CompTIA Security Plus Mock Test Q1745

A company researched the root cause of a recent vulnerability in its software. It was determined that the vulnerability was the result of two updates made in the last release. Each update alone would not have resulted in the vulnerability. In order to prevent similar situations in the future, the company should improve which of the following?

A. Change management procedures
B. Job rotation policies
C. Incident response management
D. Least privilege access controls

Correct Answer: A
Section: Mixed Questions

CompTIA Security Plus Mock Test Q1377

A system requires administrators to be logged in as the “root” in order to make administrator changes. Which of the following controls BEST mitigates the risk associated with this scenario?

A. Require that all administrators keep a log book of times and justification for accessing root
B. Encrypt all users home directories using file-level encryption
C. Implement a more restrictive password rotation policy for the shared root account
D. Force administrator to log in with individual accounts and switch to root
E. Add the administrator to the local group

Correct Answer: D
Section: Mixed Questions

CompTIA Security Plus Mock Test Q999

The security administrator notices a user logging into a corporate Unix server remotely as root. Which of the following actions should the administrator take?

A. Create a firewall rule to block SSH
B. Delete the root account
C. Disable remote root logins
D. Ensure the root account has a strong password


Correct Answer: C
Section: Access Control and Identity Management

Explanation:
Remote users log in to Unix or Linux servers by using SSH. Although SSH is secure, allowing remote access as root is a security risk.
One of the biggest security holes you could open on a Unix or Linux server is to allow directly logging in as root through SSH, because any cracker can attempt to brute force your root
password and potentially get access to your system if they can figure out your password.
It’s much better to have a separate account that you regularly use and simply sudo to root when necessary.
You should disable root ssh access by editing /etc/ssh/sshd_config to contain:
PermitRootLogin no

Incorrect Answers:
A: Blocking SSH would prevent all remote access to all servers using SSH. We do not want to disable all SSH access; we just want to prevent remotely logging in to the UNIX server
as root. Therefore, this answer is incorrect.
B: You should never delete the root account. The root account is required by Unix. Therefore, this answer is incorrect.
D: Ensuring the root account has a strong password is a good idea. However, this will not prevent remotely logging in to the server as root. Therefore, this answer is incorrect.

References:

Security Tip: Disable Root SSH Login on Linux