LPIC-3 Security Exam

Questions and Answers

What is the purpose of rkhunter?

To manage system log files

To manage installed packages

To detect rootkits and other security threats (correct)

To automate host scans

What is the purpose of file ownership in Linux systems?

To protect files from being accidentally deleted

To ensure that files are backed up regularly

To enable multiple users to access files simultaneously

To restrict access to files only to their owner (correct)

A trust anchor is a list of public keys that are trusted by a particular CA.

False

Which command is used to set the permissions of a file in Linux?

chmod

What option of mount.cifs specifies the user that appears as the local owner of the files of a mounted CIFS share when the server does not provide ownership information?

uid

Which of the following practices are important for the security of private keys? (Choose TWO correct answers)

Private keys should have a sufficient length for the algorithm used for key generation.

What is the purpose of NSEC3 in DNSSEC?

To prevent zone enumeration

Which command revokes ACL-based write access for groups and named users on the file afile?

setfacl ~m mask: : rx afile

Which command is used to set an extended attribute on a file in Linux?

setfattr

Determine whether the given solution is correct?

Correct

Which of the following OpenSSL commands generates a certificate signing request (CSR) using the already existing private key?

openssl req – new -key private/keypair.pem –out req/csr.pem

What is Cryptography?

The art of sending secret messages

What is the primary purpose of an NSEC or NSEC3 record in DNSSEC?

To prevent DNS cache poisoning

A Certificate Revocation List (CRL) is a list of X.509 certificates that have been issued by a particular CA.

False

What is the primary purpose of a DNSKEY record in DNSSEC?

To sign a DNS zone

Phishing is a type of ______________________ attack.

social engineering

Match the following DNS records with their purposes:

PTR = Maps an IP address to a hostname DNSKEY = Signs a DNS zone A = Maps a hostname to an IP address NSEC = Prevents DNS cache poisoning

What is the primary purpose of Host Intrusion Detection Systems (HIDS)?

To monitor and detect potential security threats on a single computer or server

AIDE is used to manage system log files.

False

What is social engineering?

A type of attack that manipulates individuals into revealing sensitive information.

What is the purpose of a Certificate Authority (CA)?

To issue and sign X.509 certificates

The Linux Audit system is used to monitor file access.

True

What is the purpose of DNSSEC?

To provide authentication and integrity of DNS data.

In an OpenVPN server configuration, the ____________ directive is used to send network configuration information to the client.

push

Which of the following DNS records are used in DNSSEC?

RRSIG

Match the following terms with their descriptions:

SPD = A new Security Policy Database Snort = A rule-based intrusion detection system SSSD = A local service for user management

Iptables is a tool used for packet filtering and NAT.

True

What is the purpose of a trust anchor in X.509 certificates?

A list of public keys that are trusted by a particular CA.

What is the purpose of an extended attribute in Linux?

To store additional metadata about a file

TSIG is used to encrypt DNS queries.

False

What is the purpose of pam_cracklib?

To check new passwords against dictionary words and enforce complexity.

The purpose of IP sets is to group together ______________ that can be referenced by netfilter rules.

IP addresses

What is the purpose of rkhunter?

To scan for malware and rootkits

Match the following DNS records with their purposes:

DNSKEY = To validate the authenticity of a DNS zone NSEC = To prove the non-existence of a DNS record NSEC3 = To provide a more secure way of proving non-existence of a DNS record TSIG = To sign DNS messages for secure communication

AIDE is used to manage system log files.

False

What is the purpose of a trust anchor in X.509 certificates?

A list of public keys that are trusted by a particular CA.

Study Notes

LPIC-3 Security

• The uid option in mount.cifs specifies the user that appears as the local owner of the files of a mounted CIFS share when the server does not provide ownership information.

Private Keys

• Private keys should be created on the systems where they will be used and should never leave them.
• Private keys should have a sufficient length for the algorithm used for key generation.

DNSSEC

• NSEC3 is used to prevent zone enumeration.

SELinux

• The newrole command is used to run a new shell for a user changing the SELinux context.

AIDE

• The aide.conf file is used to configure AIDE.
• ! is used to negate a pattern in AIDE rules.

Asymmetric Keys

• An asymmetric key is a key used for both encryption and decryption that is generated in a pair.

Behavioral-Based HIDS

• Anomaly-based detection is an example of a behavioral-based HIDS technique.

Linux Audit System

• The ausearch command is used to search and filter the audit log.

Package Management Tools

• RPM and DPKG are package management tools that can be used to verify the integrity of installed files on a Linux system.

Honeypots

• A honeypot is a network security tool designed to lure attackers into a trap.

