LPIC-3 Security Exam

Study Flashcards Play Quiz

Questions and Answers

What is the purpose of rkhunter?

To detect rootkits and other security threats

What is the purpose of file ownership in Linux systems?

To restrict access to files only to their owner

A trust anchor is a list of public keys that are trusted by a particular CA.

False

Which command is used to set the permissions of a file in Linux?

chmod Signup and view all the answers

What option of mount.cifs specifies the user that appears as the local owner of the files of a mounted CIFS share when the server does not provide ownership information?

uid Signup and view all the answers

Which of the following practices are important for the security of private keys? (Choose TWO correct answers)

Private keys should have a sufficient length for the algorithm used for key generation. Signup and view all the answers

What is the purpose of NSEC3 in DNSSEC?

To prevent zone enumeration Signup and view all the answers

Which command revokes ACL-based write access for groups and named users on the file afile?

setfacl ~m mask: : rx afile Signup and view all the answers

Which command is used to set an extended attribute on a file in Linux?

setfattr Signup and view all the answers

Determine whether the given solution is correct?

Correct Signup and view all the answers

Which of the following OpenSSL commands generates a certificate signing request (CSR) using the already existing private key?

openssl req – new -key private/keypair.pem –out req/csr.pem Signup and view all the answers

What is Cryptography?

The art of sending secret messages Signup and view all the answers

What is the primary purpose of an NSEC or NSEC3 record in DNSSEC?

To prevent DNS cache poisoning Signup and view all the answers

A Certificate Revocation List (CRL) is a list of X.509 certificates that have been issued by a particular CA.

False Signup and view all the answers

What is the primary purpose of a DNSKEY record in DNSSEC?

To sign a DNS zone Signup and view all the answers

Phishing is a type of ______________________ attack.

social engineering Signup and view all the answers

Match the following DNS records with their purposes:

PTR = Maps an IP address to a hostname DNSKEY = Signs a DNS zone A = Maps a hostname to an IP address NSEC = Prevents DNS cache poisoning Signup and view all the answers

What is the primary purpose of Host Intrusion Detection Systems (HIDS)?

To monitor and detect potential security threats on a single computer or server Signup and view all the answers

AIDE is used to manage system log files.

False Signup and view all the answers

What is social engineering?

A type of attack that manipulates individuals into revealing sensitive information. Signup and view all the answers

What is the purpose of a Certificate Authority (CA)?

To issue and sign X.509 certificates Signup and view all the answers

The Linux Audit system is used to monitor file access.

True Signup and view all the answers

What is the purpose of DNSSEC?

To provide authentication and integrity of DNS data. Signup and view all the answers

In an OpenVPN server configuration, the ____________ directive is used to send network configuration information to the client.

push Signup and view all the answers

Which of the following DNS records are used in DNSSEC?

RRSIG Signup and view all the answers

Match the following terms with their descriptions:

SPD = A new Security Policy Database Snort = A rule-based intrusion detection system SSSD = A local service for user management Signup and view all the answers

Iptables is a tool used for packet filtering and NAT.

True Signup and view all the answers

What is the purpose of a trust anchor in X.509 certificates?

A list of public keys that are trusted by a particular CA. Signup and view all the answers

What is the purpose of an extended attribute in Linux?

To store additional metadata about a file Signup and view all the answers

TSIG is used to encrypt DNS queries.

False Signup and view all the answers

What is the purpose of pam_cracklib?

To check new passwords against dictionary words and enforce complexity. Signup and view all the answers

The purpose of IP sets is to group together ______________ that can be referenced by netfilter rules.

IP addresses Signup and view all the answers

What is the purpose of rkhunter?

To scan for malware and rootkits Signup and view all the answers

Match the following DNS records with their purposes:

DNSKEY = To validate the authenticity of a DNS zone NSEC = To prove the non-existence of a DNS record NSEC3 = To provide a more secure way of proving non-existence of a DNS record TSIG = To sign DNS messages for secure communication Signup and view all the answers

AIDE is used to manage system log files.

False Signup and view all the answers

What is the purpose of a trust anchor in X.509 certificates?

A list of public keys that are trusted by a particular CA. Signup and view all the answers

Study Notes

LPIC-3 Security

The uid option in mount.cifs specifies the user that appears as the local owner of the files of a mounted CIFS share when the server does not provide ownership information.

Private Keys

Private keys should be created on the systems where they will be used and should never leave them.
Private keys should have a sufficient length for the algorithm used for key generation.

DNSSEC

NSEC3 is used to prevent zone enumeration.

SELinux

The newrole command is used to run a new shell for a user changing the SELinux context.

AIDE

The aide.conf file is used to configure AIDE.
! is used to negate a pattern in AIDE rules.

