I successfully completed the Disable Root Login challenge eventhough I could not verify that it was correct before I clicked Submit. Indeed after I uncommented and changed PermitRootLogin to no in /etc/ssh/sshd_config on stapp01 and restarted the service there, I tried to verify that this was correct by running ssh root@stapp01. I expected to get outright Access Denied but I still got the password prompt.
Is there a better way to verify this?