CompTIA CASP+ (CAS-003) — Question 163

A security analyst is troubleshooting a scenario in which an operator should only be allowed to reboot remote hosts but not perform other activities. The analyst inspects the following portions of different configuration files:
Configuration file 1:

Operator ALL=/sbin/reboot -
Configuration file 2:
Command=`/sbin/shutdown now`, no-x11-forwarding, no-pty, ssh-dss
Configuration file 3:
Operator:x:1000:1000::/home/operator:/bin/bash
Which of the following explains why an intended operator cannot perform the intended action?

Answer options

• A. The sudoers file is locked down to an incorrect command
• B. SSH command shell restrictions are misconfigured
• C. The passwd file is misconfigured
• D. The SSH command is not allowing a pty session

Correct answer: D

Explanation

The correct answer is D because without a pty (pseudo-terminal) session, the operator cannot execute interactive commands like rebooting. Option A is incorrect as the sudoers file grants the necessary permission, B is wrong since the SSH command shell restrictions do not directly prevent the reboot, and C does not impact the operator's ability to execute the reboot command.