Chapter 14 linux

Which of the following commands will change the SELinux security context of a file?

chcon

You want to determine whether your Linux workstation was able to get assigned an IP address from the DHCP server once you connected it to the network. Which of the following legacy commands might help you determine this

ifconfig eth0 Correct. The ifconfig command is a legacy command (modern systems are transitioning to using the ip command) that can be used to view or set an IP address on an ethernet interface.

Which of the following can you use to configure firewall rules for IPv6 on a Linux system?

ip6tables Correct. The ip6tables command can be used to configure firewall rules for IPv6 on a Linux system.

Which of the following commands will allow the root user to switch to another user account without having to enter that user account's password?

su

Which of the following commands allows a standard user to execute a single command as root without actually switching to the root account?

sudo

Which of the following options for the gpg command will specify the key that should be retrieved?

--recv-keys

Which of the following options for the gpg command will attempt to use the gpg agent and if it cannot will ask for a passphrase?

--use-agent

Which of the following options for the iptables command will delete all rules for all chains?

-F

Which of the following files does a TCP wrapper check before starting a network daemon?

/etc/hosts.allow and /etc/hosts.deny Correct. The TCP wrapper should check the /etc/hosts.allow and /etc/hosts.deny files before starting a network daemon.

On a system running SysV init, which of the following files can you edit to disable the ability to reboot by using the Ctrl+Alt+Delete key combination?

/etc/inittab Correct. On systems using SysV init, you can edit the /etc/inittab file to disable the ability to reboot a system by using the Ctrl+Alt+Delete key combination.

If someone tries to log into a system using a daemon account, but the daemon account does not have a valid shell assigned to it, they would normally see a standard warning. If you want to customize the error, which of the following files can you put a message in that will display upon an attempted login?

/etc/nologin.txt

Which of the following files contains the encrypted passwords for users on a modern Linux system by default

/etc/shadow

Where does the sudo command check to determine a user's privileges when they attempt to run the sudo command?

/etc/sudoers Correct. The /etc/sudoers file contains the configuration for user privileges for the sudo command.

Which of the following ports should you disable so that they no longer respond to network requests on a Linux system due to a lack of encryption? (Choose all that apply.)

21 23

Which of the following results from the nmap command would let an administrator know that they have an insecure service running on a Linux server?

23/tcp open telnet

Violet wants to configure an encrypted partition to mount when her workstation boots up. Which of the following should she do?

Configure /etc/crypttab to open the volume and then /etc/fstab to mount it.

Which of the following does the -r option for the gpg command specify?

Encrypt for the user id given.

Which of the following packages should be installed in order to integrate certain authentication functions with Microsoft's Active Directory?

Kerberos Correct. Kerberos is used by Active Directory and the package should be installed on Linux in order to integrate certain authentication functions.

When logging into a system, you are prompted to type in a code from a small token that you carry around with you. The code on this token constantly changes. What type of technology has been implemented

OTP Correct. A token has a constantly changing code that can be used as a One-Time Password.

Which of the following are examples of multifactor authentication?

Password and fingerprint reader Correct. A password is something you know and a fingerprint reader is something you are. Those are two different factors of authentication; thus, it is an example of multifactor authentication.

Which of the following is the default option for the kind of keys to be generated when using the gpg --gen-key command?

RSA and RSA

Which of the following is a protocol originally developed by Cisco that uses TCP to handle authentication, authorization, and accounting services?

TACACS+

Which of the following can you use to start network daemons in order to limit which computers are allowed to connect to the network service?

TCP Wrapper

When looking at the password-auth file on a Fedora system, you notice part of the syntax that says dcredit=3. What is the significance of this part of the configuration?

Users must use at least 3 characters as numbers in their passwords.

Which of the following is not a valid Apparmor command?

aa-trust

If a Linux system is running as a virtual machine, it may be using a bridge for the virtual network adapter within the virtual machine to the physical network adapter. Which of the following commands can be used to view or modify the bridge configuration used by the Linux kernel for your network adapter?

brctl Correct. The brctl command can be used to view or modify the bridge configuration used by the Linux kernel for a network adapter.

Which of the following commands will list the BIOS information about a device when it cannot otherwise be detected by a Linux system?

dmidecode

Which of the following commands can be used to view the quota for a user?

edquota -u jsmith Correct. The edquota command will show you the current quota while in edit mode

Which of the following commands can you use to list users who have been locked out by pam_faillock.so?

faillock Correct. The faillock command will list users who have been locked out by pam_faillock.so.

If you suspect that you have bad blocks on a filesystem, which of the following commands can be used to try and repair the filesystem?

fsck

Which of the following utilities can be used by a system administrator to determine which services are responding to network requests?

nmap

Which of the following permissions should a standard user have on the /etc/shadow file?

none of the above

Which of the following commands can be used to determine the round trip time that a packet takes to traverse a network connection?

ping Correct. The ping command can be used to determine the round trip time that a packet takes to traverse a network connection.

If a system appears to be having issues with performance for read and write operations to a hard disk, which of the following is not a valid scheduling method that you could try to improve performance?

testwr

When experiencing a network issue, you want to determine where the source of the problem is. Which of the three following commands can be used to determine whether there is an issue with a router in the normal route that the packets are attempting to take?

tracepath Correct. The tracepath command traces a path to a network host, discovering the MTU along this path. mtrCorrect. The mtr command combines the functionality of the traceroute and ping commands and is also known as My Traceroute. traceroute

Which of the following commands can be used for the command line version of a popular GUI-based program that is used to examine network traffic passing to and from a network interface?

tshark Correct. The tshark command is the command line, or terminal, version of Wireshark.

Which of the following commands can be used to force udev to reload new rules from the /etc/udev/rules directory? (Choose all that apply.)

udevadm control --reload udevadm control -R

Which of the following commands will allow an administrator to edit the list of permissions assigned to a user wanting to run the sudo command?

visudo