LPIC-3 Security Exam Questions

Questions and Answers

What is the purpose of rkhunter?

To manage system log files

To automate host scans

To detect rootkits and other security threats (correct)

To manage installed packages

What is a certificate chain?

A sequence of certificates used to verify the authenticity of a digital certificate (correct)

A sequence of public and private keys used for encryption and decryption

A chain of public and private keys used for encryption and decryption

A chain of digital signatures used to verify the authenticity of a certificate

What is a Trojan?

A type of virus

A type of denial-of-service attack

A type of malware that disguises itself as legitimate software (correct)

A type of phishing scam

What is a rogue access point?

An unauthorized access point that is set up to look like a legitimate one

The purpose of a TLSA record in DANE is to provide information about a TLS server.

False

How are SELinux permissions related to standard Linux permissions?

SELinux permissions override standard Linux permissions

What option of mount.cifs specifies the user that appears as the local owner of the files of a mounted CIFS share when the server does not provide ownership information?

uid

Which of the following practices are important for the security of private keys? (Choose TWO correct answers)

Private keys should have a sufficient length for the algorithm used for key generation.

What is the purpose of NSEC3 in DNSSEC?

To prevent zone enumeration

Which command is used to run a new shell for a user changing the SELinux context?

newrole

Which file is used to configure AIDE?

/etc/aide/aide.conf

Which of the following statements describes the purpose of ndpmon?

It monitors the network for neighbor discovery messages from new IPv6 hosts and routers.

What is an asymmetric key?

A key used for both encryption and decryption that is generated in a pair

Which of the following is an example of a behavioral-based HID technique?

Anomaly-based detection

Which command revokes ACL-based write access for groups and named users on the file afile?

setfacl ~m mask: : rx afile

Which command is used to set an extended attribute on a file in Linux?

setfattr

Determine whether the given solution is correct?

Correct

Which of the following openssl commands generates a certificate signing request (CSR) using the already existing private key contained in the file private/keypair.pem?

openssl req – new -key private/keypair.pem –out req/csr.pem

What is Cryptography?

The art of sending secret messages

What type of activity does HID monitor for?

Unauthorized access attempts

Which of the following is NOT a benefit of using HID?

Provides automatic removal of detected threats

What is a ciphertext?

The encrypted message

What is a rootkit?

A type of malware that disguises itself as legitimate software

Which of the following commands defines an audit rule that monitors read and write operations to the file '/etc/firewall/rules' and associates the rule with the name 'firewall'?

auditctl –w /etc/firewall/rules –p rw –k firewall

What is a plaintext?

The original message before encryption

Which protocol is commonly used to transmit X.509 certificates?

LDAP

What option of mount.cifs specifies the user that appears as the local owner of the files of a mounted CIFS share when the server does not provide ownership information?

uid

Which of the following practices are important for the security of private keys? (Choose TWO correct answers.)

Private keys should have a sufficient length for the algorithm used for key generation.

What is the purpose of NSEC3 in DNSSEC?

To prevent zone enumeration

Which command is used to run a new shell for a user changing the SELinux context?

newrole

Which file is used to configure AIDE?

/etc/aide/aide.conf

Which of the following statements describes the purpose of ndpmon?

It monitors the network for neighbor discovery messages from new IPv6 hosts and routers.

What is an asymmetric key?

A key used for both encryption and decryption that is generated in a pair

Which of the following is an example of a behavioral-based HID technique?

Anomaly-based detection

Which command revokes ACL-based write access for groups and named users on the file afile?

setfacl ~m mask: : rx afile

Which command is used to set an extended attribute on a file in Linux?

setfattr

When OpenVPN sends a control packet to its peer, it expects an acknowledgement in 2 seconds by default. Which of the following options changes the timeout period to 5 seconds?

-- tls-timeout 5

Which permission bit allows a user to delete a file?

Write

What is the purpose of rkhunter?

To detect rootkits and other security threats

What is a certificate chain?

A sequence of certificates used to verify the authenticity of a digital certificate

Which of the following commands changes the source IP address to 192.0.2.11 for all IPv4 packets which go through the network interface eth0?

iptables ~t nat ~A POSTROUTING ~o eth0 j SNAT --tosource 192.0.2.11

Which statement is used in a parameter file for setkey to create a new SPD entry?

spdadd

Which methods can be used to deactivate a rule in Snort? (Choose TWO correct answers.)

By placing a pass rule in local.rules and restarting Snort.

Which command adds users using SSSD's local service?

sss_useradd

Which DNS records are used in DNSSEC?

RRSIG

What is the purpose of a Certificate Authority (CA)?

To issue and sign X.509 certificates

Is the command 'ipa-server-install' a correct solution?

Correct

Which of the following openssl commands generates a certificate signing request (CSR) using the already existing private key?

openssl req – new -key private/keypair.pem –out req/csr.pem

What is Cryptography?

