CompTIA Linux+ (XK0-004) — Question 173

A Linux administrator suspects unauthorized users are attempting to log in to the Linux server remotely. Which of the following should the administrator check
FIRST?

Answer options

Correct answer: B

Explanation

The correct answer is B, /var/log/secure, as it contains authentication-related messages, including successful and failed login attempts. The other options, while they may have useful information, do not specifically focus on security and login events like /var/log/secure does.