XK0-005 Question #307: Real Exam Question with Answer & Explanation

Question

An administrator is trying to access a server in a cloud via SSH but is unable to log in. The administrator determines the company's IP address has been blocklisted on the server. Which of the following should the administrator do to prevent being blocked in the future?

Options

• AAdd the company's TLS certificate to the authorized_keys and known_hosts files.
• BModify the cloud provider security rules to allow all connectors form the company's IP address.
• CAdd the company's IP address from the /etc/hosts.allow.
• DTurn on SELinux and enable the SSH context.

Explanation

To prevent future SSH blocklisting on a server, the administrator should add the company's IP address to the /etc/hosts.allow file on the server, as this file explicitly defines permitted hosts for services like SSH.

Common mistakes.

• A. Adding TLS certificates to authorized_keys (which stores SSH public keys) or known_hosts (which stores host keys) is unrelated to preventing IP blocklisting for SSH access; these files are for authentication and host authenticity verification, respectively.
• B. Modifying cloud provider security rules to allow all connectors from the company's IP address would be a necessary step if the cloud provider firewall was blocking access, but the question states the server itself has blocklisted the IP, implying a server-side mechanism like TCP wrappers or fail2ban.
• D. Turning on SELinux and enabling the SSH context relates to mandatory access control and securing the SSH daemon, but it does not directly address or prevent an IP address from being blocklisted based on connection attempts.

Concept tested. TCP wrappers host-based access control

Reference. https://man7.org/linux/man-pages/man5/hosts.allow.5.html

No community discussion yet for this question.