The art of sending secret messages

Which type of activity does HID monitor for?

Unauthorized access attempts

Which of the following is NOT a benefit of using HID?

Provides automatic removal of detected threats

What is a ciphertext?

The encrypted message

Which of the following commands defines an audit rule that monitors read and write operations to a specified file?

auditctl –w /etc/firewall/rules –p rw –k firewall

What is a rootkit?

A type of malware that disguises itself as legitimate software

Which of the following commands displays all ebtable rules contained in a specified table?

ebtables -t filter –L --Lc

What is a plaintext?

The original message before encryption

Which protocol is commonly used to transmit X.509 certificates?

LDAP

What is the purpose of the program snort-stat?

It reads syslog files containing Snort information and generates port scan statistics.

Which tool can be used to check for rootkits on a Linux system?

chkrootkit

What is the purpose of rkhunter?

To detect rootkits and other security threats

What is a certificate chain?

A sequence of certificates used to verify the authenticity of a digital certificate

Which permission bit allows a user to delete a file?

Write

Which of the following DNS records are used in DNSSEC?

RRSIG

What is the purpose of a Certificate Authority (CA)?

To issue and sign X.509 certificates

What option of mount.cifs specifies the user that appears as the local owner of the files of a mounted CIFS share when the server does not provide ownership information?

uid

Which of the following practices are important for the security of private keys? (Choose TWO correct answers.)

Private keys should be included in X509 certificates.

What is the purpose of NSEC3 in DNSSEC?

To prevent zone enumeration

Which command is used to run a new shell for a user changing the SELinux context?

newrole

Which file is used to configure AIDE?

/etc/aide/aide.conf

What is an asymmetric key?

A key used for both encryption and decryption that is generated in a pair

Which of the following is an example of a behavioral-based HID technique?

Anomaly-based detection

Which command revokes ACL-based write access for groups and named users on the file afile?

setfacl ~m mask: : rx afile

Which command is used to set an extended attribute on a file in Linux?

setfattr

Which option in an Apache HTTPD configuration file enables OCSP stapling?

False

Determine whether the given solution is correct?

Correct

What type of attack is phishing?

A type of social engineering attack

What is the purpose of a Certificate Revocation List (CRL)?

A list of X.509 certificates that have been revoked by a particular CA

What type of record is used to map an IP address to a hostname?

PTR

What is the purpose of AIDE?

To detect intrusions and system changes

What is host intrusion detection (HID)?

A system that monitors and detects potential security threats on a single computer or server

What is the purpose of a DNSKEY record in DNSSEC?

To sign a DNS zone

What is social engineering?

A type of psychological manipulation

What is the purpose of an RRSIG record in DNSSEC?

To sign a DNS zone

What is the primary function of ndpmon?

To monitor remote hosts by periodically sending echo requests

What type of key is used for both encryption and decryption that is generated in a pair?

Asymmetric key

What is an example of a behavioral-based HID technique?

Anomaly-based detection

Which command is used to set an extended attribute on a file in Linux?

setfattr

Which option in an Apache HTTPD configuration file enables OCSP stapling?

ssl-ocsp.conf

Which of the following database names can be used within a Name Service Switch (NSS) configuration file?

all of the above

What type of access control model is established by using SELinux?

Mandatory Access Control (MAC)

Which command revokes ACL-based write access for groups and named users on the file afile?

setfacl ~m mask: : rx afile

What is the purpose of OCSP stapling?

To provide information about a TLS server

Which option of the openvpn command should be used to ensure that ephemeral keys are not written to the swap space?

--mlock

Which command is used to view the access control list of a file?

getfacl

What is a man-in-the-middle attack?

An attack that intercepts communications between two parties to steal information

Which of the following names correspond to existing attribute namespaces?

system, trusted, user

Which of the following scan techniques is used with nmap?

Xmas Scan, FIN Scan

Which command is used to add a new user to FreeIPA?

ipa user-add usera --first User --last A

Which of the following is a Linux Extended File Attribute namespace?

trusted

What is the primary purpose of a DNSKEY record in DNSSEC?

To sign a DNS zone

A Certificate Revocation List (CRL) is a list of X.509 certificates that have been issued by a particular CA.

False

What is the purpose of AIDE?

AIDE is used to detect intrusions and system changes.

The DNS record used to map an IP address to a hostname is the _______________________ record.

PTR

Match the following security threats with their definitions:

Phishing = A type of attack where an attacker tricks a user into revealing sensitive information Social Engineering = A type of attack where an attacker tricks a user into revealing sensitive information Malware = A type of virus

What is the purpose of NSEC3 in DNSSEC?

To prevent DNS zone enumeration

Host intrusion detection (HID) is a system that detects malicious traffic on a network.

False

What is the purpose of a Certificate Authority (CA)?

A Certificate Authority (CA) is used to issue and manage digital certificates.

What is the purpose of ndpmon?

Monitor log files for failed login attempts in order to block traffic from offending network nodes

A key used for encryption and decryption that is the same is an asymmetric key.

False

What is the command to set an extended attribute on a file in Linux?

setfattr

The _______________ option in an Apache HTTPD configuration file enables OCSP stapling.

SSLUseStapling

Which of the following database names can be used within a Name Service Switch (NSS) configuration file?

passwd

Match the following HID techniques with their descriptions:

Signature-based detection = A technique that uses predefined patterns to identify malware Anomaly-based detection = A technique that identifies malware based on its behavior Heuristic-based detection = A technique that uses rules and algorithms to identify malware Rule-based detection = A technique that uses predefined rules to identify malware

The setfacl command is used to revoke ACL-based write access for groups and named users on a file.

False

What is an example of a behavioral-based HID technique?

Anomaly-based detection

Which of the following access control models is established by using SELinux?

Mandatory Access Control (MAC)

The openssl command 'req -new -x509 -nodes -keyout private/keypair.pem -out cert.csr' generates a certificate signing request (CSR) using a new private key.

False

What is a man-in-the-middle attack?

An attack that intercepts communications between two parties to steal information

The option '--mlock' of the openvpn command should be used to ensure that _______________________ keys are not written to the swap space.

ephemeral

Match the following Linux file attributes with their corresponding namespaces:

default = A system = B owner = C user = D trusted = E

The command 'setfacl' is used to view the access control list of a file.

False

Which command is used to add a new user 'usera' to FreeIPA?

ipa user-add usera --first User --last A

Which of the following options of the openvpn command should be used to change the timeout period to 5 seconds?

--ping-restart

What is the purpose of ndpmon?

To monitor log files for failed login attempts in order to block traffic from offending network nodes

What is an asymmetric key?

A key used for both encryption and decryption that is generated in a pair

Which of the following is an example of a behavioral-based HID technique?

Anomaly-based detection

Which command revokes ACL-based write access for groups and named users on the file afile?

setfacl ~m mask: : rx afile

Which command is used to set an extended attribute on a file in Linux?

setfattr

Which option in an Apache HTTPD configuration file enables OCSP stapling?

httpd-ssl.conf

Which of the following database names can be used within a Name Service Switch (NSS) configuration file?

All of the above

What is the purpose of a Certificate Authority (CA)?

To issue digital certificates

What is the purpose of a DNSKEY record in DNSSEC?

To sign a DNS zone

What is phishing?

A type of social engineering attack

What is the purpose of AIDE?

To detect intrusions and system changes

What is host intrusion detection (HID)?

A system that monitors and detects potential security threats on a single computer or server

What is a Certificate Revocation List (CRL)?

A list of X.509 certificates that have been revoked by a particular CA

Which of the following DNS records is used to map an IP address to a hostname?

PTR

What is social engineering?

A type of attack that manipulates individuals into revealing sensitive information

Which of the following is used to verify the authenticity of a DNS query?

RRSIG record

Which access control model is established by using SELinux?

Mandatory Access Control (MAC)

What is the purpose of the '--mlock' option in OpenVPN?

To ensure ephemeral keys are not written to the swap space

Which of the following is an example of a scan technique in nmap?

Xmas Scan

What is a man-in-the-middle attack?

An attack that intercepts communications between two parties to steal information

Which command is used to view the access control list of a file?

getfacl

Which of the following Linux Extended File Attributes are organized into namespaces?

System, Trusted, and User

What is the purpose of the 'ipa user-add' command?

To add a new user to FreeIPA

Which of the following is a benefit of using Host-based Intrusion Detection (HID)?

Real-time detection of malicious activity

Study Notes

LPIC-3 Security

Mounting CIFS Shares

• The uid option of mount.cifs specifies the user that appears as the local owner of the files of a mounted CIFS share when the server does not provide ownership information.

Security Practices

• Private keys should be created on the systems where they will be used and should never leave them.
• Private keys should have a sufficient length for the algorithm used for key generation.
• Private keys should not be stored as plain text files without encryption.

DNSSEC

• NSEC3 is used to prevent zone enumeration.

Access Control

• Forcing a file to be executed with the permissions of the file owner is achieved by setting the SetUID bit.
• The difference between SetUID and SetGID is that SetUID allows a file to be executed with the permissions of the file owner, while SetGID allows a file to be executed with the permissions of the group owner.

Symmetric and Asymmetric Keys

• A symmetric key is used for encryption and decryption and is the same for both.
• An asymmetric key, also known as a key pair, is used for encryption and decryption and is generated in a pair.

Linux Audit System

• The ausearch command is used to search and filter the audit log.

Network Security

• A honeypot is a network security tool designed to lure attackers into a trap.
• IP sets group together IP addresses that can be referenced by netfilter rules.

Authentication and Authorization

• rkhunter is used to detect rootkits and other security threats.

