Linux Final
purge
A Debian engineer is to harden their systems by inventorying unneeded services and then removing them. What should the engineer use to uninstall the package and remove its configuration files?
/etc/apt/sources.list
A Debian manager pulls updates from a central repository. Which of the following configurations will the manager most likely need to modify to point to the local repository?
upgrade
A Debian-based administrator is automating their patching efforts to patch on the third Saturday evening of every month. Before Monday begins, this action will give the administrator time to diagnose anything that does not work. Which command should the administrator use?
firewall-cmd --zone=dmz --add-service=http
A Linux administrator would like to add the HTTP service to the perimeter network. Which firewall-cmd command string will facilitate this objective?
Recompile the software.
A Linux software developer uses an existing open-source application for a personal project and makes the needed modifications for it to run. However, what must the developer do with the software before executing it on a Linux system?
rpm -qa > softwarelist.txt
A Linux system administrator has a service request to provide a deliverable file to the security operations team as part of a routine software audit. The file needs to contain all the installed software packages on host apachesvr01. What Red Hat package manager (RPM) query/command would provide this file for the system administrator?
Setting the immutable attribute
A Linux system administrator needs to make changes to the attributes set to certain configuration files. For example, what would the administrator accomplish by entering the command chattr +i {filename}?
getfacl
A Linux system administrator working for a web application provider that manages file and directory permissions with Access Control Lists wants to view metadata about a file object, such as its owner, group, any SUID/SGID/sticky bit flags set, the standard permissions associated with the object, and individual permission entries for users and groups. Recommend a command that will allow the administrator to view this metadata.
Use access control lists.
A Linux systems administrator wants to assign permissions to individual users and groups that do not correspond to an object's owner or group. Since traditional file permissions concepts are insufficient, recommend a method for the administrator to assign permissions to individual users and groups outside the context of traditional file permissions concepts.
services iptables save
A Red Hat Linux systems administrator configures iptables for firewall management and wants to ensure that the rules set are not lost on reboot. After installing the iptables-services package, what command can the administrator issue to ensure that changes persist?
yum deplist company.app
A company's Linux team has created a new internal software package repository. A few members of the Linux team need to finalize all the packages in the repository before releasing them to production. One part of this process is ensuring that all packages have any needed software dependencies in the repository. What yum command will check this information for the internal package company.app?
Digital signature
A developer wants to ensure users are installing the correct program. What could the developer place on their website for users to cross-reference to ensure users are installing the correct application?
Sandboxing
A mail administrator wants to open files in a virtualized environment with a risk score based on any attempts made to access system resources. What is this concept considered?
-l
A network administrator uses the netstat command to gather information about system transmission control protocol (TCP) connections. For example, the administrator needs to see what ports the system listens to during TCP connections. Which netstat command option will the network administrator use to achieve this?
-h -v
A new Linux support staff employee uses a Red Hat package manager to install a downloaded .rpm package. The employee is using the command rpm -i app.rpm, but would like to see verbose output along with a progress bar to see the progress of the installation. What switches would the support staff employee need to add to see this desired output? (Select all that apply.)
Least privilege-refers to the concept of limiting access to things based on need or title. A security guard may need access to the perimeter but may not necessarily need access to a vault.
A programmer complained to management that the programmer does not have access to certain parts of the web server. What security concept does this represent?
Applmage
A security administrator wants to test standalone application components that run as mounted drives. Which of the following should the administrator use?
nmap -sT
A security analyst plans to use the Nmap utility to conduct a TCP-connect scan. Which of the following represents the correct syntax for this command?
Flatpak
A security architect wants to test sandboxing solutions, starting with the ability to manage software on a system-wide or per-user basis. What should the security architect use?
Software dependencies
A senior Linux engineer explains the process of package management to a junior support technician. The engineer talks about how administrators had to manually perform this particular aspect of the process many years ago. The engineer explains that most modern package managers will install these automatically. The engineer is referring to what concept?
apt
A server administrator moved to the Linux server team and is responsible for the Debian-based systems. The administrator meets with the vulnerability management team and is looking to patch the machines. What will the administrator most likely interact with to accomplish this task?
LDAP-Lightweight Directory Access Protocol (LDAP) is a directory service protocol that runs over Transmission Control Protocol/Internet Protocol (TCP/IP) networks.
A small company is looking to get in compliance to obtain insurance. The insurance company recommended that the company implement a centralized access system. What system would help centralize usernames and passwords?
list
A system administrator reviews information about software on their devices. Which of the following commands would easily display an inventory?
Read (r) and Write (w) access
A system administrator sets permissions for the company and creates a group for each department. While applying the principle of least privilege, what level of access should the administrator set for a department group whose members need the ability to access, create, and modify files?
Sandbox
A systems administrator tests out new software in a highly sensitive environment and wants to isolate the application from the rest of the system and mediate communication between hardware resources and the program. What should the administrator use?
setsebool Systems engineers can configure different security contexts and settings for various systems.
A systems engineer needs to configure SELinux. Which command would change the on/off status of various SELinux policies?
chroot ??
A website administrator needs to allow untrusted users access to upload files to the server. Which of the following solutions will help isolate access to the rest of the system?
?? Use the traceroute command to traceroute the FQDN and IP address of the website you are trying to reach. Use the dig command to check information from the DNS server.
After arriving at work in the morning, you turn on your Linux workstation and attempt to visit an internet news site. After a few minutes, your web browser times out and tells you that the website is unavailable. Which of the following troubleshooting steps would help you determine the cause of this issue? (Select two.)
.rpmnew .rpmsave
After updating Linux software packages, the system will generate and use this file type to compare configuration files on the system with default configuration files provided by vendors. (Select all that apply.)
Single sign-on
An Information Technology department wants to integrate the logins for all the companies' applications to improve security and management. How could implementation integrate the various logins?
-b
An administrator wants to remove all existing entries from an Access Control List (ACL). Recommend an option for the administrator to add to the setfacl command to accomplish this task.
setfacl -R -m g:sales:rwx receipts
An administrator working for a company with over 5000 employees wants to recursively modify existing ACL settings in a directory called "receipts" and all of its subdirectories to give full access to a group of users called "sales." It is important that existing permissions outside that group not be removed or altered. Recommend a fully-fledged command for the administrator to use in this situation.
dpkg apt
An intern working with a small team responsible for software package management is learning about the various package management utilities for Linux. Given that the team only manages Debian systems, what common package managers would the intern leverage for package management? (Select all that apply.)
dnf list installed
An organization has asked a Linux system administrator to validate that a newly built Linux host server has all the needed software packages installed. What DNF command would produce an output that would allow the system administrator to validate all the currently present packages on the system?
Applications run in a sandbox Fully self-contained May be accessed and run as mounted drives without installation
AppImage package manager (Select all that apply)
nc-zv DHCP_03 53 The netcat or nc command can scan a port and report if a connection was successfully established. The -z option tell the nc command to not actually send any data, but to report the connection status only. The v options indicates verbose mode.
As the IT System Administrator, you recently set up a new DHCP server, DHCP_03. You want to test connectivity on port 53 from other servers on the network. Which of the following commands will accomplish that task?
OSI model
Consider the given choices and determine which one establishes a conceptual framework for network connectivity.
?? Fully self-contained Applications pulled from repositories called "remotes" Applications run in a sandbox
Flatpack package manager deploys software packages (Select all that apply)
It removes the existing ACL.
How does the -x option affect the setfacl command?
The user is not the owner of the file.
If a user is unable to access a file, despite the owner context having full permissions what is causing this to happen?
-rwxrw-r-- projectA
It is important for system administrators to properly interpret permissions strings to correctly manage permissions. For example, which of these permissions strings is correct for a file named projectA with the user having read, write, and execute, the group having read and write, and others having read-only permissions granted?
SSH
Jerry manages a number of Linux servers that reside in different branch offices for his company. He needs a secure way to perform maintenance, check on the status of backups, and start and stop services without traveling to those offices. Which of the following is Jerry most likely to use?
Repositories
Linux system administrators can control resources that are available to package managers. What is the name for these resources that are storage locations for published software packages?
IPv6 has more addresses more efficient routing. native encryption
List three advantages of IPv6 over IPv4.
ss -a
Management has asked a Linux administrator to document all the listening and non-listening ports for a system. What ss (socket state) command should the Linux administrator issue to display this information?
Loss of trust
Many entities responsible for issuing valid certificates had their authority taken away in recent years. Why might it be an issue if a certificate authority does not fulfill its obligations by issuing valid certificates?
Separated from host OS and other applications Reduces issues during software testing Reduces malware threats
Sandbox is a virtual environment that runs an application in isolation (Select All that apply)
644
Since system administrators have the option to use either the absolute mode or symbolic mode to provide permissions settings, it is crucial for new administrators to understand both modes. For example, what would the corresponding absolute mode value be for permissions expressed as u=rw,g=r,o=r in symbolic mode?
