Security Strategies in Linux Platforms and Applications - Practice Test 03

Ace your homework & exams now with Quizwiz!

126. What is the CUPS service associated with?

printing

138. Which of the following is true regarding open source software versus commercial software?

repository public

82. Which runlevel reboots a system?

runlevel 6

90. Which of the following replaces the init process used in both Upstart and SysVInit systems?

systemd

46. You are an Ubuntu system administrator. You created a baseline and want to use it to create a fully functional Web server. You have a list of programs you need to add to the system. Which command lets you add multiple programs most easily?

tasksel command

44. A baseline configuration typically includes the following EXCEPT:

the current network state of the system the interfaces that are used the firewalls that are configured the ports that may be open, and so on

148. Which of the following is usually about preventing a party involved in a transaction from denying that the transaction occurred?

Nonrepudiation

118. Each line in a ____ configuration file is set up in the following format: .......module_type control_flag module_file (arguments)

PAM

133. Deployment options for Linux servers generally include the following EXCEPT:

Physical System under your control Virtual System under your control Through the use of a cloud-based provider

68. Which of the following authentication systems is NOT normally configured with Remote Authentication Dial-In User Service (RADIUS)?

a local shadow password suite LDAP servers Password Authentication Protocol (PAP) Challenge-Handshake Authentication Protocol (CHAP) Extensible Authentication Protocol (EAP).

48. A "vanilla" kernel has _____________. a. a stock built from the mainline kernel b. a customized kernel built from a distribution supplier c. no networking capability d. a kernel that may have been compromised and cannot be trusted

a stock built from the mainline kernel

50. Which configuration file makes changes persist across reboots to disable packet forwarding? a. /etc/sysctl.conf b. /etc/routers c. /etc/forwarding d. /boot/kernel.conf

a. /etc/sysctl.conf

99. You want to set up maximum protection with TCP Wrappers. What rule do you include in the /etc/hosts.deny file to deny access to all daemons from all clients? a. ALL : ALL b. no daemons : no clients c. deny all d. all services : no clients

a. ALL : ALL

76. Which of the following is NOT a type of Domain Name Service (DNS) server? a. Backup domain b. Master c. Slave d. Caching-only

a. Backup domain

116. Which of the following is the best choice for network authentication? a. LDAP b. NIS c. PolicyKit d. openssl

a. LDAP

67. What does Kerberos require? a. Network Time Protocol (NTP) b. Secure Shell (SSH) c. Samba d. IPSec

a. Network Time Protocol (NTP)

66. Which of the following is NOT a type of Ubuntu repository? a. OpenSource b. Restricted c. Universe d. Multiverse

a. OpenSource

58. An enterprise running Red Hat Enterprise Linux (RHEL) that wishes to control its own repository locally for package updates may consider using _________. a. Red Hat Satellite Server b. Hosted RHN c. ZENworks d. Landscape

a. Red Hat Satellite Server

115. An executable file with the _________ allows other users to run that command, with the permissions assigned to that user owner. a. SUID b. UID c. GID d. sticky

a. SUID

41. To create a minimal Linux installation, for a bastion host for example, which mode should you install the operating system in? a. Text b. GUI c. Network d. None of the above

a. Text

63. Of the following, which Linux distribution is released with long-term support (LTS) every two years? a. Ubuntu b. CentOS c. Fedora d. SUSE

a. Ubuntu

123. The read, write, and execute permissions of a file are an example of a ________. a. discretionary access control b. firewall control c. mandatory access control d. system kernel control

a. discretionary access control

108. You are encrypting a file with GPG and want to confirm the creation of a private and public key pair. Which command do you run? a. gpg --list-keys b. gpg --gen-key c. gpg -keys d. gpg: keyring

a. gpg --list-keys

127. The _________ part of the kernel contains drivers and options essential to the kernel boot process. a. monolithic b. modular c. live d. None of the above

a. monolithic

70. What is the general command syntax for logging in to a remote system with Secure Shell (SSH)? a. ssh user@hostname b. scp user@hostname c. sftp user@hostname d. ssh login user password

a. ssh user@hostname

110. Which directive do you add or enable in the Samba configuration file to prohibit access to the [homes] share by anyone other than the owner? a. valid users = %S b. write list = @admin c. create mask = 0700 d. directory mask = 0700

a. valid users = %S

94. A server has the following TCP Wrappers configuration: /etc/hosts.deny ALL : ALL What is the result of this configuration?

all access will be deny

92. What is the purpose of the following iptables command?

allow all incoming connections to port 22

137. Which setting gives certain systems access to a network service through the super server?

allow_from

89. What command do you use to check the status of a system using AppArmor?

apparmor_status

103. Which directory renders many applications unusable, including logging into the graphical user interface (GUI), if the space allocated to the /tmp/ filesystem is full? a. /etc/ b. /tmp/ c. /bin/ d. /var/

b. /tmp/

62. Which Linux distribution is known as a rebuild of Red Hat Enterprise Linux? a. Ubuntu b. CentOS c. Fedora d. SUSE

b. CentOS

69. You are configuring Kerberos for network authentication. Which of the following steps do you perform first? a. Set up keytab files. b. Create the Kerberos database. c. Set up keys to connect the local Kerberos server system with desired clients. d. Modify the /etc/krb5.conf file.

d. Modify the /etc/krb5.conf file.

