CSCI 3602 Quizes
True
A chroot jail is a special way of confining a program to a specific part of the filesystem.
The user owner of the file
A discretionary access control for a file is a control mechanism that is set by _______.
An administrative tool
A polkit mechanism includes a subject, an object, and an action. Which of the following is the subject?
True
A rainbow table is a set of precomputed stored hashes that are mapped to a plaintext password.
False
Assuming a demilitarized zone (DMZ) is configured, there's no need to set up a separate firewall between the DMZ network and the internal network.
Red Hat Package Manager (RPM) and Yellowdog Update, Modified (yum)
What does Red Hat Enterprise Linux use to install software packages?
A Web Server
What is Apache?
An intrusion detection service
What is Snort?
You can upgrade the distribution at a later date with little risk to user files.
What is a valid reason for setting up the /home/ directory as a separate filesystem?
Printing
What is the CUPS service associated with?
Hardware or software capable of blocking networking communications based on established criteria, or rules
What is the best definition of a firewall?
Logprof.conf
What is the primary AppArmor configuration file?
To allow all incoming ICMP messages
What is the purpose of the following iptables command? iptables -A Firewall-INPUT -p icmp --icmp-type any -j ACCEPT
True
When configuring obscure ports for a service, configuring different ports for clients and servers is not enough. You also need to configure an open port in the firewall.
True
Pluggable authentication modules (PAM) offers a number of ways for users to be authenticated on a Linux system.
False
Pluggable authentication modules (PAM) solves administrative permission problems by providing higher-level functions without having the whole program gain administrative access.
Denies access to all daemons from all clients
A server has the following TCP Wrappers configuration: /etc/hosts.deny ALL : ALL What is the result of this configuration?
True
A server on a demilitarized zone (DMZ) network may serve data to users on the Internet.
True
Pluggable authentication modules (PAM) allows users to be authenticated with local password stores and by way of network authentication, using facilities like Network Information Service (NIS) and the Lightweight Directory Access Protocol (LDAP).
Nonrepudiation
Which of the following is usually about preventing a party involved in a transaction from denying that the transaction occurred?
The FTP service is allowed to interact with directories other than users' home directories.
Which of the following represents a type of mandatory access control?
Wired Equivalent Privacy (WEP)
Which of the following should no longer be used because of weak security?
Linus Torvalds
Who developed and released the first Linux operating system?
True
Wireless encryption algorithms such as WPA and WPA2 may be cracked if they use weak pre-shared keys based on dictionary words.
/tmp
With which directory is the sticky bit most commonly associated?
True
You can configure the /boot/ directory as a separate filesystem.
Virtual Platform
A Linux distribution typically does NOT include which of the following?
True
After configuring quotas on a Linux system, you can use the edquota command to edit the quota of a specific user.
Web server package
Apache is a popular type of _____________.
False
Demilitarized zone (DMZ) networks replace internal private networks.
Samba
If a share on a Microsoft Windows host needs to mount on the Linux filesystem, which network service would typically be used?
True
In Linux, every user and group has a user ID (UID) and group ID (GID) number.
True
In Linux, three major services that network files and folders are the Network File System (NFS), Samba, and the File Transfer Protocol (FTP).
False
In Linux, you cannot encrypt individual partitions.
False
It is a best practice to run administrative commands as the root user.
Confidentiality
Keeping secrets is the essence of which tenet of the C-I-A triad?
Any software based on GPLed software retains the same rights as the original software.
The Linux open source license, referred to as GNU General Public License (GPL), requires which of the following?
False
The Red Hat Security Level Configuration tool is used to configure SELinux.
monolithic
The _________ part of the kernel contains drivers and options essential to the kernel boot process.
True
The cron and at services enable you to schedule tasks in Linux.
A hardened system usually has more packages to update than an unhardened system
The following are true of system hardening EXCEPT:
True
The iptables -R command replaces a rule in a chain of rules.
False
The ls -p command displays file and folder permissions.
True
Web sites use the standard TCP/IP port 80 to serve unencrypted Web pages.
Booleans
______ are the on/off settings in SELinux that allow or deny access for a service to interact with an object.
Pluggable authentication modules (PAM)
Linux implements _________ to determine how a user is to be authenticated and whether there are password policies associated with password databases.
True
The iptables -j DROP and -j REJECT command options both drop packets.
False
The iptables -s <ip_address> rule is applied to packets that come from the noteddestination address.
False
Whereas the cron service is a scheduler for jobs to be run on a one-time basis, the at service is a scheduler for jobs to be run on a regular basis.
Sealert -b
Which command starts the SELinux Troubleshooter?
/tmp/
Which directory renders many applications unusable, including logging into the graphical user interface (GUI), if the space allocated to the /tmp/ filesystem is full?
Root ALL=(ALL)ALL
Which entry in the standard /etc/sudoers file gives the root administrative user full privileges through sudo?
Boolean
Which file permission is NOT an example of discretionary access control?
/boot/
Which filesystem is a good candidate for mounting in read-only mode?
visudo
Which of the following commands is used to edit the /etc/sudoers file?
Samba
Which of the following enables a Linux system to be used as a Windows domain controller to authenticate Windows users?
/etc/sudoers
Which of the following files is NOT a part of the shadow password suite?
Allow
Which of the following is NOT an SELinux mode?
Fedora
Which of the following is the development distribution for Red Hat?