CSCI 3602 Quizes

¡Supera tus tareas y exámenes ahora con Quizwiz!

Which of the following is NOT an SELinux mode?

Allow

A polkit mechanism includes a subject, an object, and an action. Which of the following is the subject?

An administrative tool

What is Snort?

An intrusion detection service

The Linux open source license, referred to as GNU General Public License (GPL), requires which of the following?

Any software based on GPLed software retains the same rights as the original software.

Which file permission is NOT an example of discretionary access control?

Boolean

______ are the on/off settings in SELinux that allow or deny access for a service to interact with an object.

Booleans

A server has the following TCP Wrappers configuration: /etc/hosts.deny ALL : ALL What is the result of this configuration?

Denies access to all daemons from all clients

What is the best definition of a firewall?

Hardware or software capable of blocking networking communications based on established criteria, or rules

What is the CUPS service associated with?

Printing

A chroot jail is a special way of confining a program to a specific part of the filesystem.

True

A rainbow table is a set of precomputed stored hashes that are mapped to a plaintext password.

True

A server on a demilitarized zone (DMZ) network may serve data to users on the Internet.

True

After configuring quotas on a Linux system, you can use the edquota command to edit the quota of a specific user.

True

In Linux, every user and group has a user ID (UID) and group ID (GID) number.

True

In Linux, three major services that network files and folders are the Network File System (NFS), Samba, and the File Transfer Protocol (FTP).

True

Pluggable authentication modules (PAM) allows users to be authenticated with local password stores and by way of network authentication, using facilities like Network Information Service (NIS) and the Lightweight Directory Access Protocol (LDAP).

True

Pluggable authentication modules (PAM) offers a number of ways for users to be authenticated on a Linux system.

True

The cron and at services enable you to schedule tasks in Linux.

True

The iptables -R command replaces a rule in a chain of rules.

True

The iptables -j DROP and -j REJECT command options both drop packets.

True

Web sites use the standard TCP/IP port 80 to serve unencrypted Web pages.

True

When configuring obscure ports for a service, configuring different ports for clients and servers is not enough. You also need to configure an open port in the firewall.

True

Wireless encryption algorithms such as WPA and WPA2 may be cracked if they use weak pre-shared keys based on dictionary words.

True

You can configure the /boot/ directory as a separate filesystem.

True

A Linux distribution typically does NOT include which of the following?

Virtual Platform

What is a valid reason for setting up the /home/ directory as a separate filesystem?

You can upgrade the distribution at a later date with little risk to user files.

Which of the following commands is used to edit the /etc/sudoers file?

visudo

Which filesystem is a good candidate for mounting in read-only mode?

/boot/

Which of the following files is NOT a part of the shadow password suite?

/etc/sudoers

With which directory is the sticky bit most commonly associated?

/tmp

Which directory renders many applications unusable, including logging into the graphical user interface (GUI), if the space allocated to the /tmp/ filesystem is full?

/tmp/

What is Apache?

A Web Server

The following are true of system hardening EXCEPT:

A hardened system usually has more packages to update than an unhardened system

Keeping secrets is the essence of which tenet of the C-I-A triad?

Confidentiality

Assuming a demilitarized zone (DMZ) is configured, there's no need to set up a separate firewall between the DMZ network and the internal network.

False

Demilitarized zone (DMZ) networks replace internal private networks.

False

In Linux, you cannot encrypt individual partitions.

False

It is a best practice to run administrative commands as the root user.

False

Pluggable authentication modules (PAM) solves administrative permission problems by providing higher-level functions without having the whole program gain administrative access.

False

The Red Hat Security Level Configuration tool is used to configure SELinux.

False

The iptables -s <ip_address> rule is applied to packets that come from the noteddestination address.

False

The ls -p command displays file and folder permissions.

False

Whereas the cron service is a scheduler for jobs to be run on a one-time basis, the at service is a scheduler for jobs to be run on a regular basis.

False

Which of the following is the development distribution for Red Hat?

Fedora

Who developed and released the first Linux operating system?

Linus Torvalds

What is the primary AppArmor configuration file?

Logprof.conf

Which of the following is usually about preventing a party involved in a transaction from denying that the transaction occurred?

Nonrepudiation

Linux implements _________ to determine how a user is to be authenticated and whether there are password policies associated with password databases.

Pluggable authentication modules (PAM)

What does Red Hat Enterprise Linux use to install software packages?

Red Hat Package Manager (RPM) and Yellowdog Update, Modified (yum)

Which entry in the standard /etc/sudoers file gives the root administrative user full privileges through sudo?

Root ALL=(ALL)ALL

If a share on a Microsoft Windows host needs to mount on the Linux filesystem, which network service would typically be used?

Samba

Which of the following enables a Linux system to be used as a Windows domain controller to authenticate Windows users?

Samba

Which command starts the SELinux Troubleshooter?

Sealert -b

Which of the following represents a type of mandatory access control?

The FTP service is allowed to interact with directories other than users' home directories.

A discretionary access control for a file is a control mechanism that is set by _______.

The user owner of the file

What is the purpose of the following iptables command? iptables -A Firewall-INPUT -p icmp --icmp-type any -j ACCEPT

To allow all incoming ICMP messages

Apache is a popular type of _____________.

Web server package

Which of the following should no longer be used because of weak security?

Wired Equivalent Privacy (WEP)

The _________ part of the kernel contains drivers and options essential to the kernel boot process.

monolithic


Conjuntos de estudio relacionados

Entrepreneurial Thinking Final Exam

View Set

A&P 106: Chapter 5 - Integumentary System

View Set

Electrical apprenticeship year 1- exam 2 prep

View Set