The security administrator notices a user logging into a corporate Unix server remotely as root. Which of
the following actions should the administrator take?

A.
Create a firewall rule to block SSH

B.
Delete the root account

C.
Disable remote root logins

D.
Ensure the root account has a strong password

Explanation:
Remote users log in to Unix or Linux servers by using SSH. Although SSH is secure, allowing remote access
as root is a security risk.
One of the biggest security holes you could open on a Unix or Linux server is to allow directly logging in as
root through SSH, because any cracker can attempt to brute force your root password and potentially get
access to your system if they can figure out your password.
It’s much better to have a separate account that you regularly use and simply sudo to root when
necessary.
You should disable root ssh access by editing /etc/ssh/sshd_config to contain:
PermitRootLogin no
Incorrect Answers:
A: Blocking SSH would prevent all remote access to all servers using SSH. We do not want to disable all
SSH access; we just want to prevent remotely logging in to the UNIX server as root. Therefore, this answer
is incorrect.
B: You should never delete the root account. The root account is required by Unix. Therefore, this answer
is incorrect.
D: Ensuring the root account has a strong password is a good idea. However, this will not prevent
remotely logging in to the server as root. Therefore, this answer is incorrect.
http://www.howtogeek.com/howto/linux/security-tip-disable-root-ssh-login-on-linux/