Packy Test2
Which of the following statements is TRUE concerning Linux the primary group of a file.
A Linux file may have only one Linux primary group
Which of the following statements BEST describes the differences between a Linux file type and a Linux file permission?
A Linux file type determines the major structure or a file; whereas, a Linux file permission provides security protection to those who may use a file.
To facilitate the practical design of Linux file permission security, Linux groups are used. Normally, one or multiple Linux users may be members of a Linux groups. Which of the following statements is TRUE concerning Linux group membership.
A Linux user may be a member of as many Linux groups as the Linux file permission security design requires.
Which of the following statements BEST describes the concept of an API?
A customized format and protocol used to communicate and interact between applications
Which of the following statements BEST describes the concept of an Web service or Restful?
A customized format and protocol used to communicate and interact between applications
Which of the following BEST describes concept of a Linux file permission?
A file permission restricts the users and groups and the functions that may be used on a file or directory.
Concerning the group and user owner of a file, which of the following statements is false?
A user can have as many primary groups as they wish.
Which of the following is NOT an example of a special permission?
AUID
All of the following statements are examples of memory forensic data, except:
Captured packets
Which of the following is not a reason for creating a file link?
Creating two copies of the same file.
Which of the following statements BEST describes the concept of fingerprint log analysis?
Creation of a log catalog or scenario based on complex log patterns and activities to be used for future analysis.
All of the following are valid reasons for separating data, e.g., HTML documents, from application binaries and configuration files, e.g., httpd and httpd.conf, except
Data needs to visible, while daemons, applications and configuration files are normally hidden
All of the following are valid reasons to assign users a separate home directory from the programs and utilities the user may execute, except
Either b or d
All of the following statements are TRUE concerning "at-rest/dead-box" forensics investigations, except
Frequently is used to analyze of packet captures stored on pcap files.
Concerning the setting of special permissions, which of the following statements is TRUE?
In addition of setting special permissions, a file or directory must be set to executable (x) in order for the special permission to be effective
Which of the following statements BEST describes the concept of "interoperability"?
In the Network data payload
An Apache Tomcat and Axis server is used to transport web service or Restful APIs. During network transmission where is the transport web service or Restful APIs stored and the content may be forensically analyzed by Wireshark?
In the Network data payload Which of the following statements BEST compares the differences between and Apache HTTP server and an
A Linux inode is similar to a Windows ______.
Master File Table
In a file's mode, if a permission is unavailable, a(n) ____ character replaces its position in the mode.
-
Using the ls -l command, you see many files that have file types of b or c. The directory that you are currently viewing is most likely
/dev
Log files are typically stored in the ____ directory.
/var/log
According to Phil Hagan's video (SANS) opinion, which of the following statements BEST describes the MOST significant challenge to network forensic analysis?
Not capturing or storing a critical malicious frame or packet as it travels across a network.
Which of the following permission modes apply to all users on the Linux system who are not the owner of the file or directory in question and are not members of the group assigned to the file or directory.
Other
All of the following statements describes the features and benefits of Splunk, except?
Provides low-cost and open source alternatives for smaller companiese, Reduces log storage requirements by indexing events.
All of the following statements describes the features and benefits of SYSLOG, except?
Provides standard to format log message form any type of device
All of the following network forensic sources evidence are likely to be used during an investigation to analyze a CAD file or database, was accessed and was successfully copied to a foreign IP address, EXCEPT Selected Answer: [None Given]
Review the authentication log of server storing the sensitive evidence.
The practice of automatically create a private group using the same name of the user account is called?
SELinux
A directory has the mode of drwxrwSr-x. Which special permission has been set?
SGID
Which on the following special permissions should be set that enables any file within a directory to inherit the primary group of the directory and is used to create shared directories?
SGID
A file has the mode of -rwS--x--x . Which special permission has been set?
SUID
Which on the following special permissions should be set that users can execute programs by letting a user become the temporary owner of the program?
SUID
All of the following statements are TRUE concerning memory forensics investigations, except
Similar to dead-box analysis, a memory dump will protect the integrity of forensic evidence by not altering the content of system data.
All of the following statements describes a limitation of capturing full content packets, except
Since personal data is being captured and analyzed, a search warrant is always required for valid network evidence.
Apache reports HTTP status codes in its /var/log/apache/access.log. Why would HTTP status code 401 and the client's IP address be a security concern?
The HTTP GET request to access a web server document or folder cannot be authenticated by Linux
Which of the following statements describes the main advantage of using TCP/IP header forensic data as compared to a full content analysis?
The ability to analyze or store less data.
Which of the following statements BEST describes a major challenge to analyze SSL or VPN network data?
The content of transmitted network data may not be analyzed without the source and destination encryption keys.
In order for the r(read) and w(write) permission to be effective to work on the contents of a Linux directory
The read and write permission must be accompanied by the execute permission for the directory assigned to the particular owner or group
Network technologies are being used more core functions than simply transporting user and business data. According to Phil Hagan's, of SANS, opinion, all of the following core functions will INCREASE the importance of network forensics, EXCEPT
Transport of malware and viruses
What determines the default permissions to be assigned to a newly created file in a given subdirectory?
What is the umask?
What may determine the owner or primary group to be assigned to a newly created file in a given subdirectory?