Asymmetric Keys

An asymmetric key is a key used for both encryption and decryption that is generated in a pair.

Behavioral-Based HIDS

Anomaly-based detection is an example of a behavioral-based HIDS technique.

Linux Audit System

The ausearch command is used to search and filter the audit log.

Package Management Tools

RPM and DPKG are package management tools that can be used to verify the integrity of installed files on a Linux system.

Honeypots

A honeypot is a network security tool designed to lure attackers into a trap.

DNSSEC Validation

A recursive name server is used to perform DNSSEC validation on behalf of clients.

Trust between FreeIPA and Active Directory

The command ipa trust-add --type ad addom --admin Administrator --password is used to establish a trust between a FreeIPA domain and an Active Directory domain.

NTOP

The command ntop --set-admin-password=testing123 is used to set the administrator password for ntop.

Symmetric Keys

A symmetric key is a key used for encryption and decryption that is the same.

Privilege Escalation

Privilege escalation is an attack that exploits a vulnerability to gain elevated privileges.

PAM Modules

The pam_cracklib module checks new passwords against dictionary words and enforces complexity.

TSIG

TSIG is used to sign DNS messages for secure communication.

IP Sets

IP sets are used to group together IP addresses that can be referenced by netfilter rules.

Extended Attributes

Extended attributes are used to store additional metadata about a file.

rkhunter

rkhunter is used to detect rootkits and other security threats.

Mandatory Access Control (MAC)

SELinux is an example of a Mandatory Access Control (MAC) model.

OpenVPN

The --mlock option is used to ensure that ephemeral keys are not written to the swap space.

Scan Techniques

Xmas Scan and FIN Scan are existing scan techniques with nmap.

Access Control Lists (ACLs)

getfacl is used to view the access control list of a file.

FreeIPA

The command ipa user-add usera --first User --last A is used to add a new user to FreeIPA.

Man-in-the-Middle Attack

A man-in-the-middle attack is an attack that intercepts communications between two parties to steal information.

OpenVPN Options

The --tls-timeout 5 option changes the timeout period to 5 seconds.

Certificate Chaining

A certificate chain is a sequence of certificates used to verify the authenticity of a digital certificate.

Network Security

The iptables command is used to change the source IP address to 192.0.2.11 for all IPv4 packets which go through the network interface eth0.

Trojan

A Trojan is a type of malware that disguises itself as legitimate software.

Rogue Access Point

A rogue access point is an unauthorized access point that is set up to look like a legitimate one.

DNSSEC

The dnssec-keygen command is used to generate DNSSEC keys.

Certificate Authority (CA)

A Certificate Authority (CA) is used to issue and sign X.509 certificates.

Linux Malware Detect

Linux Malware Detect is a tool to detect malware on a Linux system.

Linux Audit System

The Linux Audit system is used to detect intrusions and system changes.

DoS Attack

A DoS attack is an attack that floods a network or server with traffic to make it unavailable.

Trust Anchor

A trust anchor is a root certificate that is trusted by a particular CA.

Linux Audit System

The Linux Audit system provides a way to track and monitor system access and changes.

File Ownership

File ownership is used to restrict access to files only to their owner.

File Permissions

The chmod command is used to set the permissions of a file in Linux.

DNS Records

The CAA record is used to publish X.509 certificate and certificate authority information in DNS.

DANE

The TLSA record is used to provide information about a TLS server in DANE.

Shell and Child Processes

The ulimit command is used to control the resources of a shell and its child processes.

Apache HTTPD

The SSLStrictSNIVHostCheck on configuration has an effect on an Apache HTTPD virtual host.### Virtual Host and SSL
The virtual host is used as a fallback default for all clients that do not support SNI.
The virtual host is served only on the common name and Subject Alternative Name.

Apache HTTPD Configuration

To require a client certificate for authentication in Apache HTTPD, use SSLVerifyClient require.

Certificate Authority

A Root CA certificate is self-signed.
A Root CA certificate does not include the private key of the CA.
A Root CA certificate must contain an X509v3 Authority extension.

Host Intrusion Detection (HID)

HID monitors for unauthorized access attempts.
To implement HID, configure it to alert security personnel of potential security incidents.
HID does not provide automatic removal of detected threats.

SELinux Permissions

SELinux permissions are verified after standard Linux permissions.
SELinux permissions do not override standard Linux permissions.

Linux Commands

chown is used to set the owner and group of a file in Linux.
openvas-nvt-sync is the command to update NVTs from the OpenVAS NVT feed.

Wireshark Capture Filters

tcp portrange 10000-15000 is a valid Wireshark capture filter.