57. What is the native package manager for Ubuntu and other Debian-based distributions? a. emerge b. yum c. zypper d. apt

d. apt

72. Which of the following services or protocols can be used with Telnet to increase its security?

# ln -s /usr/bin/telnet-ssl /usr/bin/telnet # ln -s /usr/kerberos/bin/telnet /usr/bin/telnet

101. Which directory does the filesystem hierarchy standard (FHS) recommend for locating configuration files?

/etc

102. Which file is used to configure the various mounting options of a filesystem upon boot?

/etc/fstab

146. Which of the following is the development distribution for Red Hat?

Fedora

117. A polkit mechanism includes a subject, an object, and an action. Which of the following is the subject?

Subject: An administrative tool Object: The device or file Action: How will be modify the device or configuration file

78. The following are true of multitasking operating systems EXCEPT:

Symbian

1. You can boot a Linux installation program from a CD, DVD, or USB drive. True or False?

True

14. The iptables -R command replaces a rule in a chain of rules. True or False?

True

33. The shadow password suite is a local authentication database for Linux. True or False?

True

4. A kernel patch is a small section of source code. True or False?

True

9. A rootkit replaces system-level binaries to hide the existence of malicious software. True or False?

True

139. A Linux distribution typically does NOT include which of the following?

Virtual platform

149. You are a computer security consultant who has been hired by a company to break into its network and protected systems to test and assess their security. Which of the following describes your role?

White hat hacker

95. Which of the following is NOT an SELinux mode?

allow

51. Which of the following indicators explains that the 2.6.34.4 version of the Linux kernel is stable? a. Majorversion b. Majorrevision c. Updateversion d. Patchnumber

b. Majorrevision

98. For which reason would an administrator set up an obscure port? a. Ease of access b. Security c. Ease of administration d. Higher bandwidth

b. Security

75. Which commands are required to limit remote access with Squid? a. Auth_param, http_access b. acl, http_access c. acl, http_port d. openssl, http_access

b. acl, http_access

111. You set up an FTP server and configured it to allow users to access their home directories. Which directive should you also include in the configuration file for security purposes? a. local_enable = YES b. chroot_local_user = YES c. anonymous_enable=NO d. chroot_local_user = NO

b. chroot_local_user = YES

104. As specified in the FHS, log files are generally found in the _____ directory. a. /home/ b. /root/ c. /var/ d. /etc/

c. /var/

119. Console kit packages, such as polkit, contain three primary commands. Which of the following is NOT included?

ck-history ck-list-sessions ck-launch-session

124. Which of the following files is NOT a part of the shadow password suite? a. /etc/shadow b. /etc/group c. /etc/passwd d. /etc/sudoers

d. /etc/sudoers

42. Which of the following directories should be made read-only until updates are needed? a. /home b. /var c. /tmp d. All of the above

d. All of the above

77. What is a Voice over Internet Protocol (VoIP) solution that uses Session Initiation Protocol (SIP) and the Real-time Transport Protocol (RTP)? a. Apache b. Asterisk c. Squid d. BIND

d. BIND

121. Which file permission is NOT an example of discretionary access control? a. Read b. Write c. Execute d. Boolean

d. Boolean

71. Which letter is usually added to the name of a protocol to represent the more secure version? a. A b. X c. P d. S

d. S

122. A discretionary access control for a file is a control mechanism that is set by _______. a. the root user b. a system administrator c. the GRUB d. the user owner of the file

d. the user owner of the file

136. _______ is a service that starts up and remains running in the background.

daemon

84. Which of the following represents a service script name that shuts down a service?

kill

96. What is the primary AppArmor configuration file?

logprof.conf

145. Which of the following is an open source license?

made freely avaliable as a source code to enhance and distribute the software. GNU GPL

135. _____ is the super server that launches applications based on connection attempts.

xinetd

105. What is a valid reason for setting up the /home/ directory as a separate filesystem?

you can upgrade the distribution at a later date with little risk to user files

83. Which runlevel is not used

runlevel 4

85. Which command can you use to start and stop services?

services.msc

131. ______ is targeted toward power users who like to have complete customization control over how their packages are built and added to the system. It also uses a package-management tool called pacman.

