exam questions

Exam SY0-701 All Questions

View all questions & answers for the SY0-701 exam

Exam SY0-701 topic 1 question 276 discussion

Actual exam question from CompTIA's SY0-701
Question #: 276
Topic #: 1
[All SY0-701 Questions]

A security administrator is performing an audit on a stand-alone UNIX server, and the following message is immediately displayed:

(Error 13): /etc/shadow: Permission denied.

Which of the following best describes the type of tool that is being used?

  • A. Pass-the-hash monitor
  • B. File integrity monitor
  • C. Forensic analysis
  • D. Password cracker
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Cyberity
Highly Voted 7 months ago
Selected Answer: D
Password crackers often attempt to access this file to obtain hashed passwords for cracking.
upvoted 8 times
...
mejestique
Most Recent 1 week, 4 days ago
Selected Answer: B
B. File integrity monitor Explanation: The "/etc/shadow: Permission denied" error suggests that the tool is trying to access the /etc/shadow file, which stores password hashes on a UNIX system and is highly restricted. A File Integrity Monitor (FIM) checks system files for unauthorized changes, access attempts, or modifications. Since the security administrator is conducting an audit, a FIM tool is likely being used to ensure that critical system files (like /etc/shadow) have not been altered.
upvoted 1 times
...
dbrowndiver
1 month, 3 weeks ago
Selected Answer: D
The /etc/shadow file stores encrypted passwords and is protected with strict permissions to prevent unauthorized access. • Scenario Application: The error message (Error 13): /etc/shadow: Permission denied indicates that the tool being used attempted to access the /etc/shadow file but failed due to insufficient permissions. This behavior is consistent with a password cracker attempting to retrieve password hashes for analysis or cracking.
upvoted 2 times
...
pindinga1
1 month, 3 weeks ago
Selected Answer: D
The context based, the question says “tool” used for analysis. For my is D pssword cracker.
upvoted 2 times
...
Eracle
2 months, 1 week ago
Selected Answer: B
Why not D option: a password cracker attempts to crack passwords, not read the file directly. A password cracker typically operates on a copy of the /etc/shadow file (or extracted hashes) and would not generate a “Permission denied” error during its cracking operation.
upvoted 2 times
...
laternak26
2 months, 3 weeks ago
Selected Answer: D
D. Password cracker: A password cracker tool is used to attempt to recover passwords from hashed password files. In the case of UNIX-based systems, the /etc/shadow file typically stores user passwords in a hashed format. If a security administrator or attacker is trying to analyze this file, they might encounter the "Permission denied" message if they do not have sufficient privileges to access it. This suggests that the tool being used is likely attempting to crack or analyze the passwords stored in the /etc/shadow file, and it's encountering permission issues. Why not B. File integrity monitor: A file integrity monitor typically checks whether critical system files have been modified. It wouldn't be used to crack passwords or access /etc/shadow in this way, and it wouldn’t typically result in a "Permission denied" error unless there’s an attempt to modify files rather than just monitor them.
upvoted 4 times
...
AndyK2
3 months, 1 week ago
Selected Answer: B
Strange, Claude says it's FIM. But ChatGPT says Password Cracker. I'd go with FIM - since it makes more sense.
upvoted 4 times
...
fmeox567
3 months, 3 weeks ago
Selected Answer: D
D. Password cracker Explanation: The message /etc/shadow: Permission denied indicates that the tool is attempting to access the /etc/shadow file, which typically contains password hashes for user accounts on a UNIX/Linux system. In a normal scenario, this file is restricted to root or privileged users to prevent unauthorized access. This kind of message is commonly seen when a password cracker is trying to access the /etc/shadow file to extract password hashes for the purpose of cracking them (typically using brute force or dictionary attacks). The "Permission denied" error indicates that the tool lacks sufficient privileges to access the file, which is a normal security measure to protect sensitive data.
upvoted 2 times
...
BevMe
3 months, 4 weeks ago
B. File Integrity Monitor
upvoted 2 times
...
cyberWoof
4 months ago
Selected Answer: B
File integrity monitor
upvoted 2 times
...
c7b3ff0
5 months ago
Selected Answer: B
I don't know why so many of you think that a security administrator would use a password cracker during an audit, but I bet there are quite a few more reasons they would use a file integrity monitor during an audit. That would probably need to be given permissions to access a restricted file like /etc/shadow before they ran it, and if they didn't give them, I bet it would kick out a don't touch me error just like this. Answer is B.
upvoted 4 times
oikj
4 months, 1 week ago
While FIM could theoretically generate a "permission denied" error if misconfigured, the presence of the error immediately following access attempts on /etc/shadow is more indicative of a password-cracking attempt than standard FIM activity in this context.
upvoted 1 times
...
1798e2e
4 months, 3 weeks ago
They use password crackers during audits to ensure compliance is actually being honored. it's far easier to challenge something in an ACTIVE way than it is to defensively go through each system. Not to mention that just because something says it's working means that it actually is.
upvoted 2 times
...
...
User92
5 months, 1 week ago
Selected Answer: D
Password crackers often attempt to access the /etc/shadow file to retrieve hashed passwords for cracking.
upvoted 2 times
...
Ty13
5 months, 2 weeks ago
Selected Answer: B
B. File Integrity Monitoring The /etc/shadow file stores encrypted user passwords, and you can only access it as root. If you're checking file integrity, you're checking the permissions are still properly set and haven't been changed. You WANT to see 'Permission Denied' if you're auditing the system.
upvoted 2 times
...
FrozenCarrot
6 months ago
Selected Answer: B
The /etc/shadow is a text-based password file.
upvoted 1 times
...
850bc48
6 months, 1 week ago
D. password cracking
upvoted 1 times
...
Gman530
6 months, 3 weeks ago
Selected Answer: B
A file integrity monitor would attempt to read the contents of etc/shadow while doing integrity checks, this may fail due to insufficient permissions. - File Integrity monitor matches the activity of an administrator performing an audit. - Password Cracking is more aligned with pentesting than auditing.
upvoted 2 times
...
AZZ99
7 months ago
Selected Answer: D
Copy pasted to ChatGPT and the answer is D. Make sense to me.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago