OSP - IA1102
c
4. What are the advantages of virtualization in a Linux infrastructure? 1. Cost savings by purchasing less hardware 2. Cost savings by using less power 3. Security advantages with more bastion hosts a. Only 1 and 2 are correct b. Only 2 and 3 are correct c. Only 1 and 3 are correct d. 1, 2, and 3 are correct
b
40. Which of the following is a true statement? a. A hash function and a checksum are the same thing. b. A hash function is a procedure or function that converts a large amount of data to a single (long) number. c. SHA-1 is a checksum whereas SHA-3 is a hash function. d. Both A and B
c
41. In trusted computing, a root of trust is based on a small program. What is a chain of trust associated with? a. Biometric controls b. Hash functions c. A sequence of programs d. Checksums
d
42. You want to search for and download some new open source software. What is the best Web site to browse? a. Trusted Computing Group b. NIST c. GNU d. SourceForge
a
43. Where is the GRUB configuration file found? a. /boot/grub b. /fstab c. /etc/grub d. /dev
b
76. You run the encrypt-setup-private command to encrypt a user directory. What are you prompted to enter? a. The path of the directory you're encrypting b. The login passphrase c. The encryption scheme you want to apply d. All of the above
d
77. Which command changes file ownership in Linux? a. chmod b. chfile c. chgrp d. chown
a
78. Which directive do you add or enable in the Samba configuration file to prohibit access to the [homes] share by anyone other than the owner? a. valid users = %S b. write list = @admin c. create mask = 0700 d. directory mask = 0700
d
79. You configured quotas on a Linux system. Which command do you use to edit the quota of a specific user? a. usrquota b. edit quota c. rw d. edquota
b
8. Red Hat and Ubuntu are examples of ______. a. source code b. distributions c. applications d. None of the above
b
80. Running a network service in a chroot environment is considered a layer of security because: a. The service is not allowed public access. b. The service runs in isolation in its own virtual-like environment. c. The service runs as the root user. d. The service runs on a read-only filesystem.
a
81. The theory of configuring a bastion host is one in which the server has: a. A specific function and minimal services installed to provide its designated services b. A firewall configured to allow access to local users only c. Many services running so as to make the most use of the hardware d. A WAN connection that runs all organizations' public services on the same server
d
82. Using Linux as a desktop typically involves the added security risk of: a. All users on the network having access to each other's files b. Not being able to use SSH c. Not having access to security updates d. Running GUI applications
c
83. Which e-mail client is provided by Mozilla? a. Balsa b. Kmail c. Thunderbird d. Sylpheed
a
84. Which file holds configuration settings for the extended internet super server? a. /etc/xinetd.conf b. /etc/sysctl.conf c. /etc/default.conf d. /etc/inetd.conf
c
116. From a security perspective, what is the advantage of Samba over NFS when installed with the standard configuration? a. Samba can be configured to allow access by IP address or host name. b. Samba requires a Kerberos key to authenticate. c. Samba has username and password authentication as part of its built-in functionality. d. Samba requires encryption.
d
117. In addition to usernames/passwords, SSH can authenticate a user based upon: a. The user's IP address b. The user's domain name c. Fingerprint technology d. A passphrase using a public and a private key
c
118. Which of the following is an insecure method of remote access? a. SSH b. IPSec c. Telnet d. All of the above
a
12. Which of the following is an open source license? a. GNU General Public License (GPL) b. Canonical c. OSSTMM d. UNIX
a
74. The following commands encrypt files in Linux except: a. fdisk b. gpg c. pad d. ccrypt
a
75. You are encrypting a file with GPG and want to confirm the creation of a private and public key pair. Which command do you run? a. gpg --list-keys b. gpg --gen-key c. gpg -keys d. gpg: keyring
d
1. What is a difference between security vulnerabilities associated with open source software and proprietary software? a. Vulnerabilities in propriety software are immediately known and fixed. b. Open source software vulnerabilities can take months to fix because most people working on the software are volunteers. c. There are more resources for testing proprietary software. Therefore, vulnerabilities are usually not an issue with proprietary software. d. Typically, open source software vulnerabilities are immediately made public.
b
10. What is Canonical? a. An type of open source license b. The private company behind Ubuntu c. An auditing program d. A security framework
c
100. Which of the following commands can automatically detect dependencies during software installation? a. tar b. rpm c. yum d. make
d
101. What is the native package manager for Ubuntu and other Debian-based distributions? a. emerge b. yum c. zypper d. apt
a
102. An enterprise running RHEL that wishes to control its own repository locally for package updates may consider using _________. a. Red Hat Satellite Server b. Hosted RHN c. ZENworks d. Landscape
b
103. The file to configure the various logging subsystem facilities for sysklogd package is ___________. a. /etc/sysklogd.conf b. /etc/syslog.conf c. /etc/logs.conf d. /etc/boot.log
d
104. AIDE can be described as: a. A firewall b. A vulnerability scanner c. A system process monitor d. A host-based intrusion detection software
a
105. To create a minimal Linux installation, for a bastion host for example, which mode should you install the operating system in? a. Text b. GUI c. Network d. None of the above
b
106. Which command helps to better understand the networking subsystem? a. nmap b. netstat c. top d. vmstat
c
107. Suppose a scanner discovers a new port, 8888, which is open on a Web server. Which one of the following commands will provide information on the particular network-related process that has opened the port? a. # nmap -p 8888 localhost b. # vmstat c. # lsof -ni d. # telnet localhost 8888
a
108. Which of the following tools would be most appropriate to periodically scan all Linux servers for vulnerabilities? a. Nessus® b. Tripwire c. AIDE d. Snort
c
109. You suspect a DoS attack is exploiting a weakness in an application on an Apache Web server. You want to see how many processes are running on the server. Which of the following commands lists all currently running processes? a. who apache b. ls -l/var/www/httpd c. $ ps aux d. $ ps -u root
d
11. What is included in a typical Linux distribution? a. Kernel only b. Kernel and tools only c. Kernel, tools, and libraries only d. Kernel, tools, libraries, and applications
d
110. What is the best first step in responding to a compromised system? a. Immediately turn off the computer system. b. Immediately unplug the computer system from the electrical outlet. c. Run a Live CD. d. Follow what is outlined in the incident response plan.
a
111. In a suspected compromised system, which of the following files will have the current data stored in RAM? a. /proc/kcore b. /var/log/ram.log c. /var/log/messages d. /proc/sys
b
112. When auditing user security, which of the following can you use Squid to audit? a. Physical access b. Internet access c. E-mail access d. Remote access
c
113. When auditing user security, which of the following may be subject to privacy limits, per any laws and requirements of the jurisdiction of the employee and the server? a. Physical access b. Internet access c. E-mail access d. Remote access
d
114. Which of the following is more important for administrative accounts than for standard user accounts? a. Logging Internet access b. Password complexity c. Both A and B d. Neither A nor B
b
115. Which of the following types of updates least commonly relates to the Linux kernel? a. Baseline updates b. Updates that address software bugs c. Updates that add new features d. Updates that remove features
d
13. Which of the following is not true of Linux? a. Open source licenses allow anyone to use, modify, and improve the source code. b. Compiled code, or binaries, may be the intellectual property of a company or organization. c. The source code for many Linux binaries is released under open source licenses. d. Under open source licenses, you may not compile the source code affiliated with Linux binaries into your own binaries.
c
14. Under OSSTMM, security audits are divided into how many channels? a. 1 b. 2 c. 3 d. 4
b
15. What is an entry-level security certification offered by (ISC)2 ? a. CISSP b. SSCP c. OSPA d. OWSE
b
16. Which of the following represents a type of mandatory access control? a. A user cannot open the /etc/shadow file to read because the file is owned by user and group root. b. The FTP service is allowed to interact with directories other than users' home directories. c. A regular user account does not have permission to read /var/log file. d. A user can give read, write, and execute permissions to a file.
