Crucial Exams

ISC2 Certified Cloud Security Professional (CCSP) Practice Question

Your cloud team must bring a fleet of Linux IaaS web servers into compliance with the company's CISā€based hardening baseline. A recent scan reports the following HIGH finding:

CIS control 5.2.8 - SSH PermitRootLogin is enabled (current value: yes)

You need to remediate this issue on running instances with minimal service interruption while still allowing administrators to connect with their normal, non-root accounts. Which action best satisfies the baseline requirement?

  • Use systemctl to stop and disable the sshd service on all servers, forcing administrators to log on through the cloud provider's console instead.

  • Automate an IaC task that writes "PermitRootLogin no" to /etc/ssh/sshd_config on each server and sends sshd a reload signal.

  • Terminate the existing VMs and redeploy them from an updated golden image that already blocks root SSH access.

  • Change the root password on every instance and restrict its distribution to senior administrators only.

ISC2 Certified Cloud Security Professional (CCSP)
Cloud Security Operations
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot