CV0-002 · Question #583
Last month, a cloud engineer updated all the Linux servers to disallow telnet communication by updating the firewall and uninstalling the application. However, it was recently discovered that three of
The correct answer is C. Configure a configuration management system to update all Linux servers.. To effectively implement and maintain the desired configuration of disallowing Telnet communication across Linux servers, a configuration management system is the best approach. This system automates the enforcement of security policies and remediates configuration drift.
Question
Last month, a cloud engineer updated all the Linux servers to disallow telnet communication by updating the firewall and uninstalling the application. However, it was recently discovered that three of the servers had the telnet port and application installed and configured. Which of the following is the BEST way to implement and maintain the change?
Options
- AImplement a process to rebuild all the Linux servers on a weekly basis.
- BDisable the local administrator accounts and change all the user passwords.
- CConfigure a configuration management system to update all Linux servers.
- DReview the system logs to determine who made the changes and disable those accounts.
How the community answered
(39 responses)- A8% (3)
- B3% (1)
- C77% (30)
- D13% (5)
Why each option
To effectively implement and maintain the desired configuration of disallowing Telnet communication across Linux servers, a configuration management system is the best approach. This system automates the enforcement of security policies and remediates configuration drift.
Rebuilding servers weekly is an extreme and inefficient measure that causes significant downtime and operational overhead, without directly addressing the root cause of configuration drift or unauthorized changes.
Disabling local administrator accounts and changing passwords might prevent some unauthorized changes but does not enforce a desired configuration state across all servers or remediate existing configuration drift.
A configuration management system, such as Ansible or Chef, allows for defining the desired state of servers as code, enabling automated deployment and continuous enforcement of configurations. It can detect and automatically revert any unauthorized changes, ensuring that security policies like disabling Telnet are consistently maintained across all Linux servers.
Reviewing logs to find who made changes is a reactive forensic step and an administrative action, not a proactive technical solution to implement and maintain a consistent configuration across systems.
Concept tested: Configuration management for desired state enforcement
Source: https://learn.microsoft.com/en-us/azure/automation/automation-dsc-overview
Topics
Community Discussion
No community discussion yet for this question.