LX0-104 · Question #208
Which of the following are common techniques for securing a sendmail server? (Select THREE correct answers)
The correct answer is B. Enable TLS. C. Disable VRFY. D. Run sendmail in a chroot'd environment.. Common techniques for securing a sendmail server include enabling TLS for encrypted communication, disabling the VRFY command to prevent user enumeration, and running sendmail in a chroot'd environment to limit exploit damage.
Question
Options
- AMaintain user accounts in an LDAP directory.
- BEnable TLS.
- CDisable VRFY.
- DRun sendmail in a chroot'd environment.
- EDisable USRLKUP.
How the community answered
(27 responses)- A7% (2)
- B78% (21)
- E15% (4)
Why each option
Common techniques for securing a sendmail server include enabling TLS for encrypted communication, disabling the VRFY command to prevent user enumeration, and running sendmail in a chroot'd environment to limit exploit damage.
Maintaining user accounts in an LDAP directory is an authentication and account management strategy, but it is not a direct security hardening technique for the sendmail server's daemon or protocols against common vulnerabilities.
Enabling TLS (Transport Layer Security) encrypts mail traffic and authentication, protecting sensitive information from interception during transmission.
Disabling the VRFY (verify) command prevents attackers from querying the server to discover valid user accounts, which can be used for spamming or other targeted attacks.
Running sendmail in a chroot'd environment isolates the mail server process to a restricted portion of the filesystem, thereby limiting the scope of damage if the server is compromised.
Disabling USRLKUP is not a commonly recognized or primary security hardening technique for sendmail servers; the other options provide more direct and impactful security improvements.
Concept tested: sendmail server security hardening
Source: https://www.sendmail.com/doc/html/op_mode.html
Topics
Community Discussion
No community discussion yet for this question.