LPIC-3 Security Exam Questions

Questions and Answers

When OpenVPN sends a control packet to its peer, it expects an acknowledgement in 2 seconds by default. Which of the following options changes the timeout period to 5 seconds?

-- tls-timeout 5

What is the purpose of rkhunter?

To detect rootkits and other security threats

Which permission bit allows a user to delete a file?

Write

What is the purpose of a Certificate Authority (CA)?

To issue and sign X.509 certificates

What is a rogue access point?

An unauthorized access point that is set up to look like a legitimate one

What option of mount.cifs specifies the user that appears as the local owner of the files of a mounted CIFS share when the server does not provide ownership information?

uid

Which of the following practices are important for the security of private keys? (Choose TWO correct answers.) A. Private keys should be created on the systems where they will be used and should never leave them. B. Private keys should be uploaded to public key servers. C. Private keys should be included in X509 certificates. D. Private keys should have a sufficient length for the algorithm used for key generation. E. Private keys should always be stored as plain text files without any encryption.

A, D

What is the purpose of NSEC3 in DNSSEC? A. To provide information about DNSSEC key signing keys B. To prevent zone enumeration C. To authenticate a DNS server D. To sign a DNS zone

A

Which command is used to run a new shell for a user changing the SELinux context?

newrole

Which file is used to configure AIDE?

/etc/aide/aide.conf

Which of the following statements describes the purpose of ndpmon? A. It monitors the network for neighbor discovery messages from new IPv6 hosts and routers. B. It monitors remote hosts by periodically sending echo requests to them. C. It monitors the availability of a network link by querying network interfaces. D. It monitors the network for IPv4 nodes that have not yet migrated to IPv6. E. It monitors log files for failed login attempts in order to block traffic from offending network nodes.

A

What is an asymmetric key? A. A key used for encryption and decryption that is the same B. A key used for encryption that is different from the key used for decryption C. A key used for decryption that is different from the key used for encryption D. A key used for both encryption and decryption that is generated in a pair

D

Which of the following is an example of a behavioral-based HID technique? A. Signature-based detection B. Anomaly-based detection C. Heuristic-based detection D. Rule-based detection

A

Which command revokes ACL-based write access for groups and named users on the file afile?

setfacl ~m mask: : rx afile

Which command is used to set an extended attribute on a file in Linux?

setfattr

Which option in an Apache HTTPD configuration file enables OCSP stapling?

httpd-ssl.conf

Determine whether the given solution is correct?

Correct

Study Notes

LPIC-3 Security

• Mounting CIFS shares:
  • The uid option specifies the user that appears as the local owner of the files of a mounted CIFS share when the server does not provide ownership information.
• Practices for private key security:
  • Private keys should be created on the systems where they will be used and should never leave them.
  • Private keys should have a sufficient length for the algorithm used for key generation.
• DNSSEC:
  • NSEC3 is used to prevent zone enumeration.
  • DNSSEC validation can be performed on behalf of clients using recursive name servers.

Linux File System

• File ownership and permissions:
  • The chown command is used to change the owner of a file.
  • The chmod command is used to change the permissions of a file.
  • The setfacl command is used to set an access control list (ACL) for a file.
• Extended attributes:
  • Extended attributes are used to store additional metadata about a file.
  • The getfattr command is used to get the extended attributes of a file.
  • The setfattr command is used to set an extended attribute for a file.

Security Threats

• Buffer overflow:
  • A buffer overflow is a type of software vulnerability.
• Privilege escalation:
  • Privilege escalation is an attack that exploits a vulnerability to gain elevated privileges.
• Man-in-the-middle attack:
  • A man-in-the-middle attack is an attack that intercepts communications between two parties to steal information.

Access Control

• SELinux:
  • SELinux is used to establish a Mandatory Access Control (MAC) model.
• PAM:
  • The pam_cracklib module is used to check new passwords against dictionary words and enforce complexity.
• SetUID and SetGID:
  • SetUID allows a file to be executed with the permissions of the file owner.
  • SetGID allows a file to be executed with the permissions of the group owner.

