All Quizes

अब Quizwiz के साथ अपने होमवर्क और परीक्षाओं को एस करें!

Sometimes you need to verify that a command completed successfully. Other times, you might do something like a search and only want to know if a match is found. What is the output of the following code snippet? ls >/dev/null echo "Status of ls was $?" Status of ls was TRUE Status of ls was 0 Status of ls was 1 Status of ls was True

Status of ls was 0

The local keyword is used to make variables local to a function. True False

True

You might occasionally need to ask the user for a password. For security reasons it would be bad to display this on the screen. The -s option to read can suppress the echoing if user input to the screen (true or false). True False

True

Which of the following would show only exported variables (those available to a subshell or subprocess)? (select all that apply) env set set --exported export -p

env export -p

What is the proper way to call the function defined in the previous question? hello Bob Smith hello(Bob, Smith) hello "Bob Smith" hello("Bob Smith")

hello "Bob Smith"

Some tasks can take a long time to complete. One solution to this problem is to run tasks in the background. However, if the shell that started the task exits, it will also exit because it receives a SIGHUP (hangup signal) from Linux when the shell exits. The nohup command can be used to tell the task to ignore SIGHUP. What is the correct syntax for this command? command --nohup & nohup command & command | nohup command --nohup

nohup command &

Our Digital Forensics program started life as Computer Forensics. Under our old program you also had to take DF117, DF217, and DF218. DF217 and DF218 have now become DF121 and DF122, respectively. Which of the following would change the program name and course numbers correctly in myfile.txt? sed "s/DIGFOR217/DIGFOR121/g; s/DIGFOR218/DIGFOR122/g; s/Computer Forensics/Digital Forensics/g" myfile.txt sed "s/DIGFOR217/DIGFOR121/g s/DIGFOR218/DIGFOR122/g s/Computer Forensics/Digital Forensics/g" myfile.txt sed "s/DIGFOR217/DIGFOR121/g s/DIGFOR218/DIGFOR122/g s/Computer Forensics/Digital Forensics/g" < myfile.txt sed "s/DIGFOR217/DIGFOR121/g && s/DIGFOR218/DIGFOR122/g && s/Computer Forensics/Digital Forensics/g" myfile.txt

sed "s/DIGFOR217/DIGFOR121/g; s/DIGFOR218/DIGFOR122/g; s/Computer Forensics/Digital Forensics/g" myfile.txt

You have a shell script that sends out e-mails (doesn't everyone?). You would like to add a standard signature, possibly with a legal disclaimer to the bottom of your message in myfile.txt. Which of the following would correctly add sig.txt to the end of this file (which could then be piped to a mail command)? sed '/^$/r sig.txt' myfile.txt sed -n '$r sig.txt' myfile.txt sed '$r sig.txt' myfile.txt sed -n '/^$/r sig.txt' myfile.txt

sed '$r sig.txt' myfile.txt

Which of the following will add the line "Linux is awesome" after any line containing the word Linux in myfile.txt? sed '/Linux/a\Linux is awesome\' myfile.txt sed 'a/Linux/\Linux is awesome\' myfile.txt sed '/Linux/a/Linux is awesome/' myfile.txt sed '/Linux/ /Linux is awesome/a' myfile.txt

sed '/Linux/a\Linux is awesome\' myfile.txt

Which of the following will substitute Unix for UNIX in myfile.txt, but only on lines that don't already contain the word UNIX? sed 'if !/UNIX/ then /Unix/UNIX/' myfile.txt sed '/UNIX/!s/Unix/UNIX/' myfile.txt sed 'if not /UNIX/ /Unix/UNIX/' myfile.txt

sed '/UNIX/!s/Unix/UNIX/' myfile.txt

Which of the following will display myfile.txt while deleting empty lines? sed 'd/^$/' myfile.txt sed '/^$/d' myfile.txt none of these sed 's/^$/d' myfile.txt

sed '/^$/d' myfile.txt

Which of the following will substitute That for This and was for is on the first line of myfile.txt? sed 'if LR==1 s/This/That/; s/is/was/;' myfile.txt sed 'LN==1 s/This/That/; s/is/was/ ' myfile.txt sed '1 { s/This/That/; s/is/was/ }' myfile.txt sed '0 { s/This/That/; s/is/was/ }' myfile.txt

sed '1 { s/This/That/; s/is/was/ }' myfile.txt

You have received a set of Python scripts from a friend. She is generally a good person, but she has the flaw of running Windows. As a result, her scripts lack the appropriate she-bang line. Which of the following would add the appropriate line to the start of superscript.py? sed '1i\#!/usr/bin/python3\' superscript.py sed '0i\#!/usr/bin/python3\' superscript.py none of these sed '/#/c\#!/usr/bin/python3\' superscript.py

sed '1i\#!/usr/bin/python3\' superscript.py

What is the output of the following? echo "this is widely spaced" this is widely spaced echo "this is widely spaced" "this is widely spaced" this is widely spaced

this is widely spaced

What is the output of the following? echo this is widely spaced this is widely spaced this is widely spaced echo this is widely spaced echo this is widely spaced

this is widely spaced

You have a file in mixed case but you want to do a bunch of processing that requires a series of regular expressions. Rather than make all searches case-insensitive, you decide to convert everything to lowercase before searching. Which of the following will convert everything in a stream to lowercase? tr 'A-Z' 'a-z' tr --upper --lower tolower tr -u -l

tr 'A-Z' 'a-z'

Some people try to "encrypt" information using ROT13 encoding. This is something you find a lot on websites and even appears in the Windows registry. Which of the following will ROT13 encode the file temp.txt? Note that decoding the file simply involves rerunning the ROT13 encoding. tr -n13 < temp.txt rot13 temp.txt none of these tr 'A-Za-z' 'N-ZA-Mn-za-m' < temp.txt

tr 'A-Za-z' 'N-ZA-Mn-za-m' < temp.txt

You can do simple integer math in the shell (we'll talk about doing floating point math later in this course). In order to do math in the shell, simply surround your equation with $(()). This is like our previous trick of running a command using $(), but with double parentheses. Which of the following is the correct way of calculating 2 raised to the 8th power minus 1 (the maximum value of a single-byte unsigned integer)? $((2**8-1)) $((pow(2,8)-1)) $(( 2^8 -1 )) $((2^8-1))

$((2**8-1))

You have a script that accepts three command line parameters. How can you refer to these parameters in your script? $P1, $P2, $P3 $0, $1, $2 $p1, $p2, $p3 $1, $2, $3

$1, $2, $3

As we have already seen in class, the $ is used to specify a shell variable on Linux. At times this can make the separation from other parts of the script (regular strings, etc.) unclear. Which of the following could be used in place of $bob in a script? $(bob) ${bob} (bob) $[bob]

${bob}

You might have a string of commands that are to be run in succession. In many cases, you only want to run later commands if earlier commands completed successfully. Which of the following character(s) can be used to separate commands that are run in order and only execute the next command on successful completion? Hint: try running /bin/false, /bin/true, and ls to test these command separators. && | || &

&&

You might want to insert some comments before or after results in a running log that you are creating while running scripts as part of an incident response. The insert command inserts text before the specified line (pattern space) and append adds text after the current line (pattern space). Which of the following would add the line "USA" after an address line containing "Bloomsburg, PA 17815"? /Bloomsburg, PA 17815/a\USA\ /Bloomsburg, PA 17815/a/USA/ /Bloomsburg, PA 17815/i/USA/ /Bloomsburg, PA 17815/i\USA\

/Bloomsburg, PA 17815/a\USA\

You have an alphabetical listing of faculty in the MAD Sciences department. Each prof is listed followed by their area Digital Forensics, Math, Computer Science or Statistics. You would like to split this into four separate files. Which of the following save all DF faculty into a file called df-faculty.txt? /Digital Forensics$/{ s/// w df-faculty.txt } none of these /Digital Forensics$/w df-faculty.txt /Digital Forensics$/{ w df-faculty.txt }

/Digital Forensics$/{ s/// w df-faculty.txt }

You wish to create a form letter. You have a number of tags in the letter that will be replaced with contents of an appropriate file. Which of the following would replace all instances of <faculty-list> on a line by itself with the contents of faculty.txt? /^<faculty-list>/r ./faculty.txt /^<faculty-list>/d /^<faculty-list>/r ./faculty.txt ; \n /^<faculty-list>/d /^<faculty-list>/r ./faculty.txt ; /^<faculty-list>/d /^<faculty-list>/r ./faculty.txt \n/^<faculty-list>/d

/^<faculty-list>/r ./faculty.txt /^<faculty-list>/d

You want to forward the text of an e-mail to someone, but you want to remove the headers in order to protect the privacy of the sender. Sed can easily be used for this task. In addition to insert and append, sed supports a change command that will replace the current line (pattern space) with supplied text. Which of the following would replace a collection of mail headers with "<Headers Redacted>"? /^From/-/^$/c\<Headers Redacted>\ none of these /^From/,/^$/c\<Headers Redacted>\ /^From/,/^$/c/<Headers Redacted>/

/^From/,/^$/c\<Headers Redacted>\

You have a file that has been marked up with heading tags .h1, .h2, .h3, etc. Some times the author has added a blank line after these headings you wish to remove. Which of the following would cause this to happen? /^\.h/{n; /^$/d} /^\.h/n\^$\d none of these /^\.h/n/^$/d

/^\.h/{n; /^$/d}

At times when you are running a series of commands on the command line in a certain order it can be frustrating to wait for a command to complete before moving on to the next. If you don't care whether a preceding command succeeded or failed you can separate the commands with a character or characters. Which of the following would run /bin/false then /bin/true followed by ls? /bin/false + /bin/true + ls /bin/false ; /bin/true ; ls /bin/false && /bin/true && ls /bin/false - /bin/true - ls

/bin/false ; /bin/true ; ls

The variable $? stores the exit status of the last command. Based on the results from the previous two questions, what is most likely true about a commands exit status? 0 indicates success and 1 indicates failure 1 indicates success and any other number indicates failure where the failure code is defined by the application 0 indicates failure and 1 indicates success 0 indicates success and any other number indicates failure with the meaning of other status codes defined by the application

0 indicates success and any other number indicates failure with the meaning of other status codes defined by the application

What is the output of the following code snippet? /boguscommand 2>/dev/null echo $? ls /notthere 2>/dev/null echo $? 1 2 127 2 1 1 FALSE FALSE

127 2

Linux was created at Microsoft. True False

False

Microsoft strictly adheres to industry standards in all cases. True False

False

Signal handlers may not call user-defined functions. True False

False

When more than 9 command line parameters are passed in the full variable syntax must be used (${nn}). There is another way of handling a large number of arguments and this is especially good when you have options (or flags) that can be set (similar to -l for ls, etc.). If I have a single optional option of -s (for silent), which of the following shell code fragments would correctly handle this and then change the file mode of any files listed? none of these SILENT=0; if [[ $1 = -v ]] ; then SILENT=1; ASL $1; fi for filename in "$@" do if (( SILENT == 0 )) ; then echo changing $filename fi chmod 777 "$filename" done SILENT=0; if [[ $1 = -v ]] ; then SILENT=1; unset $1; fi for filename in "$@" do if (( SILENT == 0 )) ; then echo changing $filename fi chmod 777 "$filename" done SILENT=0; if [[ $1 = -v ]] ; then SILENT=1; shift; fi for filename in "$@" do if (( SILENT == 0 )) ; then echo changing $filename fi chmod 777 "$filename" done

SILENT=0; if [[ $1 = -v ]] ; then SILENT=1; shift; fi for filename in "$@" do if (( SILENT == 0 )) ; then echo changing $filename fi chmod 777 "$filename" done

