A Linux operations team needs to run a nightly script that restarts one service and archives its logs on 60 servers. Security does not want an administrator to log in interactively, and the script should have only the permissions needed for that job. What is the best approach?

Use the root account so the job never fails.

Root access is far broader than necessary and violates least privilege for a repeatable maintenance task.

Store an administrator's SSH key inside the script.

Embedding privileged credentials in a script is unsafe, hard to audit, and creates a high-value secret exposure risk.

Have an operator log in and run the commands manually each night.

Manual execution is slower, less repeatable, harder to audit, and increases the chance of inconsistent results or missed runs.

What does this SY0-701 question test?

Authentication checks who the user is.

What is the correct answer to this question?

The correct answer is: Create a dedicated service account with only the delegated rights needed, and run the script as a scheduled job. — The best approach is a dedicated service account with only the rights needed for the specific maintenance job, executed through a scheduled automation mechanism. That design avoids interactive logins, makes the task repeatable, and limits the blast radius if credentials are ever exposed. Security+ expects least-privilege thinking here: the account should be able to restart that service and archive those logs, but nothing more. Automation should be controlled, not overprivileged. Why others are wrong: Using root grants excessive privilege. Storing an administrator SSH key in the script is insecure and difficult to manage. Manual logins are not scalable, are harder to audit, and introduce more operational error than a scheduled, delegated workflow.

What should I do if I get this SY0-701 question wrong?

Then try more questions from the same exam bank and focus on understanding why the wrong options are tempting.