After a confirmed breach, you must immediately stop the developer account named "dana" from logging in to a Red Hat-based server by any authentication method (password, SSH key, etc.). The account, its UID, and all running processes must stay intact so that you can restore access later with a single command. Which command satisfies these requirements?
sets the account's expiration date to the epoch (1 Jan 1970). During the PAM account phase every login attempt is rejected because the account is expired, so neither passwords nor public-key SSH authentication succeed. The user's entry in /etc/passwd, UID, home directory, and running processes are left untouched and can be re-enabled later with chage -E -1 or a future date.
passwd -l dana and usermod -L dana only prepend "!" to the stored hash, disabling password authentication but still permitting key-based SSH and other non-password logins.
usermod -s /usr/sbin/nologin dana changes the login shell so interactive sessions fail, but authentication can still succeed and some non-shell services may continue to run; it is therefore not a complete lockout.
Expiring the account with chage provides the comprehensive but reversible lockdown required.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is PAM and why is it important in the login process?
Open an interactive chat with Bash
How does the `chage` command work and what does the `-E` flag do?
Open an interactive chat with Bash
What is the difference between locking an account and expiring an account?
Open an interactive chat with Bash
CompTIA Linux+ XK0-006 (V8)
Services and User Management
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access