XK0-005 Domain 2: Security

Which tool scans packages for known CVEs?

Multiple choice — select one answer

Answer choices

  1. a. vendor scanner / trivy on packages
  2. b. PermitRootLogin no in sshd_config
  3. c. firewalld (nftables backend)
  4. d. SELinux

Architectural breakdown & explanation

Package scanners match versions to CVE databases.

Correct answer(s): a. vendor scanner / trivy on packages

Exam domain: Domain 2: Security (21% weight on the official guide).

Official documentation & study links

Practice this certification

This page is one question from the CompTIA Linux+ bank. Run a full timed practice exam with domain-weighted random questions in your browser.