DNSSEC Validation

• A recursive name server is used to perform DNSSEC validation on behalf of clients.

Trust between FreeIPA and Active Directory

• The command ipa trust-add --type ad addom --admin Administrator --password is used to establish a trust between a FreeIPA domain and an Active Directory domain.

NTOP

• The command ntop --set-admin-password=testing123 is used to set the administrator password for ntop.

Symmetric Keys

• A symmetric key is a key used for encryption and decryption that is the same.

Privilege Escalation

• Privilege escalation is an attack that exploits a vulnerability to gain elevated privileges.

PAM Modules

• The pam_cracklib module checks new passwords against dictionary words and enforces complexity.

TSIG

• TSIG is used to sign DNS messages for secure communication.

IP Sets

• IP sets are used to group together IP addresses that can be referenced by netfilter rules.

Extended Attributes

• Extended attributes are used to store additional metadata about a file.

rkhunter

• rkhunter is used to detect rootkits and other security threats.

Mandatory Access Control (MAC)

• SELinux is an example of a Mandatory Access Control (MAC) model.

OpenVPN

• The --mlock option is used to ensure that ephemeral keys are not written to the swap space.

Scan Techniques

• Xmas Scan and FIN Scan are existing scan techniques with nmap.

Access Control Lists (ACLs)

• getfacl is used to view the access control list of a file.

FreeIPA

• The command ipa user-add usera --first User --last A is used to add a new user to FreeIPA.

Man-in-the-Middle Attack

• A man-in-the-middle attack is an attack that intercepts communications between two parties to steal information.

OpenVPN Options

• The --tls-timeout 5 option changes the timeout period to 5 seconds.

Certificate Chaining

• A certificate chain is a sequence of certificates used to verify the authenticity of a digital certificate.

Network Security

• The iptables command is used to change the source IP address to 192.0.2.11 for all IPv4 packets which go through the network interface eth0.

Trojan

• A Trojan is a type of malware that disguises itself as legitimate software.

Rogue Access Point

• A rogue access point is an unauthorized access point that is set up to look like a legitimate one.

DNSSEC

• The dnssec-keygen command is used to generate DNSSEC keys.

Certificate Authority (CA)

• A Certificate Authority (CA) is used to issue and sign X.509 certificates.

Linux Malware Detect

• Linux Malware Detect is a tool to detect malware on a Linux system.

Linux Audit System

• The Linux Audit system is used to detect intrusions and system changes.

DoS Attack

• A DoS attack is an attack that floods a network or server with traffic to make it unavailable.

Trust Anchor

• A trust anchor is a root certificate that is trusted by a particular CA.

Linux Audit System

• The Linux Audit system provides a way to track and monitor system access and changes.

File Ownership

• File ownership is used to restrict access to files only to their owner.

File Permissions

• The chmod command is used to set the permissions of a file in Linux.

DNS Records

• The CAA record is used to publish X.509 certificate and certificate authority information in DNS.

DANE

• The TLSA record is used to provide information about a TLS server in DANE.

Shell and Child Processes

• The ulimit command is used to control the resources of a shell and its child processes.

Apache HTTPD

• The SSLStrictSNIVHostCheck on configuration has an effect on an Apache HTTPD virtual host.### Virtual Host and SSL
• The virtual host is used as a fallback default for all clients that do not support SNI.
• The virtual host is served only on the common name and Subject Alternative Name.

Apache HTTPD Configuration

• To require a client certificate for authentication in Apache HTTPD, use SSLVerifyClient require.

Certificate Authority

• A Root CA certificate is self-signed.
• A Root CA certificate does not include the private key of the CA.
• A Root CA certificate must contain an X509v3 Authority extension.

Host Intrusion Detection (HID)

• HID monitors for unauthorized access attempts.
• To implement HID, configure it to alert security personnel of potential security incidents.
• HID does not provide automatic removal of detected threats.

SELinux Permissions

• SELinux permissions are verified after standard Linux permissions.
• SELinux permissions do not override standard Linux permissions.

Linux Commands

• chown is used to set the owner and group of a file in Linux.
• openvas-nvt-sync is the command to update NVTs from the OpenVAS NVT feed.

Wireshark Capture Filters

• tcp portrange 10000-15000 is a valid Wireshark capture filter.

Linux Security

• cron can be used to automate host scans on a Linux system.
• ip is used to set the owner and group of a file in Linux.

Access Control List (ACL)

• An ACL specifies fine-grained permissions for users and groups.

Authentication

• Kerberos authentication was added to NFS in version 4.