Any variables defined in a function are global to the script. True False

True

Running the command: sudo echo `id -u` will yield the current user's ID and not 0 (root's ID), because the backtick encloses commands that are run before the commands that precede the opening backtick. True False

True

The $() construct is a newer form of enclosing commands in backticks that supports nesting of commands. True False

True

When doing tests in the shell, care must be taken to use the correct tests for numeric and string values. It is common for numeric values to be stored in strings (for mostly historic reasons). Which of the following tests would return true when comparing the strings "1" and "01"? [ "1"="01" ] [ "1"=="01" ] [ "1" -eq "01" ] ( "1"=="01" )

[ "1" -eq "01" ]

he shell can be used to test for various file characteristics as shown in the following table. What would be the correct test for a file that is both readable and executable? [ -r $file -a -x $file ] [ -r $file & -w $file ] [ -r -w $file ] [ -r $file && -w $file ]

[ -r $file -a -x $file ]

You are searching for a keyword in some files. You want a little more context than what grep provides. The files to be searched are text files and you would like to display the remainder of the paragraph that follows a match. Which of the following will produce such a report with a search on Polstra? sed '/Polstra/ {print $0} } until /^$/' file.txt awk '/Polstra/ {print $0} } until /^$/' file.txt none of these awk '/Polstra/ {flag=1} {if (flag==1) {print $0} } /^$/ {flag=0}' file.txt

awk '/Polstra/ {flag=1} {if (flag==1) {print $0} } /^$/ {flag=0}' file.txt

You are investigating a machine of a suspected criminal. This person thinks he is very smart and has "encrypted" some text files by reversing the order of words on each line. Which of the following will "decrypt" these files by reversing the word order? awk '{for (i=NF; $i>0; $i--) {printf "%s ", $i; } printf "\n" }' file.txt sed '{for (i=NF; i>0; i--) {printf "%s ", $i; } printf "\n" }' file.txt sed '{for (i=NF; $i>0; $i--) {printf "%s ", $i; } printf "\n" }' file.txt awk '{for (i=NF; i>0; i--) {printf "%s ", $i; } printf "\n" }' file.txt

awk '{for (i=NF; i>0; i--) {printf "%s ", $i; } printf "\n" }' file.txt

You want to get a feel for what a script does without getting bogged down in the details. One way you might do this is by printing out only the first "word" on each line of a file. Which of the following will print only the first word from each line of annoying.py? egrep '^\s*' annoying.py none of these awk '{print $1}' annoying.py grep '^*\S' annoying.py

awk '{print $1}' annoying.py

Which of the following will display a calendar for March 2017? cal 03 2017 none of these calendar 03 2017 date '+calendar march 2017'

cal 03 2017

Which of the following will print the date of the fifth Wednesday in March 2017? cal 03 2017 | awk 'NR>2 && NF>3 {print substr($0,10,2)}' | awk '$1=$1' | awk 'NR==5 {print $0}' none of these cal 03 2017 | awk 'NR>2 && NF>5 {print substr($0,10,2)}' | awk '$1=$1' | awk 'NR==5 {print $0}' cal 03 2017 | awk 'NR>2 && NF>4 {print substr($0,10,2)}' | awk '$1=$1' | awk 'NR==5 {print $0}'

cal 03 2017 | awk 'NR>2 && NF>3 {print substr($0,10,2)}' | awk '$1=$1' | awk 'NR==5 {print $0}'

Which of the following would correctly print the fifth Tuesday in March 2017, or nothing if there is no fifth Tuesday that month? cal 03 2017 | awk 'NR>2 && NF>2 {print substr($0,7,2)}' | awk '$1=$1' | awk 'NR==5 {print $0}' none of these cal 03 2017 | awk 'NR>2 && NF>3 {print substr($0,7,2)}' | awk '$1=$1' | awk 'NR==5 {print $0}' cal 03 2017 | awk 'NR>2 && NF>4 {print substr($0,7,2)}' | awk '$1=$1' | awk 'NR==5 {print $0}'

cal 03 2017 | awk 'NR>2 && NF>4 {print substr($0,7,2)}' | awk '$1=$1' | awk 'NR==5 {print $0}'

The previous question was pretty easy because Sunday is the first day of the week (unless you are from the UK or using broadcast weeks). Which of the following would find the third Monday of March 2017? cal 03 2017 | awk 'NR>2 && NF>5 {print substr($0,4,2)}' | awk '$1=$1' | awk 'NR==3 {print $0}' cal 03 2017 | awk 'NR>2 && NF>5 {print substr($0,4,5)}' | awk '$1=$1' | awk 'NR==3 {print $0}' cal 03 2017 | awk 'NR>2 {print substr($0,4,2)}' | awk '$2=$2' | awk 'NR==3 {print $0}' none of these

cal 03 2017 | awk 'NR>2 && NF>5 {print substr($0,4,2)}' | awk '$1=$1' | awk 'NR==3 {print $0}'

Which of the following will display the date of third Sunday in March 2017? cal 03 2017 | awk 'NR>2 {print substr($0,1,2)}' | awk '$1=$1' | awk 'NR==3 {print $0}' calendar 03 2017 | awk 'NR>2 {print substr($0,1,2)}' | awk 'NR==3 {print $0}' cal 03 2017 | awk 'NR>2 {print substr($0,1,2)}' | awk 'NR==3 {print $0}' cal 03 2017 | awk 'NR>2 {print substr($0,1,2)}' | awk 'NR==3 {print $1}'

cal 03 2017 | awk 'NR>2 {print substr($0,1,2)}' | awk '$1=$1' | awk 'NR==3 {print $0}'

You have a bunch of data that you want to send to a file or program. This is best handled with something known as a here-document in your script. Given the following sample data, what is the correct way to send this data to the file out.txt? Phil 4909 Scott 4509 out.txt << EOF Phil 4909 Scott 4509 EOF cat << EOF > out.txt Phil 4909 Scott 4509 EOF None of these cat out.txt << EOF Phil 4909 Scott 4509 EOF

cat << EOF > out.txt Phil 4909 Scott 4509 EOF

You have a script that will use a variable that may or may not have been set. If this variable is $WORK_DIR, which of the following will use the value if set and if not set it to /tmp and change to that directory in either case? cd ${WORK_DIR|/tmp} cd ${WORK_DIR:+/tmp} if [ $WORK_DIR ] ; then cd $WORK_DIR cd ${WORK_DIR:-/tmp}

cd ${WORK_DIR:-/tmp}

Which of the following will save standard out and standard error to the same file? command > out.txt command 1> out.txt 2> out.txt command &> out.txt command >>out.txt

command &> out.txt

Which of the following will save standard output and standard error in separate files? command > out.txt err.txt command o>out.txt e>err.txt command 1>out.txt 2>err.txt command >out.txt >>err.txt

command 1>out.txt 2>err.txt

How can standard output be saved to a file? file < command write file $(command) command > file write $(command) file

command > file

Which of the following will append to a file (not clobber it)? command a>out.txt command +>out.txt command >>out.txt command >out.txt

command >>out.txt

Sometimes we only want to run a command or commands if a command has failed. Which of the following would display a message and exit the script if a command failed? Hint: test with /bin/false. command || { echo 'Failure!' ; exit 1 ; } command | echo 'Failure!' ; exit 1 command || echo 'Failure!' ; exit 1 command || echo 'Failure!' && exit 1

command || { echo 'Failure!' ; exit 1 ; }

The date command in Unix/Linux allows the dates to be displayed in virtually any format you might desire. Displaying dates in a consistent way is important if we are going to store the results (possibly as part of a forensics investigation). Which of the following will display the date in ISO 8601 format (i.e. 2017-03-05 14:33:22 EDT)? date '+%Y-%M-%D %h:%m:%s %tz' none of these date '+%Y-%m-%d %H:%M:%S %Z' date '+%y-%m-%d %h:%M:%S %Z'

date '+%Y-%m-%d %H:%M:%S %Z'

Unix systems measure time in seconds from the Epoch (1970-01-01 00:00:00 UTC). This makes life much easier when trying to do math that it would be if the times were always in the human-friendly version. In the year 2038 these 32-bit times will rollover. Don't worry, as this has already been addressed and fixed more than 20 years ahead of time (more about that later this semester). How can I find the seconds from the Epoch for the current time? date '+%U' date '+%e' date '+%s' date '%e'

date '+%s'

You are doing an investigation. Your goal for all forensic investigations is to complete them by 5pm two weeks from the start of your investigation. If you have a script that does your initial scan that also prints the target date for completion, which of the following would display the appropriate date and time? date -d '+2 weeks 17:00:00' date -d '+2w 1700' date -d '+2 weeks 17 hours' none of these

date -d '+2 weeks 17:00:00'

While it is great to store dates in offsets from the Epoch, it would be nice to use human-readable dates for reports. Which of the following will convert the Epoch timestamp of 1487602530 to a human readable date (and time)? date +1487602530 date -r 1487602530 date -d '@1487602530' date -d +1487602530

date -d '@1487602530'

The date utility has a lot of advanced features. It can do a lot more than just simply displaying the current date and time. Which of the following would display the date of Monday of next week? date -d '+1w-Monday' date -d 'Monday' date -d 'next Monday' date -d '+mon'

date -d 'next Monday'

Sometimes you want to create an array, but don't have all the needed data to populate it. Which of the following can be used to create an empty array? mya = (null) set -a mya none of these declare -a mya

declare -a mya

Sometimes you get too much data. Which of the following would display all USB device messages excluding errors and connect/disconnect messages? none of these grep USB !error !connect /var/log/dmesg dmesg | grep -i USB -iv error -iv connect dmesg | grep -i USB | grep -iv error | grep -iv connect

dmesg | grep -i USB | grep -iv error | grep -iv connect

Storing things in arrays is great, but you probably want to access them at some point. Which of the following will print element 5 in the mya array? echo ${mya[5]} echo mya[5] echo {mya[5]} echo $mya[5]

echo ${mya[5]}

Grep is great for searching through data whether it is coming from standard in, files, or a filesystem image. When examining a set of files there are occasions when you only care to know which files match a pattern and don't wish to see the matching line. Which of the following would list all files in the current directory that are scripts (have a she-bang line)? egrep -i '^#!' * 2>/dev/null grep -b '^#!' * 2>/dev/null grep -e '^#!' * 2>/dev/null egrep -l '^#!' * 2>/dev/null

egrep -l '^#!' * 2>/dev/null

There are times when you want to determine if something matches a pattern or patterns, but are not concerned about the details (at least not yet). This is essentially a go/no go test. Perhaps you are looking at a system and want to do a quick test to determine which systems should be subject to additional screening. To keep things simple we will search for a Social Security Number (SSN) in the format of xxx-xx-xxxx in an image file. Which of the following will print a message stating whether or not this pattern was matched? egrep -m 1 -q '[0-9]{3}-[0-9]{2}-[0-9]{4}' image.ddif [ $? -eq 0 ] ; then echo matches ; else echo "no match found" ; fi none of these grep -m 1 -q '[0-9]{3}-[0-9]{2}-[0-9]{4}' image.ddif [ $? -eq 0 ] ; then echo matches ; else echo "no match found" ; fi grep -m 1 -q '[0-9]{3}-[0-9]{2}-[0-9]{4}' image.ddif [ $? == 0 ] ; then echo matches ; else echo "no match found" ; fi

egrep -m 1 -q '[0-9]{3}-[0-9]{2}-[0-9]{4}' image.ddif [ $? -eq 0 ] ; then echo matches ; else echo "no match found" ; fi

I have set a variable $myvar to a certain value in one script and wish to make it available in another script. Which of the following commands would accomplish this? export myvar export $myvar export $(myvar) env --export $myvar

export myvar

Sometimes you need to search across other filesystems if there are any symbolic links in the directories to be searched. You might also which to search by name using a case-insensitive search. Which of the following will follow symbolic links and search for files with the word class in their name? find . -follow -iname '*class*' all of these find . -follow -name '*class*' -o '*CLASS*' find . -if '*class*'

find . -follow -iname '*class*'

In a previous exercise, we discussed annoying archive files that don't put everything under a main directory. If you accidentally expanded such a file into the current directory, which of the following would display all files in the current directory or below that have been modified in the last day? find . -mtime 1d -print find . -mtime 1 -print find . -mtime -1 -print find . -mtime +1 -print

find . -mtime -1 -print

At times you might want to find files based on their type (regular file, directory, block device, character device, pipe, symbolic link, or socket). Which of the following will list all directories in the current directory and below? Bonus points if you can think of how to accomplish the same thing with ls. find . -type d find . -directory * locate . --directory '*' find . --directory *

find . -type d

There are a couple of problems with the previous question's solution. First, you should never rely on file extensions. Second, those silly Windows users will do silly things like use uppercase file extensions. Which of the following is a better solution to finding all the JPEG files in the current directory and below? find ./ -exec file '{}' \; | grep JPEG | awk -F: '{print $1}' find ./ -exec $(file '{}' | grep JPEG | awk -F: '{print $1}') \; find ./ -exec file '{}' | grep JPEG | awk -F: '{print $1}' \; locate ./ -exec $(file '{}' | grep JPEG | awk -F: '{print $1}') \;

find ./ -exec file '{}' \; | grep JPEG | awk -F: '{print $1}'

Which of the following will find all JPEG files in the current directory and any subdirectories? find ./ -name '*.jpe?g' 2>/dev/null find ./ -name '*.jpeg' -o -name '*.jpg' 2>/dev/null locate -t JPEG 2>/dev/null find ./ -name '*.jpeg' -name '*.jpg' 2>/dev/null

find ./ -name '*.jpeg' -o -name '*.jpg' 2>/dev/null

There is still a potential problem with the solution from the previous answer. If there are "funny" characters in the filename you could have unexpected results. Which of the following will fix this problem? locate ./ -exec file "\{\}" | grep JPEG | awk -F: '{print $1}' find ./ -print0 | (xargs -i -0 file '{}' | grep JPEG | awk -F: '{print $1}') none of these find ./ -exec file "\{\}" | grep JPEG | awk -F: '{print $1}'

find ./ -print0 | (xargs -i -0 file '{}' | grep JPEG | awk -F: '{print $1}')

You are running out of disk space. Which of the following will list all files larger than 1 GB on the system? none of these locate / --size +1GB 2>/dev/null find . --size +1GB 2>/dev/null find / -size +1G 2>/dev/null

find / -size +1G 2>/dev/null

You are looking for all files on your system that have something about BloomCON. Which of the following will list all such files regardless of what case was used to spell BloomCON? find / -type f -exec grep -Hi bloomcon '{}' \; 2>/dev/null find / -type t -exec grep -Hi bloomcon '{}' \; 2>/dev/null none of these locate / --text bloomcon -i 2>/dev/null

find / -type f -exec grep -Hi bloomcon '{}' \; 2>/dev/null

You have an e-mail containing the draft of a promotional e-mail with several lines that are super wide. You want to reformat this e-mail into something that will look nicer for everyone that receives it. Which of the following will reformat a file email.txt to have lines that are no more than 45 characters wide with a goal of 40 characters and save the results as promo.txt? none of these fmt -g 40 -w 45 <email.txt >promo.txt wrap 40 45 < email.txt > promo.txt fmt 40 45 <email.txt >promo.txt

fmt -g 40 -w 45 <email.txt >promo.txt

The for loop is often used to iterate over a set of files. It can also be used in a similar manner to the way it works in the C language. Which of the following will correctly display a countdown? for ( i=10 ; i > 0 ; i-- ) ; do echo $i ; sleep 1; done ; echo blastoff for [ i=10 ; i > 0 ; i-- ] ; do echo $i ; sleep 1; done ; echo blastoff for [[ i=10 ; i > 0 ; i-- ]] ; do echo $i ; sleep 1; done ; echo blastoff for (( i=10 ; i > 0 ; i-- )) ; do echo $i ; sleep 1; done ; echo blastoff

for (( i=10 ; i > 0 ; i-- )) ; do echo $i ; sleep 1; done ; echo blastoff

You might have a collection of scripts to be run. Think of a tool like RegRipper that will run a series of scripts on a registry hive. You could do something similar with your own forensics scripts. Which of the following excerpts would execute every shell script in the current directory? for SCRIPT in ./*.sh do if [ -f $SCRIPT -a -x $SCRIPT ] ; then $SCRIPT fi done for SCRIPT in ./*.sh do if [ -f $SCRIPT && -x $SCRIPT ] ; then $SCRIPT fi done for SCRIPT in ./*.sh do if [ -f $SCRIPT -and -x $SCRIPT ] ; then $SCRIPT fi done for SCRIPT in ./*.sh do if [ -f $SCRIPT and -x $SCRIPT ] ; then $SCRIPT fi done

for SCRIPT in ./*.sh do if [ -f $SCRIPT -a -x $SCRIPT ] ; then $SCRIPT fi done

You want to create a function that accepts a single parameter. Which of the following is function that will accept a name and print a hello message? function hello () { echo "Hello there, $1" } function hello (p1) { echo "Hello there, ${p1}" } function hello (p1) { echo "Hello there, $p1" } hello (p1) { echo "Hello there, $p1" }

function hello () { echo "Hello there, $1" }

Expanding on the idea from the previous question, which of the following scripts would allow me to look up phone numbers from a list stored in my script? The grep command will be used. Recall that grep allows data (either from files our standard in) to be searched based on a regular expression (pattern). grep $1 << EOF phil 4909 scott 4509 EOF grep << EOF $1 phil 4909 scott 4509 EOF $1 > grep << EOF phil 4909 scott 4509 EOF none of these

grep $1 << EOF phil 4909 scott 4509 EOF

You want to use a here-document in a script, but wish to indent it as it is making your script hard to read. Your first attempt at this creates a problem. The indentation characters are interpreted as part of the here-doc. Which of the following grep lines can be substituted into the script which follows assuming you indented the here-doc with TABS? echo "Doing stuff" grep $1 << 'EOF' scott 4509 phil 4909 EOF echo "Doing something else" grep $1 <<t 'EOF' grep $1 << \tEOF grep $1 <<-'EOF' none of these

grep $1 <<-'EOF'