b
17. The default mandatory access control system used for Red Hat distributions is ______. a. AppArmor b. SELinux c. Logwatch d. GRUB
d
18. Which file permission is not an example of discretionary access control? a. Read b. Write c. Execute d. Boolean
a
19. Which of the following statements is true about using a mandatory access control system on Linux? a. Properly setting up a mandatory access control system requires discipline and configuration knowledge. b. A mandatory access control system adds overhead to the kernel that renders it unnecessary to use. c. A mandatory access control system on Linux is generally considered to be a security risk. d. A mandatory access control system cannot be used in conjunction with a firewall.
c
2. Which of the following laws ensure that all U.S.-based financial institutions protect personal financial information of their clients? a. HIPAA b. SOX c. GLBA d. PCI DSS
d
20. A discretionary access control for a file is a control mechanism that can be set by _______. a. the root user b. a system administrator c. the GRUB d. the user owner of the file
a
21. The read, write, and execute permissions of a file are an example of a ________. a. discretionary access control b. firewall control c. mandatory access control d. system kernel control
d
22 Which of the following files is not a part of the shadow password suite? a. /etc/shadow b. /etc/group c. /etc/passwd d. /etc/sudoers
c
23. The iptables command is used to configure ___________. a. a mandatory access control b. user account information c. a firewall d. TCP Wrappers
a
24. Which of the following can serve as an additional "firewall" layer in Linux? a. Samba b. A modular kernel c. GRUB d. LILO
b
25. What defines the services to be run in Linux? a. GRUB b. Runlevel c. LILO d. TCP Wrappers
a
26. Gnome and KDE are __________. a. graphical desktop environments b. e-mail server packages c. Web browsers d. Web server packages
d
27. Apache is a popular type of _____________. a. graphical desktop environment b. e-mail server package c. Web browser d. Web server package
c
28. Postfix and Exim are types of _____________. a. graphical desktop environments b. FTP server packages c. SMTP server packages d. Web server packages
a
29. What would be the result of changing the GRUB option timeout=5 to timeout=0 on the Linux operating system? a. The boot loader will immediately boot the operating system into the default kernel. b. The system will display a "kernel panic" error. c. All TCP/IP connections will timeout immediately. d. This will have no impact on the Linux operating system.
a
3. Which method is preferable for securing access in the Remote Access Domain? a. SSH b. Telnet c. FTP d. NFS
b
30. The WINE application is an example of a process that runs in ______. a. network service mode b. user space c. hidden mode d. kernel space
d
31. The open source package trousers is associated most closely with ______. a. protocol analysis b. biometric controls c. firewalls d. Trusted Platform Module (TPM)
b
32. Which Linux directive hides or obscures boot messages? a. prompt b. quiet c. hide d. delay
d
33. Which of the following is not a common server form factor? a. Rack b. Blade c. Tower d. FireWire
b
34. What is Pre-boot eXecution Environment (PXE) associated with? a. Kernel development b. Linux installation over a network c. Security services d. Drive mounting
d
35. What is a TPM chip used for? a. Password protection b. Software license protection c. Disk encryption d. All of the above
a
36. What is the primary mission of the Electronic Frontier Foundation (EFF)? a. Protection of consumer digital rights b. Set security standards c. Provide Linux security certification d. Ensure Linux kernel compatibility with most hardware
c
37. Which file lists standard ports for many services? a. /etc/fstab b. /etc/init.d/ c. /etc/services d. /etc/sysconfig/
b
38. Which of the following prevents an individual who has taken an action from later denying that action? a. Confidentiality b. Nonrepudiation c. Integrity d. Privacy
a
39. Which of the following is not a biometric control? a. Key card b. Fingerprint reader c. Retinal scanner d. Hand geometry scanner
c
44. A user needs access to execute networking-related commands only. What type of access should be granted using the principle of least privilege? a. The user should be added to the admin group. b. The user should be given sudo access to all of root's commands. c. The user should be given sudo access to NETWORKING. d. The user should be provided with the root password.
