5602 Final
Electromagnetic output from CRT and LCD monitors
A black-hat can use Van Eck phreaking to exploit which of the following?
SMTP server packages
Postfix and Exim are types of _____________.
su -c
Which command do you use to apply administrative privileges to another command without logging in as root?
mkfs
Which command formats all Linux filesystems, Microsoft VFAT, and NTFS filesystems?
Network Information Service (NIS)
Which of the following is the best choice for network authentication?
ldd
You want to use TCP Wrappers to protect services dynamically linked to libwrap.so.0. Which command do you run to determine if a dynamic link already exists between the noted service and TCP Wrappers?
/etc/pam.d/passwd
What is the path to the pluggable authentication modules (PAM) configuration file in which you can set requirements for password complexity?
logprof.conf
What is the primary AppArmor configuration file?
To allow all incoming ICMP messages
What is the purpose of the following iptables command? iptables -A Firewall-INPUT -p icmp --icmp-type any -j ACCEPT
The user's basic information, such as the default login shell
What user account information can be found in the /etc/passwd file?
Open source projects put their source code out on the open Internet at public repositories.
Which of the following is true regarding open source software versus commercial software?
Wired Equivalent Privacy (WEP)
Which of the following should no longer be used because of weak security?
Properly setting up a mandatory access control system requires discipline and configuration knowledge.
Which of the following statements is true about using a mandatory access control system on Linux?
nmap -sP 10.0.0.0/8
Which of the following uses the ping command to display a list of active systems on a network?
chage -M 30 bob
Which of the following commands forces the user bob to change his password every 30 days?
Availability
A denial of service (DoS) attack jeopardizes which tenet of the C-I-A triad?
An administrative tool
A polkit mechanism includes a subject, an object, and an action. Which of the following is the subject?
Denies access to all daemons from all clients
A server has the following TCP Wrappers configuration: /etc/hosts.deny ALL : ALL What is the result of this configuration?
set user ID (SUID) bit
An executable file with the _________ allows other users to run that command, with the permissions assigned to that user owner.
ck-permissions
Console kit packages, such as polkit, contain three primary commands. Which of the following is NOT included?
PAM
Each line in a ____ configuration file is set up in the following format: module_type control_flag module_file (arguments)
Integrity
Ensuring that the data that is sent is the data that is received describes which tenet of the C-I-A triad?
distributions
Fedora and Ubuntu are examples of ______.
graphical desktop environments
GNOME and KDE are __________.
the boot loader
In a Linux system, _________ is responsible for locating the kernel and loading it into memory so it can run.
disk encryption
Linux unified key setup (LUKS) is a specification for ________.
lsof -ni
Suppose a scanner discovers a new port, 8888, which is open on a Web server. Which one of the following commands will provide information on the particular network-related process that has opened the port?
as read-only
The /usr/ directory contains programs that are generally accessible to all users. This directory can be secured by mounting it ______.
/boot/
The GRUB configuration file is generally located in the ______ directory.
SELinux
The default mandatory access control system used for Red Hat distributions is ______.
a firewall
The iptables program is used to configure ___________.
discretionary access control
The read, write, and execute permissions of a file are an example of a ________.
SATAN
The security test tool SAINT began as the open source version of __________.
I, II, and III are correct
What are the advantages of virtualization in a Linux infrastructure? I. Cost savings by purchasing less hardware II. Managing a single physical system with many different functions III. Managing several physical systems, each with a unique function
GNU Privacy Guard (GPG) keys
What can you use to ensure the integrity of a downloaded package?
Runlevel
What defines the services to be run in Linux?
Authenticity
What does the Parkerian hexad include that the C-I-A triad does not?
The company behind Ubuntu
What is Canonical?
An intrusion detection system
What is Tripwire?
A value added to a hash
What is a salt?
You can upgrade the distribution at a later date with little risk to user files.
What is a valid reason for setting up the /home/ directory as a separate filesystem?
A fortified place
What is the best definition of a bastion?
83
Which Linux partition type is used for standard partitions with data?
nc
Which command is associated with netcat, a service that reads and writes over network connections?
sealert -b
Which command starts the SELinux Troubleshooter?
/tmp/
Which directory renders many applications unusable, including logging into the graphical user interface (GUI), if the space allocated to the /tmp/ filesystem is full?
/etc/fstab
Which file is used to configure the various mounting options of a filesystem upon boot?
sufficient
Which of the following control flags used in pluggable authentication modules (PAM) approves user access assuming that there are no previous failures?
Allow
Which of the following is NOT an SELinux mode?
Is released under an open source license
Which of the following is NOT true of Nessus?
GNU General Public License (GPL)
Which of the following is an open source license?
Nessus
Which tool is generally NOT used to decrypt and test passwords?
White-hat hacker
You are a computer security consultant who has been hired by a company to break into its network and protected systems to test and assess their security. Which of the following describes your role?
iptables -F
You are testing an iptables firewall using the nmap tool. You wish to temporarily turn off the iptables firewall on the system. Which command do you use?
The login passphrase
You run the encrypt-setup-private command to encrypt a user directory. What is one thing you are prompted to enter?
chroot_local_user = YES
You set up an FTP server and configured it to allow users to access their home directories. Which directive should you also include in the configuration file for security purposes?
21
You used a protocol analyzer to capture some network traffic. You want to focus on FTP traffic. Which port number do you include in the filter?
%users ALL=/sbin/fdisk /dev/sda, /usr/bin/yum
You want to allow members of the users group to use fdisk on the /dev/sda drive (and only that drive) and to use the yum command to update and install packages. Which command do you run?
Internet Assigned Numbers Authority (IANA)
You want to find out which ports are associated with certain TCP/IP services. Which organization specifies default port numbers and protocols for thousands of services?
A hypervisor
________ is the software that manages and runs virtual machines.