nerdexam
CompTIA

XK0-004 · Question #184

A systems administrator wants to disable the Linux Kernel WatchDog Timer Driver for security purposes. Which of the following will accomplish this task?

The correct answer is A. Add blacklist watchdog to the /etc/modprobe.d/blacklist file.. Adding a 'blacklist' directive to a file under /etc/modprobe.d/ is the correct Linux method to prevent a kernel module such as the watchdog driver from loading at boot time.

System Management

Question

A systems administrator wants to disable the Linux Kernel WatchDog Timer Driver for security purposes. Which of the following will accomplish this task?

Options

  • AAdd blacklist watchdog to the /etc/modprobe.d/blacklist file.
  • BRename the /etc/modprobe.d/watchdog file to watchdog.off instead.
  • CRemove the watchdog=1 from the /usr/modules/watchdog.conf file.
  • DAdd watchdog=0 to the /etc/modprobe.conf file.

How the community answered

(69 responses)
  • A
    83% (57)
  • B
    6% (4)
  • C
    9% (6)
  • D
    3% (2)

Why each option

Adding a 'blacklist' directive to a file under /etc/modprobe.d/ is the correct Linux method to prevent a kernel module such as the watchdog driver from loading at boot time.

AAdd blacklist watchdog to the /etc/modprobe.d/blacklist file.Correct

The blacklist directive in any .conf file under /etc/modprobe.d/ instructs modprobe to refuse automatic loading of the named module; adding 'blacklist watchdog' prevents the Linux Kernel WatchDog Timer Driver module from being loaded, effectively disabling it for security purposes.

BRename the /etc/modprobe.d/watchdog file to watchdog.off instead.

modprobe only processes files in /etc/modprobe.d/ that have a .conf extension; renaming a file to .off causes it to be silently ignored, but this is not a reliable or documented method and does not guarantee the module is blacklisted.

CRemove the watchdog=1 from the /usr/modules/watchdog.conf file.

/usr/modules/watchdog.conf is not a real or standard kernel module configuration path; kernel module blacklisting and parameters are managed exclusively via /etc/modprobe.d/, not this non-existent location.

DAdd watchdog=0 to the /etc/modprobe.conf file.

/etc/modprobe.conf is a deprecated single-file location superseded by /etc/modprobe.d/; additionally, 'watchdog=0' is not valid blacklist syntax - the correct syntax is 'blacklist <module_name>'.

Concept tested: Blacklisting kernel modules via /etc/modprobe.d/

Source: https://www.freedesktop.org/software/systemd/man/modprobe.d.html

Topics

#kernel modules#modprobe blacklist#module management#security hardening

Community Discussion

No community discussion yet for this question.

Full XK0-004 Practice