Digital Certificates

• A certificate chain is a sequence of certificates used to verify the authenticity of a digital certificate.
• A Certificate Authority (CA) issues and signs X.509 certificates.

Threats and Attacks

• A buffer overflow is a type of software vulnerability.
• A man-in-the-middle attack intercepts communications between two parties to steal information.
• A Trojan is a type of malware that disguises itself as legitimate software.
• A rogue access point is an unauthorized access point set up to look like a legitimate one.

System Hardening

• Linux Malware Detect is a tool used to detect malware on a Linux system.
• pam_cracklib is a PAM module that checks new passwords against dictionary words and enforces complexity.

DNS and DNSSEC

• RRSIG is a DNS record type used in DNSSEC.
• dnssec-keygen generates DNSSEC keys.

File Permissions and Access Control

• Linux file ownership is used to restrict access to files only to their owner.
• chmod is used to set the permissions of a file in Linux.

Network Security Tools

• iptable is used to configure firewall rules.
• nftables is used to configure packet filtering and classification.

Let me know if you'd like me to clarify or expand on any of these points!### Virtual Host and SSL

• The virtual host is used as a fallback default for all clients that do not support SNI.
• The virtual host is served only on the common name and Subject Alternative.

Apache HTTPD Configuration

• To require a client certificate for authentication, use the configuration option SSLVerifyClient require.
• SSLRequestClientCert is used to request a client certificate, but it does not require one.
• SSLVerifyClient is used to specify the verification level for client certificates.

Root CA Certificate

• A Root CA certificate is a self-signed certificate.
• It does not include the private key of the CA.
• It must contain an X509v3 Authority extension.

Host-Based Intrusion Detection (HID)

• HID is a system that monitors and detects potential security threats on a single computer or server.
• Best practice for implementing HID is to configure it to alert security personnel of potential security incidents.

SELinux Permissions

• SELinux permissions are verified after standard Linux permissions.
• SELinux permissions do not override standard Linux permissions.

Wireshark Capture Filters

• tcp portrange 10000-15000 is a valid Wireshark capture filter.

OpenVAS NVT Feed

• The command openvas-nvt-sync is used to update NVTs from the OpenVAS NVT feed.

File Permissions

• The chown command is used to set the owner and group of a file in Linux.
• The chmod command is used to set the permissions of a file in Linux.

Executable Files

• The permission bit that allows a file to be executed is Execute.

Automation of Host Scans

• Cron can be used to automate host scans on a Linux system.

sysctl Command

• The sysctl command is used to configure kernel parameters.
• The data that can be altered by the sysctl command is accessible in /proc/sys.

Access Control Lists

• The purpose of an access control list (ACL) in Linux is to specify fine-grained permissions for users and groups.

NFS Configuration

• Kerberos authentication was added to NFS in version 4.

OCSP Stapling

• OCSP stapling is a mechanism that allows a server to provide proof of the revocation status of its own SSL/TLS certificate.

FreeIPA Server

• The command ipa-server-install is used to install and configure a new FreeIPA server, including all sub-components, and creates a new FreeIPA domain.

OpenSSL Commands

• The command openssl req –new –key private/keypair.pem –out req/csr.pem is used to generate a certificate signing request (CSR) using the already existing private key contained in the file private/keypair.pem.

Cryptography

• Cryptography is the art of sending secret messages.

HID Monitoring

• HID monitors for unauthorized access attempts.

Benefits of HID

• HID provides real-time detection of security incidents.
• HID allows for quick response to security incidents.
• HID helps prevent security incidents from occurring.

Ciphertext and Plaintext

• Ciphertext is the encrypted message.
• Plaintext is the original message before encryption.

Rootkits

• A rootkit is a type of malware that disguises itself as legitimate software.

ebtables

• The command ebtables -t filter -L -v is used to display all ebtables rules contained in the table filter, including their packet and byte counters.

LDAP and Certificates

• LDAP is commonly used to transmit X.509 certificates.

Snort-stat

• The purpose of the program snort-stat is to read syslog files containing Snort information and generate port scan statistics.

chkrootkit

• chkrootkit is a tool used to check for rootkits on a Linux system.

LUKS Devices

• The command cryptsetup luksOpen /dev/sda1 crypt-vol is used to map a LUKS device.
• The command cryptsetup luksDelKey /dev/mapper/crypt-vol 1 is used to delete a key from a LUKS device.

eCryptfs

• eCryptfs is a stacked cryptographic filesystem for Linux.
• For every file in an eCryptfs directory, there exists a corresponding file that contains the encrypted content.

User Account Management

• The command chage --maxdays -1 usera is used to disable the automatic password expiry for the user usera.

TSIG and DNS

• TSIG authenticates name servers in order to perform secured zone transfers by using a secret key that is shared between the servers.

FreeIPA Components

• FreeIPA includes a Kerberos KDC, a Directory Server, and a Public Key Infrastructure.

DNSSEC

• DNSSEC is used to provide authentication of DNS data and verify the integrity of DNS data.

X.509 Certificates

• An X.509 certificate contains information such as the subject, issuer, validity dates, and public key.
• A Certificate Revocation List (CRL) is a list of X.509 certificates that have been revoked by a particular CA.

AppArmor and SELinux

• AppArmor and SELinux are both Mandatory Access Control (MAC) systems.
• AppArmor is implemented in user space only, while SELinux is a Linux kernel module.

Host Intrusion Detection

• Host intrusion detection (HID) monitors and detects potential security threats on a single computer or server.

Social Engineering

• Social engineering is a type of attack that exploits human psychology to gain access to sensitive information.

AIDE

• AIDE is a file integrity checker that detects intrusions and system changes.

DNS over TLS and DNS over HTTPS

• DNS over TLS and DNS over HTTPS are used to provide secure communication between DNS clients and servers.

LPIC-3 Security

Mounting CIFS Shares

• The uid option of mount.cifs specifies the user that appears as the local owner of the files of a mounted CIFS share when the server does not provide ownership information.

Security Practices

• Private keys should be created on the systems where they will be used and should never leave them.
• Private keys should have a sufficient length for the algorithm used for key generation.
• Private keys should not be stored as plain text files without encryption.

DNSSEC

• NSEC3 is used to prevent zone enumeration.

Access Control

• Forcing a file to be executed with the permissions of the file owner is achieved by setting the SetUID bit.
• The difference between SetUID and SetGID is that SetUID allows a file to be executed with the permissions of the file owner, while SetGID allows a file to be executed with the permissions of the group owner.

Symmetric and Asymmetric Keys

• A symmetric key is used for encryption and decryption and is the same for both.
• An asymmetric key, also known as a key pair, is used for encryption and decryption and is generated in a pair.

Linux Audit System

• The ausearch command is used to search and filter the audit log.

Network Security

• A honeypot is a network security tool designed to lure attackers into a trap.
• IP sets group together IP addresses that can be referenced by netfilter rules.

Authentication and Authorization

• rkhunter is used to detect rootkits and other security threats.

Digital Certificates

• A certificate chain is a sequence of certificates used to verify the authenticity of a digital certificate.
• A Certificate Authority (CA) issues and signs X.509 certificates.

Threats and Attacks

• A buffer overflow is a type of software vulnerability.
• A man-in-the-middle attack intercepts communications between two parties to steal information.
• A Trojan is a type of malware that disguises itself as legitimate software.
• A rogue access point is an unauthorized access point set up to look like a legitimate one.

System Hardening

• Linux Malware Detect is a tool used to detect malware on a Linux system.
• pam_cracklib is a PAM module that checks new passwords against dictionary words and enforces complexity.

DNS and DNSSEC

• RRSIG is a DNS record type used in DNSSEC.
• dnssec-keygen generates DNSSEC keys.

File Permissions and Access Control

• Linux file ownership is used to restrict access to files only to their owner.
• chmod is used to set the permissions of a file in Linux.

Network Security Tools

• iptable is used to configure firewall rules.
• nftables is used to configure packet filtering and classification.

Let me know if you'd like me to clarify or expand on any of these points!### Virtual Host and SSL

• The virtual host is used as a fallback default for all clients that do not support SNI.
• The virtual host is served only on the common name and Subject Alternative.

Apache HTTPD Configuration

• To require a client certificate for authentication, use the configuration option SSLVerifyClient require.
• SSLRequestClientCert is used to request a client certificate, but it does not require one.
• SSLVerifyClient is used to specify the verification level for client certificates.

Root CA Certificate

• A Root CA certificate is a self-signed certificate.
• It does not include the private key of the CA.
• It must contain an X509v3 Authority extension.

Host-Based Intrusion Detection (HID)

• HID is a system that monitors and detects potential security threats on a single computer or server.
• Best practice for implementing HID is to configure it to alert security personnel of potential security incidents.

SELinux Permissions

• SELinux permissions are verified after standard Linux permissions.
• SELinux permissions do not override standard Linux permissions.

Wireshark Capture Filters

• tcp portrange 10000-15000 is a valid Wireshark capture filter.

OpenVAS NVT Feed

• The command openvas-nvt-sync is used to update NVTs from the OpenVAS NVT feed.

File Permissions

• The chown command is used to set the owner and group of a file in Linux.
• The chmod command is used to set the permissions of a file in Linux.

Executable Files

• The permission bit that allows a file to be executed is Execute.

Automation of Host Scans

• Cron can be used to automate host scans on a Linux system.

sysctl Command

• The sysctl command is used to configure kernel parameters.
• The data that can be altered by the sysctl command is accessible in /proc/sys.

Access Control Lists

• The purpose of an access control list (ACL) in Linux is to specify fine-grained permissions for users and groups.

NFS Configuration

• Kerberos authentication was added to NFS in version 4.