OCSP Stapling

• OCSP stapling allows a server to provide proof of the revocation status of its own SSL/TLS certificate.

FreeIPA

• ipa-server-install installs and configures a new FreeIPA server, including all sub-components, and creates a new FreeIPA domain.

OpenSSL Commands

• openssl req –new –key private/keypair.pem –out req/csr.pem generates a certificate signing request (CSR) using the already existing private key contained in the file private/keypair.pem.

Cryptography

• Cryptography is the art of sending secret messages.

HID Monitoring

• HID monitors for unauthorized access attempts.

Ciphertext and Plaintext

• Ciphertext is the encrypted message.
• Plaintext is the original message before encryption.

Audit Rule

• auditctl –w /etc/firewall/rules –p rw –k firewall defines an audit rule that monitors read and write operations to the file /etc/firewall/rules and associates the rule with the name firewall.

Rootkit

• A rootkit is a type of malware that disguises itself as legitimate software.

ebtables Rules

• ebtables -t filter –L –v displays all ebtable rules contained in the table filter, including their packet and byte counters.

Snort-stat

• Snort-stat displays statistics from the running Snort process.

Rootkits on Linux

• chkrootkit is a tool that can be used to check for rootkits on a Linux system.

LUKS Device

• cryptsetup luksDelKey /dev/sda 1 0 deletes the first key from the LUKS device /dev/sda.

eCryptfs

• eCryptfs is a stacked cryptographic filesystem for Linux.
• eCryptfs encrypts files and directories in Linux.

FreeIPA Components

• FreeIPA includes a Kerberos KDC, Public Key Infrastructure, and Directory Server.

DNSSEC

• TSIG is used to authenticate name servers in order to perform secured zone transfers.
• DNSSEC signs the DNS zone using a key signing key.

X.509 Certificates

• An X.509 certificate contains the identity of a website.
• An X.509 certificate is used to verify the identity of a website.

Certificate Revocation List (CRL)

• A CRL is a list of X.509 certificates that have been revoked by a particular CA.

DNSKEY Record

• The DNSKEY record is used to sign a DNS zone.

Host Intrusion Detection (HID)

• HID monitors and detects potential security threats on a single computer or server.

Phishing

• Phishing is a type of social engineering attack that exploits human psychology to gain access to sensitive information.

AIDE

• AIDE is used to detect intrusions and system changes.

Social Engineering

• Social engineering is a type of attack that exploits human psychology to gain access to sensitive information.

DNS over TLS and DNS over HTTPS

• DNS over TLS and DNS over HTTPS provide secure communication between DNS clients and servers.

DNS and DNSSEC

• DNS records: RRSIG, NSEC, NSEC3, DS, PTR, and A records are used for different purposes in DNS.
• PTR records are used to map an IP address to a hostname.
• DNSKEY records are used to sign a DNS zone in DNSSEC.

Security Threats

• Phishing is a type of social engineering attack that targets a specific user or organization to steal sensitive information.
• Social engineering attacks aim to steal sensitive information by exploiting human psychology.

System Security

• Host intrusion detection (HID) is a system that monitors and detects potential security threats on a single computer or server.
• AIDE (Advanced Intrusion Detection Environment) is a tool that detects intrusions and system changes.

Password Management

• pam_cracklib is a PAM module that checks new passwords against dictionary words and enforces complexity.

Network Security

• TSIG is used to sign DNS messages for secure communication in DNS.
• IP sets group together IP addresses that can be referenced by netfilter rules.
• iptables is a command used to configure firewall rules in Linux.

Linux System Management

• Extended attributes in Linux are used to store additional metadata about a file.
• rkhunter is a tool that scans for rootkits and other malicious software, and is configured using the /etc/rkhunter.conf file.

Networking and Firewall Configuration

• setkey is a command used to configure IPsec policies and create new SPD entries.
• Snort is a network intrusion detection system that can be configured using rules files.

User Management

• SSSD (System Security Services Daemon) is a service that provides access to remote directories and authentication mechanisms.

Certificates and Encryption

• A Certificate Revocation List (CRL) is a list of X.509 certificates that have been revoked by a Certification Authority (CA).
• A CA is an entity that issues and signs X.509 certificates.
• OpenVPN is a VPN solution that uses X.509 certificates for authentication and encryption.

Kerberos Configuration

• The krb5.conf file is used to configure Kerberos settings, and allows sections such as [plugins], [domain], [capaths], and [realms].
• The push directive is used in OpenVPN server configuration to send network configuration information to the client.

Description

Practice quiz for LPIC-3 Security certification, covering various topics such as file system management and security configurations. This exam helps you assess your knowledge and prepare for the certification test.