Exam SY0-701 topic 1 question 334 discussion

The correct answer is: B. Setting weak passwords in /etc/shadow Explanation: In an insider threat scenario, one of the most likely techniques to attract the attention of a malicious attacker is setting weak passwords in the /etc/shadow file. This file stores password hashes for user accounts, and if an insider sets weak passwords, attackers can potentially crack these passwords through brute force or other methods. Once an attacker has access to weak passwords, they can escalate privileges, access sensitive information, or exploit the system for malicious purposes.

Creating a false text file in /docs/salaries attracts insiders, which usually looking for sensitive information.

This question is from a security operations prospective and focuses on how to catch an insider threat. #1 Never set a weak password. This could be exploited by an actual External Malicious actor. #2 Its the decoy file (A.k.a) Honey file principle. Using fake files that are highly monitored to see which accounts engage with them. Subsequently launching an investigation as to why that person was accessing the file. (Create a false text file)

In an insider threat scenario, setting weak passwords in the system's password file (/etc/shadow) would be particularly attractive to a malicious attacker because:

In an insider threat scenario, setting weak passwords in the system's password file (/etc/shadow) would be particularly attractive to a malicious attacker because: Weak passwords create an easy entry point for unauthorized access It provides a method of persistent system compromise The action can be done subtly without immediate detection Weak passwords can potentially be used to escalate privileges It exploits inherent system authentication mechanisms