IT Security and Linux System Administration Quiz

Questions and Answers

What is the purpose of the uid option in the mount.cifs command?

To specify the user that appears as the local owner of the files

Which of the following is a good practice for private key security?

Creating private keys on the systems where they will be used

What is the main purpose of NSEC3 in DNSSEC?

To prevent zone enumeration

What is the command used to change the SELinux context for a user?

newrole

Which file is used to configure the AIDE system?

/etc/aide/aide.conf

What is the purpose of the ndpmon command?

To monitor the network for neighbor discovery messages from new IPv6 hosts and routers

Which of the following is a good practice for private key security?

Storing private keys in a secure location

What is the purpose of the mount.cifs command?

To mount a CIFS file system

What is the purpose of rkhunter?

To detect rootkits and other security threats

Which command is used to view the access control list of a file?

getfacl

What is a man-in-the-middle attack?

An attack that intercepts communications between two parties to steal information

Which permission bit allows a user to delete a file?

Write

What is the purpose of a Certificate Authority (CA)?

To issue digital certificates to organizations

Which command adds users using SSSD’s local service?

sss_useradd

Which DNS records are used in DNSSEC?

RRSIG

Which of the following terms refer to existing scan techniques with nmap?

FIN Scan

Which command changes the source IP address to 192.0.2.11 for all IPv4 packets which go through the network interface eth0?

iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 192.0.2.11

Which of the following methods can be used to deactivate a rule in Snort?

By placing a pass rule in local.rules and restarting Snort

What is the primary function of the tool that reads syslog files containing Snort information?

To generate port scan statistics

Which command is used to delete the first key from a LUKS device?

cryptsetup luksDelKey /dev/sda1 1

What is a characteristic of eCryptfs?

It cannot be used to encrypt directories on a Linux system

How does TSIG authenticate name servers for secured zone transfers?

By using a secret key that is shared between the servers

Which of the following is NOT a component of FreeIPA?

Intrusion Detection System

What is the purpose of the dnssec-keygen utility?

To generate DNSSEC keys

What type of system is a Security Information and Event Management (SIEM) system?

HID system

What information is contained in an X509 certificate?

Basic constraints, including whether it is a CA

What command is used to make the contents of an eCryptfs encrypted directory available to the user?

ecryptfs-mount-private

What is the purpose of the chage command?

To disable the automatic password expiry for a user

What does a network link monitor do?

Queries network interfaces

What is an asymmetric key used for?

Encryption and decryption with a pair of keys

What is an example of a behavioral-based HID technique?

Anomaly-based detection

What command revokes ACL-based write access for groups and named users on a file?

setfacl ~m mask: : rx

What is the purpose of the setfattr command?

To set an extended attribute on a file

What is a buffer overflow?

A type of software vulnerability

What tool can be used to manage the Linux Audit system?

auditd

What is the main difference between a DNSSEC-signed zone and a non-DNSSEC-signed zone?

The zone signing key is used to sign the DNS records

What is the difference between a SetUID and SetGID bit?

SetUID allows a file to be executed with the permissions of the file owner, while SetGID allows a file to be executed with the permissions of the group owner

What is a honeypot?

A decoy system to detect and deflect attacks

What is the primary purpose of a Certificate Revocation List (CRL)?

To revoke compromised X.509 certificates

What package management tools can be used to verify the integrity of installed files on a Linux system?

RPM and DPKG

What is the main benefit of using AppArmor over SELinux?

AppArmor is less complex and easier to configure

What is the primary purpose of a DNSKEY record in DNSSEC?

To sign a DNS zone

What is the main difference between a chroot environment and a regular environment?

A chroot environment is more secure than a regular environment

What is the primary purpose of AIDE?

To detect intrusions and system changes

What is phishing?

A type of social engineering attack

What is the primary purpose of DNS over TLS and DNS over HTTPS?

To provide secure communication between DNS clients and servers

What is the main difference between AppArmor and SELinux?

AppArmor is implemented in user space, while SELinux is implemented in the kernel

What is the primary purpose of an X.509 certificate?

To verify the identity of a website

What is the purpose of the Linux Audit system?

To detect intrusions and system changes

What is the purpose of file ownership in Linux systems?

To restrict access to files only to their owner

What is a Trojan?

A type of malware that disguises itself as legitimate software

What is the purpose of a trust anchor?

A root certificate that is trusted by a particular CA

Which of the following is used to issue and sign X.509 certificates?

To issue and sign X.509 certificates

What is the purpose of the command dnssec-keygen?

To generate DNSSEC keys

What is a rogue access point?

An unauthorized access point that is set up to look like a legitimate one

What is the purpose of the push directive in an OpenVPN server configuration?

To send network configuration information to the client

What is Linux Malware Detect?

A tool to detect malware on a Linux system

What is a DoS attack?

An attack that floods a network or server with traffic to make it unavailable

What is the primary purpose of a honey pot in network security?

To lure attackers into a trap and detect their activities

Which type of DNS server is responsible for performing DNSSEC validation on behalf of clients?

Recursive name server

What is the purpose of the ipa trust-add command in FreeIPA?

To establish a trust between a FreeIPA domain and an Active Directory domain

What is the purpose of the ntop command with the --set-admin-password option?

To set the administrator password for ntop

What is a symmetric key in cryptography?

A key used for encryption and decryption that is the same

What is the purpose of the pam_cracklib PAM module?

To check new passwords against dictionary words and enforce complexity

What is the purpose of TSIG in DNS?

To sign DNS messages for secure communication

What is the purpose of IP sets in Linux?

They group together IP addresses that can be referenced by netfilter rules

What is the purpose of an extended attribute in Linux?

To store additional metadata about a file

What is the effect of the iptables command with the -A INPUT option?

Accept all TCP traffic on port 20 and 21 for a specific IP address

What is the purpose of OCSP stapling?

A mechanism that allows a server to provide proof of the revocation status of its own SSL/TLS certificate

What is the main purpose of HID?

To detect and respond to security incidents

What is a ciphertext?

The encrypted message

What is the command to install and configure a new FreeIPA server?

ipa-server-install

What is Cryptography?

The art of sending secret messages

What is the purpose of the ebtables command?

To display ebtable rules

What is a rootkit?

A type of malware that disguises itself as legitimate software

What is the purpose of the openssl command?

To generate a certificate signing request (CSR)

What is the protocol commonly used to transmit X.509 certificates?

LDAP

What is a plaintext?

The original message before encryption

What is the purpose of a TLSA record in DANE?

To sign a TLS server's public key

What does the configuration option SSLStrictSNIVHostCheck do in Apache HTTPD?

Serves the virtual host only to clients that support SNI

Which of the following is a characteristic of a Root CA certificate?

It is self-signed

What is the purpose of HID in security?

To alert security personnel of potential security incidents

What is the purpose of the command ulimit in Bash?

To set the maximum size of written files

Which of the following is a best practice for implementing HID?

Configure HID to alert security personnel of potential security incidents

What is the purpose of the chown command in Linux?

To set the owner and group of a file

What is the purpose of Wireshark capture filters?

To capture only a specific type of network traffic

What is the purpose of the command openvas-nvt-sync?

To update NVTs from the OpenVAS NVT feed

What is the purpose of the execute permission bit in Linux?

To allow a file to be executed

Which option of mount.cifs specifies the user that appears as the local owner of the files of a mounted CIFS share when the server does not provide ownership information?

uid

Which of the following practices are important for the security of private keys?

Private keys should have a sufficient length for the algorithm used for key generation

What is the purpose of NSEC3 in DNSSEC?

To prevent zone enumeration

Which command is used to run a new shell for a user changing the SELinux context?

newrole

Which file is used to configure AIDE?

/etc/aide/aide.conf

What is the purpose of ndpmon?

It monitors the network for neighbor discovery messages from new IPv6 hosts and routers

What is the advantage of creating private keys on the systems where they will be used?

They are more secure because they never leave the system

What is the purpose of keeping private keys confidential?

