Crucial Exams

CompTIA Linux+ XK0-006 (V8) Practice Question

While hardening a server you need to let a developer view log files as root without opening a privileged shell. You add the following line to /etc/sudoers with visudo:

alice ALL=(root) NOEXEC: /usr/bin/less

Afterward Alice can run sudo less /var/log/secure, but when she presses ! inside less and tries !sh she receives the message "command execution disabled by sudo noexec". Which statement best describes how the NOEXEC tag enforces this restriction?

  • It intercepts exec-family system calls (using LD_PRELOAD or a seccomp filter), allowing the permitted program to run but blocking any attempt it makes to execute another binary.

  • It sets the environment variable SHELL=/bin/false, causing shell escapes to fail while leaving other program behavior unchanged.

  • It changes the program's effective UID to nobody, preventing it from launching set-UID binaries such as a shell.

  • It temporarily remounts all system filesystems with the noexec mount option so no new executable can be started.

CompTIA Linux+ XK0-006 (V8)
Security
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot