XK0-005 • Practice Test 28
Free XK0-005 practice test — 15 questions with explanations. Set 28. No signup required.
Based on the exhibit, what is the purpose of the audit rule?
Refer to the exhibit. # auditctl -l LIST_RULES: exit,always auid>=1000 auid!=4294967295 (0xffffffff) syscall=open key=user-open # ausearch -k user-open ---- time->Thu Jan 1 12:00:00 2025 type=SYSCALL msg=audit(1735689600.123:456): arch=c000003e syscall=2 success=yes exit=3 a0=7ffe... a1=0 a2=1c a3=7f... items=1 ppid=1234 pid=5678 auid=1001 uid=1001 gid=1001 euid=1001 suid=1001 fsuid=1001 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=1 comm="cat" exe="/usr/bin/cat" key="user-open"