CompTIA Security Plus Mock Test Q385

Which of the following utilities can be used in Linux to view a list of users’ failed authentication attempts?

A. badlog
B. faillog
C. wronglog
D. killlog

Correct Answer: B
Section: Compliance and Operational Security

Explanation:
var/log/faillog – This Linux log file contains failed user logins. You’ll find this log useful when tracking attempts to crack into your system.
/var/log/apport.log This log records application crashes. Sometimes these can reveal attempts to compromise the system or the presence of a virus or spyware.

Incorrect Answers:
A, C, D: These are not files that can be found under the /var/log Directory as used in Linux.

References:

20 Linux Log Files that are Located under /var/log Directory


Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, p. 47