CompTIA Linux+ (XK0-004) — Question 7

An administrator is analyzing a Linux server which was recently hacked.
Which of the following will the administrator use to find all unsuccessful login attempts?

Answer options

• A. nsswitch
• B. faillock
• C. pam_tally2
• D. passwd

Correct answer: C

Explanation

The correct answer is C, pam_tally2, which specifically tracks failed login attempts on Linux systems. Option A, nsswitch, is used for configuring name service switching, while B, faillock, is used to lock accounts after too many failed attempts but does not display the attempts. Option D, passwd, is related to password management and does not provide information about login attempts.