Full self-contained Applications run in a sandbox
Snap package manager deploys software packages (Select all that apply)
?? rsync or sftp NOT scp
Someone set you in front of two unlocked systems and told you to copy some files between them. Which command will let you copy files without knowing any passwords?
loopback address
The IP address of 127.0.0.1 is also referred to as the _____.
Run chgrp again listing the root user as the new owner
The root user utilizes the chgrp command to give ownership of a file to another user. What must the root user do to regain ownership of the file?
The owner of a text file is denied permission to view the contents of the text file.
There are many common symptoms that can relate to permission issues. What symptom can be caused by the owner not being granted read access?
ZYpp
There are various options for using package managers for installing and updating software on Linux systems. Which package manager is primarily for SUSE Linux?
The permission could have been set using the command --> chmod 755 ProjectX
Using the output below, determine which of the following is true: drwxr-xr-x 4 jsmith finance 128 feb 21 2018
execute, read, write
What are the three standard Linux permissions?
Hardening-is the security concept that is involved in mitigating security risks. This action may involve updating policy, upgrading software, or replacing hardware.
What basic concept of security involves mitigating potential security risks?
chown
What command is used to change the owner, the group, or both for a file or a directory?
chmod hobbit.pdf u=rwx,g=rx,o=r
What command will set the following permissions on the file hobbit.pdf? User: Read, Write, Execute Group: Read, Execute Other: Read
Permission attributes
What defines exactly what a user is allowed to do with a particular file or directory?
Lists directory contents in long format
What does thels -l command do?
DevSecOpsrefers to Development and Security Operations, which integrates security within the development, integration, and maintenance lifecycle.
What has come into existence with security becoming a part of the development, integration, and maintenance lifecycle?
192.168.0.0 - 192.168.255.255
What is the class c ip ranges that are set aside.
Troubleshooting
What is the recognition, diagnosis, and resolution of problems?
Establish a theory of probable cause.
What is the second step in a troubleshooting module?
--recursive -r
What option causes chown to change ownership on an entire directory tree? ( Choose all that apply)
25
What port number is Simple Mail Transfer Protocol
22
What port number is secure shell?
NTP services
What service enables the synchronization of a node's time with a designated, definitive time source?
Subnet mask
What value indicates which part of the IP (Internet Protocol) address is the network ID (identifier) and which part is the host ID?
chown {newowner}:{newgroup} {filename}
What would the appropriate syntax be if an administrator wanted to change the owner and group of a file using the chown command?
?? ~/ .ssh / known_hosts/ etc/ssh/ssh_known_hosts
Where does the client store SSH keys used to establish an SSH session?
/etc/sysconfig/network-scripts/ifcfg-enp0s3
Which file would you modify to permanently change the IP address of a network interface on a CentOS system?
switch
Which network device/component acts as a concentrator, centralizing all network connections for a segment to a single device?
immutable
Which of the following attributes can be given to a file using the chattr command in order to prevent the file from being modified in any way (even by the root user)?
chmod 775 file
Which of the following command sets "owner" and "group" to rwx permissions and other" permissions on file to r-x?
groupdel
Which of the following commands can be used to remove a group from a Linux computer?
nmtui
Which of the following commands is text-based of the Network Manager interfaces?
nmcli
Which of the following commands is the most fundamental (command-line) of the Network Manager interfaces?
chown user1:root file1
Which of the following commands will change the user ownership and group ownership of file1 to user1 and root, respectively?
id
Which of the following commands will display the group(s) a user belongs to?
22
Which of the following port numbers is associated with SSH?
-s
Which one of the setfacl command options used to set the access control list (ACL) of an object, can also replace the same ACL if it already exists?
The execute permission is not automatically set for new files.
You have a user who is denied permission to execute a script that they themselves created. What is the cause of this problem?
All the above
You have set up two internal DNS servers in your network and need to check if they're working to resolve hostnames to IP addresses and IP addresses to hostnames. Which utility can you use to do this?
ssh -l blake abc.def.com
You need to connect to a remote system whose hostname is abc.def.com and execute a shell script called daily-backup.sh that backs up some files. The username that has permissions to execute that script is blake. Which command should you run to make the connection?
port 1066
You want to change the port that SSH listens on. You are going to edit the/etc/ssh/sshd_config file. When added to the file, which line will change the listening port to 1066?
sudo cat /etc/shadow
You want to run the command cat /etc/shadow as root, but your logged in as an ordinary user. Which of the following commands will do the job, assuming that the system is configured to give you root access via the appropriate command?