Linux Final
Which Tripwire command can you run regularly to detect deviations from a baseline?
#tripwire check
Which of the following directives in /etc/sysctl.conf should be set to 0 to deactivate routing on the local system?
/boot/
Turning the kernel parameters such as as the networking functionality
/etc/systl.conf
In a suspected compromised system, which of the following files should have the current data stored in RAM?
/proc/kcore
Standard logging services store logs in subdirectories
/var/log
To work with an encrypted filesystem during a digital forensic investigation, you need the following EXCEPT:
lvm2/cryptsetup
Which command helps an administrator understand a system's networking subsystem?
netstat
Which of the following commands includes port information for TCP and UDP communication in numeric format?
netstat-atnp
What does the following option in the /etc/sysctl.conf file do? net.ipv4.icmp_ignore_bogus_error_responses = 1
prevents systems from replying to ping requests
Which command does not include free space in the duplication process?
rsync
You want to find executable files in user directories. Which command is the best choice?
use a forensics kit such as Helix Knoppix
You want to use certificates on your web site (CA)
Official CA certification, your website won't get error message
Which of the following is NOT a type of Ubuntu repository?
Opensource
When creating self signed certificate which is not required
The root password
When configuring an authoritative DNS
Cache Poisoning
What is the most likely consequence of an attacker changing the routing tables on your systems?
Can redirect your users to his or her systems
Which Linux distribution is known as a rebuild of Red Hat Enterprise Linux?
Cent os
Is an entity that issues digital certificates
Certificate authority
Recursive queries are commonly associated with
DNS Servers
The apt-* commands are a series of commands developed for ______ Linux distribution. Which of the following checks for available updates?
Debian
What is Content Scramble System (CSS) associated with?
Digital rights management
In Apache Web Server, Server Tokens directive
Displays when a user navigates to a nonexisent webpage
When auditing user security, which of the following may be subject to privacy limits, per any laws and requirements of the jurisdiction of the employee and the server?
Email access
Before customizing a kernel, you should clean the directories associated with the source code by using which command? To customize a kernel, which command opens a kernel customization editing tool?
Make clean
What do the following Apache directives accomplish, collectively? Order deny, allow Deny from all Allow from 192.168.0.0/255.255.255.255.0
Limits website accessibility to a certain IP address network
You want to use a Squid Proxy Server
3128
Which of the following is an advantage of compiling a customized kernel rather than using a vendor-supplied kernel?
A custom kernel can be compiled with only the necessary modules and features
What is the best description of a functional bug?
A flaw in software that prevents part of a program
What is a commonly used bug tracking system derived from Mozilla's system and now used by Red Hat and many others?
Bugzilla
How can kernel parameters be changed without rebooting the computer system?
By modifying the value of files in the /proc file system
AIDE can be described as:
Advanced Intrusion Detection Environment
Which of the following directories should be made read-only until updates are needed?
All of the above
Which of the following enables you to check an Online Certificate Status Protocol (OCSP) server for the current status of a digital certificate?
Apache
Why is it important to install antivirus software for a Samba file server in a Microsoft Windows environment?
Because shared files on the samba server can infect windows
You are performing computer forensics and need to review data currently in RAM. What do you do to ensure you don't lose or modify the RAM data?
Create a checksum file
Log entries associated with printing are stored in which of the following?
Cups logs
A baseline configuration typically includes the following EXCEPT:
Current network state of the system that interfaces that are used the firewalls
What is the general name of a fully functional version of a Linux distribution that runs in RAM and does not require a hard disk?
Live CD
You may create multiple gold baseline configurations to reflect separation in
Filesystems
What is the best first step in responding to a compromised system?
Follow what is outlined in the incident response plan
What can you use to ensure the integrity of a downloaded package?
GNU privacy Guard (GPG) Keys
Which of the following is NOT a characteristic of a gold Linux baseline?
GUI
What is Squid
HTTP Proxy
Which desktop environment is the Konqueror Web browser part of, by default?
KDE
The commercially supported update system for the Ubuntu distribution is:
Landscape
Which of the following is the correct method to apply a new kernel built on a Linux system?
Install is as a new kernel leaving the OG kernel in place
What is Anaconda?
Installation Program used by Fedorea
You want to list open files, focusing the output on network-related processes and organizing the connections by service. Which command can you use?
Isof-ni
How can you disable Internet Protocol version 4 (IPv4) packet forwarding on a running kernel?
Issue the #echo "0" > /proc/sys/net/ipv4/ip_forward command
Which organization maintains the Common Vulnerabilities and Exposures (CVE) list?
Mitre Corporation
Which of the following is NOT an example of live media with penetration testing tools?
Nessus
Which of the following tools would be most appropriate to periodically scan all Linux servers for vulnerabilities?
Nessus
In Apache Web Server, Keep Alive
Persistent connections
LAMP Stands for "P"
Port 3306/ Perl, Python, PHP
An enterprise running Red Hat Enterprise Linux (RHEL) that wishes to control its own repository locally for package updates may consider using
Rad Hat Satellite Server
Are configuring a master authoritative DNS
Recursive querying
Which of the following is NOT a type of Domain Name Service (DNS) Server
Relay agents
Which term describes a common malware targeted for Linux operating systems that allows a black-hat hacker to take over the computer system with administrative privileges?
Rootkit
Which of the following is a valid reason to use a live CD on a suspected compromised system?
The live CD can be used for forensic analysis
You are an Ubuntu system administrator. You created a baseline and want to use it to create a fully functional Web server. You have a list of programs you need to add to the system. Which command lets you add multiple programs most easily?
Tasksel Command
To create a minimal Linux installation, for a bastion host for example, which mode should you install the operating system in?
Text
Which instrument documents where evidence came from, how that evidence was duplicated, and the methods used to analyze that evidence?
chain of cusodty
Of the following, which Linux distribution is released with long-term support (LTS) every two years?
Ubuntu
Which of the following types of updates least commonly relates to the Linux kernel?
Updates that address software bugs
Which of the following actions should you not take when implementing a new kernel?
Upgrade
Which command creates a bit-by-bit duplicate of an original disk?
dd
A security compliance team finds that a local file server has been mistakenly configured to forward packets and needs to be fixed immediately. How can a Linux system administrator verify that the Linux system is forwarding IPv4 packets?
Verify the kernel by viewing /proc/sys/net/ipv4/ip-forward
Which of the following is self-replicating malware that differs from a virus in that it does not require direct user involvement to spread?
Worm
Which commands are required to limit remote access with Squid
acl, http access
What is the native package manager for Ubuntu and other Debian-based distributions?
apt