ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam XK0-004 All Questions

View all questions & answers for the XK0-004 exam
Go to Exam

Exam XK0-004 topic 1 question 21 discussion

Actual exam question from CompTIA's XK0-004
Question #: 21
Topic #: 1
[All XK0-004 Questions]

An administrator is analyzing a Linux server which was recently hacked.
Which of the following will the administrator use to find all unsuccessful login attempts?

  • A. nsswitch
  • B. faillock
  • C. pam_tally2
  • D. passwd
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by pinkcyberpenguin at May 26, 2020, 12:20 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
nakres64
Highly Voted 4 years, 3 months ago
A classical Comptia question. faillock is in the exam objectives but in official book there is nothing about it. Only pam_faillock, so I choose pam_tally2.
upvoted 5 times
Icarus1987
4 years, 2 months ago
nakres64 you're 100% correct. I read both the Pearson & McGraw Hill books and the Pearson book only mentions PAMs yet the McGraw Hill book tells you a bit about PAMs but covers pam_tally2 enough for me to confirm you are correct and that the answer is pam_tally2
upvoted 1 times
...
...
jc0le
Highly Voted 4 years, 2 months ago
This question is also in the official Comptia Study Guide, however in the Study Guide, the questions asks you to "choose two" . The back of the book then lists faillock and pamtally2 as the correct answers.
upvoted 5 times
...
c98ba22
Most Recent 7 months, 3 weeks ago
Selected Answer: B
both b and c
upvoted 1 times
...
sargeholik
2 years, 8 months ago
Selected Answer: B
There are two PAM modules you can use to trigger a temporary user lockout if multiple authentication attempts fail: pam_tally2 and pam_faillock. The pam_faillock module is recommended, as it is a newer module that improves upon pam_tally2 by supporting user lockout when authentication is done over a screen saver.
upvoted 1 times
...
petercorn
3 years, 6 months ago
Selected Answer: C
The pam_tally2 and faillock commands display failed login attempts, and therefore options B and C are correct answers.
upvoted 2 times
...
Bubu3k
4 years, 5 months ago
Both tally and faillock do the same thing. Comptia's Student Guide recommends using faillock over tally2 because it's newere. That being said if you consider it should be pam_faillock maybe than tally2 is the right answer
upvoted 1 times
...
dave369
5 years ago
C. "To measure the number of failed logins per user, a module is needed to do the counting. Two popular modules for this are pam_tally and pam_tally2, named after tallying" https://linux-audit.com/locking-users-after-failed-login-attempts-with-pam_tally2/
upvoted 2 times
...
pinkcyberpenguin
5 years, 1 month ago
It's faillock. https://linux.die.net/man/8/faillock
upvoted 1 times
Murderface84
5 years ago
Its pam tally: https://www.tecmint.com/use-pam_tally2-to-lock-and-unlock-ssh-failed-login-attempts/
upvoted 8 times
Icarus1987
4 years, 2 months ago
Correct answer is pam_tally2 as it shows failed login attempts for all users. faillock seems to only be used for a single user.
upvoted 3 times
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel