64 Questions
Which of the following options changes the timeout period to 5 seconds for an OpenVPN control packet acknowledgement?
-- tls-timeout 5
Which permission bit allows a user to delete a file?
Write
What is the purpose of rkhunter?
To detect rootkits and other security threats
What is a certificate chain?
A sequence of certificates used to verify the authenticity of a digital certificate
Which of the following commands changes the source IP address to 192.0.2.11 for all IPv4 packets going through the network interface eth0?
iptables ~t nat ~A POSTROUTING ~o eth0 j SNAT --tosource 192.0.2.11
Which of the following statements is used in a parameter file for setkey in order to create a new SPD entry?
spdadd
Which of the following methods can be used to deactivate a rule in Snort? (Choose TWO correct answers.)
By placing a # in front of the rule and restarting Snort.
Which of the following commands adds users using SSSD’s local service?
sss_useradd
Which of the following DNS records are used in DNSSEC?
RRSIG
What is the purpose of a Certificate Authority (CA)?
To issue and sign X.509 certificates
Which directive is used in an OpenVPN server configuration to send network configuration information to the client?
push
Match the following programming languages with their primary usage:
Python = General-purpose programming JavaScript = Client-side scripting for web applications SQL = Database queries CSS = Styling web pages
Determine whether the given solution is correct?
Correct
Which of the following openssl commands generates a certificate signing request (CSR) using the already existing private key contained in the file private/keypair.pem?
openssl req – new -key private/keypair.pem –out req/csr.pem
What is Cryptography?
The art of sending secret messages
What type of activity does HID monitor for?
Unauthorized access attempts
Which command installs and configures a new FreeIPA server, including all sub-components, and creates a new FreeIPA domain?
ipa-setup
What is the purpose of an access control list in Linux?
To specify fine-grained permissions for users and groups
How can host scans be automated on a Linux system?
Using cron
What is the purpose of file ownership in Linux systems?
To restrict access to files only to their owner
What is the purpose of rkhunter?
To detect rootkits and other security threats
What option of mount.cifs specifies the user that appears as the local owner of the files of a mounted CIFS share when the server does not provide ownership information? (Specify ONLY the option name without any values or parameters.)
uid
Which of the following practices are important for the security of private keys? (Choose TWO correct answers)
Private keys should have a sufficient length for the algorithm used for key generation.
What is the purpose of NSEC3 in DNSSEC?
To prevent zone enumeration
Which command is used to run a new shell for a user changing the SELinux context? (Specify ONLY the command without any path or parameters.)
newrole
Which file is used to configure AIDE?
/etc/aide/aide.conf
Determine whether the given solution is correct?
Correct
Which of the following openssl commands generates a certificate signing request (CSR) using the already existing private key?
openssl req – new -key private/keypair.pem –out req/csr.pem
What is Cryptography?
The art of sending secret messages
What type of activity does HID monitor for?
Unauthorized access attempts
Which of the following is NOT a benefit of using HID?
Provides automatic removal of detected threats
What is a ciphertext?
The encrypted message
Which of the following commands defines an audit rule that monitors read and write operations to the file /etc/firewall/rules and associates the rule with the name firewall?
auditctl –w /etc/firewall/rules –p rw –k firewall
What is a rootkit?
A type of malware that disguises itself as legitimate software
Which of the following commands displays all ebtable rules contained in the table filter including their packet and byte counters?
ebtables -t filter –L --Lc
What is a plaintext?
The original message before encryption
Which protocol is commonly used to transmit X.509 certificates?
LDAP
What is the purpose of the program snort-stat?
It reads syslog files containing Snort information and generates port scan statistics.
Which tool can be used to check for rootkits on a Linux system?
chkrootkit
What option of mount.cifs specifies the user that appears as the local owner of the files of a mounted CIFS share when the server does not provide ownership information?
uid
Which of the following practices are important for the security of private keys? (Choose TWO correct answers)
Private keys should have a sufficient length for the algorithm used for key generation
What is the purpose of NSEC3 in DNSSEC?
To prevent zone enumeration
Which command is used to run a new shell for a user changing the SELinux context?
newrole
Which file is used to configure AIDE?
/etc/aide/aide.conf
What is the purpose of ndpmon?
It monitors the network for neighbor discovery messages from new IPv6 hosts and routers
What is an asymmetric key?
A key used for both encryption and decryption that is generated in a pair
Which of the following is an example of a behavioral-based HID technique?