Who is the user who created the file?
Both Linux text and executable binary files have the dash file type '-". How does Linux know that a file is an executable program?
by the file permission
To view the files in a directory, the owner or primary group must have which of the following permissions for that directory.
execute
What are the three standard Linux file permissions?
execute, read, write
The part of the inode table that stores file permissions is called
file mode
Which of the following Linux command would be the BEST Forensic command line tool designed to select a complete log entry, which matches a search string and will alos analyze the previous and following log entry, i.e., context matching
grep
To see the lists of groups a user belongs to use the Linux command:
groups
To see the primary group of a file use the Linux command:
groups
Which Linux command will display file permissions of files and directories?
ls -l
The section of an inode file entry that stores permissions is called the ____ of the file.
mode
How many owners many a file have?
one: normally the userid who had created the file
On a given Linux computer, program1 needs to provide information to program2 (two separate programs). If program1 and program2 are both currently running, it is best to transfer data between programs using a file with which of the following file types?
pipe(n)
The RHEL/Dedora Linux ____ log file contains authorization information, including user logins and authentication protocol used.
secure
The combination of an IP address and executing port number of an application is called
socket
Program1 is executing on Linux Computer 1 and it needs to provide information to program2 running on LINUX (two separate programs and two different computers). If program1 and program2 are running on the same schedule, it is best to transfer data between programs using a file with which of the following file types?
socket(s)
A directory has the mode of drwxrwxrwT . Which special permission has been set?
sticky bit
Which on the following special permissions should be set that users delete files that they created in a shared temporary directory?
sticky bit
Which command may be used to change the name of the current user to a different Linux user?
su
_____________ is the Linux system log protocol and dameon that is responsible for collecting and storing system audit information
syslog
Which of the following Linux command would be the BEST Forensic command line tool designed to quickly display the complete log entry for more recent events
tail
On a given Linux computer, program1 needs to provide information to program2 (two separate programs). If program1 and program2 are not running on the same schedule, it is best to transfer data between programs using a file with which of the following file types?
text(-)
The directory that Linux assumes that you want to store or access files, or to be affected by file utilities, e.g., ls, mkdir, and rm, is called?
the current directory
The BEST method retrieve forensic information from the /var/log/lastlog file is to use ___
the lastlog command
Which of the following statements BEST describes, the network forensic evidence between the Linux /var/log/lastlog as compared to other user authentication logs.
the lastlog file contains the most recent authentication evidence for all users or daemons; whereas, other authentication logs contains detailed authentication evidence and history for all users or daemons
The Linux file permission system is based on
the user account and group membership
What is owner of a file?
the userid who had created the file
Which of the following statements is the BEST strategy to collect authentication evidence for recent authentication failures of Kali/Ubuntu Linux systems
use cat /var/log/auth.log to display the authentication failures
After typing the ls -l command, you see the following line in the output: -rw-r-xr-- 1 user1 root 0 Apr 29 15:40 file1 Which of the following best describe the permissions assigned to file1?
user1 has read and write, members of the root group have read and execute, and all others have read permissions to the file.
Which Linux command may be used to determine the list groups that a Linux user belongs to?
whomai
Which command may be used to determine the name of the current Linux user who is creating the file?
whomai
If a user has ____ permission for a file, they can open, read, and edit the contents of a file.
write
Which of the following is not a valid Linux file type?
x
Splunk, CrowdStrike and IBM QRadar are popular SIEM systems, which integrates security information management tools with security event tools. SIEM products typically provide many of the features required for log management but add event-reduction, alerting and real-time analysis capabilities. Which of the following are components of SIEM systems?
All of the above.are components of SIEM systems.
Apache reports HTTP status codes in its /var/log/apache/access.log. Why would HTTP status code 200 Get Requests in a short period of time be a security concern?
An excessive number of HTTP Status code 200s may be indicative of a denial-of-service attack.
Apache reports HTTP status codes in its /var/log/apache/access.log. Why would HTTP status code 429 Get Requests in a short period of time be a security concern?
An excessive number of HTTP Status code 200s may be indicative of a denial-of-service attack.
Which of the following statements BEST describes the concept of dirty value log analysis?
Analysis of log data by searching for keywords in log entries.
Which of the following statements BEST describes the concept of log filter analysis
Analysis of log data by selecting data based on source and destination addresses, time, content, or other factor of interest.
Which of the following statements BEST describes the concept of log activity analysis?
Analysis of log data for patterns of suspicious combination or sequence of log entries
Ajax programming is a set of web development techniques using many web technologies on the client side to create asynchronous web applications. With Ajax, web applications can send and retrieve data from a server asynchronously (in the background) transiting one-character at a time without interfering with the display and behavior of the existing page, e.g., Google searches. Which of the following statements describes the best network forensic analysis technique to distinguish between human typing and malware typing?
Compare the regularity and pattern of keystroke timing by using packet using packet timestamps.
When someone visits an Apache website, a log record is recorded and stored in the ______
access.log
The Kali/Ubuntu Linux ____ log file contains authorization information, including user logins and authentication protocol used.
auth.log
Which of the following Linux command would be the BEST Forensic command line tool used to format, select individual columns and log entries, count and use functions, combining multiple log data similar to a programming language.
awk
