Firstly thanks for setting up this excellent learning, practice and testing resource.
Coming to my issue, I got this task to disable root login. I used the simple option of disabling the root user’s shell by changing it to /sbin/nologin on all 3 servers. But i got a failed result giving the reason that sshd_config was not updated on stapp01. I guess it was expecting root logins from ssh based logins to be disabled through sshd_confg.
While the sshd option may be better, but disabling the root user shell also accomplished the objective stated in the task in my view. Just thought of checking with you.