To prevent unauthorized access to encrypted data

What is the purpose of the setfattr command?

To set an extended attribute on a file in Linux

What is an example of a behavioral-based HID technique?

Anomaly-based detection

What is the difference between a SetUID and SetGID bit?

SetUID allows a file to be executed with the permissions of the file owner, while SetGID allows a file to be executed with the permissions of the group owner

What is the purpose of the auditd tool?

To manage the Linux Audit system

What is a buffer overflow?

A type of software vulnerability

What is the purpose of the ausearch command?

To search and filter the audit log

What package management tools can be used to verify the integrity of installed files on a Linux system?

RPM and DPKG

What is a honeypot?

A decoy system intended to distract attackers

What is the purpose of the openssl command with the -servername option?

To specify the host name to use for TLS Server Name Indication

What is an asymmetric key?

A key used for both encryption and decryption that is generated in a pair

What is the purpose of a honeypot?

To lure attackers into a trap

Which of the following is used to perform DNSSEC validation on behalf of clients?

Recursive name server

What is the purpose of IP sets?

To group together IP addresses referenced by netfilter rules

What is the purpose of an extended attribute in Linux?

To store additional metadata about a file

Which file is used to configure rkhunter?

/etc/rkhunter.conf

What is the purpose of TSIG in DNS?

To sign DNS messages for secure communication

What is privilege escalation?

An attack that exploits a vulnerability to gain elevated privileges

What is the purpose of the pam_cracklib PAM module?

To check new passwords against dictionary words and enforce complexity

What is the purpose of SELinux?

To implement mandatory access control

What is the purpose of the openvpn command?

To establish a secure VPN connection

What is the primary purpose of issuing and signing X.509 certificates?

To issue and sign digital certificates for secure communication

What is the purpose of the push directive in an OpenVPN server configuration?

To send network configuration information to the client

Which of the following is a valid stanza for a client configuration in FreeRADIUS?

client private-network-1 { ipaddr = 192.0.2.0/24 secret = testing123-1 }

What is the purpose of the Linux Malware Detect tool?

To detect malware on a Linux system

What is a Trojan?

A type of malware that disguises itself as legitimate software

What is the purpose of the dnssec-keygen command?

To generate DNS keys

What is the purpose of a trust anchor?

A root certificate that is trusted by a particular CA

What is a rogue access point?

An unauthorized access point that is set up to look like a legitimate one

What is the purpose of the chmod command in Linux?

To set the permissions of a file

What is the main purpose of a Certificate Authority (CA)?

To issue digital certificates

What is the primary purpose of an X.509 certificate?

To verify the identity of a website

What is the main difference between a chroot environment and a regular environment?

Chroot environments are isolated and have limited access to resources

Which of the following statements is true about AppArmor?

AppArmor is less complex and easier to configure than SELinux

What is the primary purpose of AIDE?

To detect intrusions and system changes

What is phishing?

A type of social engineering attack

What is the primary purpose of DNS over TLS and DNS over HTTPS?

To provide secure communication between DNS clients and servers

What is the primary purpose of a Certificate Revocation List (CRL)?

A list of X.509 certificates that have been revoked by a particular CA

Which of the following DNS records is used to map an IP address to a hostname?

PTR

What is host intrusion detection (HID)?

A system that monitors and detects potential security threats on a single computer or server

What is the purpose of a DNSKEY record in DNSSEC?

To sign a DNS zone

Which tool is used to check for rootkits on a Linux system?

chkrootkit

What happens when the command getfattr afile is run while the file afile has no extended attributes set?

No output is produced and getfattr exits with a value of 0

Which command deletes only the first key from a LUKS device?

cryptsetup luksDelKey /dev/sda 1 1

Which statement is true regarding eCryptfs?

eCryptfs cannot be used to encrypt only directories that are the home directory of a regular Linux user

Which command disables the automatic password expiry for a user?

chage --maxdays -1 usera

How does TSIG authenticate name servers for secured zone transfers?