Arch Linux

147. A denial of service (DoS) attack jeopardizes which tenet of the C-I-A triad?

Availability

132. Which of the following is the key difference between Ubuntu and Linux Mint?

Desktop

7. A binary identical is a Linux distribution with the same executables as another distribution, even though the icons, wallpapers, and other appearance items differ. True or False?

True

74. What do the following Apache directives accomplish, collectively? Order deny, allow Deny from all Allow from 192.168.0.0/255.255.255.0 a. Prevents Web site accessibility from a certain IP address network b. Limits Web site accessibility to a certain IP address network c. Allows Web site accessibility to all but give a certain IP address network priority d. None of the above

b. Limits Web site accessibility to a certain IP address network

120. The default mandatory access control system used for Red Hat distributions is ______. a. AppArmor b. SELinux c. Logwatch d. GRUB

b. SELinux

114. Which entry in the standard /etc/sudoers file gives the root administrative user full privileges through sudo? a. admin ALL=(ALL) ALL b. %admin ALL=(ALL) ALL c. root ALL=(ALL) ALL d. sys ALL=(ALL) ALL

c. root ALL=(ALL) ALL

56. What is the most likely consequence of an attacker changing the routing tables on your systems?

can redirect your users to his or her systems can spoof a gateway system could redirect traffic intended for an internal corporate page to a remote site that requests Social Security numbers

79. Using Linux as a desktop typically involves the added security risk of:

Running GUI applications

88. Which of the following was an attempt to make system and service initialization more manageable in Ubuntu and its derivatives?

upstart

113. Which of the following commands is used to edit the /etc/sudoers file?

visudo

97. Which of the following is associated with wireless intrusion detection system (WIDS)?

wpa

106. Which Linux partition type is used for standard partitions with data?

83

144. What is Apache?

An application server

10. Passwords are more secure than passphrases. True or False?

False

11. On Red Hat systems, the main Apache configuration file is apache2.conf in the /etc/apache2/ directory. True or False?

False

13. E-mail services that send mail to client applications are mail user agents (MDUs). True or False?

False

15. The iptables -s <ip_address> rule is applied to packets that come from the noted destination address. True or False?

False

129. In the LILO configuration file (/etc/lilo.conf), what is the purpose of the password= line under the image specification?

Gives the password that must be entered before Linux will boot

45. You are a system administrator. You want to review information on users who connect to Web sites configured on your Apache server. Which directive in the Apache log configuration file helps you capture this information?

LogFormat directive

87. Which of the following is NOT a hashing algorithm?

Message Digest 5 (MD5) SHA-1 SHA-2

141. What is the best definition of a bastion?

a fortified place, stronghold

91. Which file lists standard ports for many services?

/etc/services

93. From which of the following files does the iptables command read ports of well-known services?

/etc/services

142. What is the best definition of a firewall?

A firewall is hardware or software capable of blocking networking communications based on established criteria, or rules.

134. What displays after running the service --status-all command?

A list of all the services on the system as well as the status of each

130. _______ is built from the source of Red Hat Enterprise Linux (RHEL). It is identical to RHEL except for the branding; all the logos and names have been changed.

CentOS

32. The sendmail e-mail service and the commercial SMTP server known as Sendmail are two different entities. True or False?

True

8. A worm is a type of malware that hides as a desirable program but facilitates unauthorized access. True or False?

False

35. Service startup scripts run sequentially to ensure that one service starts before another in case of dependences. True or False?

True

39. A hardened Linux system typically contains fewer packages to be monitored for updates in case vulnerabilities are found in the software. True or False?

True

128. What does Red Hat Enterprise Linux use to install software packages?

Package Manager (RPM), though it also supports the Yellowdog Updater, Modified (Yum)

31. Using nonstandard Transmission Control Protocol/Internet Protocol (TCP/IP) suite port numbers for key services can slow the efforts of attackers who want to break into a system. True or False?

True

49. Tuning the kernel parameters, such as the networking functionality, can be accomplished by editing the ________ file. a. /etc/sysctl.conf b. /etc/kernel.conf c. /etc/network.conf d. /etc/parameters.conf

a. /etc/sysctl.conf

54. When building or customizing a kernel, which section of the kernel configuration tool enables you to disable devices you don't want to include?

make menuconfig command

55. Which of the following directives in /etc/sysctl.conf should be set to 0 to deactivate routing on the local system?

net.ipv4.ip_forward = 0 net.ipv4.conf.all.send_redirects = 0 net.ipv4.conf.default.send_redirects = 0

81. In which directory can you find scripts for active services?

/etc/init.d

140. What is Snort?

An intrusion detection services

143. What is Tripwire?

An intrusion detection services

18. Debian and its derivatives use firewalld rather than iptables for firewall creation and management. True or False?

False

29. Regular Linux file and directory permissions are read, write, and traverse. True or False?

False

30. Pluggable authentication modules (PAM) solves administrative permission problems by providing higher-level functions without having the whole program gain administrative access. True or False?