Expanding on the script from the previous question, you create the following script in order to look up people's net worth. grep $1 <<EOF phil $100k scott $3M EOF You find there is a problem, however. The root of the problem is that the $ is causing the dollar values to be interpreted as shell variables. You can fix this by changing the grep line. Which of the following will fix this problem? grep $1 <<-e EOF grep $1 <<\EOF none of these grep $1 <<-EOF

grep $1 <<\EOF

The bash shell is capable of doing simple math. This allows loop and branch conditions to be somewhat simplified over what would be required by traditional shell scripting. Which of the following is an equivalent to this code snippet? if [ $# -lt 3 ] ; then usage fi if (( $# < 3 )) ; then usage fi if $(( $# < 3 )) ; then usage fi if [[ $($# < 3) ]] ; then usage fi if [[ $# < 3 ]] ; then usage fi

if (( $# < 3 )) ; then usage fi

You want to test to see if a file is named in a manner that suggests it is a JPEG. On most systems this means that the file is named something.jpeg, but some Windows users might name the file something.jpg because they are stuck in the DOS 8.3 mentality. Which of the following if statements would correctly match a file named with either convention? if [[ "something.jpeg" == *.jpg || "something.jpeg" == *.jpeg ]] if [ "something.jpeg" == *.jpg -o "something.jpeg" == *.jpeg ] if [[ "something.jpeg" == *.jpg -o "something.jpeg" == *.jpeg ]] if [ "something.jpeg" == *.jpg || "something.jpeg" == *.jpeg ]

if [[ "something.jpeg" == *.jpg || "something.jpeg" == *.jpeg ]]

In the previous question we saw how to match simple patterns in the shell. There is a way of enabling extended pattern matching (also known as globbing) in the shell. If you are interested in this method research the extglob shell option. Personally, I prefer to use standard regular expressions for all but the simplest of patterns. After all, you should be familiar with regular expressions if you work in forensics. Which of the following will correctly match something.jpeg or something.jpg? if [[ "something.jpeg" =~ "[a-zA-Z0-9]+(\.jpe?g)" ]] if [[ "something.jpeg" =~ [a-zA-Z0-9]+(\.jpe?g) ]] if [[ "something.jpeg" =~ [:alpha:]+(\.jpe?g) ]] if [[ "something.jpeg" =~ "[:alpha:]+(\.jpe?g)" ]]

if [[ "something.jpeg" =~ [a-zA-Z0-9]+(\.jpe?g) ]]

The find utility is very powerful, but it can be slow at times. Which of the following would quickly find files with BloomCON in their name regardless of case? locate -i /bloomcon locate -i bloomcon locate -i / bloomcon locate / -i bloomcon

locate -i bloomcon

Which of the following will save the output of the "ls" command in exactly the same format in which it is normally displayed on the screen? ls -1 > file.txt file.txt < ls ls >file.txt ls -C > file.txt

ls -C > file.txt

Recall that Linux filesystems store metadata for files in inodes. An inode number is then used to map a file to a filename. When the OS is first installed all of the system directories are populated at the same time. As a result, the inodes for files in those directories are normally sequential. Which of the following will list files in the current directory sorted by inode number? ls -l | sort -rn ls -ilR | sort -r none of these ls -i | sort -n

ls -i | sort -n

It is not unusual to encounter filenames with spaces. These can cause trouble in your scripts. Which of the following is an appropriate 1-line script that will correctly handled a passed in filename even if it contains spaces? $(ls -l $1) 'ls -l $1' ls -l "$1" ls -ab $1

ls -l "$1"

You want to find out the total size of all your Python scripts in the current directory. Which of the following will output a single line with the total size of these files (which could easily be used in a script)? ls -ls *.py none of these ls -l *.py | awk '{sum += 5} END {print sum}' ls -l *.py | awk '{sum += $5} END {print sum}'

ls -l *.py | awk '{sum += $5} END {print sum}'

Many tools output data in columns. That is, they put out multiple fields of data separated by whitespace. Which of the following will list files in the current directory including only their permissions and filename and nothing else? ls -l | grep '^[:alpha:]+[[:alpha:][:space:]{6}' ls -l | awk '{print $1, $NF}' none of these ls -l -s -f

ls -l | awk '{print $1, $NF}'

Which of the following will print only the file type and owner permissions followed (without spaces) by the filename for all files in the current directory? ls -l | cut -c1-4,48-100 none of these ls -l | awk 'print {$1 $8}' ls -l | awk 'print {$1 $NF}'

ls -l | cut -c1-4,48-100

You have discovered an attack that involved abusing group file permissions. As you look at the system you want a way to list the total number of files in a directory that are owned by each group. Which of the following will produce such a report for the current directory and any subdirectories? none of these ls -lR 2>/dev/null| sed 'NF > 7 { group[$3]++ } END { for (i in group) { printf "group %s owns %d files\n", i, group[i] } } ls -lR 2>/dev/null| gawk 'NF < 7 { group[$3]++ } END { for (i in group) { printf "group %s owns %d files\n", i, group[i] } } ls -lR 2>/dev/null| awk 'NF > 7 { group[$3]++ } END { for (i in group) { printf "group %s owns %d files\n", i, group[i] } }

ls -lR 2>/dev/null| awk 'NF > 7 { group[$3]++ } END { for (i in group) { printf "group %s owns %d files\n", i, group[i] } }

