Which log file contains information about failed login attempts?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $25.99Unlock all

Enhance your cyber defense skills with the Security Blue Team Level 1 Test. Prepare with flashcards, multiple choice questions, and detailed explanations to ace your exam!

Multiple Choice

Which log file contains information about failed login attempts?

Explanation:
Failed login attempts are tracked in a dedicated log that records each failed attempt as an individual event, including when and from where it occurred. That specific log is /var/log/btmp, a binary file that you read with the lastb command to see the failed logins. This makes it the primary source for listing failed login activity. Other logs play different roles: /var/log/auth.log and /var/log/secure capture authentication-related messages, including both successes and failures, so they’re broader audit trails rather than a focused record of failed attempts. /var/log/faillog stores per-user failure counts and is less useful for reviewing every failed attempt, since it doesn’t present the events as a straightforward log. So for information about failed login attempts, /var/log/btmp is the best and most direct source.

Failed login attempts are tracked in a dedicated log that records each failed attempt as an individual event, including when and from where it occurred. That specific log is /var/log/btmp, a binary file that you read with the lastb command to see the failed logins. This makes it the primary source for listing failed login activity.

Other logs play different roles: /var/log/auth.log and /var/log/secure capture authentication-related messages, including both successes and failures, so they’re broader audit trails rather than a focused record of failed attempts. /var/log/faillog stores per-user failure counts and is less useful for reviewing every failed attempt, since it doesn’t present the events as a straightforward log.

So for information about failed login attempts, /var/log/btmp is the best and most direct source.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy