nerdexam
ExamsCAS-003Questions#344
CompTIA

CAS-003 · Question #344

CAS-003 Question #344: Real Exam Question with Answer & Explanation

The correct answer is D: The SSH command is not allowing a pty session. Examining the three files: Config 1 (sudoers) correctly permits the operator to run /sbin/reboot via sudo. Config 3 (passwd) is a standard user entry with no misconfiguration. The problem is in Config 2 (SSH authorized_keys), which contains two issues: the forced command is set t

Question

A security analyst is troubleshooting a scenario in which an operator should only be allowed to reboot remote hosts but not perform other activities. The analyst inspects the following portions of different configuration files: Configuration file 1: Operator ALL=/sbin/reboot Configuration file 2: Command="/sbin/shutdown now", no-x11-forwarding, no-pty, ssh-dss Configuration file 3: Operator:x:1000:1000::/home/operator:/bin/bash Which of the following explains why an intended operator cannot perform the intended action?

Options

  • AThe sudoers file is locked down to an incorrect command
  • BSSH command shell restrictions are misconfigured
  • CThe passwd file is misconfigured
  • DThe SSH command is not allowing a pty session

Explanation

Examining the three files: Config 1 (sudoers) correctly permits the operator to run /sbin/reboot via sudo. Config 3 (passwd) is a standard user entry with no misconfiguration. The problem is in Config 2 (SSH authorized_keys), which contains two issues: the forced command is set to '/sbin/shutdown now' (not reboot) and - critically - the 'no-pty' directive is set, which prevents allocation of a pseudo-terminal. Without a pty, the operator cannot establish an interactive SSH session to execute commands. The no-pty restriction is the root cause preventing the operator from performing the intended action.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CAS-003 Practice