Security Strategies in Linux Platforms and Applications - Practice Test 03
126. What is the CUPS service associated with?
printing
138. Which of the following is true regarding open source software versus commercial software?
repository public
82. Which runlevel reboots a system?
runlevel 6
90. Which of the following replaces the init process used in both Upstart and SysVInit systems?
systemd
46. You are an Ubuntu system administrator. You created a baseline and want to use it to create a fully functional Web server. You have a list of programs you need to add to the system. Which command lets you add multiple programs most easily?
tasksel command
44. A baseline configuration typically includes the following EXCEPT:
the current network state of the system the interfaces that are used the firewalls that are configured the ports that may be open, and so on
148. Which of the following is usually about preventing a party involved in a transaction from denying that the transaction occurred?
Nonrepudiation
118. Each line in a ____ configuration file is set up in the following format: .......module_type control_flag module_file (arguments)
PAM
133. Deployment options for Linux servers generally include the following EXCEPT:
Physical System under your control Virtual System under your control Through the use of a cloud-based provider
68. Which of the following authentication systems is NOT normally configured with Remote Authentication Dial-In User Service (RADIUS)?
a local shadow password suite LDAP servers Password Authentication Protocol (PAP) Challenge-Handshake Authentication Protocol (CHAP) Extensible Authentication Protocol (EAP).
48. A "vanilla" kernel has _____________. a. a stock built from the mainline kernel b. a customized kernel built from a distribution supplier c. no networking capability d. a kernel that may have been compromised and cannot be trusted
a stock built from the mainline kernel
50. Which configuration file makes changes persist across reboots to disable packet forwarding? a. /etc/sysctl.conf b. /etc/routers c. /etc/forwarding d. /boot/kernel.conf
a. /etc/sysctl.conf
99. You want to set up maximum protection with TCP Wrappers. What rule do you include in the /etc/hosts.deny file to deny access to all daemons from all clients? a. ALL : ALL b. no daemons : no clients c. deny all d. all services : no clients
a. ALL : ALL
76. Which of the following is NOT a type of Domain Name Service (DNS) server? a. Backup domain b. Master c. Slave d. Caching-only
a. Backup domain
116. Which of the following is the best choice for network authentication? a. LDAP b. NIS c. PolicyKit d. openssl
a. LDAP
67. What does Kerberos require? a. Network Time Protocol (NTP) b. Secure Shell (SSH) c. Samba d. IPSec
a. Network Time Protocol (NTP)
66. Which of the following is NOT a type of Ubuntu repository? a. OpenSource b. Restricted c. Universe d. Multiverse
a. OpenSource
58. An enterprise running Red Hat Enterprise Linux (RHEL) that wishes to control its own repository locally for package updates may consider using _________. a. Red Hat Satellite Server b. Hosted RHN c. ZENworks d. Landscape
a. Red Hat Satellite Server
115. An executable file with the _________ allows other users to run that command, with the permissions assigned to that user owner. a. SUID b. UID c. GID d. sticky
a. SUID
41. To create a minimal Linux installation, for a bastion host for example, which mode should you install the operating system in? a. Text b. GUI c. Network d. None of the above
a. Text
63. Of the following, which Linux distribution is released with long-term support (LTS) every two years? a. Ubuntu b. CentOS c. Fedora d. SUSE
a. Ubuntu
123. The read, write, and execute permissions of a file are an example of a ________. a. discretionary access control b. firewall control c. mandatory access control d. system kernel control
a. discretionary access control
108. You are encrypting a file with GPG and want to confirm the creation of a private and public key pair. Which command do you run? a. gpg --list-keys b. gpg --gen-key c. gpg -keys d. gpg: keyring
a. gpg --list-keys
127. The _________ part of the kernel contains drivers and options essential to the kernel boot process. a. monolithic b. modular c. live d. None of the above
a. monolithic
70. What is the general command syntax for logging in to a remote system with Secure Shell (SSH)? a. ssh user@hostname b. scp user@hostname c. sftp user@hostname d. ssh login user password
a. ssh user@hostname
110. Which directive do you add or enable in the Samba configuration file to prohibit access to the [homes] share by anyone other than the owner? a. valid users = %S b. write list = @admin c. create mask = 0700 d. directory mask = 0700
a. valid users = %S
94. A server has the following TCP Wrappers configuration: /etc/hosts.deny ALL : ALL What is the result of this configuration?
all access will be deny
92. What is the purpose of the following iptables command?
allow all incoming connections to port 22
137. Which setting gives certain systems access to a network service through the super server?
allow_from
89. What command do you use to check the status of a system using AppArmor?
apparmor_status
103. Which directory renders many applications unusable, including logging into the graphical user interface (GUI), if the space allocated to the /tmp/ filesystem is full? a. /etc/ b. /tmp/ c. /bin/ d. /var/
b. /tmp/
62. Which Linux distribution is known as a rebuild of Red Hat Enterprise Linux? a. Ubuntu b. CentOS c. Fedora d. SUSE
b. CentOS
69. You are configuring Kerberos for network authentication. Which of the following steps do you perform first? a. Set up keytab files. b. Create the Kerberos database. c. Set up keys to connect the local Kerberos server system with desired clients. d. Modify the /etc/krb5.conf file.
d. Modify the /etc/krb5.conf file.
