LPIC-3 Security Exam 303-300

Questions and Answers

Which of the following options changes the timeout period to 5 seconds for an OpenVPN control packet acknowledgement?

-- tls- timer 500

-- tls-timeout 5 (correct)

-- tls- timer 5

-- tls- timeout 500

Which permission bit allows a user to delete a file?

Write

What is the purpose of rkhunter?

To manage system log files

To manage installed packages

To detect rootkits and other security threats (correct)

To automate host scans

What is a certificate chain?

A sequence of certificates used to verify the authenticity of a digital certificate

Which of the following commands changes the source IP address to 192.0.2.11 for all IPv4 packets going through the network interface eth0?

iptables ~t nat ~A POSTROUTING ~o eth0 j SNAT --tosource 192.0.2.11

Which of the following statements is used in a parameter file for setkey in order to create a new SPD entry?

spdadd

Which of the following methods can be used to deactivate a rule in Snort? (Choose TWO correct answers.)

By placing a # in front of the rule and restarting Snort.

Which of the following commands adds users using SSSD’s local service?

sss_useradd

Which of the following DNS records are used in DNSSEC?

RRSIG

What is the purpose of a Certificate Authority (CA)?

To issue and sign X.509 certificates

Which directive is used in an OpenVPN server configuration to send network configuration information to the client?

push

Match the following programming languages with their primary usage:

Python = General-purpose programming JavaScript = Client-side scripting for web applications SQL = Database queries CSS = Styling web pages

Determine whether the given solution is correct?

Correct

Which of the following openssl commands generates a certificate signing request (CSR) using the already existing private key contained in the file private/keypair.pem?

openssl req – new -key private/keypair.pem –out req/csr.pem

What is Cryptography?

The art of sending secret messages

What type of activity does HID monitor for?

Unauthorized access attempts

Which command installs and configures a new FreeIPA server, including all sub-components, and creates a new FreeIPA domain?

ipa-setup

What is the purpose of an access control list in Linux?

To specify fine-grained permissions for users and groups

How can host scans be automated on a Linux system?

Using cron

What is the purpose of file ownership in Linux systems?

To restrict access to files only to their owner

What is the purpose of rkhunter?

To detect rootkits and other security threats

What option of mount.cifs specifies the user that appears as the local owner of the files of a mounted CIFS share when the server does not provide ownership information? (Specify ONLY the option name without any values or parameters.)

uid

Which of the following practices are important for the security of private keys? (Choose TWO correct answers)

Private keys should have a sufficient length for the algorithm used for key generation.

What is the purpose of NSEC3 in DNSSEC?

To prevent zone enumeration

Which command is used to run a new shell for a user changing the SELinux context? (Specify ONLY the command without any path or parameters.)

newrole

Which file is used to configure AIDE?

/etc/aide/aide.conf

Determine whether the given solution is correct?

Correct

Which of the following openssl commands generates a certificate signing request (CSR) using the already existing private key?

openssl req – new -key private/keypair.pem –out req/csr.pem

What is Cryptography?

The art of sending secret messages

What type of activity does HID monitor for?

Unauthorized access attempts

Which of the following is NOT a benefit of using HID?

Provides automatic removal of detected threats

What is a ciphertext?

The encrypted message

Which of the following commands defines an audit rule that monitors read and write operations to the file /etc/firewall/rules and associates the rule with the name firewall?

auditctl –w /etc/firewall/rules –p rw –k firewall

What is a rootkit?

A type of malware that disguises itself as legitimate software

Which of the following commands displays all ebtable rules contained in the table filter including their packet and byte counters?

ebtables -t filter –L --Lc

What is a plaintext?

The original message before encryption

Which protocol is commonly used to transmit X.509 certificates?

LDAP

What is the purpose of the program snort-stat?

It reads syslog files containing Snort information and generates port scan statistics.

Which tool can be used to check for rootkits on a Linux system?

chkrootkit

What option of mount.cifs specifies the user that appears as the local owner of the files of a mounted CIFS share when the server does not provide ownership information?

uid

Which of the following practices are important for the security of private keys? (Choose TWO correct answers)

Private keys should have a sufficient length for the algorithm used for key generation

What is the purpose of NSEC3 in DNSSEC?

To prevent zone enumeration

Which command is used to run a new shell for a user changing the SELinux context?

newrole

Which file is used to configure AIDE?

/etc/aide/aide.conf

What is the purpose of ndpmon?

It monitors the network for neighbor discovery messages from new IPv6 hosts and routers

What is an asymmetric key?

