For what purpose would an auditor obtain a copy of the /etc/passwd file for a password audit of a linux machine?
For what purpose would an auditor obtain a copy of the /etc/passwd file for a password audit of a linux machine?
The /etc/passwd file on a Linux system contains information about user accounts, such as usernames and user identification numbers, but it does not contain password hashes. Instead, password hashes are usually found in the /etc/shadow file. Therefore, the purpose of obtaining the /etc/passwd file would be to enumerate user accounts prior to conducting further steps in a password audit, such as cracking passwords by using the /etc/shadow file.
The correct answer is: C. The file allows for user enumeration prior to password cracking.