a
45. What user account information can be found in the /etc/passwd file? a. The user's basic information, such as the default login shell b. The user's encrypted password c. Information on when the user last changed the password d. The user's sudo permissions
b
46. Configuring a user account policy with minimum password length, maximum days for using a password, and various user logins can be performed by editing the ________ file. a. passwd b. login.defs c. shadow d. gshadow
c
47. Which of the following control flags used in PAM approves user access assuming that there are no previous failures? a. required b. requisite c. sufficient d. allow
d
48. Which of the following commands is used to edit the /etc/sudoers file? a. usermod b. sudo <username> c. sudoers d. visudo
b
49. To apply administrative privileges for one instance of the su command, which switch do you use? a. -a b. -c c. -f d. -h
b
5. Which of the following is one of the best descriptions for OSSTMM? a. A methodology to develop open source software b. A methodology used by open source security professionals to measure compliance c. A methodology to automate penetration tests on open source software d. A methodology to ensure that no open source systems can be compromised
c
50. Which entry in the standard /etc/sudoers file gives the root administrative user full privileges through sudo? a. admin ALL=(ALL) ALL b. %admin ALL=(ALL) ALL c. root ALL=(ALL) ALL d. sys ALL=(ALL) ALL
a
51. An executable file with the _________ bit allows other users to run that command, with the permissions assigned to that user owner. a. SUID b. UID c. GID d. sticky
d
52. With which directory is the sticky bit most commonly associated? a. /home b. /bin c. /sbin d. /tmp
a
53. Which of the following is the best choice for network authentication? a. LDAP b. NIS c. PolicyKit d. openssl
b
54. Which of the following is a fake shell you can use for nonstandard users to enhance security? a. bash b. nologin c. sh d. ssh
c
55. What is a salt? a. A numeric identifier for a user group b. A type of firewall c. A 56-bit key or value added to a hash d. A login shell
c
56. What can a black-hat hacker use to decipher hashed passwords? a. A salt b. The session command c. A rainbow table d. The auth command
a
57. A PolicyKit mechanism includes a subject, an object, and an action. Which of the following is the subject? a. An administrative tool b. The device to be modified c. The file to be modified d. The method for modifying the device or configuration file
c
58. What might a large increase in the size of an authorization log file indicate? a. More frequently run user-based cron jobs b. A large number of external login attempts c. Both A and B d. Neither A nor B
a
59. Which directory does the FHS recommend for locating the configuration files? a. /etc/ b. /var/ c. /opt/ d. /usr/
c
6. Who developed the first Linux kernel? a. Andrew S. Tannenbaum b. Bill Gates c. Linus Torvalds d. Richard Stallman
b
60. Which file is used to configure the various mounting options of a filesystem upon boot? a. /etc/mount b. /etc/fstab c. /var/filesystem d. /boot/config
c
61. If a share on a Microsoft Windows host needs to mount on the Linux filesystem, which network service would typically be used? a. NFS b. NIS c. Samba d. SSH
b
62. LUKS is a specification for ________. a. mounting filesystems b. disk encryption c. mounting remote services d. linux kernels
a
63. Which mounting option enables user quotas on a filesytem? a. usrquota b. enable quotas c. edquota d. rw
b
64. The /usr/ directory contains programs that are generally accessible to all users. This directory can be secured by mounting it ______. a. as read-write b. as read-only c. as SWAP type d. remotely
c
65. Which FHS directory can be mounted separately from the root directory? a. /sbin/ b. /bin/ c. /home/ d. /etc/
b
