CompTIA Security+ (SY0-501) — Question 845

A security administrator needs to address the following audit recommendations for a public-facing
SFTP server:
Users should be restricted to upload and download files to their own home directories only.
Users should not be allowed to use interactive shell login.
Which of the following configuration parameters should be implemented? (Choose two.).

Answer options

• A. PermitTunnel
• B. ChrootDirectory
• C. PermitTTY
• D. AllowTcpForwarding
• E. IgnoreRhosts

Correct answer: B, C

Explanation

The correct answers are B and C. 'ChrootDirectory' confines users to their home directories, adhering to the requirement of restricting file access. 'PermitTTY' disables interactive shell sessions, thereby preventing users from logging in interactively. The other options do not directly address the audit recommendations.