57. What is the native package manager for Ubuntu and other Debian-based distributions? a. emerge b. yum c. zypper d. apt
d. apt
72. Which of the following services or protocols can be used with Telnet to increase its security?
# ln -s /usr/bin/telnet-ssl /usr/bin/telnet # ln -s /usr/kerberos/bin/telnet /usr/bin/telnet
101. Which directory does the filesystem hierarchy standard (FHS) recommend for locating configuration files?
/etc
102. Which file is used to configure the various mounting options of a filesystem upon boot?
/etc/fstab
146. Which of the following is the development distribution for Red Hat?
Fedora
117. A polkit mechanism includes a subject, an object, and an action. Which of the following is the subject?
Subject: An administrative tool Object: The device or file Action: How will be modify the device or configuration file
78. The following are true of multitasking operating systems EXCEPT:
Symbian
1. You can boot a Linux installation program from a CD, DVD, or USB drive. True or False?
True
14. The iptables -R command replaces a rule in a chain of rules. True or False?
True
33. The shadow password suite is a local authentication database for Linux. True or False?
True
4. A kernel patch is a small section of source code. True or False?
True
9. A rootkit replaces system-level binaries to hide the existence of malicious software. True or False?
True
139. A Linux distribution typically does NOT include which of the following?
Virtual platform
149. You are a computer security consultant who has been hired by a company to break into its network and protected systems to test and assess their security. Which of the following describes your role?
White hat hacker
95. Which of the following is NOT an SELinux mode?
allow
51. Which of the following indicators explains that the 2.6.34.4 version of the Linux kernel is stable? a. Majorversion b. Majorrevision c. Updateversion d. Patchnumber
b. Majorrevision
98. For which reason would an administrator set up an obscure port? a. Ease of access b. Security c. Ease of administration d. Higher bandwidth
b. Security
75. Which commands are required to limit remote access with Squid? a. Auth_param, http_access b. acl, http_access c. acl, http_port d. openssl, http_access
b. acl, http_access
111. You set up an FTP server and configured it to allow users to access their home directories. Which directive should you also include in the configuration file for security purposes? a. local_enable = YES b. chroot_local_user = YES c. anonymous_enable=NO d. chroot_local_user = NO
b. chroot_local_user = YES
104. As specified in the FHS, log files are generally found in the _____ directory. a. /home/ b. /root/ c. /var/ d. /etc/
c. /var/
119. Console kit packages, such as polkit, contain three primary commands. Which of the following is NOT included?
ck-history ck-list-sessions ck-launch-session
124. Which of the following files is NOT a part of the shadow password suite? a. /etc/shadow b. /etc/group c. /etc/passwd d. /etc/sudoers
d. /etc/sudoers
42. Which of the following directories should be made read-only until updates are needed? a. /home b. /var c. /tmp d. All of the above
d. All of the above
77. What is a Voice over Internet Protocol (VoIP) solution that uses Session Initiation Protocol (SIP) and the Real-time Transport Protocol (RTP)? a. Apache b. Asterisk c. Squid d. BIND
d. BIND
121. Which file permission is NOT an example of discretionary access control? a. Read b. Write c. Execute d. Boolean
d. Boolean
71. Which letter is usually added to the name of a protocol to represent the more secure version? a. A b. X c. P d. S
d. S
122. A discretionary access control for a file is a control mechanism that is set by _______. a. the root user b. a system administrator c. the GRUB d. the user owner of the file
d. the user owner of the file
136. _______ is a service that starts up and remains running in the background.
daemon
84. Which of the following represents a service script name that shuts down a service?
kill
96. What is the primary AppArmor configuration file?
logprof.conf
145. Which of the following is an open source license?
made freely avaliable as a source code to enhance and distribute the software. GNU GPL
135. _____ is the super server that launches applications based on connection attempts.
xinetd
105. What is a valid reason for setting up the /home/ directory as a separate filesystem?
you can upgrade the distribution at a later date with little risk to user files
83. Which runlevel is not used
runlevel 4
85. Which command can you use to start and stop services?
services.msc
131. ______ is targeted toward power users who like to have complete customization control over how their packages are built and added to the system. It also uses a package-management tool called pacman.