Both servers use a secret key that is shared between the servers

Which of the following utilities is used to generate keys for DNSSEC?

dnssec-keygen

Which command makes the contents of an eCryptfs encrypted directory available to the user?

ecryptfs-mount-private

Which of the following is an example of an HID tool?

Security information and event management (SIEM) system

Which statement is true regarding an X509 certificate?

This certificate belongs to a certification authority

What is the primary function of rkhunter?

To detect rootkits and other security threats

What is the purpose of a Certificate Authority (CA)?

To issue certificates to organizations

What is a man-in-the-middle attack?

An attack that intercepts communications between two parties to steal information

Which permission bit allows a user to delete a file?

Write

What is a certificate chain?

A sequence of certificates used to verify the authenticity of a digital certificate

Which command changes the source IP address to 192.0.2.11 for all IPv4 packets which go through the network interface eth0?

iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 192.0.2.11

Which of the following commands adds users using SSSD’s local service?

ss_useradd

Which DNS records are used in DNSSEC?

RRSIG

What is the purpose of OpenVPN?

To create a virtual private network

Which of the following scan techniques with nmap?

All of the above

Which of the following authentication methods was added to NFS in version 4?

Kerberos authentication

What is OCSP stapling?

A mechanism that allows a server to provide proof of the revocation status of its own SSL/TLS certificate

What is the purpose of the command ipa-server-install?

To install and configure a new FreeIPA server, including all sub-components, and creates a new FreeIPA domain

What is the openssl command to generate a certificate signing request (CSR) using the already existing private key contained in the file private/keypair.pem?

openssl req –new -key private/keypair.pem –out req/csr.pem

What is Cryptography?

The art of sending secret messages

What type of activity does HID monitor for?

Unauthorized access attempts

What is a ciphertext?

The encrypted message

Which of the following commands defines an audit rule that monitors read and write operations to the file /etc/firewall/rules and associates the rule with the name firewall?

auditctl –w /etc/firewall/rules –p rw –k firewall

What is a rootkit?

A type of malware that disguises itself as legitimate software

Which of the following commands displays all ebtable rules contained in the table filter including their packet and byte counters?

ebtables -t filter –L --Lc

What is the purpose of a TLSA record in DANE?

To sign a TLS server's public key

Which command is used to update NVTs from the OpenVAS NVT feed?

openvas-nvt-sync

What is the purpose of the SSLVerifyClient require configuration option in Apache HTTPD?

To require a client certificate for authentication

Which of the following statements are true regarding the certificate of a Root CA?

It is a self-signed certificate.

Which of the following permissions is required to execute a file?

Execute

How can host scans be automated on a Linux system?

Using cron

Which of the following configuration options makes Apache HTTPD require a client certificate for authentication?

SSLVerifyClient require

What is the purpose of SELinux permissions?

To provide additional access control

Which command is used to set the owner and group of a file in Linux?

chown

Which of the following Wireshark capture filters is valid?

portrange 10000/tcp-15000/tcp

Study Notes

Security and Networking Concepts

• Exam 303-300: LPIC-3 Security

File Systems and Permissions

• File ownership in Linux systems restricts access to files only to their owner
• chown command is used to change the ownership of a file
• chmod command is used to set the permissions of a file
• Extended attributes in Linux store additional metadata about a file
• getfacl command is used to view the access control list of a file
• setfacl command is used to set the access control list of a file

Network Security

• DNSSEC (Domain Name System Security Extensions) is a security protocol for DNS
• NSEC3 is a type of DNS record used in DNSSEC
• RRSIG is a type of DNS record used in DNSSEC
• TSIG is used to sign DNS messages for secure communication
• IP sets group together IP addresses that can be referenced by netfilter rules

Cryptography and Certification

• Asymmetric key: a key used for encryption and decryption that is generated in a pair
• Symmetric key: a key used for encryption and decryption that is the same
• Certificate Authority (CA) issues and signs X.509 certificates
• Trust anchor: a root certificate that is trusted by a particular CA
• TLSA record in DANE publishes X.509 certificate and certificate authority information in DNS

Linux Security

• Linux Audit system detects intrusions and system changes
• ausearch command is used to search and filter the audit log
• auditd is the Linux Audit system's daemon
• SELinux (Security-Enhanced Linux) is a Mandatory Access Control (MAC) system

Network Attacks and Defenses

• Buffer overflow: a type of software vulnerability
• Man-in-the-middle attack: an attack that intercepts communications between two parties
• DoS (Denial of Service) attack: an attack that floods a network or server with traffic to make it unavailable
• Trojan: a type of malware that disguises itself as legitimate software
• Rogue access point: an unauthorized access point that is set up to look like a legitimate one

Firewalls and Networking

• iptables command is used to configure the Linux firewall
• nmap is a network exploration and security auditing tool
• OpenVPN is a virtual private network (VPN) solution

Other Security Concepts

• Privilege escalation: an attack that exploits a vulnerability to gain elevated privileges
• Honeypot: a network security tool designed to lure attackers into a trap
• AIDE (Advanced Intrusion Detection Environment) is a file integrity checker and incident response tool
• rkhunter is a tool to detect rootkits and other security threats### Security Fundamentals
• Host intrusion detection (HID) monitors a single computer or server for potential security threats.
• HID can detect unauthorized access attempts, but does not provide automatic removal of detected threats.
• Cryptography is the art of sending secret messages.

File Permissions and Access Control

• SELinux permissions are verified before standard Linux permissions.
• The chown command is used to set the owner and group of a file in Linux.
• Access control lists (ACLs) in Linux specify fine-grained permissions for users and groups.

Network Security

• OCSP stapling is a mechanism that allows a server to provide proof of the revocation status of its own SSL/TLS certificate.
• LUKS (Linux Unified Key Setup) is a disk encryption system.
• cryptsetup is used to set up and configure LUKS devices.
• getfattr displays extended attributes of a file or directory.

Certificates and Authentication

• X.509 certificates are digital documents that verify the identity of a website, person, device, or company.
• A Certificate Revocation List (CRL) is a list of X.509 certificates that have been revoked by a particular CA.
• DNSSEC (Domain Name System Security Extensions) is a set of extensions to DNS that provide security by verifying the authenticity of DNS data.
• TSIG (Transaction Signature) authenticates name servers in order to perform secured zone transfers.
• eCryptfs is a stacked Linux filesystem that provides encryption and access control for directories.

System Security

• chage is used to change the password expiry information for a user.
• snort-stat displays statistics from the running Snort process.
• chkrootkit is a tool that checks for rootkits on a Linux system.
• AppArmor and SELinux are both mandatory access control systems, but they have different implementation and configuration approaches.
• aide is a tool that detects intrusions and system changes.

DNS Security

• DNSSEC-signed zones use a key signing key to sign the zone signing key of the zone.
• The DNSKEY record in DNSSEC is used to sign a DNS zone.
• DNS over TLS and DNS over HTTPS provide secure communication between DNS clients and servers.
• DANE (DNS-based Authentication of Named Entities) is used to secure HTTPS connections.

Other Security Concepts

• Phishing is a type of social engineering attack that exploits human psychology to gain access to sensitive information.
• Social engineering is a type of attack that exploits human psychology to gain access to sensitive information.
• Rootkits are a type of malware that disguises itself as legitimate software.
• openvas-nvt-sync is a command that updates NVTs (Network Vulnerability Tests) from the OpenVAS NVT feed.
• ipa-server-install is a command that installs and configures a new FreeIPA server, including all sub-components, and creates a new FreeIPA domain.

