4612 Final (ONLY STUDY THE STARRED STUFF)

¡Supera tus tareas y exámenes ahora con Quizwiz!

Which of the following uses the ping command to display a list of active systems on a network?

nmap -sP 10.0.0.0/8

Regarding SELinux, which of the following files includes lists of critical files and services to be watched for changes?

sestatus.conf

An executable file with the _________ allows other users to run that command, with the permissions assigned to that user owner.

set user ID (SUID) bit

Which command do you use to apply administrative privileges to another command without logging in as root? su -a, su -c, su -f, or su -h

su -c

In a Linux system, _________ is responsible for locating the kernel and loading it into memory so it can run.

the boot loader

The read, write, and execute permissions of a file are an example of a ________.

discretionary access control

Linux unified key setup (LUKS) is a specification for ________.

disk encryption

Fedora and Ubuntu are examples of ______.

distributions

What is the primary AppArmor configuration file?

logprof.conf

Which file permission is NOT an example of discretionary access control? 1) Read 2) Write 3) Execute 4) Boolean

Boolean

Whereas the cron service is a scheduler for jobs to be run on a one-time basis, the at service is a scheduler for jobs to be run on a regular basis. True or False?

False

Each line in a ____ configuration file is set up in the following format: module_type control_flag module_file (arguments)

PAM

GNOME and KDE are __________.

graphical desktop environments

Which of the following control flags used in pluggable authentication modules (PAM) approves user access assuming that there are no previous failures?

sufficient

A discretionary access control for a file is a control mechanism that is set by _______.

the user owner of the file

Lightweight Directory Access Protocol (LDAP) uses an encryption certificate to avoid transmitting passwords over a network in cleartext. True or False?

true

Which mounting option enables user quotas on a filesytem? 1) usrquota 2) enable quotas 3) edquota 4) rw

usrquota

Which of the following is associated with wireless intrusion detection system (WIDS)?

Wi-Fi Protected Access (WPA)

Which of the following should no longer be used because of weak security?

Wired Equivalent Privacy (WEP)

What is a valid reason for setting up the /home/ directory as a separate filesystem?

You can upgrade the distribution at a later date with little risk to user files.

The iptables program is used to configure ___________.

a firewall

The /usr/ directory contains programs that are generally accessible to all users. This directory can be secured by mounting it ______.

as read-only

You set up an FTP server and configured it to allow users to access their home directories. Which directive should you also include in the configuration file for security purposes?

chroot_local_user = YES

Console kit packages, such as polkit, contain three primary commands. Which of the following is NOT included? ck-permissions, ck-history, ck-list-sessions, ck-launch-session

ck-permissions

You want to allow members of the users group to use fdisk on the /dev/sda drive (and only that drive) and to use the yum command to update and install packages. Which command do you run?

%users ALL=/sbin/fdisk /dev/sda, /usr/bin/yum

The Linux open source license, referred to as GNU General Public License (GPL), requires which of the following?

Any software based on GPLed software retains the same rights as the original software

A server has the following TCP Wrappers configuration: /etc/hosts.deny ALL : ALL What is the result of this configuration?

Denies access to all daemons from all clients

Which of the following is an open source license? GNU General Public License (GPL), C-I-A, Red Hat, or Unix

GNU General Public License (GPL)

What can you use to ensure the integrity of a downloaded package?

GNU Privacy Guard (GPG) keys

Ensuring that the data that is sent is the data that is received describes which tenet of the C-I-A triad?

Integrity

You want to find out which ports are associated with certain TCP/IP services. Which organization specifies default port numbers and protocols for thousands of services?

Internet Assigned Numbers Authority (IANA)

What does Red Hat Enterprise Linux use to install software packages?

Red Hat Package Manager (RPM) and Yellowdog Update, Modified (yum)

A user needs access to execute networking-related commands only. What type of access should be granted using the principle of least privilege?

The user should be given sudo access to NETWORKING.

Which Linux partition type is used for standard partitions with data?

83

Which of the following is usually about preventing a party involved in a transaction from denying that the transaction occurred?

Nonrepudiation

What is the CUPS service associated with?

Printing

A rainbow table is a set of precomputed stored hashes that are mapped to a plaintext password. True or False?

True

Alternate attack vectors include connections through telephone modems and serial ports. True or False?

True

The GRUB configuration file is generally located in the ______ directory.

/boot/

Which file is used to configure the various mounting options of a filesystem upon boot?

/etc/fstab

Configuring a user account policy with minimum password length, maximum days for using a password, and various user logins can be performed by editing the ________ file.

/etc/login.defs

From which of the following files does the iptables command read ports of well-known services?

/etc/services

Which of the following files is NOT a part of the shadow password suite? 1) /etc/shadow 2) /etc/group 3) /etc/passwd 4) /etc/sudoers

/etc/sudoers

Which directory renders many applications unusable, including logging into the graphical user interface (GUI), if the space allocated to the /tmp/ filesystem is full?

/tmp/

You used a protocol analyzer to capture some network traffic. You want to focus on FTP traffic. What port should be used?

21

You used a protocol analyzer to capture some network traffic. You want to focus on FTP traffic. Which port number do you include in the filter?

21

What is Apache?

A Web server

What is the best definition of a bastion?

A fortified place

________ is the software that manages and runs virtual machines.

A hypervisor

What is a salt?

A value added to a hash

Which of the following is NOT an SELinux mode?

Allow

A polkit mechanism includes a subject, an object, and an action. Which of the following is the subject?

An administrative tool

What is Snort?

An intrusion detection service

What is Tripwire?

