CSCI 3602 Quizes
Which of the following is NOT an SELinux mode?
Allow
A polkit mechanism includes a subject, an object, and an action. Which of the following is the subject?
An administrative tool
What is Snort?
An intrusion detection service
The Linux open source license, referred to as GNU General Public License (GPL), requires which of the following?
Any software based on GPLed software retains the same rights as the original software.
Which file permission is NOT an example of discretionary access control?
Boolean
______ are the on/off settings in SELinux that allow or deny access for a service to interact with an object.
Booleans
A server has the following TCP Wrappers configuration: /etc/hosts.deny ALL : ALL What is the result of this configuration?
Denies access to all daemons from all clients
What is the best definition of a firewall?
Hardware or software capable of blocking networking communications based on established criteria, or rules
What is the CUPS service associated with?
Printing
A chroot jail is a special way of confining a program to a specific part of the filesystem.
True
A rainbow table is a set of precomputed stored hashes that are mapped to a plaintext password.
True
A server on a demilitarized zone (DMZ) network may serve data to users on the Internet.
True
After configuring quotas on a Linux system, you can use the edquota command to edit the quota of a specific user.
True
In Linux, every user and group has a user ID (UID) and group ID (GID) number.
True
In Linux, three major services that network files and folders are the Network File System (NFS), Samba, and the File Transfer Protocol (FTP).
True
Pluggable authentication modules (PAM) allows users to be authenticated with local password stores and by way of network authentication, using facilities like Network Information Service (NIS) and the Lightweight Directory Access Protocol (LDAP).
True
Pluggable authentication modules (PAM) offers a number of ways for users to be authenticated on a Linux system.
True
The cron and at services enable you to schedule tasks in Linux.
True
The iptables -R command replaces a rule in a chain of rules.
True
The iptables -j DROP and -j REJECT command options both drop packets.
True
Web sites use the standard TCP/IP port 80 to serve unencrypted Web pages.
True
When configuring obscure ports for a service, configuring different ports for clients and servers is not enough. You also need to configure an open port in the firewall.
True
Wireless encryption algorithms such as WPA and WPA2 may be cracked if they use weak pre-shared keys based on dictionary words.
True
You can configure the /boot/ directory as a separate filesystem.
True
A Linux distribution typically does NOT include which of the following?
Virtual Platform
What is a valid reason for setting up the /home/ directory as a separate filesystem?
You can upgrade the distribution at a later date with little risk to user files.
Which of the following commands is used to edit the /etc/sudoers file?
visudo
Which filesystem is a good candidate for mounting in read-only mode?
/boot/
Which of the following files is NOT a part of the shadow password suite?
/etc/sudoers
With which directory is the sticky bit most commonly associated?
/tmp
Which directory renders many applications unusable, including logging into the graphical user interface (GUI), if the space allocated to the /tmp/ filesystem is full?
/tmp/
What is Apache?
A Web Server
The following are true of system hardening EXCEPT:
A hardened system usually has more packages to update than an unhardened system
Keeping secrets is the essence of which tenet of the C-I-A triad?
Confidentiality
Assuming a demilitarized zone (DMZ) is configured, there's no need to set up a separate firewall between the DMZ network and the internal network.
False
Demilitarized zone (DMZ) networks replace internal private networks.
False
In Linux, you cannot encrypt individual partitions.
False
It is a best practice to run administrative commands as the root user.
False
Pluggable authentication modules (PAM) solves administrative permission problems by providing higher-level functions without having the whole program gain administrative access.
False
The Red Hat Security Level Configuration tool is used to configure SELinux.
False
The iptables -s <ip_address> rule is applied to packets that come from the noteddestination address.
False
The ls -p command displays file and folder permissions.
False
Whereas the cron service is a scheduler for jobs to be run on a one-time basis, the at service is a scheduler for jobs to be run on a regular basis.
False
Which of the following is the development distribution for Red Hat?
Fedora
Who developed and released the first Linux operating system?
Linus Torvalds
What is the primary AppArmor configuration file?
Logprof.conf
Which of the following is usually about preventing a party involved in a transaction from denying that the transaction occurred?
Nonrepudiation
Linux implements _________ to determine how a user is to be authenticated and whether there are password policies associated with password databases.
Pluggable authentication modules (PAM)
What does Red Hat Enterprise Linux use to install software packages?
Red Hat Package Manager (RPM) and Yellowdog Update, Modified (yum)
Which entry in the standard /etc/sudoers file gives the root administrative user full privileges through sudo?
Root ALL=(ALL)ALL
If a share on a Microsoft Windows host needs to mount on the Linux filesystem, which network service would typically be used?
Samba
Which of the following enables a Linux system to be used as a Windows domain controller to authenticate Windows users?
Samba
Which command starts the SELinux Troubleshooter?
Sealert -b
Which of the following represents a type of mandatory access control?
The FTP service is allowed to interact with directories other than users' home directories.
A discretionary access control for a file is a control mechanism that is set by _______.
The user owner of the file
What is the purpose of the following iptables command? iptables -A Firewall-INPUT -p icmp --icmp-type any -j ACCEPT
To allow all incoming ICMP messages
Apache is a popular type of _____________.
Web server package
Which of the following should no longer be used because of weak security?
Wired Equivalent Privacy (WEP)
The _________ part of the kernel contains drivers and options essential to the kernel boot process.
monolithic