A key used for both encryption and decryption that is generated in a pair

Which of the following is an example of a behavioral-based HID technique?

Anomaly-based detection

Which command revokes ACL-based write access for groups and named users on the file afile?

setfacl ~m mask: : rx afile

Which command is used to set an extended attribute on a file in Linux?

setfattr

Which option in an Apache HTTPD configuration file enables OCSP stapling?

httpd-conf

What is the difference between a SetUID and SetGID bit?

SetUID allows a file to be executed with the permissions of the file owner, while SetGID allows a file to be executed with the permissions of the group owner

Which of the following expressions are valid AIDE rules?

!/var/run/.*

Which command included in the Linux Audit system provides searching and filtering of the audit log?

ausearch

Which package management tools can be used to verify the integrity of installed files on a Linux system?

RPM and DPKG

What is a honeypot?

A network security tool designed to lure attackers into a trap

Which of the following is used to perform DNSSEC validation on behalf of clients?

Recursive name server

Given a proper network and name resolution setup, which of the following commands establishes a trust between a FreeIPA domain and an Active Directory domain?

ipa trust-add --type ad addom --admin Administrator --password

Which of the following command lines sets the administrator password for ntop to testing 123?

ntop --set-admin-password=testing123

What is a symmetric key?

A key used for encryption and decryption that is the same

What is privilege escalation?

An attack that exploits a vulnerability to gain elevated privileges

Which PAM module checks new passwords against dictionary words and enforces complexity?

pam_cracklib

What is the purpose of TSIG in DNS?

To sign DNS messages for secure communication

What is the purpose of IP sets?

They group together IP addresses that can be referenced by netfilter rules

What is the purpose of an extended attribute in Linux?

To store additional metadata about a file

Study Notes

LPIC-3 Security

Mounting CIFS Shares

• The uid option specifies the user that appears as the local owner of the files when the server does not provide ownership information.

Private Key Security

• Private keys should not be created on a system where they will be used, and should never leave that system.
• Private keys should have sufficient length for the algorithm used for key generation.

DNSSEC

• NSEC3 is used to prevent zone enumeration.
• TSIG is used to sign DNS messages for secure communication.

OpenSSL

• openssl s_client specifies the host name to use for TLS Server Name Indication.

AIDE

• aide.conf is used to configure AIDE.
• Rules are added to aide.conf to specify what files to monitor.

Audit System

• ausearch is used to search and filter the audit log.

Linux File Attributes

• Extended attributes can store additional metadata about a file.
• setfattr is used to set extended attributes on a file.

PAM

• pam_cracklib checks new passwords against dictionary words and enforces complexity.

Access Control

• SELinux is a Mandatory Access Control (MAC) system.

OpenVPN

• openvpn uses ephemeral keys by default.
• The --mlock option ensures that ephemeral keys are not written to swap space.

Snort

• Snort can be used to detect intrusions and system changes.

Certificate Authority

• A Certificate Authority (CA) issues and signs X.509 certificates.

DNS

• DNSSEC keys can be generated using dnssec-keygen.
• RRSIG is a DNS record type used in DNSSEC.

Network Security

• IPSec is used to secure network communications.
• IP sets are used to group together IP addresses and networks that can be referenced by netfilter rules.

Authentication

• rkhunter is used to detect rootkits and other security threats.
• Linux Malware Detect is used to detect malware on a Linux system.

Linux Permissions

• The chmod command is used to set permissions on a file.
• The chown command is used to set the ownership of a file.

Firewall Configuration

• iptables is used to configure network traffic rules.
• The nat table is used to perform Network Address Translation.

System Security

• A buffer overflow is a type of software vulnerability.
• Privilege escalation is an attack that exploits a vulnerability to gain elevated privileges.

DNS Security

• DNSSEC is used to secure DNS communications.
• TLSA records are used in DNS-Based Authentication of Named Entities (DANE).
• A trust anchor is a root certificate that is trusted by a particular CA.### Security Configurations
• The virtual host is used as a fallback default for all clients that do not support SNI.
• To require a client certificate for authentication in Apache HTTPD, the configuration option SSLVerifyClient require is used.

Certificate Authority (CA)

• A Root CA has a self-signed certificate, does not include the private key of the CA, and must contain an X509v3 Authority extension.
• A Root CA certificate is a self-signed certificate that identifies the CA.

Host Intrusion Detection (HID)

• HID monitors for unauthorized access attempts and alerts security personnel of potential security incidents.
• HID does not automatically remove detected threats.

