CompTIA CySA+CS0-002 – Question125

When investigating a report of a system compromise, a security analyst views the following /var/log/secure log file:

Which of the following can the analyst conclude from viewing the log file?

A.
The comptia user knows the sudo password.
B. The comptia user executed the sudo su command.
C. The comptia user knows the root password.
D. The comptia user added himself or herself to the /etc/sudoers file.

Correct Answer: D