CompTIA PenTest+ (PT0-002) — Question 257

A penetration tester runs the following command on a system:

find / –user root –perm -4000 –print 2>/dev/null

Which of the following is the tester trying to accomplish?

Answer options

• A. Set the SGID on all files in the /directory.
• B. Find the /root directory on the system.
• C. Find files with the SUID bit set.
• D. Find files that were created during exploitation and move them to /dev/null.

Correct answer: C

Explanation

The command is specifically looking for files that have the SUID (Set User ID) bit set, which is indicated by the permission flag -4000. Options A, B, and D do not correctly describe the functionality of the command, as they focus on setting permissions or locating directories rather than identifying files with SUID permissions.