XK0-005 Domain 2: Security

Which PAM module can deny login after failures?

Multiple choice — select one answer

Answer choices

  1. a. PermitRootLogin no in sshd_config
  2. b. ls -Z
  3. c. MaxAuthTries in sshd_config
  4. d. pam_tally2/faillock class

Architectural breakdown & explanation

Account lockout modules limit guessing.

Correct answer(s): d. pam_tally2/faillock class

Exam domain: Domain 2: Security (21% weight on the official guide).

Official documentation & study links

Practice this certification

This page is one question from the CompTIA Linux+ bank. Run a full timed practice exam with domain-weighted random questions in your browser.