Security Chapter 15

A number of remote users call to say that they cannot connect via SSH today. When you look at the processes, you see that the daemon is not running. Which command would you use to solve this problem?

/etc/rc.d/init.d/sshd start

Which of the following provides security for datagram-based applications by allowing them a communication method designed to prevent eavesdropping, tampering, and message forgery?

DTLS

If a packet arrives out of order and is not reassembled correctly, the packet cannot be decrypted properly. What feature does DTLS provide to help resolve this issue?

DTLS adds sequence numbering to the application, allowing it not to be dependent on the underlying transport technology.

As you configure your client for public key authentication, you decide to generate the DSA key pair. You would like to configure the client to automatically provide the private key passphrase when needed so that you do not need to type the passphrase for every new SSH connection to a server. Which command should you use in conjunction with the ssh-agent bash command? (Enter the command and options as if you are at the command prompt.)

ssh-add ~/.ssh/id_dsa

When using DSA to establish an SSH session, what is the name of the key that the SSH server sends to the client? (Enter the name of the key only.)

ssh_host_dsa_key.pub

Which daemon, or service, provides port tunneling to encrypt non-secure protocols such as email and X server traffic?

ssh

Which ssh option should you enter at the command prompt to set up an SSH tunnel for X server traffic?

ssh -X

You need to connect to a remote system whosehostnamee is abc.def.com and execute a shell script called daily-backup.sh that backs up some files. The username that has permissions to execute that script is blake. Which command should you run to make the connection?

ssh -l blake abc.def.com

You are configuring public key authentication on your client system. What command enables the passphrase agent?

ssh-agent bash

You are configuring public key authentication on your client system. What command creates a key on the client to use when authenticating to a server?

ssh-keygen

Which of the following public keys is sent from the SSH server to the SSH client when they are in the process of establishing a session with the SSH1 protocol?

ssh_host_key.pub

You are currently logged in using the badams account. You want to view the contents of the /etc/inittab file, but you are not allowed to with the badams account. Which command could you use to view the file?

su -c "cat /etc/inittab" -l

What command can you enter to configure AppArmor to start each time your system is booted?

systemctl enable apparmor

Unnecessary network services might provide attackers with an entry point for an attack. To view a list of services, or units, installed or running on a systemd-based system, what could you enter at the command prompt?

systemctl list-units

What command can you enter to determine if AppArmor is enabled on boot?

systemctl status apparmor

What command do you enter at the command prompt to prevent the shell from using too many system resources?

ulimit

What do you enter at the command prompt to edit the /etc/sudoers file?

visudo

Which of the following sysctl parameters would you use to load sysctl settings from the /etc/sysctl.conf file?

-p

Which configuration file should you edit to enable Pluggable Authentication Modules (PAM) to check for a file named /etc/nologin?

/etc/pam.d/login

What is the full path and filename of the file you should edit to limit the amount of concurrent logins for a specific user?

/etc/security/limits.conf

SELinux uses a security context to classify resources, such as processes and files. This context specifies how and by whom a given resource can be accessed. What file lists the security context of files and processes for SELinux?

/etc/sestatus.conf

As the network administrator, one of your responsibilities is to analyze and troubleshoot SELinux context violations. In which directory are the SELinux violations recorded?

/var/log/audit

What is the file that the sudo command uses to log information about users and the commands they run, as well as failed attempts to use sudo?

/var/log/security

Where does the client store SSH keys used to establish an SSH session? (Select two.)

1. /etc/ssh/ssh_known_hosts 2. ~/.ssh/known_hosts

Which of the following are multifactor authentications supported by Linux? (Select three.)

1. Iris pattern 2. Fingerprint 3. One-time password (OTP)

Which of the following can you do to re-enable user logins after configuring login blocking? (Select two.)

1. Rename the /etc/nologin file 2. Delete the /etc/nologin file

As an IT administrator, which of the following are the MOST likely reasons you would want to prevent users from logging in to a Linux system? (Select two.)

1. While responding to a security event 2. While troubleshooting problems

When configuring the SSH daemon using the /etc/ssh/sshd_config file, which options can be set to prevent or allow unrestricted access to all GUI features on the client? (Select two.)

1. X11Forwarding 2. ForwardX11Trusted

Which keys are generated when you execute the ssh-keygen command with no options? (Select two.)

1. id_rsa.pub 2. id_rsa

Which of the following is the MOST correct description for 3DES?

3DES is a very secure mode of the DES algorithm encryption method that encrypts data three times using a 168-bit key.

Which of the following is the MOST accurate definition of Pluggable Authentication Modules (PAM)?

A set of modules that enables various authentication systems on a Linux computer.

Which of the following is a reference for publicly known security vulnerabilities maintained by the US government?

CVE

What effect does the ulimit -t 600 command have on a Linux system?

Limits CPU time for a process to ten minutes.

What is the name of the hash function used to verify the public key for an SSH connection?

MD5

You want to enable public key authentication on the server. What option in the /etc/ssh/sshd_config file needs to be set?

PubkeyAuthentication yes

For Linux systems where physical access could be compromised, which of the following best practices should be implemented to prevent a user from booting into single-user mode with root access?

Set a bootloader password.

What is the purpose of the -N option in the following command? ssh -f -N -L 2345:mail.mydomain.com:110 [email protected]

To ensure that SSH does not execute a remote command.

What command should you use on an init-based Linux system to check for issues with network services?

chkconfig

The Kerberos protocol is based on tickets that allow nodes to communicate over a non-secure network to prove their identity for security purposes. What is the command you can enter to authenticate with a Kerberos server?

kinit

Which of the following parameters would you enter in your /etc/sysctl.conf file to not accept source routing?

net.ipv4.conf.default.accept_source_route = 0

You need to increase the security of your Linux system by finding and closing open ports. Which of the following commands should you use to locate open ports?

nmap

What should you enter at the command prompt to scan for open TCP ports on your Linux system?

nmap -sT

Which of the following is a pair of virtual character devices that provide a bidirectional communication channel? (One end of the channel is called the master; the other end is called the slave.)

pseudo-terminal (pty)

You are limiting the total amount of memory a user can take up when they use the X Windows System. Which of the following limit keywords should you use?

rss

Which of the following is the BEST command for viewing SELinux errors?

sealert

AppArmor has been installed on your computer. Which of the following directories contain your AppArmor profiles?

/etc/apparmor.d/

You want to fine-tune how AppArmor functions without having to adjust your profiles. What directory stores text-based files that you can use to fine-tune AppArmor?

/etc/apparmor.d/tunables

You work for a growing small business where the executives are traveling and working remotely. Which of the following would offer the BEST protection for sensitive data on their laptops?

LUKS disk encryption

You would like to make it harder for malicious users to gain access to sensitive information. Which of the following techniques can be used to remap the root directory to include only certain directories and files?

chroot jail SSH

You want to test an AppArmor profile to see if any errors occur to help fine-tune the profile. What AppArmor mode should you use for testing the profile?

complain

Removing unnecessary software increases the security of your Linux system. If your system uses RPM for package management, what can you enter at the command prompt to look for unnecessary software that might be installed on your system?

dnf list installed

You want to change the port that SSH listens on. You are going to edit the /etc/ssh/sshd_config file. Which line, when added to the file, will change the listening port to 1066?

port 1066

You have logged in as a regular user when a frantic phone call comes in. The ABCD process must be started on the server now but can only be run by root. Which command would you use to start this process?

sudo ABCD

You need to block all users from logging in to the Linux system while you resolve a serious issue. You first need to force all active users to log out. Which command should you enter to display a list of all active users?

w

Which of the following is the first task you need to do to configure login blocking?

Force all users to log out of the system.

There are several sections in the /etc/sudoers file that allow you to make configuration changes for the sudo command. Drag the sudoers section on the right to the correct definition on the left.

Host_Alias: Specifies a list of computers on which sudo users can perform commands. Runas_Alias: Specifies a username that is used when running commands with sudo. Usually, this is just root Cmnd_Alias: Specifies a set of commands that users can execute using the sudo command. User_AliasSpecifies a set of users who are allowed to execute a specific set of commands using the sudo command.

Protocols define basic rules for exchanging information and can become unsecure. Older protocols may lack encryption, making it easy to sniff credentials on the network. You should avoid using these protocols for services that share sensitive data. Which of the following are older protocols that lack encryption and should be avoided for sensitive data? (Select two.)

1. IMAP 2. FTP

What does the netstat -a command display?

All listening and non-listening sockets

You want to ensure that anyone with physical access to the keyboard is prevented from rebooting the server without having to log on. You also want to prevent accidental reboots. What can you do to solve this issue?

Disable Ctrl+Alt+Delete

Which of the following BEST describes a self-signed certificate?

It lets you encrypt communication between your server and a client but is not signed by any trusted certificate authorities.

Which of the following is a message presented when a user first connects to a Linux machine informing the user that their actions on the system may be monitored?

MOTD

What tool can you use to create and view certificates, as well as test SSL/TLS connections?

OpenSSL

Which of the following technologies can you use to set up passwordless SSH logins by distributing a server SSH certificate?

Public key infrastructure (PKI)

You have just started protecting your computer while running Firefox using AppArmor. After a short time, employees complain that some of the features they use frequently are no longer functioning. After a quick check, you discover that these features should be working and decide not to protect Firefox anymore. Which of the following is the BEST command to quickly stop protecting Firefox?

aa-disable /etc/apparmor.d/usr.bin.firefox

What is the full path and filename of the file you should create to disable user login on a Linux system?

