LPIC-3 Security Exam

Questions and Answers

When OpenVPN sends a control packet to its peer, it expects an acknowledgement in 2 seconds by default. Which of the following options changes the timeout period to 5 seconds?

-- tls- timer 500

-- tls- timeout 500

-- tls-timeout 5 (correct)

-- tls- timer 5

Which permission bit allows a user to delete a file?

Write

What is the purpose of rkhunter?

To automate host scans

To detect rootkits and other security threats (correct)

To manage installed packages

To manage system log files

What is a certificate chain?

A sequence of certificates used to verify the authenticity of a digital certificate

Which of the following commands changes the source IP address to 192.0.2.11 for all IPv4 packets which go through the network interface eth0?

iptables ~t nat ~A POSTROUTING ~o eth0 j SNAT --tosource 192.0.2.11

Which command, included in BIND, generates DNSSEC keys?

dnssec-keygen

What is the purpose of file ownership in Linux systems?

To restrict access to files only to their owner

What option of mount.cifs specifies the user that appears as the local owner of the files of a mounted CIFS share when the server does not provide ownership information?

uid

Which of the following practices are important for the security of private keys? (Choose TWO correct answers)

Private keys should be created on the systems where they will be used and should never leave them.

What is the purpose of NSEC3 in DNSSEC?

To prevent zone enumeration

Which command is used to run a new shell for a user changing the SELinux context?

newrole

Which file is used to configure AIDE?

/etc/aide/aide.conf

Which of the following statements describes the purpose of ndpmon?

It monitors the network for neighbor discovery messages from new IPv6 hosts and routers.

What is an asymmetric key?

A key used for both encryption and decryption that is generated in a pair

Which of the following is an example of a behavioral-based HID technique?

Anomaly-based detection

Which command revokes ACL-based write access for groups and named users on the file afile?

setfacl ~m mask: : rx afile

Which command is used to set an extended attribute on a file in Linux?

setfattr

Which file is used to configure rkhunter?

/etc/rkhunter.conf

Is the command 'ipa-server-install' correct?

Correct

Which of the following openssl commands generates a certificate signing request (CSR) using the already existing private key contained in the file private/keypair.pem?

openssl req – new -key private/keypair.pem –out req/csr.pem

What is Cryptography?

The art of sending secret messages

What type of activity does HID monitor for?

Unauthorized access attempts

Which of the following is NOT a benefit of using HID?

Provides automatic removal of detected threats

What is a ciphertext?

The encrypted message

Which of the following commands defines an audit rule that monitors read and write operations to the file /etc/firewall/rules and associates the rule with the name firewall?

auditctl –w /etc/firewall/rules –p rw –k firewall

What is a rootkit?

A type of malware that disguises itself as legitimate software

Which of the following commands displays all ebtable rules contained in the table filter including their packet and byte counters?

ebtables -t filter –L --Lc

What is a plaintext?

The original message before encryption

Study Notes

LPIC-3 Security

Mounting CIFS Shares

• The uid option of mount.cifs specifies the user that appears as the local owner of the files of a mounted CIFS share when the server does not provide ownership information.

Security Practices

• Private keys should be created on the systems where they will be used and should never leave them.
• Private keys should have a sufficient length for the algorithm used for key generation.
• Private keys should not be stored as plain text files without encryption.

DNSSEC

• NSEC3 is used to prevent zone enumeration.

Access Control

• Forcing a file to be executed with the permissions of the file owner is achieved by setting the SetUID bit.
• The difference between SetUID and SetGID is that SetUID allows a file to be executed with the permissions of the file owner, while SetGID allows a file to be executed with the permissions of the group owner.

Symmetric and Asymmetric Keys

• A symmetric key is used for encryption and decryption and is the same for both.
• An asymmetric key, also known as a key pair, is used for encryption and decryption and is generated in a pair.

Linux Audit System

• The ausearch command is used to search and filter the audit log.

Network Security

• A honeypot is a network security tool designed to lure attackers into a trap.
• IP sets group together IP addresses that can be referenced by netfilter rules.

Authentication and Authorization

• rkhunter is used to detect rootkits and other security threats.

Digital Certificates

• A certificate chain is a sequence of certificates used to verify the authenticity of a digital certificate.
• A Certificate Authority (CA) issues and signs X.509 certificates.

Threats and Attacks

• A buffer overflow is a type of software vulnerability.
• A man-in-the-middle attack intercepts communications between two parties to steal information.
• A Trojan is a type of malware that disguises itself as legitimate software.
• A rogue access point is an unauthorized access point set up to look like a legitimate one.

System Hardening

• Linux Malware Detect is a tool used to detect malware on a Linux system.
• pam_cracklib is a PAM module that checks new passwords against dictionary words and enforces complexity.

DNS and DNSSEC

• RRSIG is a DNS record type used in DNSSEC.
• dnssec-keygen generates DNSSEC keys.

File Permissions and Access Control

• Linux file ownership is used to restrict access to files only to their owner.
• chmod is used to set the permissions of a file in Linux.

