Terminal PBQs: AWS Certified Security - Specialty (SCS-C03)
easyQuestion 1 of 21
You are a cloud security engineer investigating a potentially compromised EC2 instance during an incident response. The instance has been isolated from the network and you have been given SSH access. Your first task is to navigate to the system log directory on this Linux instance and review the authentication log to determine what recent login activity has occurred.
Objectives
- •Locate the system authentication logs
- •Identify which log files are available for analysis
- •Analyze the authentication log for recent login activity
bash
ec2-user@certnova:/$
Type commands and press Enter to execute. Use ↑↓ to navigate history. Ctrl+C to cancel, Ctrl+L to clear.
Progress
0 of 3 steps detectedRun at least one command to mark this question complete
0 of 21 marked complete