From man sudo:

sudo allows a permitted user to execute a command as the superuser or
another user, as specified in the sudoers file. The real and effective
uid and gid are set to match those of the target user as specified in
the passwd file and the group vector is initialized based on the group
file (unless the -P option was specified). If the invoking user is
root or if the target user is the same as the invoking user, no pass‐
word is required. Otherwise, sudo requires that users authenticate
themselves with a password by default (NOTE: in the default configura‐
tion this is the user’s password, not the root password). Once a user
has been authenticated, a timestamp is updated and the user may then
use sudo without a password for a short period of time (15 minutes
unless overridden in sudoers).


From man sudoers:

NOPASSWD and PASSWD

By default, sudo requires that a user authenticate him or herself
before running a command. This behavior can be modified via the
NOPASSWD tag. Like a Runas_Spec, the NOPASSWD tag sets a default for
the commands that follow it in the Cmnd_Spec_List. Conversely, the
PASSWD tag can be used to reverse things. For example:

ray rushmore = NOPASSWD: /bin/kill, /bin/ls, /usr/bin/lprm

would allow the user ray to run /bin/kill, /bin/ls, and /usr/bin/lprm
as root on the machine rushmore as root without authenticating himself.
If we only want ray to be able to run /bin/kill without a password the
entry would be:

ray rushmore = NOPASSWD: /bin/kill, PASSWD: /bin/ls, /usr/bin/lprm

Note, however, that the PASSWD tag has no effect on users who are in
the group specified by the exempt_group option.
By default, if the NOPASSWD tag is applied to any of the entries for a
user on the current host, he or she will be able to run sudo -l without
a password. Additionally, a user may only run sudo -v without a pass‐
word if the NOPASSWD tag is present for all a user’s entries that per‐
tain to the current host. This behavior may be overridden via the ver‐
ifypw and listpw options.