XK0-005 Question #1586: Real Exam Question with Answer & Explanation

Question

A Linux administrator provisioned a new web server with custom administrative permissions for certain users. The administrator receives a report that user1 is unable to restart the Apache web service on this server. The administrator reviews the following output: Which of the following would most likely resolve the issue while maintaining a least privilege security model?

Options

• AUser1 should be added to the wheel group to manage the service.
• BUser1 should have "NOPASSWD:" after the "ALL=" in the custom.conf.
• CThe wheel line in the custom.conf file should be uncommented.
• DWebadmin should be listed as a group in the custom.conf file.

Explanation

To grant user1 permission to restart the Apache service while adhering to a least privilege model, the webadmin group, which user1 is presumably a member of, should be granted specific sudo permissions for the Apache service in the custom.conf file.

Common mistakes.

• A. Adding user1 to the wheel group typically grants broad administrative privileges, violating the principle of least privilege if only Apache service restarts are needed.
• B. Adding NOPASSWD: for user1 after ALL= gives passwordless execution for all commands, which is a security risk and violates least privilege by removing a security prompt for all actions.
• C. Uncommenting the wheel line in custom.conf would grant potentially broad sudo access to all members of the wheel group, which likely exceeds the required permissions for user1 and violates least privilege.

Concept tested. Sudoers configuration, least privilege, group-based permissions

Reference. https://manpages.ubuntu.com/manpages/jammy/man5/sudoers.5.html

No community discussion yet for this question.