Security and Networking Concepts

• Exam 303-300: LPIC-3 Security

File Systems and Permissions

• File ownership in Linux systems restricts access to files only to their owner
• chown command is used to change the ownership of a file
• chmod command is used to set the permissions of a file
• Extended attributes in Linux store additional metadata about a file
• getfacl command is used to view the access control list of a file
• setfacl command is used to set the access control list of a file

Network Security

• DNSSEC (Domain Name System Security Extensions) is a security protocol for DNS
• NSEC3 is a type of DNS record used in DNSSEC
• RRSIG is a type of DNS record used in DNSSEC
• TSIG is used to sign DNS messages for secure communication
• IP sets group together IP addresses that can be referenced by netfilter rules

Cryptography and Certification

• Asymmetric key: a key used for encryption and decryption that is generated in a pair
• Symmetric key: a key used for encryption and decryption that is the same
• Certificate Authority (CA) issues and signs X.509 certificates
• Trust anchor: a root certificate that is trusted by a particular CA
• TLSA record in DANE publishes X.509 certificate and certificate authority information in DNS

Linux Security

• Linux Audit system detects intrusions and system changes
• ausearch command is used to search and filter the audit log
• auditd is the Linux Audit system's daemon
• SELinux (Security-Enhanced Linux) is a Mandatory Access Control (MAC) system

Network Attacks and Defenses

• Buffer overflow: a type of software vulnerability
• Man-in-the-middle attack: an attack that intercepts communications between two parties
• DoS (Denial of Service) attack: an attack that floods a network or server with traffic to make it unavailable
• Trojan: a type of malware that disguises itself as legitimate software
• Rogue access point: an unauthorized access point that is set up to look like a legitimate one

Firewalls and Networking

• iptables command is used to configure the Linux firewall
• nmap is a network exploration and security auditing tool
• OpenVPN is a virtual private network (VPN) solution

Other Security Concepts

• Privilege escalation: an attack that exploits a vulnerability to gain elevated privileges
• Honeypot: a network security tool designed to lure attackers into a trap
• AIDE (Advanced Intrusion Detection Environment) is a file integrity checker and incident response tool
• rkhunter is a tool to detect rootkits and other security threats### Security Fundamentals
• Host intrusion detection (HID) monitors a single computer or server for potential security threats.
• HID can detect unauthorized access attempts, but does not provide automatic removal of detected threats.
• Cryptography is the art of sending secret messages.

File Permissions and Access Control

• SELinux permissions are verified before standard Linux permissions.
• The chown command is used to set the owner and group of a file in Linux.
• Access control lists (ACLs) in Linux specify fine-grained permissions for users and groups.

Network Security

• OCSP stapling is a mechanism that allows a server to provide proof of the revocation status of its own SSL/TLS certificate.
• LUKS (Linux Unified Key Setup) is a disk encryption system.
• cryptsetup is used to set up and configure LUKS devices.
• getfattr displays extended attributes of a file or directory.

Certificates and Authentication

• X.509 certificates are digital documents that verify the identity of a website, person, device, or company.
• A Certificate Revocation List (CRL) is a list of X.509 certificates that have been revoked by a particular CA.
• DNSSEC (Domain Name System Security Extensions) is a set of extensions to DNS that provide security by verifying the authenticity of DNS data.
• TSIG (Transaction Signature) authenticates name servers in order to perform secured zone transfers.
• eCryptfs is a stacked Linux filesystem that provides encryption and access control for directories.

System Security

• chage is used to change the password expiry information for a user.
• snort-stat displays statistics from the running Snort process.
• chkrootkit is a tool that checks for rootkits on a Linux system.
• AppArmor and SELinux are both mandatory access control systems, but they have different implementation and configuration approaches.
• aide is a tool that detects intrusions and system changes.

DNS Security

• DNSSEC-signed zones use a key signing key to sign the zone signing key of the zone.
• The DNSKEY record in DNSSEC is used to sign a DNS zone.
• DNS over TLS and DNS over HTTPS provide secure communication between DNS clients and servers.
• DANE (DNS-based Authentication of Named Entities) is used to secure HTTPS connections.

Other Security Concepts

• Phishing is a type of social engineering attack that exploits human psychology to gain access to sensitive information.
• Social engineering is a type of attack that exploits human psychology to gain access to sensitive information.
• Rootkits are a type of malware that disguises itself as legitimate software.
• openvas-nvt-sync is a command that updates NVTs (Network Vulnerability Tests) from the OpenVAS NVT feed.
• ipa-server-install is a command that installs and configures a new FreeIPA server, including all sub-components, and creates a new FreeIPA domain.