A Linux administrator is hardening user account security and wants to prevent users from selecting passwords that have previously been exposed in public data breaches. The new policy must be enforced automatically whenever a user attempts to change their password. Which of the following methods best achieves this specific goal?
Schedule a cron job to run john against /etc/shadow to find and report weak passwords.
Implement a PAM module that validates new passwords against a database of known breached passwords.
Use the pam_pwhistory module to prevent users from reusing their last ten passwords.
Configure pam_tally2 to lock out accounts that use a password from a monitored list.
The correct solution is to implement a Pluggable Authentication Module (PAM) that checks passwords against a known breach list. Several PAM modules, such as pam_pwned, are designed for this exact purpose. They integrate with the Linux authentication system and can be configured to query a service like 'Have I Been Pwned?' or use a downloaded list to reject compromised passwords during the password-change process.
Using pam_tally2 is incorrect because it is used to lock accounts after a specific number of failed login attempts, not to validate password content against breach lists.
Enforcing password complexity and history with pam_pwhistory or chage is a valuable security practice but does not check if a password has been part of a known breach.
A cron job running a password cracker like john checks for weak, guessable passwords within the system's own shadow file but does not compare them against extensive external breach databases.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is PAM and how does it work in Linux?
Open an interactive chat with Bash
How does `pam_pwned` query breach databases?
Open an interactive chat with Bash
Why is `pam_tally2` not useful for checking breached passwords?
Open an interactive chat with Bash
CompTIA Linux+ XK0-006 (V8)
Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .