Packy Test2

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Which of the following statements is TRUE concerning Linux the primary group of a file.

A Linux file may have only one Linux primary group

Which of the following statements BEST describes the differences between a Linux file type and a Linux file permission?

A Linux file type determines the major structure or a file; whereas, a Linux file permission provides security protection to those who may use a file.

To facilitate the practical design of Linux file permission security, Linux groups are used. Normally, one or multiple Linux users may be members of a Linux groups. Which of the following statements is TRUE concerning Linux group membership.

A Linux user may be a member of as many Linux groups as the Linux file permission security design requires.

Which of the following statements BEST describes the concept of an API?

A customized format and protocol used to communicate and interact between applications

Which of the following statements BEST describes the concept of an Web service or Restful?

A customized format and protocol used to communicate and interact between applications

Which of the following BEST describes concept of a Linux file permission?

A file permission restricts the users and groups and the functions that may be used on a file or directory.

Concerning the group and user owner of a file, which of the following statements is false?

A user can have as many primary groups as they wish.

Which of the following is NOT an example of a special permission?

AUID

All of the following statements are examples of memory forensic data, except:

Captured packets

Which of the following is not a reason for creating a file link?

Creating two copies of the same file.

Which of the following statements BEST describes the concept of fingerprint log analysis?

Creation of a log catalog or scenario based on complex log patterns and activities to be used for future analysis.

All of the following are valid reasons for separating data, e.g., HTML documents, from application binaries and configuration files, e.g., httpd and httpd.conf, except

Data needs to visible, while daemons, applications and configuration files are normally hidden

All of the following are valid reasons to assign users a separate home directory from the programs and utilities the user may execute, except

Either b or d

All of the following statements are TRUE concerning "at-rest/dead-box" forensics investigations, except

Frequently is used to analyze of packet captures stored on pcap files.

Concerning the setting of special permissions, which of the following statements is TRUE?

In addition of setting special permissions, a file or directory must be set to executable (x) in order for the special permission to be effective

Which of the following statements BEST describes the concept of "interoperability"?

In the Network data payload

An Apache Tomcat and Axis server is used to transport web service or Restful APIs. During network transmission where is the transport web service or Restful APIs stored and the content may be forensically analyzed by Wireshark?

In the Network data payload Which of the following statements BEST compares the differences between and Apache HTTP server and an

A Linux inode is similar to a Windows ______.

Master File Table

In a file's mode, if a permission is unavailable, a(n) ____ character replaces its position in the mode.

-

Using the ls -l command, you see many files that have file types of b or c. The directory that you are currently viewing is most likely

/dev

Log files are typically stored in the ____ directory.

/var/log

According to Phil Hagan's video (SANS) opinion, which of the following statements BEST describes the MOST significant challenge to network forensic analysis?

Not capturing or storing a critical malicious frame or packet as it travels across a network.

Which of the following permission modes apply to all users on the Linux system who are not the owner of the file or directory in question and are not members of the group assigned to the file or directory.

Other

All of the following statements describes the features and benefits of Splunk, except?

Provides low-cost and open source alternatives for smaller companiese, Reduces log storage requirements by indexing events.

All of the following statements describes the features and benefits of SYSLOG, except?

Provides standard to format log message form any type of device

All of the following network forensic sources evidence are likely to be used during an investigation to analyze a CAD file or database, was accessed and was successfully copied to a foreign IP address, EXCEPT Selected Answer: [None Given]

Review the authentication log of server storing the sensitive evidence.

The practice of automatically create a private group using the same name of the user account is called?

SELinux

A directory has the mode of drwxrwSr-x. Which special permission has been set?

SGID

Which on the following special permissions should be set that enables any file within a directory to inherit the primary group of the directory and is used to create shared directories?

SGID

A file has the mode of -rwS--x--x . Which special permission has been set?

SUID

Which on the following special permissions should be set that users can execute programs by letting a user become the temporary owner of the program?

SUID

All of the following statements are TRUE concerning memory forensics investigations, except

Similar to dead-box analysis, a memory dump will protect the integrity of forensic evidence by not altering the content of system data.

All of the following statements describes a limitation of capturing full content packets, except

Since personal data is being captured and analyzed, a search warrant is always required for valid network evidence.

Apache reports HTTP status codes in its /var/log/apache/access.log. Why would HTTP status code 401 and the client's IP address be a security concern?

The HTTP GET request to access a web server document or folder cannot be authenticated by Linux

Which of the following statements describes the main advantage of using TCP/IP header forensic data as compared to a full content analysis?

The ability to analyze or store less data.

Which of the following statements BEST describes a major challenge to analyze SSL or VPN network data?

The content of transmitted network data may not be analyzed without the source and destination encryption keys.

In order for the r(read) and w(write) permission to be effective to work on the contents of a Linux directory

The read and write permission must be accompanied by the execute permission for the directory assigned to the particular owner or group

Network technologies are being used more core functions than simply transporting user and business data. According to Phil Hagan's, of SANS, opinion, all of the following core functions will INCREASE the importance of network forensics, EXCEPT

Transport of malware and viruses

What determines the default permissions to be assigned to a newly created file in a given subdirectory?

What is the umask?

What may determine the owner or primary group to be assigned to a newly created file in a given subdirectory?

Who is the user who created the file?