An intrusion detection system

What does the Parkerian hexad include that the C-I-A triad does not?

Authenticity

A denial of service (DoS) attack jeopardizes which tenet of the C-I-A triad?

Availability

The ls -p command displays file and folder permissions. True or False?

False

Keeping secrets is the essence of which tenet of the C-I-A triad?

Confidentiality

A black-hat can use Van Eck phreaking to exploit which of the following?

Electromagnetic output from CRT and LCD monitors

Assuming a demilitarized zone (DMZ) is configured, there's no need to set up a separate firewall between the DMZ network and the internal network. True or False?

False

The identifiers ext4, FAT32, and NTFS are types of kernels. True or False?

False

The iptables -s <ip_address> rule is applied to packets that come from the noteddestination address. True or False?

False

Which of the following is the development distribution for Red Hat? Fedora, Ubuntu, Mint, Debian

Fedora

What is the best definition of a firewall?

Hardware or software capable of blocking networking communications based on established criteria, or rules

What are the advantages of virtualization in a Linux infrastructure? I. Cost savings by purchasing less hardware II. Managing a single physical system with many different functions III. Managing several physical systems each with a unique function

I, II, and III are correct

Which of the following is NOT true of Nessus? -Can perform local scans -Can perform remote scans -Is released under an open source license -Is available through a Web browser

Is released under an open source license

The following are true of system hardening EXCEPT: 1) A hardened system is more resistant to attack. 2) It involves removing all but the most critical users from the system. 3) A hardened system usually has more packages to update than an unhardened system. 4) It involves ensuring permissions are restricted on files and directories.

It involves removing all but the most critical users from the system.

Which tool is generally NOT used to decrypt and test passwords? RainbowCrack, Nessus, Hydra, or John the Ripper

Nessus

Which of the following is the best choice for network authentication?

Network Information Service (NIS)

Which of the following is true regarding open source software versus commercial software?

Open source projects put their source code out on the open Internet at public repositories.

Which of the following statements is true about using a mandatory access control system on Linux?

Properly setting up a mandatory access control system requires discipline and configuration knowledge.

What defines the services to be run in Linux?

Runlevel

The security test tool SAINT began as the open source version of __________.

SATAN

The default mandatory access control system used for Red Hat distributions is ______.

SELinux

Postfix and Exim are types of _____________.

SMTP server packages

Which of the following enables a Linux system to be used as a Windows domain controller to authenticate Windows users? 1) Samba 2) A modular kernel 3) GRUB 4) LILO

Samba

Which of the following represents a type of mandatory access control? 1) A user cannot open the /etc/shadow file to read because the file is owned by user and group root. 2) The FTP service is allowed to interact with directories other than users' home directories. 3) A user gives a group permission to read the /var/log file. 4) A user can give read, write, and execute permissions to a file.

The FTP service is allowed to interact with directories other than users' home directories.

What is Canonical?

The company behind Ubuntu

You run the encrypt-setup-private command to encrypt a user directory. What is one thing you are prompted to enter?

The login passphrase

What user account information can be found in the /etc/passwd file?

The user's basic information, such as the default login shell

What is the purpose of the following iptables command? iptables -A Firewall-INPUT -p icmp --icmp-type any -j ACCEPT

To allow all incoming ICMP messages

Cron is a service for running administrative jobs on a regular basis. True or False?

True

Files on a device are accessible only when they're mounted on a Linux directory. True or False?

True

If the kernel file is overwritten with a binary that doesn't work or if the file is erased, the system won't boot again until the kernel file is replaced. True or False?

True

In Linux, three major services that network files and folders are the Network File System (NFS), Samba, and the File Transfer Protocol (FTP). True or False?

True

Pluggable authentication modules (PAM) offers a number of ways for users to be authenticated on a Linux system. True or False?

True

The cron and at services enable you to schedule tasks in Linux. True or False?

True

The iptables -R command replaces a rule in a chain of rules. True or False?

True

The iptables -j DROP and -j REJECT command options both drop packets. True or False?

True

The most common standard for file encryption on Linux is based on GNU Privacy Guard (GPG). True or False?

True

When configuring obscure ports for a service, configuring different ports for clients and servers is not enough. You also need to configure an open port in the firewall. True or False?

True

Wireless encryption algorithms such as WPA and WPA2 may be cracked if they use weak pre-shared keys based on dictionary words. True or False?

True

You can use specific iptables rules to prevent denial of service (DoS) attacks. True or False?

True

You want to use TCP Wrappers to protect services dynamically linked to libwrap.so.0. Which command do you run to determine if a dynamic link already exists between the noted service and TCP Wrappers?

ldd

Suppose a scanner discovers a new port, 8888, which is open on a Web server. Which one of the following commands will provide information on the particular network-related process that has opened the port?

lsof -ni

Which command formats all Linux filesystems, Microsoft VFAT, and NTFS filesystems?

mkfs

The _________ part of the kernel contains drivers and options essential to the kernel boot process.

monolithic

Which command is associated with netcat, a service that reads and writes over network connections?

nc

Linux implements _________ to determine how a user is to be authenticated and whether there are password policies associated with password databases.

pluggable authentication modules (PAM)

Which command starts the SELinux Troubleshooter?

sealert -b


Conjuntos de estudio relacionados

Occ Med Spec Boards - Clinical Patient Care

View Set

panOpen: The Cellular Level of Organization (Ch. 3)

View Set

CH 17 Uterus and Vagina Review Questions

View Set

Chapter 21: Nursing Care of the Child With an Alteration in Urinary Elimination/Genitourinary Disorder

View Set