Linux Permissions

• SELinux permissions are verified before standard Linux permissions.
• The command chown is used to set the owner and group of a file in Linux.
• SELinux permissions are verified after standard Linux permissions.

Wireshark

• Valid Wireshark capture filters include port range 10000:tcp-15000:tcp and tcp portrange 10000-15000.

OpenVAS

• The command openvas-nvt-sync is used to update NVTs from the OpenVAS NVT feed.

File Permissions

• The permission bit that allows a file to be executed is the execute bit.

Automation

• Cron can be used to automate host scans on a Linux system.

Access Control List (ACL)

• The purpose of an access control list in Linux is to specify fine-grained permissions for users and groups.

NFS

• Kerberos authentication was added to NFS in version 4.

OCSP Stapling

• OCSP stapling is a mechanism that allows a server to provide proof of the revocation status of its own SSL/TLS certificate.

FreeIPA

• The command ipa-server-install installs and configures a new FreeIPA server, including all sub-components, and creates a new FreeIPA domain.

OpenSSL

• The command openssl req –new -key private/keypair.pem –out req/csr.pem generates a certificate signing request (CSR) using an existing private key.

Cryptography

• Cryptography is the art of sending secret messages.
• Ciphertext is the encrypted message.
• Plaintext is the original message before encryption.

Rootkits

• A rootkit is a type of malware that disguises itself as legitimate software.

Audit Rules

• The command auditctl –w /etc/firewall/rules –p rw –k firewall defines an audit rule that monitors read and write operations to the file /etc/firewall/rules and associates the rule with the name "firewall".

ebtables

• The command ebtables -t filter –L –v displays all ebtable rules contained in the table filter including their packet and byte counters.

Snort-stat

• The program snort-stat reads syslog files containing Snort information and generates port scan statistics.

chkrootkit

• The tool chkrootkit is used to check for rootkits on a Linux system.

eCryptfs

• eCryptfs is a stacked cryptographic filesystem that stores encrypted data and metadata.
• eCryptfs cannot be used to encrypt only directories that are the home directory of a regular Linux user.

LUKS

• The command cryptsetup luksDelKey /dev/sda 1 deletes only the first key from a LUKS device.

FreeIPA

• FreeIPA includes a DHCP server, Kerberos KDC, and Directory Server.

DNSSEC

• DNSSEC is a security extension to DNS that provides authentication of DNS data.
• The command dnssec-keygen is used to generate keys for DNSSEC.

Security Information and Event Management (SIEM) System

• A SIEM system is a type of HID tool.

X.509 Certificate

• An X.509 certificate is a digital document that verifies the identity of a website.
• An X.509 certificate contains information such as the subject, issuer, and validity period.

Certificate Revocation List (CRL)

• A CRL is a list of X.509 certificates that have been revoked by a particular CA.

Social Engineering

• Social engineering is a type of attack that exploits human psychology to gain access to sensitive information.

DNS over TLS and DNS over HTTPS

• DNS over TLS and DNS over HTTPS provide secure communication between DNS clients and servers.

LPIC-3 Security

Mounting CIFS Shares

• The uid option specifies the user that appears as the local owner of the files when the server does not provide ownership information.

Private Key Security

• Private keys should not be created on a system where they will be used, and should never leave that system.
• Private keys should have sufficient length for the algorithm used for key generation.

DNSSEC

• NSEC3 is used to prevent zone enumeration.
• TSIG is used to sign DNS messages for secure communication.

OpenSSL

• openssl s_client specifies the host name to use for TLS Server Name Indication.

AIDE

• aide.conf is used to configure AIDE.
• Rules are added to aide.conf to specify what files to monitor.

Audit System

• ausearch is used to search and filter the audit log.

Linux File Attributes

• Extended attributes can store additional metadata about a file.
• setfattr is used to set extended attributes on a file.

PAM

• pam_cracklib checks new passwords against dictionary words and enforces complexity.

Access Control

• SELinux is a Mandatory Access Control (MAC) system.

OpenVPN

• openvpn uses ephemeral keys by default.
• The --mlock option ensures that ephemeral keys are not written to swap space.

Snort

• Snort can be used to detect intrusions and system changes.

Certificate Authority

• A Certificate Authority (CA) issues and signs X.509 certificates.

DNS

• DNSSEC keys can be generated using dnssec-keygen.
• RRSIG is a DNS record type used in DNSSEC.