Anomaly-based detection
Which command revokes ACL-based write access for groups and named users on the file afile?
setfacl ~m mask: : rx afile
Which command is used to set an extended attribute on a file in Linux?
setfattr
Which option in an Apache HTTPD configuration file enables OCSP stapling?
httpd-conf
What is the difference between a SetUID and SetGID bit?
SetUID allows a file to be executed with the permissions of the file owner, while SetGID allows a file to be executed with the permissions of the group owner
Which of the following expressions are valid AIDE rules?
!/var/run/.*
Which command included in the Linux Audit system provides searching and filtering of the audit log?
ausearch
Which package management tools can be used to verify the integrity of installed files on a Linux system?
RPM and DPKG
What is a honeypot?
A network security tool designed to lure attackers into a trap
Which of the following is used to perform DNSSEC validation on behalf of clients?
Recursive name server
Given a proper network and name resolution setup, which of the following commands establishes a trust between a FreeIPA domain and an Active Directory domain?
ipa trust-add --type ad addom --admin Administrator --password
Which of the following command lines sets the administrator password for ntop to testing 123?
ntop --set-admin-password=testing123
What is a symmetric key?
A key used for encryption and decryption that is the same
What is privilege escalation?
An attack that exploits a vulnerability to gain elevated privileges
Which PAM module checks new passwords against dictionary words and enforces complexity?
pam_cracklib
What is the purpose of TSIG in DNS?
To sign DNS messages for secure communication
What is the purpose of IP sets?
They group together IP addresses that can be referenced by netfilter rules
What is the purpose of an extended attribute in Linux?
To store additional metadata about a file
Study Notes
LPIC-3 Security
Mounting CIFS Shares
- The
uid
option specifies the user that appears as the local owner of the files when the server does not provide ownership information.
Private Key Security
- Private keys should not be created on a system where they will be used, and should never leave that system.
- Private keys should have sufficient length for the algorithm used for key generation.
DNSSEC
- NSEC3 is used to prevent zone enumeration.
- TSIG is used to sign DNS messages for secure communication.
OpenSSL
-
openssl s_client
specifies the host name to use for TLS Server Name Indication.
AIDE
-
aide.conf
is used to configure AIDE. - Rules are added to
aide.conf
to specify what files to monitor.
Audit System
-
ausearch
is used to search and filter the audit log.
Linux File Attributes
- Extended attributes can store additional metadata about a file.
-
setfattr
is used to set extended attributes on a file.
PAM
-
pam_cracklib
checks new passwords against dictionary words and enforces complexity.
Access Control
- SELinux is a Mandatory Access Control (MAC) system.
OpenVPN
-
openvpn
uses ephemeral keys by default. - The
--mlock
option ensures that ephemeral keys are not written to swap space.
Snort
- Snort can be used to detect intrusions and system changes.
Certificate Authority
- A Certificate Authority (CA) issues and signs X.509 certificates.
DNS
- DNSSEC keys can be generated using
dnssec-keygen
. - RRSIG is a DNS record type used in DNSSEC.
Network Security
- IPSec is used to secure network communications.
- IP sets are used to group together IP addresses and networks that can be referenced by netfilter rules.
Authentication
- rkhunter is used to detect rootkits and other security threats.
- Linux Malware Detect is used to detect malware on a Linux system.
Linux Permissions
- The
chmod
command is used to set permissions on a file. - The
chown
command is used to set the ownership of a file.
Firewall Configuration
-
iptables
is used to configure network traffic rules. - The
nat
table is used to perform Network Address Translation.
System Security
- A buffer overflow is a type of software vulnerability.
- Privilege escalation is an attack that exploits a vulnerability to gain elevated privileges.
DNS Security
- DNSSEC is used to secure DNS communications.
- TLSA records are used in DNS-Based Authentication of Named Entities (DANE).
- A trust anchor is a root certificate that is trusted by a particular CA.### Security Configurations
- The virtual host is used as a fallback default for all clients that do not support SNI.
- To require a client certificate for authentication in Apache HTTPD, the configuration option
SSLVerifyClient require
is used.
Certificate Authority (CA)
- A Root CA has a self-signed certificate, does not include the private key of the CA, and must contain an X509v3 Authority extension.
- A Root CA certificate is a self-signed certificate that identifies the CA.
Host Intrusion Detection (HID)
- HID monitors for unauthorized access attempts and alerts security personnel of potential security incidents.
- HID does not automatically remove detected threats.
Linux Permissions
- SELinux permissions are verified before standard Linux permissions.
