During a security audit you discover that the legacy telnet.socket unit is still present on a systemd-based server. Policy requires that the socket be stopped immediately and rendered unstartable-whether manually or as a dependency-until administrators explicitly re-enable it at a later date. Which single systemctl command fulfills this requirement and ensures the state persists across reboots?
systemctl mask --now telnet.socket first terminates any running instance (because of --now) and then creates a symbolic link from /etc/systemd/system/telnet.socket to /dev/null. This link prevents systemd - and any user or dependent unit - from starting the socket until it is explicitly unmasked. In contrast, disable --now only removes autostart symlinks; the socket could still be started manually or by another unit. Combining stop with disable uses two commands rather than one, and disable --force still allows manual activation. Therefore, only the mask command meets all stated conditions in a single invocation.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does the `mask` command do in systemctl?
Open an interactive chat with Bash
What is the difference between `systemctl mask` and `systemctl disable`?
Open an interactive chat with Bash
Why does the `--now` option matter when used with `systemctl mask`?
Open an interactive chat with Bash
CompTIA Linux+ XK0-006 (V8)
Services and User Management
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access