CAS-005 · Question #105
CAS-005 Question #105: Real Exam Question with Answer & Explanation
The correct answer is D: The /etc/sshd/ssh_config file, updating the ciphers. The sshd_config file is the main configuration file for the OpenSSH server. To disable weak CBC (Cipher Block Chaining) ciphers for SSH connections, the security engineer should modify the sshd_config file to update the list of allowed ciphers. This file typically contains settin
Question
A security configure is building a solution to disable weak CBC configuration for remote access connections lo Linux systems. Which of the following should the security engineer modify?
Options
- AThe /etc/openssl.conf file, updating the virtual site parameter
- BThe /etc/nsswitch.conf file, updating the name server
- CThe /etc/hosts file, updating the IP parameter
- DThe /etc/sshd/ssh_config file, updating the ciphers
Explanation
The sshd_config file is the main configuration file for the OpenSSH server. To disable weak CBC (Cipher Block Chaining) ciphers for SSH connections, the security engineer should modify the sshd_config file to update the list of allowed ciphers. This file typically contains settings for the SSH daemon, including which encryption algorithms are allowed. By editing the /etc/ssh/sshd_config file and updating the Ciphers directive, weak ciphers can be removed, and only strong ciphers can be allowed. This change ensures that the SSH server does not use insecure encryption methods.
Community Discussion
No community discussion yet for this question.