GAQM Exam CPEH-001 Topic 7 Question 42 Discussion

Actual exam question for GAQM's CPEH-001 exam

Question #: 42
Topic #: 7

After studying the following log entries, how many user IDs can you identify that the attacker has tampered with?

1. mkdir -p /etc/X11/applnk/Internet/.etc

2. mkdir -p /etc/X11/applnk/Internet/.etcpasswd

3. touch -acmr /etc/passwd /etc/X11/applnk/Internet/.etcpasswd

4. touch -acmr /etc /etc/X11/applnk/Internet/.etc

5. passwd nobody -d

6. /usr/sbin/adduser dns -d/bin -u 0 -g 0 -s/bin/bash

7. passwd dns -d

8. touch -acmr /etc/X11/applnk/Internet/.etcpasswd /etc/passwd

9. touch -acmr /etc/X11/applnk/Internet/.etc /etc

AIUSR_

Bacmr, dns

Cnobody, dns

Dnobody, IUSR_

Show Suggested Answer

Suggested Answer: C

Passwd is the command used to modify a user password and it has been used together with the usernames nobody and dns.

by Tammara at May 09, 2022, 09:07 AM

Limited Time Offer

25%

Off

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!