Both Linux text and executable binary files have the dash file type '-". How does Linux know that a file is an executable program?

by the file permission

To view the files in a directory, the owner or primary group must have which of the following permissions for that directory.

execute

What are the three standard Linux file permissions?

execute, read, write

The part of the inode table that stores file permissions is called

file mode

Which of the following Linux command would be the BEST Forensic command line tool designed to select a complete log entry, which matches a search string and will alos analyze the previous and following log entry, i.e., context matching

grep

To see the lists of groups a user belongs to use the Linux command:

groups

To see the primary group of a file use the Linux command:

groups

Which Linux command will display file permissions of files and directories?

ls -l

The section of an inode file entry that stores permissions is called the ____ of the file.

mode

How many owners many a file have?

one: normally the userid who had created the file

On a given Linux computer, program1 needs to provide information to program2 (two separate programs). If program1 and program2 are both currently running, it is best to transfer data between programs using a file with which of the following file types?

pipe(n)

The RHEL/Dedora Linux ____ log file contains authorization information, including user logins and authentication protocol used.

secure

The combination of an IP address and executing port number of an application is called

socket

Program1 is executing on Linux Computer 1 and it needs to provide information to program2 running on LINUX (two separate programs and two different computers). If program1 and program2 are running on the same schedule, it is best to transfer data between programs using a file with which of the following file types?

socket(s)

A directory has the mode of drwxrwxrwT . Which special permission has been set?

sticky bit

Which on the following special permissions should be set that users delete files that they created in a shared temporary directory?

sticky bit

Which command may be used to change the name of the current user to a different Linux user?

su

_____________ is the Linux system log protocol and dameon that is responsible for collecting and storing system audit information

syslog

Which of the following Linux command would be the BEST Forensic command line tool designed to quickly display the complete log entry for more recent events

tail

On a given Linux computer, program1 needs to provide information to program2 (two separate programs). If program1 and program2 are not running on the same schedule, it is best to transfer data between programs using a file with which of the following file types?

text(-)

The directory that Linux assumes that you want to store or access files, or to be affected by file utilities, e.g., ls, mkdir, and rm, is called?

the current directory

The BEST method retrieve forensic information from the /var/log/lastlog file is to use ___

the lastlog command

Which of the following statements BEST describes, the network forensic evidence between the Linux /var/log/lastlog as compared to other user authentication logs.

the lastlog file contains the most recent authentication evidence for all users or daemons; whereas, other authentication logs contains detailed authentication evidence and history for all users or daemons

The Linux file permission system is based on

the user account and group membership

What is owner of a file?

the userid who had created the file

Which of the following statements is the BEST strategy to collect authentication evidence for recent authentication failures of Kali/Ubuntu Linux systems

use cat /var/log/auth.log to display the authentication failures

After typing the ls -l command, you see the following line in the output: -rw-r-xr-- 1 user1 root 0 Apr 29 15:40 file1 Which of the following best describe the permissions assigned to file1?

user1 has read and write, members of the root group have read and execute, and all others have read permissions to the file.

Which Linux command may be used to determine the list groups that a Linux user belongs to?

whomai

Which command may be used to determine the name of the current Linux user who is creating the file?

whomai

If a user has ____ permission for a file, they can open, read, and edit the contents of a file.

write

Which of the following is not a valid Linux file type?

x

Splunk, CrowdStrike and IBM QRadar are popular SIEM systems, which integrates security information management tools with security event tools. SIEM products typically provide many of the features required for log management but add event-reduction, alerting and real-time analysis capabilities. Which of the following are components of SIEM systems?

All of the above.are components of SIEM systems.

Apache reports HTTP status codes in its /var/log/apache/access.log. Why would HTTP status code 200 Get Requests in a short period of time be a security concern?

An excessive number of HTTP Status code 200s may be indicative of a denial-of-service attack.

Apache reports HTTP status codes in its /var/log/apache/access.log. Why would HTTP status code 429 Get Requests in a short period of time be a security concern?

An excessive number of HTTP Status code 200s may be indicative of a denial-of-service attack.

Which of the following statements BEST describes the concept of dirty value log analysis?

Analysis of log data by searching for keywords in log entries.

Which of the following statements BEST describes the concept of log filter analysis

Analysis of log data by selecting data based on source and destination addresses, time, content, or other factor of interest.

Which of the following statements BEST describes the concept of log activity analysis?

Analysis of log data for patterns of suspicious combination or sequence of log entries

Ajax programming is a set of web development techniques using many web technologies on the client side to create asynchronous web applications. With Ajax, web applications can send and retrieve data from a server asynchronously (in the background) transiting one-character at a time without interfering with the display and behavior of the existing page, e.g., Google searches. Which of the following statements describes the best network forensic analysis technique to distinguish between human typing and malware typing?

Compare the regularity and pattern of keystroke timing by using packet using packet timestamps.

When someone visits an Apache website, a log record is recorded and stored in the ______

access.log

The Kali/Ubuntu Linux ____ log file contains authorization information, including user logins and authentication protocol used.

auth.log

Which of the following Linux command would be the BEST Forensic command line tool used to format, select individual columns and log entries, count and use functions, combining multiple log data similar to a programming language.

awk


Ensembles d'études connexes

Ch. 25 Pharm EAQ antidysrhythmics

View Set

Managerial Accounting: Chapter 1

View Set

Biology 1050 practice exam questions

View Set

MKTG 3313 Final question practice

View Set

Chapter 48: Skin Integrity and Wound Care (Skin Integrity and Wound Care - Implementation and Evaluation)

View Set

Phonic, spelling and word study - Vocabulary

View Set