🔥 3-day streak
CompTIA Linux+ (XK0-006)13 / 123
Question 13 of 123

A security analyst configured an audit rule with the key 'passwd-changes' to monitor modifications to /etc/passwd. After a suspected unauthorized change, they need to review only the audit events associated with that rule from the audit logs. Which command should they run?

Reviewed for accuracy · Report an issueNext question