CompTIA SecurityX (CAS-005) — Question 268

A security engineer is building a solution to disable weak CBC configurations for remote access connections to Linux systems. Which of the following should the security engineer modify?

Answer options

• A. The /etc/openssl.conf file, updating the virtual site parameter
• B. The /etc/nsswitch.conf file, updating the name server
• C. The /etc/hosts file, updating the IP parameter
• D. The /etc/sshd/ssh_config file, updating the ciphers

Correct answer: D

Explanation

The correct answer is D because the /etc/sshd/ssh_config file is where SSH configurations, including ciphers, are specified for secure remote connections. Options A, B, and C do not pertain to SSH configurations or ciphers, thus they would not effectively disable weak CBC configurations for remote access.