CompTIA Linux+ (XK0-005) — Question 202

The security team has identified a web service that is running with elevated privileges. A Linux administrator is working to change the systemd service file to meet security compliance standards. Given the following output:

[Unit]
Description=CompTIA server daemon
Documentation=man:webserver(8) man:webserver_config(5)

After=network.target -

[Service]

Type=notify -
EnvironmentFile=/etc/webserver/config
ExecStart=/usr/sbin/webserver -D $OPTIONS
ExecReload=/bin/kill -HUP SMAINPID

KillMode=process -

Restart=on-failure -

RestartSec=42s -

[Install]

WantedBy=multi-user.target -

Which of the following remediation steps will prevent the web service from running as a privileged user?

Answer options

• A. Removing the ExecStart=/usr/sbin/webserver -D $OPTIONS from the service file
• B. Updating the EnvironmentFile line in the [Service] section to /home/webservice/config
• C. Adding the User=webservice to the [Service] section of the service file
• D. Changing the multi-user.target in the [Install] section to basic.target

Correct answer: C

Explanation

The correct answer is C because adding the User=webservice directive specifies that the web service should run as a non-privileged user, enhancing security. Option A would not change the privilege level of the service, as it only removes the command to start it. Option B modifies the environment file location, but it does not address user permissions. Option D changes the target for service installation, which also does not impact the privilege level of the user executing the service.