Chapter 14 Review & Lab Questions
Which file contains information regarding the users, computers, and commands used by the sudo command?
/etc/sudoers
What's the minimum size key you can generate with the gpg command?
1024
What's the size of the RSA fingerprint?
128 bits
What's the default key size generated with the gpg command?
2048
The md5sum command produces a cryptographic hash consisting of how many characters?
32
Which of the following Linux Intrusion Detection Systems can be used to detect altered files and directories? (Choose all that apply.)
AIDE, tripwire
Instead of "hash," md5sum uses which term?
Checksum
Which of the following steps is not a common troubleshooting procedure?
Delegate responsibility.
Which of the following actions should you first take to secure your Linux computer against network attacks?
Ensure that only necessary services are running.
A shared file containing host key information is found at /ssh/known_hosts.
False
Before you can establish an SSH connection, you must run the ssh daemon on the client computer. True or False?
False
By default, keys expire in one year. True or False?
False
RSA is a common symmetric encryption algorithm used by SSH and GPG. True or False?
False
The comment you enter when generating your key is visible only to you. True or False?
False
The lspci command can be used to isolate problems with X Windows. True or False?
False
The md5sum command can check only binary files to see whether they're genuine. True or False?
False
Users who want to exchange data by using public key encryption must have each other's private keys on their key rings. True or False?
False
When the fsck command cannot repair a nonroot filesystem, you should immediately restore all data from tape backup. True or False?
False
When you decrypt a file, you can send its contents to a file with the --file option. True or False?
False
When you encrypt a file, gpg deletes the original (unencrypted) file automatically. True or False?
False
When you use the gpg --exportcommand, you're exporting private keys. True or False?
False
hen you encrypt a file to send to another user, you use your private key to encrypt it. True or False?
False
What type of iptables chain targets traffic that is destined for the local computer?
INPUT
What are best practices for securing a local Linux server? (Choose all that apply.)
Lock the server in a server closet. Ensure that SELinux or AppArmor is used to protect key services.
Which of the following are common assistive technologies? (Choose all that apply.)
Mouse keys, High contrast, Sticky keys, On-screen keyboard
If a host key changes, what's the easiest way to place the new key in your known_hosts file?
Re-create it by logging in again with SSH.
If you lose your key or think it has been compromised, what should you do?
Submit a revocation certificate (prepared in advance) to a key server and generate a new certificate.
What will the command sar -W 3 50 do?
Take 50 swap statistics every 3 seconds.
The md5sum command outputs its hash to STDOUT by default. True or False?
True
The private key is used when creating a digital signature. True or False?
True
When performing a sar -u command, you notice that %idle is consistently 10%. Is this good or bad?
bad, because the processor is idle 10% of the time and perhaps a faster CPU is required
Which of the following commands can be used to display memory statistics? (Choose all that apply.)
free, sar, vmstat
Which command decrypts a file?
gpg --decrypt secret.gpg
Which command encrypts the financial file?
gpg --recipient "User Two" --encrypt financial
Which command exports a key in ASCII format?
gpg -a -export
Which command displays a key ring?
gpg -list-keys
Which command indicates the shared libraries required by a certain executable program?
ldd
Which of the following commands compares the hash value of a file named myfile to a stored hash value?
md5sum --check myfile.md5
On which part of the maintenance cycle do Linux administrators spend the most time?
monitoring
Which of the following commands can be used to scan the available ports on computers within your organization?
nmap
Which of the following files is likely to be found in the /var/log/sa directory on a Fedora 20 system over time?
sa19
Which of the following firewalld commands can be used to allow incoming SSH connections the next time the system is booted?
firewall-cmd --add-service ssh --permanent
Which command can increase the number of filehandles that programs can open in a shell?
ulimit
Where is the known_hosts file stored?
~/.ssh