- The command
chown
is used to set the owner and group of a file in Linux. - SELinux permissions are verified after standard Linux permissions.
Wireshark
- Valid Wireshark capture filters include
port range 10000:tcp-15000:tcp
andtcp portrange 10000-15000
.
OpenVAS
- The command
openvas-nvt-sync
is used to update NVTs from the OpenVAS NVT feed.
File Permissions
- The permission bit that allows a file to be executed is the execute bit.
Automation
- Cron can be used to automate host scans on a Linux system.
Access Control List (ACL)
- The purpose of an access control list in Linux is to specify fine-grained permissions for users and groups.
NFS
- Kerberos authentication was added to NFS in version 4.
OCSP Stapling
- OCSP stapling is a mechanism that allows a server to provide proof of the revocation status of its own SSL/TLS certificate.
FreeIPA
- The command
ipa-server-install
installs and configures a new FreeIPA server, including all sub-components, and creates a new FreeIPA domain.
OpenSSL
- The command
openssl req –new -key private/keypair.pem –out req/csr.pem
generates a certificate signing request (CSR) using an existing private key.
Cryptography
- Cryptography is the art of sending secret messages.
- Ciphertext is the encrypted message.
- Plaintext is the original message before encryption.
Rootkits
- A rootkit is a type of malware that disguises itself as legitimate software.
Audit Rules
- The command
auditctl –w /etc/firewall/rules –p rw –k firewall
defines an audit rule that monitors read and write operations to the file/etc/firewall/rules
and associates the rule with the name "firewall".
ebtables
- The command
ebtables -t filter –L –v
displays all ebtable rules contained in the table filter including their packet and byte counters.
Snort-stat
- The program
snort-stat
reads syslog files containing Snort information and generates port scan statistics.
chkrootkit
- The tool
chkrootkit
is used to check for rootkits on a Linux system.
eCryptfs
- eCryptfs is a stacked cryptographic filesystem that stores encrypted data and metadata.
- eCryptfs cannot be used to encrypt only directories that are the home directory of a regular Linux user.
LUKS
- The command
cryptsetup luksDelKey /dev/sda 1
deletes only the first key from a LUKS device.
FreeIPA
- FreeIPA includes a DHCP server, Kerberos KDC, and Directory Server.
DNSSEC
- DNSSEC is a security extension to DNS that provides authentication of DNS data.
- The command
dnssec-keygen
is used to generate keys for DNSSEC.
Security Information and Event Management (SIEM) System
- A SIEM system is a type of HID tool.
X.509 Certificate
- An X.509 certificate is a digital document that verifies the identity of a website.
- An X.509 certificate contains information such as the subject, issuer, and validity period.
Certificate Revocation List (CRL)
- A CRL is a list of X.509 certificates that have been revoked by a particular CA.
Social Engineering
- Social engineering is a type of attack that exploits human psychology to gain access to sensitive information.
DNS over TLS and DNS over HTTPS
- DNS over TLS and DNS over HTTPS provide secure communication between DNS clients and servers.
LPIC-3 Security
Mounting CIFS Shares
- The
uid
option specifies the user that appears as the local owner of the files when the server does not provide ownership information.
Private Key Security
- Private keys should not be created on a system where they will be used, and should never leave that system.
- Private keys should have sufficient length for the algorithm used for key generation.
DNSSEC
- NSEC3 is used to prevent zone enumeration.
- TSIG is used to sign DNS messages for secure communication.
OpenSSL
-
openssl s_client
specifies the host name to use for TLS Server Name Indication.
AIDE
-
aide.conf
is used to configure AIDE. - Rules are added to
aide.conf
to specify what files to monitor.
Audit System
-
ausearch
is used to search and filter the audit log.
Linux File Attributes
- Extended attributes can store additional metadata about a file.
-
setfattr
is used to set extended attributes on a file.
PAM
-
pam_cracklib
checks new passwords against dictionary words and enforces complexity.
Access Control
- SELinux is a Mandatory Access Control (MAC) system.
OpenVPN
-
openvpn
uses ephemeral keys by default. - The
--mlock
option ensures that ephemeral keys are not written to swap space.
Snort
- Snort can be used to detect intrusions and system changes.
Certificate Authority
- A Certificate Authority (CA) issues and signs X.509 certificates.
DNS
- DNSSEC keys can be generated using
dnssec-keygen
. - RRSIG is a DNS record type used in DNSSEC.
Network Security
- IPSec is used to secure network communications.
- IP sets are used to group together IP addresses and networks that can be referenced by netfilter rules.