False

36. Infrastructure as a Service (IaaS) provides a complete Web application solution for easier application development. True or False?

False

40. Most Linux distributions currently use a package called ipchains as firewall software. True or False?

False

12. Domain Name Service (DNS) is a distributed database of domain names and IP addresses. True or False?

True

16. The iptables -j DROP and -j REJECT command options both drop packets. True or False?

True

17. The iptables -A Firewall-INPUT -p 50 -j ACCEPT directive accepts input from port 50. True or False?

True

19. Alternate attack vectors include connections through telephone modems and serial ports. True or False?

True

2. A live CD or DVD is useful in diagnosing problems with other connected physical media. True or False?

True

20. You can configure the /boot/ directory as a separate filesystem. True or False?

True

21. After configuring quotas on a Linux system, you can use the edquota command to edit the quota of a specific user. True or False?

True

22. The "chroot" in chroot jail means change root. True or False?

True

23. Files on a device are accessible only when they're mounted on a Linux directory. True or False?

True

24. In Linux, a mount point is a directory. True or False?

True

25. A journaled filesystem keeps track of changes to be written to the filesystem. True or False?

True

26. In the shadow password suite, user access to the /etc/shadow file is limited to the root administrative user. True or False?

True

27. In Linux, every user and group has a user ID (UID) and group ID (GID) number. True or False?

True

28. The sg command allows a user to join a group on a temporary basis. True or False?

True

3. The best time to install an integrity scanner is just after you have set up a baseline configuration, before any such systems are made operational on a network. True or False?

True

34. The term "attack surface" indicates the total number of vulnerabilities a system might have. True or False?

True

37. One benefit of open source code is the ability to learn what the code does and how the program operates. True or False?

True

38. In a Linux system, a smaller number of packages means a smaller surface area for attack. True or False?

True

5. Hibernation may present a security risk and can therefore be disabled in the kernel. True or False?

True

6. When compiling a kernel on a Red Hat system, you must be logged in as the root administrative account. True or False?

True

52. What does the following option in the /etc/sysctl.conf file do? net.ipv4.icmp_echo_ignore_broadcasts = 1 a. Ignores ICMP messages that do not conform to standards b. Prevents systems from replying to ping requests (broadcasts) c. Protects from SYN floods d. Prevents IPv4 forwarding on a system

b. Prevents systems from replying to ping requests (broadcasts)

60. Which term describes a common malware targeted for Linux operating systems that allows a black-hat hacker to take over the computer system with administrative privileges? a. Trojan horse b. Rootkit c. Worm d. Virus

b. Rootkit

43. You may create multiple gold baseline configurations to reflect separation in different _________. a. access controls b. filesystems c. databases d. None of the above

b. filesystems

65. What is SpamAssassin? a. An antivirus software package b. E-mail server software c. An e-mail filter d. An alternative to Squid

c. An e-mail filter

59. ClamAV can be described as: a. A software management tool for Linux distributions b. A firewall for Linux systems c. An open source anti-virus solution mainly used on Linux e-mail gateways d. An open source infrastructure for keeping software updated

c. An open source anti-virus solution mainly used on Linux e-mail gateways

47. Kernels released for different architectures vary because different platforms have different ___________. a. networks b. firewalls c. CPUs d. hard drives

c. CPUs

64. Which desktop environment is the Konqueror Web browser part of, by default? a. GNOME b. X Window System c. KDE d. All of the above

c. KDE

61. The commercially supported update system for the Ubuntu distribution is: a. RHN b. ZENworks c. Landscape d. Spacewalk

c. Landscape

53. On a computer network, packets with addresses that should not be possible are known as ______. a. Ping packets b. Spurious packets c. Martian packets d. Phishy packets

c. Martian packets

112. A user needs access to execute networking-related commands only. What type of access should be granted using the principle of least privilege? a. The user should be added to the admin group. b. The user should be given sudo access to all of root's commands. c. The user should be given sudo access to NETWORKING. d. The user should be provided with the root password.

c. The user should be given sudo access to NETWORKING.

100. What technique can a black-hat hacker use to find any modem connection on your network with security weaknesses? a. Van Eck phreaking b. Phishing c. War dialing d. The aircrack-ng package

c. War dialing

125. The iptables program is used to configure ___________. a. a mandatory access control b. user account information c. a firewall d. TCP Wrappers

c. a firewall

107. Which command formats all Linux filesystems, Microsoft VFAT, and NTFS filesystems? a. format b. fdisk c. mkfs d. mount

c. mkfs

73. Which command do you use to create a self-signed certificate?

openssl command


Related study sets

patho quiz 7 check for understanding

View Set

aghsfr1 leçon 17 porter/ne pas porter

View Set

WEB WOC Ostomy Care: Quiz Questions

View Set

Google Level One Certification Review

View Set