Network Security Tools

• iptable is used to configure firewall rules.
• nftables is used to configure packet filtering and classification.

Let me know if you'd like me to clarify or expand on any of these points!### Virtual Host and SSL

• The virtual host is used as a fallback default for all clients that do not support SNI.
• The virtual host is served only on the common name and Subject Alternative.

Apache HTTPD Configuration

• To require a client certificate for authentication, use the configuration option SSLVerifyClient require.
• SSLRequestClientCert is used to request a client certificate, but it does not require one.
• SSLVerifyClient is used to specify the verification level for client certificates.

Root CA Certificate

• A Root CA certificate is a self-signed certificate.
• It does not include the private key of the CA.
• It must contain an X509v3 Authority extension.

Host-Based Intrusion Detection (HID)

• HID is a system that monitors and detects potential security threats on a single computer or server.
• Best practice for implementing HID is to configure it to alert security personnel of potential security incidents.

SELinux Permissions

• SELinux permissions are verified after standard Linux permissions.
• SELinux permissions do not override standard Linux permissions.

Wireshark Capture Filters

• tcp portrange 10000-15000 is a valid Wireshark capture filter.

OpenVAS NVT Feed

• The command openvas-nvt-sync is used to update NVTs from the OpenVAS NVT feed.

File Permissions

• The chown command is used to set the owner and group of a file in Linux.
• The chmod command is used to set the permissions of a file in Linux.

Executable Files

• The permission bit that allows a file to be executed is Execute.

Automation of Host Scans

• Cron can be used to automate host scans on a Linux system.

sysctl Command

• The sysctl command is used to configure kernel parameters.
• The data that can be altered by the sysctl command is accessible in /proc/sys.

Access Control Lists

• The purpose of an access control list (ACL) in Linux is to specify fine-grained permissions for users and groups.

NFS Configuration

• Kerberos authentication was added to NFS in version 4.

OCSP Stapling

• OCSP stapling is a mechanism that allows a server to provide proof of the revocation status of its own SSL/TLS certificate.

FreeIPA Server

• The command ipa-server-install is used to install and configure a new FreeIPA server, including all sub-components, and creates a new FreeIPA domain.

OpenSSL Commands

• The command openssl req –new –key private/keypair.pem –out req/csr.pem is used to generate a certificate signing request (CSR) using the already existing private key contained in the file private/keypair.pem.

Cryptography

• Cryptography is the art of sending secret messages.

HID Monitoring

• HID monitors for unauthorized access attempts.

Benefits of HID

• HID provides real-time detection of security incidents.
• HID allows for quick response to security incidents.
• HID helps prevent security incidents from occurring.

Ciphertext and Plaintext

• Ciphertext is the encrypted message.
• Plaintext is the original message before encryption.

Rootkits

• A rootkit is a type of malware that disguises itself as legitimate software.

ebtables

• The command ebtables -t filter -L -v is used to display all ebtables rules contained in the table filter, including their packet and byte counters.

LDAP and Certificates

• LDAP is commonly used to transmit X.509 certificates.

Snort-stat

• The purpose of the program snort-stat is to read syslog files containing Snort information and generate port scan statistics.

chkrootkit

• chkrootkit is a tool used to check for rootkits on a Linux system.

LUKS Devices

• The command cryptsetup luksOpen /dev/sda1 crypt-vol is used to map a LUKS device.
• The command cryptsetup luksDelKey /dev/mapper/crypt-vol 1 is used to delete a key from a LUKS device.

eCryptfs

• eCryptfs is a stacked cryptographic filesystem for Linux.
• For every file in an eCryptfs directory, there exists a corresponding file that contains the encrypted content.

User Account Management

• The command chage --maxdays -1 usera is used to disable the automatic password expiry for the user usera.

TSIG and DNS

• TSIG authenticates name servers in order to perform secured zone transfers by using a secret key that is shared between the servers.

FreeIPA Components

• FreeIPA includes a Kerberos KDC, a Directory Server, and a Public Key Infrastructure.

DNSSEC

• DNSSEC is used to provide authentication of DNS data and verify the integrity of DNS data.

X.509 Certificates

• An X.509 certificate contains information such as the subject, issuer, validity dates, and public key.
• A Certificate Revocation List (CRL) is a list of X.509 certificates that have been revoked by a particular CA.

AppArmor and SELinux

• AppArmor and SELinux are both Mandatory Access Control (MAC) systems.
• AppArmor is implemented in user space only, while SELinux is a Linux kernel module.

Host Intrusion Detection

• Host intrusion detection (HID) monitors and detects potential security threats on a single computer or server.

Social Engineering

• Social engineering is a type of attack that exploits human psychology to gain access to sensitive information.

AIDE

• AIDE is a file integrity checker that detects intrusions and system changes.

DNS over TLS and DNS over HTTPS

• DNS over TLS and DNS over HTTPS are used to provide secure communication between DNS clients and servers.

Description

Practice questions for LPIC-3 Security certification, covering topics such as file systems and permissions. Prepare for the 303-300 exam with this quiz.