/etc/nologin

You want to add a line to the sudoers file that limits users in the managers group to editing the /etc/hosts.allow file. Which of the following would you enter in the sudoers file to meet your requirements?

%managers ALL = sudoedit /etc/hosts.allow

The ssh command sets up an SSH tunnel from the client to the server, and includes several options. From the list on the left, drag the ssh command option to its correct definition on the right.

-g: Overrides configuration file settings and creates a tunnel (if needed). -N: Ensures that SSH does not execute a remote command. server: Specifies the server running the SSH daemon. -f: Runs SSH in the background after the password prompt. -L: Specifies the port numbers and server address.

Within the /etc/security/limits.conf file, you notice the following entry: @guests hard maxlogins 3 What effect does this line have on your Linux system?

Limits the number of maximum logins from the guest group to three.

You are the only Linux administrator for a very small company. You are constantly asked to fix one problem or another as they occur. Which of the following is the BEST way to log into the system each morning?

Log in as a regular user and then use su as needed to solve problems.

Which SSH version supports the Rivest, Shamir Adleman (RSA), and Digital Signature Algorithm (DSA) encryption standards?

SSH2

In the following IPsec diagram, only the payload of the IP packet is encrypted, and the original IP headers are left intact. Which IPsec mode is being illustrated?

Transport

In the following IPsec diagram, the entire original IP packet is protected by IPsec, meaning that IPsec wraps and encrypts the original packet and then adds a new IP header which is then sent on to the other side of the VPN tunnel. Which IPsec mode is being illustrated?

Tunnel

The /etc/ssh/sshd_config file configures the SSH daemon on the server. Which of the following commonly used options for configuring an SSH tunnel allows any computer to act as a graphical terminal server?

VNC

What should you enter at the command prompt to display both listening and non-listening sockets on your Linux system?

netstat -a

You have installed the semanage tool on your Linux server and want to use it to analyze the audit.log file for any SELinux errors. What would you enter at a command prompt to run the tool and analyze the audit.log file?

sealert -a /var/log/audit/audit.log

You are a network administrator for your company. A user calls to complain that their Firefox browser is not working as it did the day before. Knowing that you recently updated the SELinux profile for Firefox, you suspect the change you made is causing the issue. You want to troubleshoot the issue by switching the profile to permissive mode. Which of the following is the BEST command to use in this situation?

setenforce

A digital signature uses an asymmetric key pair to allow a sender's identity to be verified by a recipient. What does the sender use to create a digital signature that is then decrypted by the recipient?

Private key

Which of the following virtual private networks (VPNs) utilizes digital certificates to ensure that only the intended recipients can view and use the data sent?

SSL/TLS

What is the effect of the following command? chage -M 60 -W 10 jsmith

Sets the password for jsmith to expire after 60 days and gives a warning 10 days before it expires.

Which of the following protocols ensures that messages being transmitted on the internet are private and tamper-proof, uses TCP, and allows for quick auto-configuration of hosts that are attempting to connect?

TLS

You want to create an SELinux policy for a specific process and run that process in a confined domain. What is the SELinux policy type you need to create?

Targeted policy

Which of the following is the second step in the SSH port tunneling process?

The SSH daemon intercepts all traffic sent to that port, encrypts it, and sends it to the SSH client.

Maria, a company employee, is working remotely from a hotel while traveling for business. Maria needs to access some sales resources on the company's network. Which of the following would allow Maria to securely access the resources she needs?

VPN

You have used su to switch to the root user account to perform some system administration tasks. Now you want to change back to your regular user account. Which command should you use?

exit

Which of the following is associated with a Linux computer's controlling terminal or the shell's window?

/dev/tty5

Which of the following file types pose a high-security risk to a Linux computer? (Select two.)

1. Files that have the write and execute permissions for others. 2. Executable files owned by the root user that have the SUID (Set User ID) permission.

You have installed and are using AppArmor to protect your Linux systems from untrusted or insecure processes. Your AppArmor home tunable file lists /home as the only directory permitted for all user's home directories. However, Human Resources employees use an /hr/home directory path for their user directories. What entry do you need in the home tunable file to include the /hr/home directory path?

@{HOMEDIRS}=/home/ /hr/home/

You would like to use SSH port tunneling to work on a remote system. You also need to ensure that all data that you send to the remote system is encrypted. Which SSH configuration option, in the /etc/ssh/sshd_config file, needs to be set to yes?

AllowTCPForwarding

What is the purpose of the find / type f -perm -o=x -ls command?

Audits files in the root directory that have execute permissions for others.