Linux Security

cron can be used to automate host scans on a Linux system.
ip is used to set the owner and group of a file in Linux.

Access Control List (ACL)

An ACL specifies fine-grained permissions for users and groups.

Authentication

Kerberos authentication was added to NFS in version 4.

OCSP Stapling

OCSP stapling allows a server to provide proof of the revocation status of its own SSL/TLS certificate.

FreeIPA

ipa-server-install installs and configures a new FreeIPA server, including all sub-components, and creates a new FreeIPA domain.

OpenSSL Commands

openssl req –new –key private/keypair.pem –out req/csr.pem generates a certificate signing request (CSR) using the already existing private key contained in the file private/keypair.pem.

Cryptography

Cryptography is the art of sending secret messages.

HID Monitoring

HID monitors for unauthorized access attempts.

Ciphertext and Plaintext

Ciphertext is the encrypted message.
Plaintext is the original message before encryption.

Audit Rule

auditctl –w /etc/firewall/rules –p rw –k firewall defines an audit rule that monitors read and write operations to the file /etc/firewall/rules and associates the rule with the name firewall.

Rootkit

A rootkit is a type of malware that disguises itself as legitimate software.

ebtables Rules

ebtables -t filter –L –v displays all ebtable rules contained in the table filter, including their packet and byte counters.

Snort-stat

Snort-stat displays statistics from the running Snort process.

Rootkits on Linux

chkrootkit is a tool that can be used to check for rootkits on a Linux system.

LUKS Device

cryptsetup luksDelKey /dev/sda 1 0 deletes the first key from the LUKS device /dev/sda.

eCryptfs

eCryptfs is a stacked cryptographic filesystem for Linux.
eCryptfs encrypts files and directories in Linux.

FreeIPA Components

FreeIPA includes a Kerberos KDC, Public Key Infrastructure, and Directory Server.

DNSSEC

TSIG is used to authenticate name servers in order to perform secured zone transfers.
DNSSEC signs the DNS zone using a key signing key.

X.509 Certificates

An X.509 certificate contains the identity of a website.
An X.509 certificate is used to verify the identity of a website.

Certificate Revocation List (CRL)

A CRL is a list of X.509 certificates that have been revoked by a particular CA.

DNSKEY Record

The DNSKEY record is used to sign a DNS zone.

Host Intrusion Detection (HID)

HID monitors and detects potential security threats on a single computer or server.

Phishing

Phishing is a type of social engineering attack that exploits human psychology to gain access to sensitive information.

AIDE

AIDE is used to detect intrusions and system changes.

Social engineering is a type of attack that exploits human psychology to gain access to sensitive information.

DNS over TLS and DNS over HTTPS

DNS over TLS and DNS over HTTPS provide secure communication between DNS clients and servers.

DNS and DNSSEC

DNS records: RRSIG, NSEC, NSEC3, DS, PTR, and A records are used for different purposes in DNS.
PTR records are used to map an IP address to a hostname.
DNSKEY records are used to sign a DNS zone in DNSSEC.

Security Threats

Phishing is a type of social engineering attack that targets a specific user or organization to steal sensitive information.
Social engineering attacks aim to steal sensitive information by exploiting human psychology.

System Security

Host intrusion detection (HID) is a system that monitors and detects potential security threats on a single computer or server.
AIDE (Advanced Intrusion Detection Environment) is a tool that detects intrusions and system changes.

Password Management

pam_cracklib is a PAM module that checks new passwords against dictionary words and enforces complexity.

Network Security

TSIG is used to sign DNS messages for secure communication in DNS.
IP sets group together IP addresses that can be referenced by netfilter rules.
iptables is a command used to configure firewall rules in Linux.

Linux System Management

Extended attributes in Linux are used to store additional metadata about a file.
rkhunter is a tool that scans for rootkits and other malicious software, and is configured using the /etc/rkhunter.conf file.

Networking and Firewall Configuration

setkey is a command used to configure IPsec policies and create new SPD entries.
Snort is a network intrusion detection system that can be configured using rules files.

User Management

SSSD (System Security Services Daemon) is a service that provides access to remote directories and authentication mechanisms.

Certificates and Encryption

A Certificate Revocation List (CRL) is a list of X.509 certificates that have been revoked by a Certification Authority (CA).
A CA is an entity that issues and signs X.509 certificates.
OpenVPN is a VPN solution that uses X.509 certificates for authentication and encryption.

Kerberos Configuration

The krb5.conf file is used to configure Kerberos settings, and allows sections such as [plugins], [domain], [capaths], and [realms].
The push directive is used in OpenVPN server configuration to send network configuration information to the client.

Studying That Suits You

Use AI to generate personalized quizzes and flashcards to suit your learning preferences.