Crucial Exams

CompTIA Linux+ XK0-006 (V8) Practice Question

While auditing a production server you discover the following entry in /etc/sudoers:

%devteam ALL=(ALL) NOPASSWD: /usr/bin/vim

Developers in the devteam group occasionally need to update /etc/nginx/nginx.conf, but the security team wants to minimize the risk of privilege escalation that could occur through shell-escape features or editor vulnerabilities. Which change will best satisfy the functional requirement and apply the principle of least privilege?

  • Move /usr/bin/vim to a root-writable directory such as /usr/local/bin and leave the rule unchanged.

  • Replace the line with: %devteam ALL=(ALL) sudoedit /etc/nginx/nginx.conf and remove the NOPASSWD tag.

  • Keep the existing rule but add the NOEXEC tag so vim cannot execute external commands.

  • Add Defaults:%devteam timestamp_timeout=0 so members must enter their password for every sudo invocation.

CompTIA Linux+ XK0-006 (V8)
Security
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot