Which statement BEST describes the security implication of leaving this NOPASSWD rule in place?
The rule suppresses sudo's syslog and audit records for successful runs, making the action effectively invisible to logging systems.
QA group members will be asked for their password the first time in each session; the tag only removes repeated prompts once sudo's credential cache is active.
Any process running under a qa member's UID can execute the script as root without entering a password, so a compromised session can escalate privileges instantly.
Because the command path is fully qualified, sudo will still demand the root password; NOPASSWD only overrides authentication for commands matched by wildcards.
The NOPASSWD tag tells sudo to skip the normal password authentication step for the listed command(s). Because of that, any interactive session or process running as a member of the qa group can invoke the Python maintenance script as root without further challenge. If an attacker hijacks a qa user's shell or injects code into one of their processes, the attacker immediately gains root privileges for that command. The tag does not change group membership checks, does not depend on wildcard paths, and does not disable sudo's event logging, so the other statements are incorrect.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does the NOPASSWD tag in the sudoers file mean?
Open an interactive chat with Bash
How can a compromised session escalate privileges using this rule?
Open an interactive chat with Bash
Does this rule affect sudo logging and group membership checks?
Open an interactive chat with Bash
CompTIA Linux+ XK0-006 (V8)
Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access