In the previous question we saw how read could be used in a while loop in order to process input from a user. Read can also be used to process output from another command. Which of the following will echo the filenames of JPEG files in the current directory? while << ls | egrep '\.jpe?g' ; read FN; do echo "$FN" ; done ls | egrep '\.jpe?g' | while read FN; do echo "$FN" ; done while ls | egrep '\.jpe?g' ; read FN; do echo "$FN" ; done ls | egrep '\.jpe?g' >> while read FN; do echo "$FN" ; done

ls | egrep '\.jpe?g' | while read FN; do echo "$FN" ; done

Which of the following will print Pi to 5 decimal places? printf -e "%10.5f" "3.1415926535" printf "%10.5f" 3.1415926535 echo -e "%10.5f 3.1415926535" echo -e "%10.5f" 3.1415926535

printf "%10.5f" 3.1415926535

Which of the following will output "happy" without a newline? (select all that apply) printf "happy\n" printf "happy" echo -e happy echo -n happy

printf "happy" echo -n happy

The bash shell supports arrays (1 dimension only). Which of the following is the correct syntax for creating an array? set -a profs = {Barrett Inch Polstra Riley} set -a profs = Barrett Inch Polstra Riley profs=(Barrett Inch Polstra Riley) profs=(Barrett, Inch, Polstra, Riley)

profs=(Barrett Inch Polstra Riley)

Most Linux/UNIX types prefer to type in lower case most of the time. That said, it isn't a bad idea to allow users to type in upper case if they don't value their pinkies. Which of the following excerpts will ask a user if they want to continue and accept input in either case? read -p "Continue (y/n)?" answer case "$answer" in [yY] ) # do continue [nN] ) exit 0 esac read -p "Continue (y/n)?" answer case "$answer" in Yy ) # do continue Nn ) exit 0 esac read -p "Continue (y/n)?" answer case -i "$answer" in y ) # do continue n ) exit 0 esac read -p "Continue (y/n)?" answer if "$answer"=="Y" or "y" # do continue fi exit 0

read -p "Continue (y/n)?" answer case "$answer" in [yY] ) # do continue [nN] ) exit 0 esac

It is common to ask yes/no questions and questions with a limited number of answers. In many scripts you will have a default value that results when the user just his <enter>. Which of the following code fragments will ask a user if they want to continue with a default of yes? read -p "Continue? [Y]n" answer if ! "$answer" answer="y" # check of $answer... none of these read -p "Continue? [Y]n" answer answer="y" if [ ! $answer ] # check of $answer... read -p "Continue? [Y]n" answer [ -z "$answer" ] && answer="y" # check of $answer...

read -p "Continue? [Y]n" answer [ -z "$answer" ] && answer="y" # check of $answer...

While many scripts use command line arguments to accept data, occasionally an interactive script is desired. The read command can be used for this purpose. Get help on read using any of the standard methods. Which of the following will ask a user for the year of birth (using a prompt) and store the result in $birthyear? read "Enter birth year: " birthyear read -p "Enter birth year: " birthyear none of these cat << "Enter birth year: " birthyear

read -p "Enter birth year: " birthyear

When looking at a file it might be convenient to have the line number for each line. It also might be convenient to list the line number on a separate line before each line in the source file if you will be copying and pasting file contents. This could be especially useful when examining source code or scripts. Which of the following will output myfile with line numbers? sed '#n' myfile.txt sed -n '=p' myfile.txt sed '=' myfile.txt sed -n '=' myfile.txt

sed '=' myfile.txt

Which of these will print out only a line containing the word Linux through the end of the containing paragraph? sed -n "/Linux/p" myfile.txt sed -n "s/Linux/,/^$/p" myfile.txt none of these sed -n "/Linux/,/^$/p" myfile.txt

sed -n "/Linux/,/^$/p" myfile.txt

Which of the following will print out only lines in myfile.txt that contain the word Linux? sed "s/Linux//p" myfile.txt sed "/Linux/p" myfile.txt sed -n "/Linux/p" myfile.txt none of these

sed -n "/Linux/p" myfile.txt

If different levels of a document are denoted by header lines that start with .h1, .h2, .h3, etc., which of the following would produce a three level outline for the document? sed -n 's/^\.h1/$0/; s/^\.h2/\t$0/; s/^\.h3/\t\t$0/' mydoc.txt none of these sed -n 's/^\.h1//p; s/^\.h2/\t/p; s/^\.h3/\t\t/p' mydoc.txt sed 's/^\.h1//; s/^\.h2/\t/; s/^\.h3/\t\t/' mydoc.txt

sed -n 's/^\.h1//p; s/^\.h2/\t/p; s/^\.h3/\t\t/p' mydoc.txt

Sed can be used to show non-printable characters. Which of the following will print myfile.txt will displaying any non-printable characters as "escaped" values (\01, etc.)? sed l myfile.txt sed -nl myfile.txt sed '#n#l' myfile.txt sed -n l myfile.txt

sed -n l myfile.txt

Which of the following would output the contents of myfile.txt where every occurrence of Unix has been changed to UNIX? none of these sed s/Unix/UNIX/g myfile.txt sed s\/Unix/UNIX\/ myfile.txt sed s/Unix/UNIX/ myfile.txt

sed s/Unix/UNIX/g myfile.txt

Which of the following will change Wildcats to Huskies in every file in the current directory? for i in * ; sed s/Wildcats/Huskies/g $i sed -r s/Wildcats/Huskies/g * sed s/Wildcats/Huskies/g * sed -r s/Wildcats/Huskies/g

sed s/Wildcats/Huskies/g *

Sometimes you want to give the user options to select from. The select command will create a very simple menu for you users to tell you what they want to do. Which of the following will ask the user to pick from JPEG files in the current directory and then display the chosen filename? Note: if there is no break statement the user would need to enter Control-D to exit the loop. select FN in $(ls *.jpg *.jpeg) ; do echo "You chose $FN" ; break; done while select FN in $(ls *.jpg *.jpeg) ; do echo "You chose $FN" ; break; done while $(select FN in $(ls *.jpg *.jpeg)) ; do echo "You chose $FN" ; break; done while read select FN in $(ls *.jpg *.jpeg) ; do echo "You chose $FN" ; break; done