Which of the following is the second task you need to do to configure login blocking?

Disable the ability to login to the system.

SELinux uses modes to control how policies are applied and how access is granted or denied. What SELinux mode allows or denies access based on policy rules?

Enforcing mode

When authenticating with a public key, the client specifies which public key the server uses for authentication, and then the server checks to ensure the key has previously been authenticated. What happens next in the authentication process?

If the key is known to the server, it encrypts a random number with the public key and sends the encrypted number to the client.

Which of the following is a special user group found on some Linux systems that control access to the su or sudo command?

Wheel

Which of the following is a significant difference between VPN tunnel and transport modes?

With transport mode, only the payload of the IP packet is encrypted, and the original IP headers are left intact.

Your computer is using AppArmor. Which of the following commands is BEST to use for troubleshooting an AppArmor profile?

aa-complain

Which of the following lets you create new AppArmor profiles?

aa-genprof

You are running AppArmor on your system. Which of the following commands will show all processes from the /proc filesystem with TCP or UDP ports that are not protected by AppArmor profiles?

aa-unconfined --paranoid

Login blocking is enabled using the Pluggable Authentication Modules (PAM) module. What line needs to be in the /etc/pam.d/login file to configure PAM to check and see if a file named /etc/nologin exists?

auth requisite pam_nologin.so

As a system administrator, you are experiencing SELinux violations and want to search through the audit.log.1 file to display any of these violations. Which of the following commands would you use to search for and display these violations?

cat /var/log/audit/audit.log.1 | grep type=AVC

You have entered the cat /var/log/audit/audit.log | grep type=AVC command as the root user to view any AVC errors (SELinux errors) listed in the audit.log file. The following error is displayed: type=AVC msg=audit (1543359698.852:262): avc: denied { create } for pid=5136 comm="gdm-session-wor" name="gdm" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:admin_home_t:s0 tclass=dir What is the command issued that was denied by an SELinux policy?

gdm-session-wor

You were recently asked to manage the SELinux implementation at your company. Since you are still coming up to speed on this technology, you have not yet mastered the process of creating or making major changes to SELinux policies. However, an employee has just called you complaining that they aren't able to accomplish a task with a particular application. After scanning through the SELinux policy for that application, you notice that there is a method that can be used to enable the desired function. Which of the following is the BEST command for enabling that feature without editing the policy?

setsebool

PAM is configured on your system to look for the presence of the nologin file in the /etc directory. If the nologin file exists, user login is disabled, and only the root user can log in. If your current working directory is root's home directory, which command would you enter to quickly create an empty nologin file in the /etc directory?

touch /etc/nologin

You can redirect the console using a local or a remote SSH connection. Which of the following are characteristics of configuring and accessing remote port forwarding? (Select two.)

1. You modify the /etc/ssh/sshd_config file to include the gateway entry at the end of the file. 2. You enter the command ssh -R port:localhost:port username@hostname.

You need to edit the commands that are allowed to be used with the sudo command. What is the full path and filename of the file you should edit?

/etc/sudoers

Sam, a system administrator, is implementing measures to harden the Linux systems on the network. Sam wants to modify kernel parameters at runtime to protect the system from syn flood attacks using the sysctl command. Which file would Sam modify to implement the following changes? # TCP SYN Flood Protection net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_max_syn_backlog = 2048 net.ipv4.tcp_synack_retries = 3

/etc/sysctl.conf

The gshant user is attempting to connect to a remote SSH server; however, you need to override the default SSH configurations for the client system when gshant establishes an SSH session. Which of the following files should you edit?

/home/gshant/.ssh/config

Which of the following BEST describes an asymmetric type of encryption? (Select two.)

1. A public key is made available to anyone; a private key is kept secret. 2. Data encrypted with the public key can only be decrypted using the private key.

You can redirect the console using a local or remote SSH connection. Which of the following are characteristics of configuring and accessing local port forwarding? (Select two.)

1. To establish the connection, you enter ssh -L port:hostname:port localhost in a terminal window on your client. 2. You enter your password to authenticate to your machine.

To create or manage OpenSSL certificates, you use the openssl command, along with one or more options. From the list on the left, drag the openssl command option to its correct definition on the right.

-keyout: Specifies the directory and filename for the private key being created. -newkey: Specifies that the new certificate and new key will be created at the same time. -x509: Specifies that the certificate being created will be a self-signed instead of a signed certificate. -out: Specifies the directory and filename for the self-signed key being created. -nodes: Specifies that openssl should skip the option to secure your certificate with a passphrase.

Carlos, a system administrator, needs to set up a VPN tunnel from a branch office to the main office. Data security is a high priority. Which of the following will allow the IP packets to be encrypted and encapsulated in a new IP header that is sent through the VPN tunnel?

IPSec