Chapter 12 Questions
Which of the following gpg options digitally sign documents?
--clearsign
You believe your GnuPG key pair has been compromised and should no longer be used. Which gpg command option can you use to create a key revocation certificate for the key pair?
--gen-revoke
Which chage option keeps a user from changing password every two weeks?
-m 33
What is the full path and filename of the file you should create to disable user login on a Linux system?
/etc/nologin
Which configuration file should you edit to enable Pluggable Authentication Modules (PAM) to check for a file named /etc/nologin
/etc/pam.d/login
What is the full path and filename of the file you should edit to limit the amount of concurrent logins for a specific user?
/etc/security/limits.conf
You need to configure which commands are allowed to be used with the sudo command. What is the full path and filename of the file you should edit?
/etc/sudoers
You would like to use SSH port tunneling to work on a remote system. You also need to ensure that all data that you send to the remote system is encrypted. Which SSH configuration option, in the /etc/ssh/sshd_config file, needs to be set to yes.
AllowTCPForwarding
What is the purpose of the find / type f -perm -o=x -ls command?
Audit files in the root directory that have execute permissions for others.
What is the purpose of the find / type f -perm -u=s -ls command?
Audit files in the root directory that have the SUID bit set.
What effect does the ulimit -t 600 command have on a Linux system?
Limits CPU time for a process to 10 minutes.
Within the /etc/security/limits.conf file, you notice the following entry: @guests hard maxlogins 3
Limits the number of max logins from the guest group to three.
You are the only Linux administrator for a very small company. You are constantly asked to fix one problem or another as they occur. How should you log in to the system each morning?
Logon as a regular user, then use su as needed to solve problems.
What is the name of the hash function used to verify the public key for an SSH connection?
MD5
You want to enable public key authentication on the server. Which option in the /etc/ssh/sshd_config file needs to be set?
PubkeyAuthentication yes
You believe your GnuPG key pair has been compromised and should no longer be used. Which two steps must you take to revoke a public key on a key server? (Select two.)
Send the revoked key to the key server. Revoke the key on a local system using the key revocation certificate.
What is the effect of the following command? chage -M 60 -W 10 jsmith
Sets the password for jsmith to expire after 60 days and gives a warning 10 days before it expires.
What is the purpose of the -N option in this command? ssh -f -N -L 2345:mail.mydomain.com:110 [email protected]
To ensure that SSH does not execute a remote command.
You created a GPG key pair and you used JJones as the real name during the key generation process. Your current working directory contains a file named Payroll.txt that contains sensitive information.
What do you enter at the command prompt to encrypt the Payroll.txt file? gpg -e -r JJones Payroll.txt What is the name of the file that will be generated when you encrypt the Payroll.txt file? Payroll.txt.gpg
When configuring the SSH daemon using the /etc/ssh/sshd_config file, which options can be set to either prevent or allow unrestricted access to all GUI features on the client? (Select two.)
X11Forwarding ForwardX11Trusted
Login blocking is enabled using the Pluggable Authentication Modules (PAM) module. Type the line that needs to be in the /etc/pam.d/login file to configure PAM to check and see if a file named /etc/nologin exists?
auth requisite pam_nologin.so
What chage command should you enter at the command prompt to set the password for jsmith to expire after 60 days and gives a warning 10 days before it expires?
chage -M -W 10 jsmith
You have used su to switch to the root user account to do system administration tasks. You now want to revert back to your regular user account. Which command should you use?
exit
Which utility should you use to encrypt emails, digitally sign emails, and encrypt documents?
gpg
Which keys are generated when you execute the ssh-keygen command with no options? (Select two.)
id_rsa.pub id_rsa
You are limiting the total amount of memory a user can use when they use the X Windows System. Which of the following limit keywords should you use?
rss
Which daemon, or service, provides port tunneling to encrypt non-secure protocols such as email and X server traffic?
ssh
Which ssh option should you enter at the command prompt to set up an SSH tunnel for X server traffic?
ssh -X
As you configure your client for public key authentication, you decide to generate the DSA key pair. You would like to configure the client to automatically provide the private key passphrase when needed so that you do not need to type the passphrase for every new SSH connection to a server. Which command should you use in conjunction with the ssh-agent bash command?
ssh-add ~/.ssh/id_dsa
When configuring public key authentication on your client system, which command enables the passphrase agent?
ssh-agent bash
You are currently logged in using the badams account. You want to view the contents of the /etc/inittab file, but you are not allowed to with the badams account. Which command could you use to view the file?
su -c "cat /etc/inittab" -l
You have logged in as a regular user when a frantic phone call comes in. The ABCD process must be started on the server now, but can only be run by root. Which command would you use to start this process?
sudo ABCD
PAM is configured on your system to look for the presence of the nologin file in the /etc directory. If the nologin file exists, user login is disabled and only the root user can log in. If your current working directory is root's home directory, which command would you enter to quickly create an empty nologin file in the /etc directory?
touch /etc/nologin
What do enter at the command prompt to prevent the shell from using too much of the system's resources?
ulimit
What do you enter at the command prompt to edit the /etc/sudoers file?
visudo
You need to block all users from logging in to the Linux system while you resolve a serious issues. You first need to force all active users to logout. Type the command you would enter to display a list of all active users?
w