Network Security

• IPSec is used to secure network communications.
• IP sets are used to group together IP addresses and networks that can be referenced by netfilter rules.

Authentication

• rkhunter is used to detect rootkits and other security threats.
• Linux Malware Detect is used to detect malware on a Linux system.

Linux Permissions

• The chmod command is used to set permissions on a file.
• The chown command is used to set the ownership of a file.

Firewall Configuration

• iptables is used to configure network traffic rules.
• The nat table is used to perform Network Address Translation.

System Security

• A buffer overflow is a type of software vulnerability.
• Privilege escalation is an attack that exploits a vulnerability to gain elevated privileges.

DNS Security

• DNSSEC is used to secure DNS communications.
• TLSA records are used in DNS-Based Authentication of Named Entities (DANE).
• A trust anchor is a root certificate that is trusted by a particular CA.### Security Configurations
• The virtual host is used as a fallback default for all clients that do not support SNI.
• To require a client certificate for authentication in Apache HTTPD, the configuration option SSLVerifyClient require is used.

Certificate Authority (CA)

• A Root CA has a self-signed certificate, does not include the private key of the CA, and must contain an X509v3 Authority extension.
• A Root CA certificate is a self-signed certificate that identifies the CA.

Host Intrusion Detection (HID)

• HID monitors for unauthorized access attempts and alerts security personnel of potential security incidents.
• HID does not automatically remove detected threats.

Linux Permissions

• SELinux permissions are verified before standard Linux permissions.
• The command chown is used to set the owner and group of a file in Linux.
• SELinux permissions are verified after standard Linux permissions.

Wireshark

• Valid Wireshark capture filters include port range 10000:tcp-15000:tcp and tcp portrange 10000-15000.

OpenVAS

• The command openvas-nvt-sync is used to update NVTs from the OpenVAS NVT feed.

File Permissions

• The permission bit that allows a file to be executed is the execute bit.

Automation

• Cron can be used to automate host scans on a Linux system.

Access Control List (ACL)

• The purpose of an access control list in Linux is to specify fine-grained permissions for users and groups.

NFS

• Kerberos authentication was added to NFS in version 4.

OCSP Stapling

• OCSP stapling is a mechanism that allows a server to provide proof of the revocation status of its own SSL/TLS certificate.

FreeIPA

• The command ipa-server-install installs and configures a new FreeIPA server, including all sub-components, and creates a new FreeIPA domain.

OpenSSL

• The command openssl req –new -key private/keypair.pem –out req/csr.pem generates a certificate signing request (CSR) using an existing private key.

Cryptography

• Cryptography is the art of sending secret messages.
• Ciphertext is the encrypted message.
• Plaintext is the original message before encryption.

Rootkits

• A rootkit is a type of malware that disguises itself as legitimate software.

Audit Rules

• The command auditctl –w /etc/firewall/rules –p rw –k firewall defines an audit rule that monitors read and write operations to the file /etc/firewall/rules and associates the rule with the name "firewall".

ebtables

• The command ebtables -t filter –L –v displays all ebtable rules contained in the table filter including their packet and byte counters.

Snort-stat

• The program snort-stat reads syslog files containing Snort information and generates port scan statistics.

chkrootkit

• The tool chkrootkit is used to check for rootkits on a Linux system.

eCryptfs

• eCryptfs is a stacked cryptographic filesystem that stores encrypted data and metadata.
• eCryptfs cannot be used to encrypt only directories that are the home directory of a regular Linux user.

LUKS

• The command cryptsetup luksDelKey /dev/sda 1 deletes only the first key from a LUKS device.

FreeIPA

• FreeIPA includes a DHCP server, Kerberos KDC, and Directory Server.

DNSSEC

• DNSSEC is a security extension to DNS that provides authentication of DNS data.
• The command dnssec-keygen is used to generate keys for DNSSEC.

Security Information and Event Management (SIEM) System

• A SIEM system is a type of HID tool.

X.509 Certificate

• An X.509 certificate is a digital document that verifies the identity of a website.
• An X.509 certificate contains information such as the subject, issuer, and validity period.

Certificate Revocation List (CRL)

• A CRL is a list of X.509 certificates that have been revoked by a particular CA.

Social Engineering

• Social engineering is a type of attack that exploits human psychology to gain access to sensitive information.

DNS over TLS and DNS over HTTPS

• DNS over TLS and DNS over HTTPS provide secure communication between DNS clients and servers.

Description

Practice questions for the LPIC-3 Security certification exam, covering topics such as file system management and access control.