Final Exam Review Operating System Security
What user account information can be found in the /etc/passwd file?
The user's basic information, such as the default login shell
The primary boot loaders in Linux are Grand Unified Bootloader (GRUB) and Linux Loader (LILO).
True
The term "attack surface" indicates the total number of vulnerabilities a system might have.
True
Using the sudo command to issue command is typically safer than logging in as the root user.
True
Smoke detectors, log monitors, and system audits are examples of:
detective controls
The C-I-A Triad (confidentiality, availability, and integrity) make up the three:
goals of information security
A runlevel provides information to ______ about what it should be doing as it starts the system up.
init program
In the shadow password suite, user access to the /etc/shadow file is limited to the root administrative user.
True
One benefit of open source code is the ability to learn what the code does and how the program operates.
True
Pluggable authentication modules (PAM) allows users to be authenticated with local password stores and by way of network authentication, using facilities like Network Information Service (NIS) and the Lightweight Directory Access Protocol (LDAP).
True
The C-I-A triad is the core and defining set of concepts with respect to information security.
True
The Linux open source license allows anyone to use, modify, and improve the source code.
True
_______ is a service that starts up and remains running in the background.
A daemon
What is the best definition of a bastion?
A fortified place
________ is the software that manages and runs virtual machines.
A hypervisor
A denial of service (DoS) attack jeopardizes which tenet of the C-I-A triad?
Availability
In a Linux system, _________ is responsible for locating the kernel and loading it into memory so it can run.
Boot loader
When trying to crack password hashes, what three types of attacks are typically used:
Brute force, dictionary attack, rainbow tables
What does CVSS stand for?
Common Vulnerability Scoring System
Keeping secrets is the essence of which tenet of the C-I-A triad?
Confidentiality
Which of the following refers to the assurance that information can be accessed and viewed only by authorized users?
Confidentiality
What is the philosophy behind the tenant of defense-in-depth?
Defense-in-depth means applying overlapping and layered security defenses so that if one layer is bypassed or compromised another layer still provides protection against attack.
In the shadow password suite, the /etc/passwd file may store a hashed password for a group.
False
Ensuring that the data that is sent is the data that is received describes which tenet of the C-I-A triad?
Integrity
The assurance that information can be modified only by authorized users is referred to as:
Integrity
In Linux, software for network services, graphical user interfaces (GUIs), language compilers, and many other kinds of software typically come in bundles referred to as _______.
Packages
Given the following services, which service would start first?
S05loadcpufreq
In the shadow password suite, the /etc/group file contains basic information for each group account.
True
Why is it important to secure an operating system?
To protect against attack
A hardened Linux system typically contains fewer packages to be monitored for updates in case vulnerabilities are found in the software.
True
A threat vector describes a way for an attacker to get into a system.
True
In a Linux system, a smaller number of packages means a smaller surface area for attack.
True
In the Linux operating system, the kernel interfaces with the hardware to manage memory and file systems and make sure programs are run.
True
Apache is a popular type of _____________.
Web server package
Procedural controls are also referred to as:
administrative controls
The collection of all possible vulnerabilities that could provide unauthorized access to computer resources is called the:
attack surface