OCSP Stapling

• OCSP stapling is a mechanism that allows a server to provide proof of the revocation status of its own SSL/TLS certificate.

FreeIPA Server

• The command ipa-server-install is used to install and configure a new FreeIPA server, including all sub-components, and creates a new FreeIPA domain.

OpenSSL Commands

• The command openssl req –new –key private/keypair.pem –out req/csr.pem is used to generate a certificate signing request (CSR) using the already existing private key contained in the file private/keypair.pem.

Cryptography

• Cryptography is the art of sending secret messages.

HID Monitoring

• HID monitors for unauthorized access attempts.

Benefits of HID

• HID provides real-time detection of security incidents.
• HID allows for quick response to security incidents.
• HID helps prevent security incidents from occurring.

Ciphertext and Plaintext

• Ciphertext is the encrypted message.
• Plaintext is the original message before encryption.

Rootkits

• A rootkit is a type of malware that disguises itself as legitimate software.

ebtables

• The command ebtables -t filter -L -v is used to display all ebtables rules contained in the table filter, including their packet and byte counters.

LDAP and Certificates

• LDAP is commonly used to transmit X.509 certificates.

Snort-stat

• The purpose of the program snort-stat is to read syslog files containing Snort information and generate port scan statistics.

chkrootkit

• chkrootkit is a tool used to check for rootkits on a Linux system.

LUKS Devices

• The command cryptsetup luksOpen /dev/sda1 crypt-vol is used to map a LUKS device.
• The command cryptsetup luksDelKey /dev/mapper/crypt-vol 1 is used to delete a key from a LUKS device.

eCryptfs

• eCryptfs is a stacked cryptographic filesystem for Linux.
• For every file in an eCryptfs directory, there exists a corresponding file that contains the encrypted content.

User Account Management

• The command chage --maxdays -1 usera is used to disable the automatic password expiry for the user usera.

TSIG and DNS

• TSIG authenticates name servers in order to perform secured zone transfers by using a secret key that is shared between the servers.

FreeIPA Components

• FreeIPA includes a Kerberos KDC, a Directory Server, and a Public Key Infrastructure.

DNSSEC

• DNSSEC is used to provide authentication of DNS data and verify the integrity of DNS data.

X.509 Certificates

• An X.509 certificate contains information such as the subject, issuer, validity dates, and public key.
• A Certificate Revocation List (CRL) is a list of X.509 certificates that have been revoked by a particular CA.

AppArmor and SELinux

• AppArmor and SELinux are both Mandatory Access Control (MAC) systems.
• AppArmor is implemented in user space only, while SELinux is a Linux kernel module.

Host Intrusion Detection

• Host intrusion detection (HID) monitors and detects potential security threats on a single computer or server.

Social Engineering

• Social engineering is a type of attack that exploits human psychology to gain access to sensitive information.

AIDE

• AIDE is a file integrity checker that detects intrusions and system changes.

DNS over TLS and DNS over HTTPS

• DNS over TLS and DNS over HTTPS are used to provide secure communication between DNS clients and servers.

LPIC-3 Security

Mounting CIFS Shares

• The uid option of mount.cifs specifies the user that appears as the local owner of the files of a mounted CIFS share when the server does not provide ownership information.

Security Practices

• Private keys should be created on the systems where they will be used and should never leave them.
• Private keys should have a sufficient length for the algorithm used for key generation.
• Private keys should not be stored as plain text files without encryption.

DNSSEC

• NSEC3 is used to prevent zone enumeration.

Access Control

• Forcing a file to be executed with the permissions of the file owner is achieved by setting the SetUID bit.
• The difference between SetUID and SetGID is that SetUID allows a file to be executed with the permissions of the file owner, while SetGID allows a file to be executed with the permissions of the group owner.

Symmetric and Asymmetric Keys

• A symmetric key is used for encryption and decryption and is the same for both.
• An asymmetric key, also known as a key pair, is used for encryption and decryption and is generated in a pair.

Linux Audit System

• The ausearch command is used to search and filter the audit log.

Network Security

• A honeypot is a network security tool designed to lure attackers into a trap.
• IP sets group together IP addresses that can be referenced by netfilter rules.

Authentication and Authorization

• rkhunter is used to detect rootkits and other security threats.

Digital Certificates

• A certificate chain is a sequence of certificates used to verify the authenticity of a digital certificate.
• A Certificate Authority (CA) issues and signs X.509 certificates.

Threats and Attacks

• A buffer overflow is a type of software vulnerability.
• A man-in-the-middle attack intercepts communications between two parties to steal information.
• A Trojan is a type of malware that disguises itself as legitimate software.
• A rogue access point is an unauthorized access point set up to look like a legitimate one.

System Hardening

• Linux Malware Detect is a tool used to detect malware on a Linux system.
• pam_cracklib is a PAM module that checks new passwords against dictionary words and enforces complexity.

DNS and DNSSEC

• RRSIG is a DNS record type used in DNSSEC.
• dnssec-keygen generates DNSSEC keys.

File Permissions and Access Control

• Linux file ownership is used to restrict access to files only to their owner.
• chmod is used to set the permissions of a file in Linux.

Network Security Tools

• iptable is used to configure firewall rules.
• nftables is used to configure packet filtering and classification.

Let me know if you'd like me to clarify or expand on any of these points!### Virtual Host and SSL

• The virtual host is used as a fallback default for all clients that do not support SNI.
• The virtual host is served only on the common name and Subject Alternative.

Apache HTTPD Configuration

• To require a client certificate for authentication, use the configuration option SSLVerifyClient require.
• SSLRequestClientCert is used to request a client certificate, but it does not require one.
• SSLVerifyClient is used to specify the verification level for client certificates.

Root CA Certificate

• A Root CA certificate is a self-signed certificate.
• It does not include the private key of the CA.
• It must contain an X509v3 Authority extension.

Host-Based Intrusion Detection (HID)

• HID is a system that monitors and detects potential security threats on a single computer or server.
• Best practice for implementing HID is to configure it to alert security personnel of potential security incidents.

SELinux Permissions

• SELinux permissions are verified after standard Linux permissions.
• SELinux permissions do not override standard Linux permissions.

Wireshark Capture Filters

• tcp portrange 10000-15000 is a valid Wireshark capture filter.

OpenVAS NVT Feed

• The command openvas-nvt-sync is used to update NVTs from the OpenVAS NVT feed.

File Permissions

• The chown command is used to set the owner and group of a file in Linux.
• The chmod command is used to set the permissions of a file in Linux.

Executable Files

• The permission bit that allows a file to be executed is Execute.

Automation of Host Scans

• Cron can be used to automate host scans on a Linux system.

sysctl Command

• The sysctl command is used to configure kernel parameters.
• The data that can be altered by the sysctl command is accessible in /proc/sys.

Access Control Lists

• The purpose of an access control list (ACL) in Linux is to specify fine-grained permissions for users and groups.

NFS Configuration

• Kerberos authentication was added to NFS in version 4.

OCSP Stapling

• OCSP stapling is a mechanism that allows a server to provide proof of the revocation status of its own SSL/TLS certificate.

FreeIPA Server

• The command ipa-server-install is used to install and configure a new FreeIPA server, including all sub-components, and creates a new FreeIPA domain.

OpenSSL Commands

• The command openssl req –new –key private/keypair.pem –out req/csr.pem is used to generate a certificate signing request (CSR) using the already existing private key contained in the file private/keypair.pem.

Cryptography

• Cryptography is the art of sending secret messages.

HID Monitoring

• HID monitors for unauthorized access attempts.

Benefits of HID

• HID provides real-time detection of security incidents.
• HID allows for quick response to security incidents.
• HID helps prevent security incidents from occurring.

Ciphertext and Plaintext

• Ciphertext is the encrypted message.
• Plaintext is the original message before encryption.

Rootkits

• A rootkit is a type of malware that disguises itself as legitimate software.

ebtables

• The command ebtables -t filter -L -v is used to display all ebtables rules contained in the table filter, including their packet and byte counters.

LDAP and Certificates

• LDAP is commonly used to transmit X.509 certificates.

Snort-stat

• The purpose of the program snort-stat is to read syslog files containing Snort information and generate port scan statistics.

chkrootkit

• chkrootkit is a tool used to check for rootkits on a Linux system.

LUKS Devices

• The command cryptsetup luksOpen /dev/sda1 crypt-vol is used to map a LUKS device.
• The command cryptsetup luksDelKey /dev/mapper/crypt-vol 1 is used to delete a key from a LUKS device.

eCryptfs

• eCryptfs is a stacked cryptographic filesystem for Linux.
• For every file in an eCryptfs directory, there exists a corresponding file that contains the encrypted content.

User Account Management

• The command chage --maxdays -1 usera is used to disable the automatic password expiry for the user usera.

TSIG and DNS

• TSIG authenticates name servers in order to perform secured zone transfers by using a secret key that is shared between the servers.

FreeIPA Components

• FreeIPA includes a Kerberos KDC, a Directory Server, and a Public Key Infrastructure.

DNSSEC

• DNSSEC is used to provide authentication of DNS data and verify the integrity of DNS data.

X.509 Certificates

• An X.509 certificate contains information such as the subject, issuer, validity dates, and public key.
• A Certificate Revocation List (CRL) is a list of X.509 certificates that have been revoked by a particular CA.

AppArmor and SELinux

• AppArmor and SELinux are both Mandatory Access Control (MAC) systems.
• AppArmor is implemented in user space only, while SELinux is a Linux kernel module.

Host Intrusion Detection

• Host intrusion detection (HID) monitors and detects potential security threats on a single computer or server.

Social Engineering

• Social engineering is a type of attack that exploits human psychology to gain access to sensitive information.

AIDE

• AIDE is a file integrity checker that detects intrusions and system changes.

DNS over TLS and DNS over HTTPS

• DNS over TLS and DNS over HTTPS are used to provide secure communication between DNS clients and servers.

Network Monitoring

• It monitors remote hosts by periodically sending echo requests to them.

Asymmetric Keys

• An asymmetric key is a key used for both encryption and decryption that is generated in a pair.

HID Techniques

• Anomaly-based detection is a behavioral-based HID technique.

File Permissions

• The command setfacl is used to set access control lists (ACLs) on files.
• The command setfattr is used to set extended attributes on files.
• The command getfacl is used to view the access control list of a file.

DNS

• The PTR record is used to map an IP address to a hostname.
• The DNSKEY record is used to sign a DNS zone in DNSSEC.

Security

• Phishing is a type of social engineering attack.
• Social engineering is a type of attack that aims to deceive individuals into divulging sensitive information.

Access Control

• Mandatory Access Control (MAC) is an access control model established by using SELinux.

VPNs

• The --mlock option of the openvpn command is used to ensure that ephemeral keys are not written to the swap space.

Linux File Attributes

• Linux Extended File Attributes are organized in namespaces, including system, trusted, and user.

Nmap Scan Techniques

• Existing scan techniques with nmap include Xmas Scan and FIN Scan.

User Management

• The ipa user-add command is used to add a new user to FreeIPA.

Security Threats

• A man-in-the-middle attack is an attack that intercepts communications between two parties to steal information.
• A Certificate Revocation List (CRL) is a list of X.509 certificates that have been revoked by a particular CA.
• Host intrusion detection (HID) is a system that monitors and detects potential security threats on a single computer or server.
• AIDE is used to detect intrusions and system changes.

Network Monitoring

• It monitors remote hosts by periodically sending echo requests to them.

Asymmetric Keys

• An asymmetric key is a key used for both encryption and decryption that is generated in a pair.

HID Techniques

• Anomaly-based detection is a behavioral-based HID technique.

File Permissions

• The command setfacl is used to set access control lists (ACLs) on files.
• The command setfattr is used to set extended attributes on files.
• The command getfacl is used to view the access control list of a file.

DNS

• The PTR record is used to map an IP address to a hostname.
• The DNSKEY record is used to sign a DNS zone in DNSSEC.

Security

• Phishing is a type of social engineering attack.
• Social engineering is a type of attack that aims to deceive individuals into divulging sensitive information.

Access Control

• Mandatory Access Control (MAC) is an access control model established by using SELinux.

VPNs

• The --mlock option of the openvpn command is used to ensure that ephemeral keys are not written to the swap space.

Linux File Attributes

• Linux Extended File Attributes are organized in namespaces, including system, trusted, and user.

Nmap Scan Techniques

• Existing scan techniques with nmap include Xmas Scan and FIN Scan.

User Management

• The ipa user-add command is used to add a new user to FreeIPA.

Security Threats

• A man-in-the-middle attack is an attack that intercepts communications between two parties to steal information.
• A Certificate Revocation List (CRL) is a list of X.509 certificates that have been revoked by a particular CA.
• Host intrusion detection (HID) is a system that monitors and detects potential security threats on a single computer or server.
• AIDE is used to detect intrusions and system changes.

Network Monitoring

• It monitors remote hosts by periodically sending echo requests to them.

Asymmetric Keys

• An asymmetric key is a key used for both encryption and decryption that is generated in a pair.

HID Techniques

• Anomaly-based detection is a behavioral-based HID technique.

File Permissions

• The command setfacl is used to set access control lists (ACLs) on files.
• The command setfattr is used to set extended attributes on files.
• The command getfacl is used to view the access control list of a file.

DNS

• The PTR record is used to map an IP address to a hostname.
• The DNSKEY record is used to sign a DNS zone in DNSSEC.

Security

• Phishing is a type of social engineering attack.
• Social engineering is a type of attack that aims to deceive individuals into divulging sensitive information.

Access Control

• Mandatory Access Control (MAC) is an access control model established by using SELinux.

VPNs

• The --mlock option of the openvpn command is used to ensure that ephemeral keys are not written to the swap space.

Linux File Attributes

• Linux Extended File Attributes are organized in namespaces, including system, trusted, and user.

Nmap Scan Techniques

• Existing scan techniques with nmap include Xmas Scan and FIN Scan.

User Management

• The ipa user-add command is used to add a new user to FreeIPA.

Security Threats

• A man-in-the-middle attack is an attack that intercepts communications between two parties to steal information.
• A Certificate Revocation List (CRL) is a list of X.509 certificates that have been revoked by a particular CA.
• Host intrusion detection (HID) is a system that monitors and detects potential security threats on a single computer or server.
• AIDE is used to detect intrusions and system changes.

Description

Practice questions for the LPIC-3 Security certification exam, covering various security topics and Linux system administration.