Recent

  • Show all results for ""
quiz image

Computer Security and OpenSSL

MagnificentZeal avatar
MagnificentZeal
·
·
Download

Start Quiz

Study Flashcards

40 Questions

What is the primary goal of a denial-of-service attack?

To make a network or server unavailable

What is the purpose of the `getcifsacl` command?

To display the ACL of a file system

What is the default timeout period for OpenVPN control packets?

2 seconds

What permission bit allows a user to modify a file?

Write

What is the primary function of the rkhunter tool?

To detect rootkits and other security threats

What is the purpose of a certificate chain?

To verify the authenticity of a digital certificate

What iptables command changes the source IP address for all IPv4 packets going through the eth0 interface?

iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 192.0.2.11

What is the purpose of the ACL prefix 'OWNER' in the output of getcifsacl?

To specify the owner of a file system

What is the primary function of the NSEC or NSEC3 records in a DNS zone?

To prevent zone enumeration

What is the main purpose of a PTR record in a DNS zone?

To map an IP address to a hostname

What is the primary function of a Certificate Revocation List (CRL)?

To list X.509 certificates that have been revoked

What is the main purpose of a DNSKEY record in DNSSEC?

To sign a DNS zone

What is the primary goal of phishing attacks?

To steal sensitive information from a victim

What is the main purpose of AIDE?

To detect intrusions and system changes

What is the primary goal of social engineering attacks?

To trick victims into divulging sensitive information

What is the primary function of host intrusion detection (HID) systems?

To monitor and detect potential security threats on a single computer or server

What is the primary function of the chkrootkit tool?

To scan a Linux system for rootkits

What happens when the getfattr command is run on a file with no extended attributes set?

No output is produced and it exits with a value of 0

What is the correct command to delete the second key of a LUKS device?

cryptsetup luksDelKey /dev/sda1 2

What is a characteristic of eCryptfs?

It does not support encryption of home directories for regular Linux users

What command is used to disable automatic password expiry for a user?

chage --maxdays -1 username

What is the purpose of OpenSCAP?

To monitor system processes for security compliance

What is the function of the rpm command?

To verify the integrity of RPM packages

What is a characteristic of a LUKS device?

It can have multiple keys

What parameter in OpenSSL specifies the host name for TLS Server Name Indication?

-servername

What type of extension is added to a certificate for the host names example.org and www.example.org?

X 509v3 Subject Alternative Name

What is a buffer overflow?

A software vulnerability

Which tool is used to manage the Linux Audit system?

auditd

What is the difference between a SetUID and SetGID bit?

SetUID allows a file to be executed with the permissions of the file owner, while SetGID allows a file to be executed with the permissions of the group owner

What is a valid AIDE rule?

!/var/run/.*

What command in the Linux Audit system provides searching and filtering of the audit log?

ausearch

What is the purpose of the TLS Server Name Indication extension?

To specify a host name for a TLS connection

What is the primary purpose of a Certificate Revocation List?

To allow a server to provide proof of the revocation status of certificates

What is the command to install and configure a new FreeIPA server?

ipa-server-install

What is the OpenSSL command to generate a certificate signing request (CSR) using an existing private key?

openssl req –new –key private/keypair.pem –out req/csr.pem

What is Cryptography?

The art of sending secret messages

What type of activity does HID monitor for?

Unauthorized access attempts

What is NOT a benefit of using HID?

Provides automatic removal of detected threats

What is the term for the encrypted message?

Ciphertext

What is the purpose of a Certificate Authority?

To issue certificates to servers

Study Notes

OpenSSL Parameters

  • -servername specifies the host name to use for TLS Server Name Indication.

OpenSSL Configuration

  • The line subjectAltName = DNS: www.example.org, DNS:example.org adds an X.509v3 Subject Alternative Name extension for the host names example.org and www.example.org to a certificate.

Security Threats

  • A buffer overflow is a type of software vulnerability.
  • Phishing is a type of social engineering attack.

Linux File Permissions

  • SetUID allows a file to be executed with the permissions of the file owner.
  • SetGID allows a file to be executed with the permissions of the group owner.
  • The permission bit Write allows a user to delete a file.

Linux Audit System

  • The command auditd is used to manage the Linux Audit system.
  • The command aureport provides searching and filtering of the audit log.

AIDE

  • AIDE is used to detect intrusions and system changes.
  • The command aide is used to manage system audits.

OpenVPN

  • OpenVPN sends a control packet to its peer and expects an acknowledgement in 2 seconds by default.
  • The option --tls-timeout 5 changes the timeout period to 5 seconds.

Certificate Management

  • A certificate chain is a sequence of certificates used to verify the authenticity of a digital certificate.
  • A Certificate Revocation List (CRL) is a list of X.509 certificates that have been revoked by a particular CA.

DNS and DNSSEC

  • The DNS record PTR is used to map an IP address to a hostname.
  • The DNS record DNSKEY is used to sign a DNS zone.

Host Intrusion Detection

  • HID monitors for unauthorized access attempts.
  • HID does not provide automatic removal of detected threats.

Cryptography

  • Cryptography is the art of sending secret messages.
  • A ciphertext is the encrypted message.

Disk Encryption

  • The command cryptsetup is used to manage disk encryption.
  • The command getfattr is used to check for extended attributes on a file.

eCryptfs

  • eCryptfs is a system that encrypts files and directories.
  • eCryptfs does not store the contents of all files in an archive file.
  • eCryptfs can be used to encrypt only directories that are the home directory of a regular Linux user.

FreeIPA

  • The command ipa-server-install installs and configures a new FreeIPA server, including all sub-components, and creates a new FreeIPA domain.

Rootkit Detection

  • The command chkrootkit is used to detect rootkits on a Linux system.
  • The command rkhunter is used to detect rootkits and other security threats.

This quiz covers various aspects of computer security, including OpenSSL parameters, configuration, and common security threats. It also touches on Linux file permissions.

Make Your Own Quizzes and Flashcards

Convert your notes into interactive study material.

Get started for free

More Quizzes Like This

at Command Pop Quiz 2
5 questions

at Command Pop Quiz 2

GuiltlessAshcanSchool avatar
GuiltlessAshcanSchool
Use Quizgecko on...
Browser
Open
Browser
Browser