GIAC Certified Incident Handler (GCIH) — Question 12
Which UNIX log file contains information about currently logged in users?
Answer options
- A. wtmp
- B. btmp
- C. utmp
- D. lastlog
Correct answer: A
Explanation
The correct answer is A, wtmp, as it records all logins and logouts, including current user sessions. Option B, btmp, logs failed login attempts, while option C, utmp, tracks currently logged-in users but does not retain historical data. Option D, lastlog, shows the last login time for users but does not indicate current sessions.