GIAC Penetration Tester (GPEN) — Question 25

How can a non-privileged user on a Unix system determine if shadow passwords are being used?

Answer options

• A. Read /etc/password and look for "x" or "II" in the second colon-delimited field
• B. Read /etc/shadow and look for "x" or "II" in the second colon-delimited field
• C. Verify that /etc/password has been replaced with /etc/shadow
• D. Read /etc/shadow and look NULL values In the second comma delimited field

Correct answer: B

Explanation

The correct answer is B because the /etc/shadow file contains password information for users, and the presence of 'x' or 'II' indicates that shadow passwords are in use. Option A is incorrect since /etc/password does not store shadow password information. Option C is misleading; /etc/password is not replaced, but rather, it uses /etc/shadow for enhanced security. Option D is also wrong because NULL values do not indicate the use of shadow passwords.