus of a general audit. The error reflects a permissions issue during routine integrity checks, making B the best answer.
Answer: B. File integrity monitor
(Permission Denied) happens when you try to access or modify /etc/shadow, which is a highly restricted system file that stores hashed passwords for user accounts.
B. File integrity monitor
Explanation:
The "/etc/shadow: Permission denied" error suggests that the tool is trying to access the /etc/shadow file, which stores password hashes on a UNIX system and is highly restricted.
A File Integrity Monitor (FIM) checks system files for unauthorized changes, access attempts, or modifications. Since the security administrator is conducting an audit, a FIM tool is likely being used to ensure that critical system files (like /etc/shadow) have not been altered.
The /etc/shadow file stores encrypted passwords and is protected with strict permissions to prevent unauthorized access.
• Scenario Application:
The error message (Error 13): /etc/shadow: Permission denied indicates that the tool being used attempted to access the /etc/shadow file but failed due to insufficient permissions. This behavior is consistent with a password cracker attempting to retrieve password hashes for analysis or cracking.
Why not D option: a password cracker attempts to crack passwords, not read the file directly. A password cracker typically operates on a copy of the /etc/shadow file (or extracted hashes) and would not generate a “Permission denied” error during its cracking operation.
D. Password cracker: A password cracker tool is used to attempt to recover passwords from hashed password files. In the case of UNIX-based systems, the /etc/shadow file typically stores user passwords in a hashed format. If a security administrator or attacker is trying to analyze this file, they might encounter the "Permission denied" message if they do not have sufficient privileges to access it. This suggests that the tool being used is likely attempting to crack or analyze the passwords stored in the /etc/shadow file, and it's encountering permission issues.
Why not B. File integrity monitor: A file integrity monitor typically checks whether critical system files have been modified. It wouldn't be used to crack passwords or access /etc/shadow in this way, and it wouldn’t typically result in a "Permission denied" error unless there’s an attempt to modify files rather than just monitor them.
D. Password cracker
Explanation: The message /etc/shadow: Permission denied indicates that the tool is attempting to access the /etc/shadow file, which typically contains password hashes for user accounts on a UNIX/Linux system. In a normal scenario, this file is restricted to root or privileged users to prevent unauthorized access.
This kind of message is commonly seen when a password cracker is trying to access the /etc/shadow file to extract password hashes for the purpose of cracking them (typically using brute force or dictionary attacks). The "Permission denied" error indicates that the tool lacks sufficient privileges to access the file, which is a normal security measure to protect sensitive data.
I don't know why so many of you think that a security administrator would use a password cracker during an audit, but I bet there are quite a few more reasons they would use a file integrity monitor during an audit. That would probably need to be given permissions to access a restricted file like /etc/shadow before they ran it, and if they didn't give them, I bet it would kick out a don't touch me error just like this. Answer is B.
While FIM could theoretically generate a "permission denied" error if misconfigured, the presence of the error immediately following access attempts on /etc/shadow is more indicative of a password-cracking attempt than standard FIM activity in this context.
They use password crackers during audits to ensure compliance is actually being honored.
it's far easier to challenge something in an ACTIVE way than it is to defensively go through each system. Not to mention that just because something says it's working means that it actually is.
B. File Integrity Monitoring
The /etc/shadow file stores encrypted user passwords, and you can only access it as root. If you're checking file integrity, you're checking the permissions are still properly set and haven't been changed. You WANT to see 'Permission Denied' if you're auditing the system.
This section is not available anymore. Please use the main Exam Page.SY0-701 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Cyberity
Highly Voted 8 months agoForeversmall
Most Recent 3 weeks, 3 days agoprabh1251
1 month agoprabh1251
1 month, 1 week agomejestique
1 month, 2 weeks agodbrowndiver
3 months agopindinga1
3 months agoEracle
3 months, 2 weeks agolaternak26
3 months, 4 weeks agoAndyK2
4 months, 2 weeks agofmeox567
5 months agoBevMe
5 months agocyberWoof
5 months, 1 week agoc7b3ff0
6 months agooikj
5 months, 2 weeks ago1798e2e
6 months agoUser92
6 months, 2 weeks agoTy13
6 months, 3 weeks agoFrozenCarrot
7 months, 1 week ago