CompTIA PenTest+ (PT1-002) — Question 28

A penetration tester runs the following command on a system:
find / -user root `"perm -4000 `"print 2>/dev/null
Which of the following is the tester trying to accomplish?

Answer options

• A. Set the SGID on all files in the / directory
• B. Find the /root directory on the system
• C. Find files with the SUID bit set
• D. Find files that were created during exploitation and move them to /dev/null

Correct answer: C

Explanation

The correct answer is C because the command is specifically looking for files owned by the root user that have the SUID bit set, indicated by the permission -4000. Options A and B do not reflect the purpose of the command, while D incorrectly describes the command's function, as it does not involve moving files but rather finding them.