Authentication
- rkhunter is used to detect rootkits and other security threats.
- Linux Malware Detect is used to detect malware on a Linux system.
Linux Permissions
- The
chmod
command is used to set permissions on a file. - The
chown
command is used to set the ownership of a file.
Firewall Configuration
-
iptables
is used to configure network traffic rules. - The
nat
table is used to perform Network Address Translation.
System Security
- A buffer overflow is a type of software vulnerability.
- Privilege escalation is an attack that exploits a vulnerability to gain elevated privileges.
DNS Security
- DNSSEC is used to secure DNS communications.
- TLSA records are used in DNS-Based Authentication of Named Entities (DANE).
- A trust anchor is a root certificate that is trusted by a particular CA.### Security Configurations
- The virtual host is used as a fallback default for all clients that do not support SNI.
- To require a client certificate for authentication in Apache HTTPD, the configuration option
SSLVerifyClient require
is used.
Certificate Authority (CA)
- A Root CA has a self-signed certificate, does not include the private key of the CA, and must contain an X509v3 Authority extension.
- A Root CA certificate is a self-signed certificate that identifies the CA.
Host Intrusion Detection (HID)
- HID monitors for unauthorized access attempts and alerts security personnel of potential security incidents.
- HID does not automatically remove detected threats.
Linux Permissions
- SELinux permissions are verified before standard Linux permissions.
- The command
chown
is used to set the owner and group of a file in Linux. - SELinux permissions are verified after standard Linux permissions.
Wireshark
- Valid Wireshark capture filters include
port range 10000:tcp-15000:tcp
andtcp portrange 10000-15000
.
OpenVAS
- The command
openvas-nvt-sync
is used to update NVTs from the OpenVAS NVT feed.
File Permissions
- The permission bit that allows a file to be executed is the execute bit.
Automation
- Cron can be used to automate host scans on a Linux system.
Access Control List (ACL)
- The purpose of an access control list in Linux is to specify fine-grained permissions for users and groups.
NFS
- Kerberos authentication was added to NFS in version 4.
OCSP Stapling
- OCSP stapling is a mechanism that allows a server to provide proof of the revocation status of its own SSL/TLS certificate.
FreeIPA
- The command
ipa-server-install
installs and configures a new FreeIPA server, including all sub-components, and creates a new FreeIPA domain.
OpenSSL
- The command
openssl req –new -key private/keypair.pem –out req/csr.pem
generates a certificate signing request (CSR) using an existing private key.
Cryptography
- Cryptography is the art of sending secret messages.
- Ciphertext is the encrypted message.
- Plaintext is the original message before encryption.
Rootkits
- A rootkit is a type of malware that disguises itself as legitimate software.
Audit Rules
- The command
auditctl –w /etc/firewall/rules –p rw –k firewall
defines an audit rule that monitors read and write operations to the file/etc/firewall/rules
and associates the rule with the name "firewall".
ebtables
- The command
ebtables -t filter –L –v
displays all ebtable rules contained in the table filter including their packet and byte counters.
Snort-stat
- The program
snort-stat
reads syslog files containing Snort information and generates port scan statistics.
chkrootkit
- The tool
chkrootkit
is used to check for rootkits on a Linux system.
eCryptfs
- eCryptfs is a stacked cryptographic filesystem that stores encrypted data and metadata.
- eCryptfs cannot be used to encrypt only directories that are the home directory of a regular Linux user.
LUKS
- The command
cryptsetup luksDelKey /dev/sda 1
deletes only the first key from a LUKS device.
FreeIPA
- FreeIPA includes a DHCP server, Kerberos KDC, and Directory Server.
DNSSEC
- DNSSEC is a security extension to DNS that provides authentication of DNS data.
- The command
dnssec-keygen
is used to generate keys for DNSSEC.
Security Information and Event Management (SIEM) System
- A SIEM system is a type of HID tool.
X.509 Certificate
- An X.509 certificate is a digital document that verifies the identity of a website.
- An X.509 certificate contains information such as the subject, issuer, and validity period.
Certificate Revocation List (CRL)
- A CRL is a list of X.509 certificates that have been revoked by a particular CA.
Social Engineering
- Social engineering is a type of attack that exploits human psychology to gain access to sensitive information.
DNS over TLS and DNS over HTTPS
- DNS over TLS and DNS over HTTPS provide secure communication between DNS clients and servers.
Practice questions for the LPIC-3 Security certification exam, covering topics such as file system management and access control.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free