nerdexam
CompTIA

LX0-104 · Question #208

Which of the following are common techniques for securing a sendmail server? (Select THREE correct answers)

The correct answer is B. Enable TLS. C. Disable VRFY. D. Run sendmail in a chroot'd environment.. Common techniques for securing a sendmail server include enabling TLS for encrypted communication, disabling the VRFY command to prevent user enumeration, and running sendmail in a chroot'd environment to limit exploit damage.

Security

Question

Which of the following are common techniques for securing a sendmail server? (Select THREE correct answers)

Options

  • AMaintain user accounts in an LDAP directory.
  • BEnable TLS.
  • CDisable VRFY.
  • DRun sendmail in a chroot'd environment.
  • EDisable USRLKUP.

How the community answered

(27 responses)
  • A
    7% (2)
  • B
    78% (21)
  • E
    15% (4)

Why each option

Common techniques for securing a sendmail server include enabling TLS for encrypted communication, disabling the VRFY command to prevent user enumeration, and running sendmail in a chroot'd environment to limit exploit damage.

AMaintain user accounts in an LDAP directory.

Maintaining user accounts in an LDAP directory is an authentication and account management strategy, but it is not a direct security hardening technique for the sendmail server's daemon or protocols against common vulnerabilities.

BEnable TLS.Correct

Enabling TLS (Transport Layer Security) encrypts mail traffic and authentication, protecting sensitive information from interception during transmission.

CDisable VRFY.Correct

Disabling the VRFY (verify) command prevents attackers from querying the server to discover valid user accounts, which can be used for spamming or other targeted attacks.

DRun sendmail in a chroot'd environment.Correct

Running sendmail in a chroot'd environment isolates the mail server process to a restricted portion of the filesystem, thereby limiting the scope of damage if the server is compromised.

EDisable USRLKUP.

Disabling USRLKUP is not a commonly recognized or primary security hardening technique for sendmail servers; the other options provide more direct and impactful security improvements.

Concept tested: sendmail server security hardening

Source: https://www.sendmail.com/doc/html/op_mode.html

Topics

#sendmail security#TLS#chroot#VRFY

Community Discussion

No community discussion yet for this question.

Full LX0-104 Practice