nerdexam
CompTIA

LX0-104 · Question #383

SELinux is a Linux feature that:

The correct answer is C. enforces Mandatory Access Control policies that can restrict user space programs and system servers. SELinux is a security enhancement for Linux that implements Mandatory Access Control (MAC) policies, enforcing fine-grained restrictions on processes and system resources.

Security

Question

SELinux is a Linux feature that:

Options

  • Amonitors system file access by unprivileged users and warns them when they are trying to gain access
  • Bprovides only Mandatory Access Control policies. Additional access control models such as Rolebased
  • Cenforces Mandatory Access Control policies that can restrict user space programs and system servers
  • Densures that system files referenced in the Mandatory Access Control policies are not modified and alerts

How the community answered

(44 responses)
  • A
    2% (1)
  • C
    95% (42)
  • D
    2% (1)

Why each option

SELinux is a security enhancement for Linux that implements Mandatory Access Control (MAC) policies, enforcing fine-grained restrictions on processes and system resources.

Amonitors system file access by unprivileged users and warns them when they are trying to gain access

While SELinux does monitor access, its primary function is to enforce policies and prevent unauthorized access, not merely to warn users about attempts.

Bprovides only Mandatory Access Control policies. Additional access control models such as Rolebased

SELinux is designed as a flexible MAC framework that supports various access control models, including Role-Based Access Control (RBAC) and Type Enforcement (TE), not solely a single form of MAC.

Cenforces Mandatory Access Control policies that can restrict user space programs and system serversCorrect

SELinux (Security-Enhanced Linux) is a kernel security module that enforces Mandatory Access Control (MAC) policies, which rigorously define and restrict what user-space programs and system services can access and do, even if they are compromised. This provides a robust layer of security beyond traditional Discretionary Access Control.

Densures that system files referenced in the Mandatory Access Control policies are not modified and alerts

SELinux enforces policies on access to files and other resources; its direct function is to prevent unauthorized actions based on its policy rules, rather than solely ensuring files are not modified and alerting, which is more typical of file integrity monitoring.

Concept tested: SELinux function (Mandatory Access Control)

Source: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/using_selinux/what-is-selinux_using-selinux

Topics

#SELinux#Mandatory Access Control (MAC)#system security

Community Discussion

No community discussion yet for this question.

Full LX0-104 Practice