Which runtime host policy rule is the root cause for this runtime audit?

An administrator sees that a runtime audit has been generated for a host. The audit message is: “Service postfix attempted to obtain capability SHELL by executing /bin/sh /usr/libexec/postfix/postfix- script.stop. Low severity audit, event is automatically added to the runtime model”

Which runtime host policy rule is the root cause for this runtime audit?
A . Custom rule with specific configuration for file integrity
B . Custom rule with specific configuration for networking
C . Default rule that alerts on capabilities
D . Default rule that alerts on suspicious runtime behavior

View Answer

Answer: D

Explanation:

For a runtime audit generated for a host with a message indicating a service attempting to obtain capability by executing a script, the root cause for this runtime audit is most likely related to D. Default rule that alerts on suspicious runtime behavior. This default rule is designed to flag unusual or potentially harmful activities that could indicate a security risk, prompting further investigation.