select FN in $(ls *.jpg *.jpeg) ; do echo "You chose $FN" ; break; done

Which of the following commands will prevent bash from truncating existing files when using redirection? set -o noclobber set +o noclobber noclobber -1 noclobber 1

set -o noclobber

I have cracked all of the passwords on a system. I want to sort the list of passwords and eliminate any duplicates. In some cases I might want to know how many times the same password was used. Which of the following will sort the file pass.txt eliminating any duplicates (and possibly telling me how often a password was repeated)? sort pass.txt | uniq sort -unq pass.txt sort -u pass.txt cat pass.txt | uniq

sort pass.txt | uniq sort -u pass.txt

Which of the following will include the contents of myconf.cfg in a script? (select all that apply) $include myconf.cfg source myconf.cfg . myconf.cfg #include myconf.cfg

source myconf.cfg . myconf.cfg

You have a compressed archive file (tar file) that you want to extract. Many such files have everything underneath a top-level directory. Some, however, do not. If you accidentally extract the later it will leave random files in a directory that can be hard to track down. You could use the archive manager to look at the file, but if the file is large it can take a while for this to load. Which of the following will list all of the top-level directories stored in an archive? none of these tar tf file.tar.gz | sort -u tar -tf file.tar.gz | sort -u | cut -c2-5 tar tf file.tar.gz | awk -F/ '{print $1}' | sort -u

tar tf file.tar.gz | awk -F/ '{print $1}' | sort -u

Continuing with the theme of Microsoft not following standards: MS Office can often save things with a Windows encoding (Windows-1252 character set) and then lie and say it conforms with ISO-8859-1. This can cause a few characters such as quotes to be stored as curved quotes (there are other characters that it will mess up as well). Which of the following will translate the curved quotes to regular quotes? none of these tr -w < old.txt > new.txt tr '\221\222\223\224' '\047\047""' <old.txt > new.txt tr -i windows-1252 -o iso-8859-1 < old.txt > new.txt

tr '\221\222\223\224' '\047\047""' <old.txt > new.txt

Microsoft is not very good at adhering to industry standards. One of the many examples of this is how DOS/Windows handle text files. In most operating systems lines end with a newline (\n). In DOS lines end with a carriage return and then a newline (\r\n). Which of the following convert wrong.txt from DOS format to the correct format and store the result in right.txt? tr -d '\r' < wrong.txt > right.txt dedos wrong.txt > right.txt none of these tr '\r' '\n' < wrong.txt > right.txt

tr -d '\r' < wrong.txt > right.txt

Which of the following lines would cause a script to display a message when Control-C is pressed? if ( $? -eq SIGTERM) ; then echo "I do not think so" trap "echo I do not think so" SIGINT trap "echo I do not think so" KILL signal "cannot touch this" TERM

trap "echo I do not think so" SIGINT

Any process in Linux can receive a signal. These signals have many purposes such a reloading configuration files, resetting connections, shutting down gracefully, and an emergency stop. Which of the following will list all available signals on the current system? trap -l killlist signal -l none of these

trap -l

What is the correct way to call the usage function defined in the previous question? (select all that apply) usage() usage call usage call usage()

usage

Functions allow code to be reused without cutting and pasting. Which of the following is the correct way to define a usage function? (select all that apply) usage () { printf "Usage: $0 <param>\n" } function usage () { printf "Usage: $0 <param>\n" } function usage { printf "Usage: $0 <param>\n" } usage () { printf "Usage: $0 <param>\n" }

usage () { printf "Usage: $0 <param>\n" } function usage () { printf "Usage: $0 <param>\n" } function usage { printf "Usage: $0 <param>\n" } usage () { printf "Usage: $0 <param>\n" }

You want to send a file to a script or program. Create a text file with a few lines or random contents. How can your file be sent to wc (the word counting utility)? myfile.txt > wc wc << myfile.txt myfile.txt >> wc wc < myfile.txt

wc < myfile.txt

You are concerned that multiple versions of ls might exist in your search path. How can you determine which one is executed when you type ls in a terminal window? locate ls find / -type x ls find / --path ls which ls

which ls

The while loop in bash is very flexible. It can be used to loop over code while a condition is true. The condition could be a numerical test, results from the test command, or status of any command or program. Which of the following will echo lines entered by the user until the EOF (control-D) is entered? while ( read lineoftext ) ; do echo $lineoftext ; done while read lineoftext ; do echo $lineoftext ; done while [ read lineoftext ] ; do echo $lineoftext ; done while (( read lineoftext )) ; do echo $lineoftext ; done

while read lineoftext ; do echo $lineoftext ; done

Sed supports a transform command (y) which is similar to the tr utility we have discussed in class. Which of the following would convert everything in a document to lower case? y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \A-Z\a-z\y y/A-Z/a-z/ y\A-Z\a-z\

y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/

Grep is a great tool. However, sometimes you have a compressed file that you must search. Which of the following will search for error messages in the device message logs including any compressed archives? none of these zgrep -i 'error' /var/log/dmesg* grep -z -i 'error' /var/log/dmesg* ezgrep -i 'error' /var/log/dmesg*

zgrep -i 'error' /var/log/dmesg*


संबंधित स्टडी सेट्स

Unit II-Organization Behaviour-14-Workforce Diversity

View Set

AFFA Group Fitness Flash Card Set

View Set

Health Assessment Practice Questions (Test 1)good

View Set

AU 60 Commercial Underwriting Principle_Qs

View Set

MIS 311 chap 11, MIS 311 chap 12, MIS 406 - Ch 10, Legit T/F Chapter 10 CSIT 338

View Set

Rules for what is considered Consideration

View Set