Arch Linux
147. A denial of service (DoS) attack jeopardizes which tenet of the C-I-A triad?
Availability
132. Which of the following is the key difference between Ubuntu and Linux Mint?
Desktop
7. A binary identical is a Linux distribution with the same executables as another distribution, even though the icons, wallpapers, and other appearance items differ. True or False?
True
74. What do the following Apache directives accomplish, collectively? Order deny, allow Deny from all Allow from 192.168.0.0/255.255.255.0 a. Prevents Web site accessibility from a certain IP address network b. Limits Web site accessibility to a certain IP address network c. Allows Web site accessibility to all but give a certain IP address network priority d. None of the above
b. Limits Web site accessibility to a certain IP address network
120. The default mandatory access control system used for Red Hat distributions is ______. a. AppArmor b. SELinux c. Logwatch d. GRUB
b. SELinux
114. Which entry in the standard /etc/sudoers file gives the root administrative user full privileges through sudo? a. admin ALL=(ALL) ALL b. %admin ALL=(ALL) ALL c. root ALL=(ALL) ALL d. sys ALL=(ALL) ALL
c. root ALL=(ALL) ALL
56. What is the most likely consequence of an attacker changing the routing tables on your systems?
can redirect your users to his or her systems can spoof a gateway system could redirect traffic intended for an internal corporate page to a remote site that requests Social Security numbers
79. Using Linux as a desktop typically involves the added security risk of:
Running GUI applications
88. Which of the following was an attempt to make system and service initialization more manageable in Ubuntu and its derivatives?
upstart
113. Which of the following commands is used to edit the /etc/sudoers file?
visudo
97. Which of the following is associated with wireless intrusion detection system (WIDS)?
wpa
106. Which Linux partition type is used for standard partitions with data?
83
144. What is Apache?
An application server
10. Passwords are more secure than passphrases. True or False?
False
11. On Red Hat systems, the main Apache configuration file is apache2.conf in the /etc/apache2/ directory. True or False?
False
13. E-mail services that send mail to client applications are mail user agents (MDUs). True or False?
False
15. The iptables -s <ip_address> rule is applied to packets that come from the noted destination address. True or False?
False
129. In the LILO configuration file (/etc/lilo.conf), what is the purpose of the password= line under the image specification?
Gives the password that must be entered before Linux will boot
45. You are a system administrator. You want to review information on users who connect to Web sites configured on your Apache server. Which directive in the Apache log configuration file helps you capture this information?
LogFormat directive
87. Which of the following is NOT a hashing algorithm?
Message Digest 5 (MD5) SHA-1 SHA-2
141. What is the best definition of a bastion?
a fortified place, stronghold
91. Which file lists standard ports for many services?
/etc/services
93. From which of the following files does the iptables command read ports of well-known services?
/etc/services
142. What is the best definition of a firewall?
A firewall is hardware or software capable of blocking networking communications based on established criteria, or rules.
134. What displays after running the service --status-all command?
A list of all the services on the system as well as the status of each
130. _______ is built from the source of Red Hat Enterprise Linux (RHEL). It is identical to RHEL except for the branding; all the logos and names have been changed.
CentOS
32. The sendmail e-mail service and the commercial SMTP server known as Sendmail are two different entities. True or False?
True
8. A worm is a type of malware that hides as a desirable program but facilitates unauthorized access. True or False?
False
35. Service startup scripts run sequentially to ensure that one service starts before another in case of dependences. True or False?
True
39. A hardened Linux system typically contains fewer packages to be monitored for updates in case vulnerabilities are found in the software. True or False?
True
128. What does Red Hat Enterprise Linux use to install software packages?
Package Manager (RPM), though it also supports the Yellowdog Updater, Modified (Yum)
31. Using nonstandard Transmission Control Protocol/Internet Protocol (TCP/IP) suite port numbers for key services can slow the efforts of attackers who want to break into a system. True or False?
True
49. Tuning the kernel parameters, such as the networking functionality, can be accomplished by editing the ________ file. a. /etc/sysctl.conf b. /etc/kernel.conf c. /etc/network.conf d. /etc/parameters.conf
a. /etc/sysctl.conf
54. When building or customizing a kernel, which section of the kernel configuration tool enables you to disable devices you don't want to include?
make menuconfig command
55. Which of the following directives in /etc/sysctl.conf should be set to 0 to deactivate routing on the local system?
net.ipv4.ip_forward = 0 net.ipv4.conf.all.send_redirects = 0 net.ipv4.conf.default.send_redirects = 0
81. In which directory can you find scripts for active services?
/etc/init.d
140. What is Snort?
An intrusion detection services
143. What is Tripwire?
An intrusion detection services
18. Debian and its derivatives use firewalld rather than iptables for firewall creation and management. True or False?
False
29. Regular Linux file and directory permissions are read, write, and traverse. True or False?
False
30. Pluggable authentication modules (PAM) solves administrative permission problems by providing higher-level functions without having the whole program gain administrative access. True or False?
False
36. Infrastructure as a Service (IaaS) provides a complete Web application solution for easier application development. True or False?
False
40. Most Linux distributions currently use a package called ipchains as firewall software. True or False?
False
12. Domain Name Service (DNS) is a distributed database of domain names and IP addresses. True or False?
True
16. The iptables -j DROP and -j REJECT command options both drop packets. True or False?
True
17. The iptables -A Firewall-INPUT -p 50 -j ACCEPT directive accepts input from port 50. True or False?
True
19. Alternate attack vectors include connections through telephone modems and serial ports. True or False?
True
2. A live CD or DVD is useful in diagnosing problems with other connected physical media. True or False?
True
20. You can configure the /boot/ directory as a separate filesystem. True or False?
True
21. After configuring quotas on a Linux system, you can use the edquota command to edit the quota of a specific user. True or False?
True
22. The "chroot" in chroot jail means change root. True or False?
True
23. Files on a device are accessible only when they're mounted on a Linux directory. True or False?
True
24. In Linux, a mount point is a directory. True or False?
True
25. A journaled filesystem keeps track of changes to be written to the filesystem. True or False?
True
26. In the shadow password suite, user access to the /etc/shadow file is limited to the root administrative user. True or False?
True
27. In Linux, every user and group has a user ID (UID) and group ID (GID) number. True or False?
True
28. The sg command allows a user to join a group on a temporary basis. True or False?
True
3. The best time to install an integrity scanner is just after you have set up a baseline configuration, before any such systems are made operational on a network. True or False?
True
34. The term "attack surface" indicates the total number of vulnerabilities a system might have. True or False?
True
37. One benefit of open source code is the ability to learn what the code does and how the program operates. True or False?
True
38. In a Linux system, a smaller number of packages means a smaller surface area for attack. True or False?
True
5. Hibernation may present a security risk and can therefore be disabled in the kernel. True or False?
True
6. When compiling a kernel on a Red Hat system, you must be logged in as the root administrative account. True or False?
True
52. What does the following option in the /etc/sysctl.conf file do? net.ipv4.icmp_echo_ignore_broadcasts = 1 a. Ignores ICMP messages that do not conform to standards b. Prevents systems from replying to ping requests (broadcasts) c. Protects from SYN floods d. Prevents IPv4 forwarding on a system
b. Prevents systems from replying to ping requests (broadcasts)
60. Which term describes a common malware targeted for Linux operating systems that allows a black-hat hacker to take over the computer system with administrative privileges? a. Trojan horse b. Rootkit c. Worm d. Virus
b. Rootkit
43. You may create multiple gold baseline configurations to reflect separation in different _________. a. access controls b. filesystems c. databases d. None of the above
b. filesystems
65. What is SpamAssassin? a. An antivirus software package b. E-mail server software c. An e-mail filter d. An alternative to Squid
c. An e-mail filter
59. ClamAV can be described as: a. A software management tool for Linux distributions b. A firewall for Linux systems c. An open source anti-virus solution mainly used on Linux e-mail gateways d. An open source infrastructure for keeping software updated
c. An open source anti-virus solution mainly used on Linux e-mail gateways
47. Kernels released for different architectures vary because different platforms have different ___________. a. networks b. firewalls c. CPUs d. hard drives
c. CPUs
64. Which desktop environment is the Konqueror Web browser part of, by default? a. GNOME b. X Window System c. KDE d. All of the above
c. KDE
61. The commercially supported update system for the Ubuntu distribution is: a. RHN b. ZENworks c. Landscape d. Spacewalk
c. Landscape
53. On a computer network, packets with addresses that should not be possible are known as ______. a. Ping packets b. Spurious packets c. Martian packets d. Phishy packets
c. Martian packets
112. A user needs access to execute networking-related commands only. What type of access should be granted using the principle of least privilege? a. The user should be added to the admin group. b. The user should be given sudo access to all of root's commands. c. The user should be given sudo access to NETWORKING. d. The user should be provided with the root password.
c. The user should be given sudo access to NETWORKING.
100. What technique can a black-hat hacker use to find any modem connection on your network with security weaknesses? a. Van Eck phreaking b. Phishing c. War dialing d. The aircrack-ng package
c. War dialing
125. The iptables program is used to configure ___________. a. a mandatory access control b. user account information c. a firewall d. TCP Wrappers
c. a firewall
107. Which command formats all Linux filesystems, Microsoft VFAT, and NTFS filesystems? a. format b. fdisk c. mkfs d. mount
c. mkfs
73. Which command do you use to create a self-signed certificate?
openssl command