66. Which directory renders many applications unusable, including logging into the GUI, if the space allocated to the /tmp/ filesystem is full? a. /etc/ b. /tmp/ c. /bin/ d. /var/
c
67. As specified in the FHS, log files are generally found in the _____ directory. a. /home/ b. /root/ c. /var/ d. /etc/
d
68. The GRUB configuration file is generally located in the ______ directory. a. /home/ b. /root/ c. /var/ d. /boot/
d
69. Which of the following can you configure as a separate filesystem? a. /boot/ b. /var/ftp/ c. /home/user/ d. All of the above
a
7. The Linux open source license allows anyone to use, modify, and improve the _________. a. source code b. distributions c. applications d. None of the above
d
70. Which filesystem is a good candidate for mounting in read-only mode? a. /tmp/ b. /var/ c. /root/ d. /boot/
b
71. Which Linux partition type is used for standard partitions with data? a. 82 b. 83 c. 85 d. fd
a
72. Which Linux filesystem format does not include any type of journaling? a. ext2 b. ext3 c. ext4 d. xfs
c
73. Which command formats all Linux filesystems, Microsoft VFAT, and NTFS filesystems? a. format b. fdisk c. mkfs d. mount
b
85. What is the purpose of the following iptables command? iptables -I INPUT -m state -- state -m tcp -p tcp --dport 22 -j ACCEPT a. To allow all output from the server to port 22 b. To allow all incoming connections to port 22 by inserting the rule at the top of the chain c. To append a rule at the bottom of the chain to allow port 22 d. To accept connections to source port 22 for all outgoing connections
b
86. From which of the following files does the iptables command read ports of well-known services? a. /var/log/ports b. /etc/services c. /etc/fstab d. /root/known_hosts
a
87. A server has the following TCP Wrappers configuration: /etc/hosts.allow ALL:ALL /etc/hosts.deny sshd:ALL What will be the result if an administrator accesses the server using SSH? a. All access will be granted b. Only local access will be denied c. Only the local network will be granted access d. All access will be denied
b
88. ______ are the on/off settings in SELinux that allow or deny access for a service to interact with an object. a. Switches b. Booleans c. Triggers d. ACLs
d
89. Which of the following is not a SELinux mode? a. Disabled b. Permissive c. Enforcing d. Allow
d
9. What is a common use for Linux in the LAN-to-WAN Domain? a. Firewall b. Gateway c. Bastion host d. All of the above
c
90. Regarding SELinux, which of the following files includes lists of critical files and services to be watched for changes? a. second.conf b. seservice.conf c. sestatus.conf d. secrit.conf
a
91. Which command starts the SELinux Troubleshooter? a. sealert -b b. sefix c. sestatus d. sechecker -l
d
92. Which of the following is not an AppArmor mode? a. Enforce b. Complain c. Audit d. Confirm
b
93. What is the primary AppArmor configuration file? a. aa.conf b. logprof.conf c. appa.conf d. apparmor.conf
d
94. LAMP stands for Linux/Apache/MySQL/P, where the "P" can stand for ______. a. Perl b. Python c. PHP d. All of the above
d
95. Which port does MySQL use by default? a. 23 b. 80 c. 443 d. 3306
a
96. Which Apache directive specifies an alternative port for Web pages? a. listen b. quiet c. Server Tokens d. webport
c
97. Kernels released for different architectures vary because different platforms have different ___________. a. networks b. firewalls c. CPUs d. hard drives
a
98. A "vanilla" kernel has _____________. a. a stock built from the mainline kernel b. a customized kernel built from a distribution supplier c. no networking capability d. a kernel that may have been compromised and cannot be trusted
a
99. Tuning the kernel parameters, such as the networking functionality, can be accomplished by editing the ________ file. a. /etc/sysctl.conf b. /etc/kernel.conf c. /etc/network.conf d. /etc/parameters.conf