Network Security

• Firewall configuration:
  • The iptables command is used to configure the firewall.
  • The --mlock option is used to ensure that ephemeral keys are not written to the swap space.
• OpenVPN:
  • OpenVPN is used to create a VPN.
  • The push directive is used to send network configuration information to the client.
• DNS:
  • DNSSEC is used to provide authentication and integrity of DNS data.
  • The RRSIG record is used to verify the authenticity of a DNS response.

Cryptography

• Symmetric and asymmetric keys:
  • A symmetric key is used for encryption and decryption and is the same.
  • An asymmetric key is used for both encryption and decryption and is generated in a pair.
• Certificates:
  • A Certificate Authority (CA) is used to issue and sign X.509 certificates.
  • A certificate chain is a sequence of certificates used to verify the authenticity of a digital certificate.
  • A trust anchor is a root certificate that is trusted by a particular CA.

System Security

• Audit system:
  • The Linux Audit system is used to detect intrusions and system changes.
  • The ausearch command is used to search and filter the audit log.
• Malware detection:
  • Linux Malware Detect is a tool used to detect malware on a Linux system.
• Rkhunter:
  • Rkhunter is a tool used to detect rootkits and other security threats.### Virtual Host and SSL/TLS
• A virtual host is used as a fallback default for all clients that do not support SNI.
• The virtual host is served only on the common name and Subject Alternative.

Authentication Methods

• To require a client certificate for authentication in Apache HTTPD, use SSLVerifyClient require.
• Kerberos authentication was added to NFS in version 4.

Certificate and Key Management

• A Root CA certificate is a self-signed certificate that does not include the private key of the CA.
• A Root CA certificate must contain an X509v3 Authority extension.
• To generate a certificate signing request (CSR) using an existing private key, use openssl req -key private/keypair.pem -out req/csr.pem.

Security Information and Event Management (SIEM)

• HID (Host-based Intrusion Detection) monitors for unauthorized access attempts.
• HID does not provide automatic removal of detected threats.

Linux Security

• SELinux permissions are verified after standard Linux permissions.
• To set the owner and group of a file in Linux, use the chown command.

SSL/TLS and Certificate Revocation

• OCSP stapling allows a server to provide proof of the revocation status of its own SSL/TLS certificate.
• A Certificate Revocation List (CRL) is a list of X.509 certificates that have been revoked by a particular CA.

Cryptography

• Cryptography is the art of sending secret messages.
• A ciphertext is an encrypted message.
• A plaintext is the original message before encryption.

Network Scanning and Monitoring

• To automate host scans on a Linux system, use cron.
• To update NVTs from the OpenVAS NVT feed, use openvas-nvt-sync.

Access Control and File Systems

• An access control list (ACL) specifies fine-grained permissions for users and groups in Linux.
• To define an audit rule that monitors read and write operations to a file, use auditctl -w /etc/firewall/rules -p rw -k firewall.

Malware and Intrusion Detection

• A rootkit is a type of malware that disguises itself as legitimate software.
• To check for rootkits on a Linux system, use chkrootkit.
• A type of HID tool is a Security Information and Event Management (SIEM) system.

Key Management and DNSSEC

• To generate keys for DNSSEC, use dnssec-keygen.
• A DNSKEY record is used to sign a DNS zone.

Social Engineering and Phishing

• Phishing is a type of social engineering attack that exploits human psychology to gain access to sensitive information.
• Social engineering is a type of attack that exploits human psychology to gain access to sensitive information.

DNS and DNSSEC

• To provide secure communication between DNS clients and servers, use DNS over TLS and DNS over HTTPS.
• A DNSKEY record is used to sign a DNS zone.
• A certificate is used to verify the authenticity of a DNS query.