You work for a large firm that uses a server to host a publicly facing webserver and SFTP server. This server runs Ubuntu Server 22.04.1 LTS. A system administrator who has access to this server was recently a victim of a phishing attack and it was found that the individual reuses the same password for all of the different authentication mechanisms and applications at work. You want to verify that their Ubuntu user with a UID of 1234 has not been used on any publicly facing servers such as the webserver and SFTP server. Which command would help achieve this?

  • net user 1234 | sort -i
  • history | grep -e [Uu]id | grep 1234
  • net user 1234
  • journalctl _UID=1234

CompTIA Security+ SY0-601
  • Attacks, Threats, and Vulnerabilities
  • Architecture and Design
  • Implementation
  • Operations and Incident Response
    • This question is filed here
  • Governance, Risk, and Compliance