CHAPTER 14

Ace your homework & exams now with Quizwiz!

CVE

Common Vulnerabilities and Exposures (CVE) A system used to catalog security vulnerabilities.

audit2why command

Displays and modifies the MAC address cache on a system.j

iftop command

Displays the bandwidth sent from the local computer to other host

/etc/sudoers

Where does the sudo command check to determine a user's privileges when they attempt to run the sudo command?

ulimit

Which command can increase the number of filehandles that programs can open in a shell?

Delegate responsibility.

Which of the following steps is not a common troubleshooting procedure?

nmap

nmap (network mapper) command Used to scan ports on network computers.

apparmor

A Linux kernel module and related software packages that prevent malicious software from accessing system resources.

LDP

Linux Documentation Project (LDP) A large collection of Linux resources, information, and help files supplied free of charge and maintained by the Linux community.

visudo command

Used to modify the contents of the /etc/sudoers file.

INPUT

What type of iptables chain targets traffic that is destined for the local computer?

False

When the fsck command cannot repair a non-root ( / ) filesystem, you should immediately restore all data from backup. True or False?

/etc/sudoers

Which file contains information regarding the users, computers, and commands used by the sudo command?

ufw status

Which of the following UFW commands can be used to view configured firewall rules?

ping

Which of the following commands can be used to determine the round trip time that a packet takes to traverse a network connection?

su

Which of the following commands will allow the root user to switch to another user account without having to enter that user account's password?

firewall-cmd --add-service ssh --permanent

Which of the following firewalld commands can be used to allow incoming SSH connections the next time the system is booted?

aa-trust

Which of the following is not a valid Apparmor command?

RSA and RSA

Which of the following is the default option for the kind of keys to be generated when using the gpg --gen-key command?

Kerberos

Which of the following packages should be installed in order to integrate certain authentication functions with Microsoft's Active Directory?

LUKS GPG

Which of the following technologies can encrypt files stored on a filesystem within a Linux system? (Choose all that apply.)

nmap

Which of the following utilities can be used by a system administrator to determine which services are responding to network requests?

vmstat

Which of the following utilities will allow you to view information about virtual memory usage on a Linux system?

-Z

Which option can be added to the ls or ps command to view the SELinux label?

ufw command

ufw (Uncomplicated Firewall) command Used to configure UFW.

SELinux

security Enhanced Linux (sELinux) A set of Linux kernel components and related software packages that prevent malicious software from accessing system resources.

iostat command

iostat (input/output statistics) command Displays input and output statistics for block storage devices on the system.

iotop command

iotop (input/output top) command Displays the processes on a Linux system that have the highest number of associated input/output requests to block storage devices.

aa-enforece

Setas an app armor profile to enforce mode

aa-complain

Sets an app armory profile to comaplain mode

getenforce command

Used to view whether SElinux is using enforcing or permissive mode

ip6tables

Which of the following can you use to configure firewall rules for IPv6 on a Linux system?

sudo

Which of the following commands allows a standard user to execute a single command as root without actually switching to the root account?

sar free vmstat

Which of the following commands can be used to display memory statistics? (Choose all that apply.)

nmap

Which of the following commands can be used to scan the available ports on computers within your organization?

edquota -u jsmith

Which of the following commands can be used to view the quota for a user?

Encrypt for the user id given.

Which of the following does the -r option for the gpg command specify?

/etc/hosts.allow and /etc/hosts.deny

Which of the following files does a TCP wrapper check before starting a network daemon?

sa19

Which of the following files is likely to be found in the /var/log/sa directory on a Fedora system over time?

restorecon command

Forces SELinux to set the default label on system files and directories.

aa-unconfined

List process that are not controlled by app armor

proactive maintenance

The measures taken to reduce future system problems.

reactive maintenance

The measures taken when system problems arise.

False

The pam_tally2.so PAM can be used to enforce complex passwords on a Linux system. True or False?

jabberin

The process by which failing hardware components send large amounts of information to the cpu

bus mastering

The process by which peripheral components perform tasks normally executed by the CPU.

sudoedit command

Used to edit text files as another user via entries in the /etc/sudoers file.

iperf command

Used to measure the bandwidth between two computers.

setsebool command

Used to modify SELinux settings within an SELinux policy.

ulimit command

Used to modify process limit parameters in the current shell.

tshark command

Used to start a command- line version of the graphical Wireshark program.

klist command

Used to view Kerberos authentication information.

udevadm command

Used to view and modify udev daemon configuration.

pam_Tally2 command

Used to view and modify user lockout setting

faillock command

Used to view and modify user lockout settings

aa-status

View the status of app armor and app armor profiles

Lock the server in a server closet. Ensure that SELinux or AppArmor is used to protect key services. Use encryption for files and network traffic.

What are best practices for securing a local Linux server? (Choose all that apply.)

Take 50 swap statistics every 3 seconds.

What will the command sar â "W 3 50 do?

tracepath mtr traceroute

When experiencing a network issue, you want to determine where the source of the problem is. Which of the three following commands can be used to determine whether there is an issue with a router in the normal route that the packets are attempting to take?

chains

The components of a firewall that specify the general type of network traffic to which rules apply.

file handles

The connections that a program makes to file on a system

firewall daemon (firewalld)

A daemon that can be used to simplify the configuration of netfilter firewall rules via network zones.

firewall-cmd command

A daemon that can be used to simplify the configuration of netfilter firewall rules via network zones.

gpg agent

A daemon that can be used to store private key pass phrases used by gpg

firewall configuration utility

A graphical firewall configuration utility used on Fedora systems.

automatic bug reporting tool daemon(abrtd)

A process that automatically sends application crash data to an online bug reporting service.

TCP wrapper

A program that can be used to run a network daemon with additional client restrictions specified in the /etc/hosts.allow and /etc/hosts.deny files.

apparmor profile

A text file within the /etc/ apparmor.d directory that lists application-specific restrictions.

CWE

Common Vulnerabilities and Exposures (CVE) A system used to catalog security vulnerabilities.

aa-disable

Disable an app armor profile

seinfo command

Displays Linux features

brctl

Displays and modifies Ethernet bridge configuration within the Linux kernel.

arp command

Displays and modifies the MAC address cache on a system.

dmidecode command

Displays hardware device information detected by the system BIOS.

tload command

Displays load average information for a Linux system.

vmstat command

Displays memory, CPU, and swap statistics on a Linux system

uptime command

Displays system uptime and load average information for a Linux system.

sestatus command

Displays the current status and functionality of the SELinux subsystem.

gpg

GNU Privacy Guard (GPG) An open source asymmetric encryption technology that can be used to encrypt and digitally sign files and email.

brctl

If a Linux system is running as a virtual machine, it may be using a bridge for the virtual network adapter within the virtual machine to the physical network adapter. Which of the following commands can be used to view or modify the bridge configuration used by the Linux kernel for your network adapter?

/etc/nologin.txt

If someone tries to log into a system using a daemon account, but the daemon account does not have a valid shell assigned to it, they would normally see a standard warning. If you want to customize the error, which of the following files can you put a message in that will display upon an attempted login?

LUKS

Linux Unified Key setup (LUKs) A technology that encrypts the contents of a Linux filesystem.

MCS

Multi-Category security (MCs) An optional SELinux policy scheme that prevents processes from accessing other processes that have similar attributes.

False

Network latency issues are often caused by SELinux or AppArmor restrictions. True or False?

monitoring

On which part of the maintenance cycle do Linux administrators spend the most time?

setenforce command

Used to change SELinux between enforcing and permissive mode.

chcom command

Used to change the type classification within SELinux labels on system files and directories.

ipset command

Used to configure IP sets.

iptables command

Used to configure IPv4 rules for a netfilter firewall.

ip6tables command

Used to configure IPv6 rules for a netfilter firewall.

cryptosetup command

Used to configure and manage LUKS

gpg command

Used to configure and manage gpg

getsebool

Used to display SElinux settings within a SELinux policy

free command

Used to display memory and swap statistics.

mpstat

mpstat (multiple processor statistics) command Displays CPU statistics on a Linux system.

pidstat command

pidstat (PID statistics) command Displays CPU statistics for each PID on a Linux system.

sar

sar (system activity reporter) command Displays various performance-related statistics on a Linux system.

sysstat

system statistics (sysstat) package A software package that contains common performance-monitoring utilities.

ip set

A list of hosts and networks that can be used within a firewall rule.

ifconfig eth0

You want to determine whether your Linux workstation was able to get assigned an IP address from the DHCP server once you connected it to the network. Which of the following legacy commands might help you determine this?

netfilter

The Linux kernel component that provides firewall and NAT capability on modern Linux systems.

DMZ

In which of the following zones might a system administrator put the web server hosting the company's publicly accessible website?

ioping command

Sends input output request5 to a block storage device and measures the speed at which they occur

True

To set udev rules on a Linux system, you must add the appropriate line to a file within the /etc/udev/rules.d directory. True or False?

kinit command

Used to authenticate to a Kerberos authentication service.

Users must use at least 3 characters as numbers in their passwords.

When looking at the password-auth file on a Fedora system, you notice part of the syntax that says dcredit=3. What is the significance of this part of the configuration?

Bad, because the processor is idle 10 percent of the time and perhaps a faster CPU is required

When performing a sar â "u command, you notice that %idle is consistently 10%. Is this good or bad?

Ensure that only necessary services are running.

Which of the following actions should you first take to secure your Linux computer against network attacks?

--use-agent

Which of the following options for the gpg command will attempt to use the gpg agent and if it cannot will ask for a passphrase?


Related study sets

2015-2020 Dietary Guidelines for Americans

View Set

chapter 4 bio 135 multiple choice

View Set

Strategic Management Chapter 6-11

View Set

Intro to Politics ~ Quiz Two and Test One

View Set

geometry b - unit 5: three-dimensional figures lessons 20-23

View Set