While auditing a CentOS Stream 9 server, you confirm that gpgcheck=1 is already present in every file under /etc/yum.repos.d/. To further harden the software supply chain, you want DNF to refuse any repository whose metadata (for example, repomd.xml) is not signed by a trusted GPG key. Which single directive must be added and set to 1 in each .repo stanza to enforce this behaviour?
The directive that forces DNF/YUM to validate the GPG signature of repository metadata is repo_gpgcheck. When set to 1 (true), DNF verifies the signature on files such as repomd.xml before it will process the repository, preventing attackers from substituting a tampered package list.
Other options are incorrect:
metadata_expire only controls how long cached metadata is considered fresh and has no impact on signature verification.
sslverify controls TLS certificate checking for HTTPS transport; it does not validate GPG signatures on repository data.
localpkg_gpgcheck verifies signatures of RPM files that are installed from the local filesystem or a direct URL, not the metadata fetched from a repository.
Therefore, setting repo_gpgcheck=1 is the required control for metadata-level signature enforcement.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a GPG key, and how does it secure repository metadata?
Open an interactive chat with Bash
How does `repo_gpgcheck=1` improve system security compared to `gpgcheck=1`?
Open an interactive chat with Bash
What happens if `repo_gpgcheck` is not enabled?
Open an interactive chat with Bash
CompTIA Linux+ XK0-006 (V8)
Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .