LPIC-3 Security Exam Questions
147 Questions
12 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What is the purpose of rkhunter?

  • To manage system log files
  • To automate host scans
  • To detect rootkits and other security threats (correct)
  • To manage installed packages
  • What is a certificate chain?

  • A sequence of certificates used to verify the authenticity of a digital certificate (correct)
  • A sequence of public and private keys used for encryption and decryption
  • A chain of public and private keys used for encryption and decryption
  • A chain of digital signatures used to verify the authenticity of a certificate
  • What is a Trojan?

  • A type of virus
  • A type of denial-of-service attack
  • A type of malware that disguises itself as legitimate software (correct)
  • A type of phishing scam
  • What is a rogue access point?

    <p>An unauthorized access point that is set up to look like a legitimate one</p> Signup and view all the answers

    The purpose of a TLSA record in DANE is to provide information about a TLS server.

    <p>False</p> Signup and view all the answers

    How are SELinux permissions related to standard Linux permissions?

    <p>SELinux permissions override standard Linux permissions</p> Signup and view all the answers

    What option of mount.cifs specifies the user that appears as the local owner of the files of a mounted CIFS share when the server does not provide ownership information?

    <p>uid</p> Signup and view all the answers

    Which of the following practices are important for the security of private keys? (Choose TWO correct answers)

    <p>Private keys should have a sufficient length for the algorithm used for key generation.</p> Signup and view all the answers

    What is the purpose of NSEC3 in DNSSEC?

    <p>To prevent zone enumeration</p> Signup and view all the answers

    Which command is used to run a new shell for a user changing the SELinux context?

    <p>newrole</p> Signup and view all the answers

    Which file is used to configure AIDE?

    <p>/etc/aide/aide.conf</p> Signup and view all the answers

    Which of the following statements describes the purpose of ndpmon?

    <p>It monitors the network for neighbor discovery messages from new IPv6 hosts and routers.</p> Signup and view all the answers

    What is an asymmetric key?

    <p>A key used for both encryption and decryption that is generated in a pair</p> Signup and view all the answers

    Which of the following is an example of a behavioral-based HID technique?

    <p>Anomaly-based detection</p> Signup and view all the answers

    Which command revokes ACL-based write access for groups and named users on the file afile?

    <p>setfacl ~m mask: : rx afile</p> Signup and view all the answers

    Which command is used to set an extended attribute on a file in Linux?

    <p>setfattr</p> Signup and view all the answers

    Determine whether the given solution is correct?

    <p>Correct</p> Signup and view all the answers

    Which of the following openssl commands generates a certificate signing request (CSR) using the already existing private key contained in the file private/keypair.pem?

    <p>openssl req – new -key private/keypair.pem –out req/csr.pem</p> Signup and view all the answers

    What is Cryptography?

    <p>The art of sending secret messages</p> Signup and view all the answers

    What type of activity does HID monitor for?

    <p>Unauthorized access attempts</p> Signup and view all the answers

    Which of the following is NOT a benefit of using HID?

    <p>Provides automatic removal of detected threats</p> Signup and view all the answers

    What is a ciphertext?

    <p>The encrypted message</p> Signup and view all the answers

    What is a rootkit?

    <p>A type of malware that disguises itself as legitimate software</p> Signup and view all the answers

    Which of the following commands defines an audit rule that monitors read and write operations to the file '/etc/firewall/rules' and associates the rule with the name 'firewall'?

    <p>auditctl –w /etc/firewall/rules –p rw –k firewall</p> Signup and view all the answers

    What is a plaintext?

    <p>The original message before encryption</p> Signup and view all the answers

    Which protocol is commonly used to transmit X.509 certificates?

    <p>LDAP</p> Signup and view all the answers

    What option of mount.cifs specifies the user that appears as the local owner of the files of a mounted CIFS share when the server does not provide ownership information?

    <p>uid</p> Signup and view all the answers

    Which of the following practices are important for the security of private keys? (Choose TWO correct answers.)

    <p>Private keys should have a sufficient length for the algorithm used for key generation.</p> Signup and view all the answers

    What is the purpose of NSEC3 in DNSSEC?

    <p>To prevent zone enumeration</p> Signup and view all the answers

    Which command is used to run a new shell for a user changing the SELinux context?

    <p>newrole</p> Signup and view all the answers

    Which file is used to configure AIDE?

    <p>/etc/aide/aide.conf</p> Signup and view all the answers

    Which of the following statements describes the purpose of ndpmon?

    <p>It monitors the network for neighbor discovery messages from new IPv6 hosts and routers.</p> Signup and view all the answers

    What is an asymmetric key?

    <p>A key used for both encryption and decryption that is generated in a pair</p> Signup and view all the answers

    Which of the following is an example of a behavioral-based HID technique?

    <p>Anomaly-based detection</p> Signup and view all the answers

    Which command revokes ACL-based write access for groups and named users on the file afile?

    <p>setfacl ~m mask: : rx afile</p> Signup and view all the answers

    Which command is used to set an extended attribute on a file in Linux?

    <p>setfattr</p> Signup and view all the answers

    When OpenVPN sends a control packet to its peer, it expects an acknowledgement in 2 seconds by default. Which of the following options changes the timeout period to 5 seconds?

    <p>-- tls-timeout 5</p> Signup and view all the answers

    Which permission bit allows a user to delete a file?

    <p>Write</p> Signup and view all the answers

    What is the purpose of rkhunter?

    <p>To detect rootkits and other security threats</p> Signup and view all the answers

    What is a certificate chain?

    <p>A sequence of certificates used to verify the authenticity of a digital certificate</p> Signup and view all the answers

    Which of the following commands changes the source IP address to 192.0.2.11 for all IPv4 packets which go through the network interface eth0?

    <p>iptables ~t nat ~A POSTROUTING ~o eth0 <del>j SNAT --to</del>source 192.0.2.11</p> Signup and view all the answers

    Which statement is used in a parameter file for setkey to create a new SPD entry?

    <p>spdadd</p> Signup and view all the answers

    Which methods can be used to deactivate a rule in Snort? (Choose TWO correct answers.)

    <p>By placing a pass rule in local.rules and restarting Snort.</p> Signup and view all the answers

    Which command adds users using SSSD's local service?

    <p>sss_useradd</p> Signup and view all the answers

    Which DNS records are used in DNSSEC?

    <p>RRSIG</p> Signup and view all the answers

    What is the purpose of a Certificate Authority (CA)?

    <p>To issue and sign X.509 certificates</p> Signup and view all the answers

    Is the command 'ipa-server-install' a correct solution?

    <p>Correct</p> Signup and view all the answers

    Which of the following openssl commands generates a certificate signing request (CSR) using the already existing private key?

    <p>openssl req – new -key private/keypair.pem –out req/csr.pem</p> Signup and view all the answers

    What is Cryptography?

    <p>The art of sending secret messages</p> Signup and view all the answers

    Which type of activity does HID monitor for?

    <p>Unauthorized access attempts</p> Signup and view all the answers

    Which of the following is NOT a benefit of using HID?

    <p>Provides automatic removal of detected threats</p> Signup and view all the answers

    What is a ciphertext?

    <p>The encrypted message</p> Signup and view all the answers

    Which of the following commands defines an audit rule that monitors read and write operations to a specified file?

    <p>auditctl –w /etc/firewall/rules –p rw –k firewall</p> Signup and view all the answers

    What is a rootkit?

    <p>A type of malware that disguises itself as legitimate software</p> Signup and view all the answers

    Which of the following commands displays all ebtable rules contained in a specified table?

    <p>ebtables -t filter –L --Lc</p> Signup and view all the answers

    What is a plaintext?

    <p>The original message before encryption</p> Signup and view all the answers

    Which protocol is commonly used to transmit X.509 certificates?

    <p>LDAP</p> Signup and view all the answers

    What is the purpose of the program snort-stat?

    <p>It reads syslog files containing Snort information and generates port scan statistics.</p> Signup and view all the answers

    Which tool can be used to check for rootkits on a Linux system?

    <p>chkrootkit</p> Signup and view all the answers

    What is the purpose of rkhunter?

    <p>To detect rootkits and other security threats</p> Signup and view all the answers

    What is a certificate chain?

    <p>A sequence of certificates used to verify the authenticity of a digital certificate</p> Signup and view all the answers

    Which permission bit allows a user to delete a file?

    <p>Write</p> Signup and view all the answers

    Which of the following DNS records are used in DNSSEC?

    <p>RRSIG</p> Signup and view all the answers

    What is the purpose of a Certificate Authority (CA)?

    <p>To issue and sign X.509 certificates</p> Signup and view all the answers

    What option of mount.cifs specifies the user that appears as the local owner of the files of a mounted CIFS share when the server does not provide ownership information?

    <p>uid</p> Signup and view all the answers

    Which of the following practices are important for the security of private keys? (Choose TWO correct answers.)

    <p>Private keys should be included in X509 certificates.</p> Signup and view all the answers

    What is the purpose of NSEC3 in DNSSEC?

    <p>To prevent zone enumeration</p> Signup and view all the answers

    Which command is used to run a new shell for a user changing the SELinux context?

    <p>newrole</p> Signup and view all the answers

    Which file is used to configure AIDE?

    <p>/etc/aide/aide.conf</p> Signup and view all the answers

    What is an asymmetric key?

    <p>A key used for both encryption and decryption that is generated in a pair</p> Signup and view all the answers

    Which of the following is an example of a behavioral-based HID technique?

    <p>Anomaly-based detection</p> Signup and view all the answers

    Which command revokes ACL-based write access for groups and named users on the file afile?

    <p>setfacl ~m mask: : rx afile</p> Signup and view all the answers

    Which command is used to set an extended attribute on a file in Linux?

    <p>setfattr</p> Signup and view all the answers

    Which option in an Apache HTTPD configuration file enables OCSP stapling?

    <p>False</p> Signup and view all the answers

    Determine whether the given solution is correct?

    <p>Correct</p> Signup and view all the answers

    What type of attack is phishing?

    <p>A type of social engineering attack</p> Signup and view all the answers

    What is the purpose of a Certificate Revocation List (CRL)?

    <p>A list of X.509 certificates that have been revoked by a particular CA</p> Signup and view all the answers

    What type of record is used to map an IP address to a hostname?

    <p>PTR</p> Signup and view all the answers

    What is the purpose of AIDE?

    <p>To detect intrusions and system changes</p> Signup and view all the answers

    What is host intrusion detection (HID)?

    <p>A system that monitors and detects potential security threats on a single computer or server</p> Signup and view all the answers

    What is the purpose of a DNSKEY record in DNSSEC?

    <p>To sign a DNS zone</p> Signup and view all the answers

    What is social engineering?

    <p>A type of psychological manipulation</p> Signup and view all the answers

    What is the purpose of an RRSIG record in DNSSEC?

    <p>To sign a DNS zone</p> Signup and view all the answers

    What is the primary function of ndpmon?

    <p>To monitor remote hosts by periodically sending echo requests</p> Signup and view all the answers

    What type of key is used for both encryption and decryption that is generated in a pair?

    <p>Asymmetric key</p> Signup and view all the answers

    What is an example of a behavioral-based HID technique?

    <p>Anomaly-based detection</p> Signup and view all the answers

    Which command is used to set an extended attribute on a file in Linux?

    <p>setfattr</p> Signup and view all the answers

    Which option in an Apache HTTPD configuration file enables OCSP stapling?

    <p>ssl-ocsp.conf</p> Signup and view all the answers

    Which of the following database names can be used within a Name Service Switch (NSS) configuration file?

    <p>all of the above</p> Signup and view all the answers

    What type of access control model is established by using SELinux?

    <p>Mandatory Access Control (MAC)</p> Signup and view all the answers

    Which command revokes ACL-based write access for groups and named users on the file afile?

    <p>setfacl ~m mask: : rx afile</p> Signup and view all the answers

    What is the purpose of OCSP stapling?

    <p>To provide information about a TLS server</p> Signup and view all the answers

    Which option of the openvpn command should be used to ensure that ephemeral keys are not written to the swap space?

    <p>--mlock</p> Signup and view all the answers

    Which command is used to view the access control list of a file?

    <p>getfacl</p> Signup and view all the answers

    What is a man-in-the-middle attack?

    <p>An attack that intercepts communications between two parties to steal information</p> Signup and view all the answers

    Which of the following names correspond to existing attribute namespaces?

    <p>system, trusted, user</p> Signup and view all the answers

    Which of the following scan techniques is used with nmap?

    <p>Xmas Scan, FIN Scan</p> Signup and view all the answers

    Which command is used to add a new user to FreeIPA?

    <p>ipa user-add usera --first User --last A</p> Signup and view all the answers

    Which of the following is a Linux Extended File Attribute namespace?

    <p>trusted</p> Signup and view all the answers

    What is the primary purpose of a DNSKEY record in DNSSEC?

    <p>To sign a DNS zone</p> Signup and view all the answers

    A Certificate Revocation List (CRL) is a list of X.509 certificates that have been issued by a particular CA.

    <p>False</p> Signup and view all the answers

    What is the purpose of AIDE?

    <p>AIDE is used to detect intrusions and system changes.</p> Signup and view all the answers

    The DNS record used to map an IP address to a hostname is the _______________________ record.

    <p>PTR</p> Signup and view all the answers

    Match the following security threats with their definitions:

    <p>Phishing = A type of attack where an attacker tricks a user into revealing sensitive information Social Engineering = A type of attack where an attacker tricks a user into revealing sensitive information Malware = A type of virus</p> Signup and view all the answers

    What is the purpose of NSEC3 in DNSSEC?

    <p>To prevent DNS zone enumeration</p> Signup and view all the answers

    Host intrusion detection (HID) is a system that detects malicious traffic on a network.

    <p>False</p> Signup and view all the answers

    What is the purpose of a Certificate Authority (CA)?

    <p>A Certificate Authority (CA) is used to issue and manage digital certificates.</p> Signup and view all the answers

    What is the purpose of ndpmon?

    <p>Monitor log files for failed login attempts in order to block traffic from offending network nodes</p> Signup and view all the answers

    A key used for encryption and decryption that is the same is an asymmetric key.

    <p>False</p> Signup and view all the answers

    What is the command to set an extended attribute on a file in Linux?

    <p>setfattr</p> Signup and view all the answers

    The _______________ option in an Apache HTTPD configuration file enables OCSP stapling.

    <p>SSLUseStapling</p> Signup and view all the answers

    Which of the following database names can be used within a Name Service Switch (NSS) configuration file?

    <p>passwd</p> Signup and view all the answers

    Match the following HID techniques with their descriptions:

    <p>Signature-based detection = A technique that uses predefined patterns to identify malware Anomaly-based detection = A technique that identifies malware based on its behavior Heuristic-based detection = A technique that uses rules and algorithms to identify malware Rule-based detection = A technique that uses predefined rules to identify malware</p> Signup and view all the answers

    The setfacl command is used to revoke ACL-based write access for groups and named users on a file.

    <p>False</p> Signup and view all the answers

    What is an example of a behavioral-based HID technique?

    <p>Anomaly-based detection</p> Signup and view all the answers

    Which of the following access control models is established by using SELinux?

    <p>Mandatory Access Control (MAC)</p> Signup and view all the answers

    The openssl command 'req -new -x509 -nodes -keyout private/keypair.pem -out cert.csr' generates a certificate signing request (CSR) using a new private key.

    <p>False</p> Signup and view all the answers

    What is a man-in-the-middle attack?

    <p>An attack that intercepts communications between two parties to steal information</p> Signup and view all the answers

    The option '--mlock' of the openvpn command should be used to ensure that _______________________ keys are not written to the swap space.

    <p>ephemeral</p> Signup and view all the answers

    Match the following Linux file attributes with their corresponding namespaces:

    <p>default = A system = B owner = C user = D trusted = E</p> Signup and view all the answers

    The command 'setfacl' is used to view the access control list of a file.

    <p>False</p> Signup and view all the answers

    Which command is used to add a new user 'usera' to FreeIPA?

    <p>ipa user-add usera --first User --last A</p> Signup and view all the answers

    Which of the following options of the openvpn command should be used to change the timeout period to 5 seconds?

    <p>--ping-restart</p> Signup and view all the answers

    What is the purpose of ndpmon?

    <p>To monitor log files for failed login attempts in order to block traffic from offending network nodes</p> Signup and view all the answers

    What is an asymmetric key?

    <p>A key used for both encryption and decryption that is generated in a pair</p> Signup and view all the answers

    Which of the following is an example of a behavioral-based HID technique?

    <p>Anomaly-based detection</p> Signup and view all the answers

    Which command revokes ACL-based write access for groups and named users on the file afile?

    <p>setfacl ~m mask: : rx afile</p> Signup and view all the answers

    Which command is used to set an extended attribute on a file in Linux?

    <p>setfattr</p> Signup and view all the answers

    Which option in an Apache HTTPD configuration file enables OCSP stapling?

    <p>httpd-ssl.conf</p> Signup and view all the answers

    Which of the following database names can be used within a Name Service Switch (NSS) configuration file?

    <p>All of the above</p> Signup and view all the answers

    What is the purpose of a Certificate Authority (CA)?

    <p>To issue digital certificates</p> Signup and view all the answers

    What is the purpose of a DNSKEY record in DNSSEC?

    <p>To sign a DNS zone</p> Signup and view all the answers

    What is phishing?

    <p>A type of social engineering attack</p> Signup and view all the answers

    What is the purpose of AIDE?

    <p>To detect intrusions and system changes</p> Signup and view all the answers

    What is host intrusion detection (HID)?

    <p>A system that monitors and detects potential security threats on a single computer or server</p> Signup and view all the answers

    What is a Certificate Revocation List (CRL)?

    <p>A list of X.509 certificates that have been revoked by a particular CA</p> Signup and view all the answers

    Which of the following DNS records is used to map an IP address to a hostname?

    <p>PTR</p> Signup and view all the answers

    What is social engineering?

    <p>A type of attack that manipulates individuals into revealing sensitive information</p> Signup and view all the answers

    Which of the following is used to verify the authenticity of a DNS query?

    <p>RRSIG record</p> Signup and view all the answers

    Which access control model is established by using SELinux?

    <p>Mandatory Access Control (MAC)</p> Signup and view all the answers

    What is the purpose of the '--mlock' option in OpenVPN?

    <p>To ensure ephemeral keys are not written to the swap space</p> Signup and view all the answers

    Which of the following is an example of a scan technique in nmap?

    <p>Xmas Scan</p> Signup and view all the answers

    What is a man-in-the-middle attack?

    <p>An attack that intercepts communications between two parties to steal information</p> Signup and view all the answers

    Which command is used to view the access control list of a file?

    <p>getfacl</p> Signup and view all the answers

    Which of the following Linux Extended File Attributes are organized into namespaces?

    <p>System, Trusted, and User</p> Signup and view all the answers

    What is the purpose of the 'ipa user-add' command?

    <p>To add a new user to FreeIPA</p> Signup and view all the answers

    Which of the following is a benefit of using Host-based Intrusion Detection (HID)?

    <p>Real-time detection of malicious activity</p> Signup and view all the answers

    Study Notes

    LPIC-3 Security

    Mounting CIFS Shares

    • The uid option of mount.cifs specifies the user that appears as the local owner of the files of a mounted CIFS share when the server does not provide ownership information.

    Security Practices

    • Private keys should be created on the systems where they will be used and should never leave them.
    • Private keys should have a sufficient length for the algorithm used for key generation.
    • Private keys should not be stored as plain text files without encryption.

    DNSSEC

    • NSEC3 is used to prevent zone enumeration.

    Access Control

    • Forcing a file to be executed with the permissions of the file owner is achieved by setting the SetUID bit.
    • The difference between SetUID and SetGID is that SetUID allows a file to be executed with the permissions of the file owner, while SetGID allows a file to be executed with the permissions of the group owner.

    Symmetric and Asymmetric Keys

    • A symmetric key is used for encryption and decryption and is the same for both.
    • An asymmetric key, also known as a key pair, is used for encryption and decryption and is generated in a pair.

    Linux Audit System

    • The ausearch command is used to search and filter the audit log.

    Network Security

    • A honeypot is a network security tool designed to lure attackers into a trap.
    • IP sets group together IP addresses that can be referenced by netfilter rules.

    Authentication and Authorization

    • rkhunter is used to detect rootkits and other security threats.

    Digital Certificates

    • A certificate chain is a sequence of certificates used to verify the authenticity of a digital certificate.
    • A Certificate Authority (CA) issues and signs X.509 certificates.

    Threats and Attacks

    • A buffer overflow is a type of software vulnerability.
    • A man-in-the-middle attack intercepts communications between two parties to steal information.
    • A Trojan is a type of malware that disguises itself as legitimate software.
    • A rogue access point is an unauthorized access point set up to look like a legitimate one.

    System Hardening

    • Linux Malware Detect is a tool used to detect malware on a Linux system.
    • pam_cracklib is a PAM module that checks new passwords against dictionary words and enforces complexity.

    DNS and DNSSEC

    • RRSIG is a DNS record type used in DNSSEC.
    • dnssec-keygen generates DNSSEC keys.

    File Permissions and Access Control

    • Linux file ownership is used to restrict access to files only to their owner.
    • chmod is used to set the permissions of a file in Linux.

    Network Security Tools

    • iptable is used to configure firewall rules.
    • nftables is used to configure packet filtering and classification.

    Let me know if you'd like me to clarify or expand on any of these points!### Virtual Host and SSL

    • The virtual host is used as a fallback default for all clients that do not support SNI.
    • The virtual host is served only on the common name and Subject Alternative.

    Apache HTTPD Configuration

    • To require a client certificate for authentication, use the configuration option SSLVerifyClient require.
    • SSLRequestClientCert is used to request a client certificate, but it does not require one.
    • SSLVerifyClient is used to specify the verification level for client certificates.

    Root CA Certificate

    • A Root CA certificate is a self-signed certificate.
    • It does not include the private key of the CA.
    • It must contain an X509v3 Authority extension.

    Host-Based Intrusion Detection (HID)

    • HID is a system that monitors and detects potential security threats on a single computer or server.
    • Best practice for implementing HID is to configure it to alert security personnel of potential security incidents.

    SELinux Permissions

    • SELinux permissions are verified after standard Linux permissions.
    • SELinux permissions do not override standard Linux permissions.

    Wireshark Capture Filters

    • tcp portrange 10000-15000 is a valid Wireshark capture filter.

    OpenVAS NVT Feed

    • The command openvas-nvt-sync is used to update NVTs from the OpenVAS NVT feed.

    File Permissions

    • The chown command is used to set the owner and group of a file in Linux.
    • The chmod command is used to set the permissions of a file in Linux.

    Executable Files

    • The permission bit that allows a file to be executed is Execute.

    Automation of Host Scans

    • Cron can be used to automate host scans on a Linux system.

    sysctl Command

    • The sysctl command is used to configure kernel parameters.
    • The data that can be altered by the sysctl command is accessible in /proc/sys.

    Access Control Lists

    • The purpose of an access control list (ACL) in Linux is to specify fine-grained permissions for users and groups.

    NFS Configuration

    • Kerberos authentication was added to NFS in version 4.

    OCSP Stapling

    • OCSP stapling is a mechanism that allows a server to provide proof of the revocation status of its own SSL/TLS certificate.

    FreeIPA Server

    • The command ipa-server-install is used to install and configure a new FreeIPA server, including all sub-components, and creates a new FreeIPA domain.

    OpenSSL Commands

    • The command openssl req –new –key private/keypair.pem –out req/csr.pem is used to generate a certificate signing request (CSR) using the already existing private key contained in the file private/keypair.pem.

    Cryptography

    • Cryptography is the art of sending secret messages.

    HID Monitoring

    • HID monitors for unauthorized access attempts.

    Benefits of HID

    • HID provides real-time detection of security incidents.
    • HID allows for quick response to security incidents.
    • HID helps prevent security incidents from occurring.

    Ciphertext and Plaintext

    • Ciphertext is the encrypted message.
    • Plaintext is the original message before encryption.

    Rootkits

    • A rootkit is a type of malware that disguises itself as legitimate software.

    ebtables

    • The command ebtables -t filter -L -v is used to display all ebtables rules contained in the table filter, including their packet and byte counters.

    LDAP and Certificates

    • LDAP is commonly used to transmit X.509 certificates.

    Snort-stat

    • The purpose of the program snort-stat is to read syslog files containing Snort information and generate port scan statistics.

    chkrootkit

    • chkrootkit is a tool used to check for rootkits on a Linux system.

    LUKS Devices

    • The command cryptsetup luksOpen /dev/sda1 crypt-vol is used to map a LUKS device.
    • The command cryptsetup luksDelKey /dev/mapper/crypt-vol 1 is used to delete a key from a LUKS device.

    eCryptfs

    • eCryptfs is a stacked cryptographic filesystem for Linux.
    • For every file in an eCryptfs directory, there exists a corresponding file that contains the encrypted content.

    User Account Management

    • The command chage --maxdays -1 usera is used to disable the automatic password expiry for the user usera.

    TSIG and DNS

    • TSIG authenticates name servers in order to perform secured zone transfers by using a secret key that is shared between the servers.

    FreeIPA Components

    • FreeIPA includes a Kerberos KDC, a Directory Server, and a Public Key Infrastructure.

    DNSSEC

    • DNSSEC is used to provide authentication of DNS data and verify the integrity of DNS data.

    X.509 Certificates

    • An X.509 certificate contains information such as the subject, issuer, validity dates, and public key.
    • A Certificate Revocation List (CRL) is a list of X.509 certificates that have been revoked by a particular CA.

    AppArmor and SELinux

    • AppArmor and SELinux are both Mandatory Access Control (MAC) systems.
    • AppArmor is implemented in user space only, while SELinux is a Linux kernel module.

    Host Intrusion Detection

    • Host intrusion detection (HID) monitors and detects potential security threats on a single computer or server.

    Social Engineering

    • Social engineering is a type of attack that exploits human psychology to gain access to sensitive information.

    AIDE

    • AIDE is a file integrity checker that detects intrusions and system changes.

    DNS over TLS and DNS over HTTPS

    • DNS over TLS and DNS over HTTPS are used to provide secure communication between DNS clients and servers.

    LPIC-3 Security

    Mounting CIFS Shares

    • The uid option of mount.cifs specifies the user that appears as the local owner of the files of a mounted CIFS share when the server does not provide ownership information.

    Security Practices

    • Private keys should be created on the systems where they will be used and should never leave them.
    • Private keys should have a sufficient length for the algorithm used for key generation.
    • Private keys should not be stored as plain text files without encryption.

    DNSSEC

    • NSEC3 is used to prevent zone enumeration.

    Access Control

    • Forcing a file to be executed with the permissions of the file owner is achieved by setting the SetUID bit.
    • The difference between SetUID and SetGID is that SetUID allows a file to be executed with the permissions of the file owner, while SetGID allows a file to be executed with the permissions of the group owner.

    Symmetric and Asymmetric Keys

    • A symmetric key is used for encryption and decryption and is the same for both.
    • An asymmetric key, also known as a key pair, is used for encryption and decryption and is generated in a pair.

    Linux Audit System

    • The ausearch command is used to search and filter the audit log.

    Network Security

    • A honeypot is a network security tool designed to lure attackers into a trap.
    • IP sets group together IP addresses that can be referenced by netfilter rules.

    Authentication and Authorization

    • rkhunter is used to detect rootkits and other security threats.

    Digital Certificates

    • A certificate chain is a sequence of certificates used to verify the authenticity of a digital certificate.
    • A Certificate Authority (CA) issues and signs X.509 certificates.

    Threats and Attacks

    • A buffer overflow is a type of software vulnerability.
    • A man-in-the-middle attack intercepts communications between two parties to steal information.
    • A Trojan is a type of malware that disguises itself as legitimate software.
    • A rogue access point is an unauthorized access point set up to look like a legitimate one.

    System Hardening

    • Linux Malware Detect is a tool used to detect malware on a Linux system.
    • pam_cracklib is a PAM module that checks new passwords against dictionary words and enforces complexity.

    DNS and DNSSEC

    • RRSIG is a DNS record type used in DNSSEC.
    • dnssec-keygen generates DNSSEC keys.

    File Permissions and Access Control

    • Linux file ownership is used to restrict access to files only to their owner.
    • chmod is used to set the permissions of a file in Linux.

    Network Security Tools

    • iptable is used to configure firewall rules.
    • nftables is used to configure packet filtering and classification.

    Let me know if you'd like me to clarify or expand on any of these points!### Virtual Host and SSL

    • The virtual host is used as a fallback default for all clients that do not support SNI.
    • The virtual host is served only on the common name and Subject Alternative.

    Apache HTTPD Configuration

    • To require a client certificate for authentication, use the configuration option SSLVerifyClient require.
    • SSLRequestClientCert is used to request a client certificate, but it does not require one.
    • SSLVerifyClient is used to specify the verification level for client certificates.

    Root CA Certificate

    • A Root CA certificate is a self-signed certificate.
    • It does not include the private key of the CA.
    • It must contain an X509v3 Authority extension.

    Host-Based Intrusion Detection (HID)

    • HID is a system that monitors and detects potential security threats on a single computer or server.
    • Best practice for implementing HID is to configure it to alert security personnel of potential security incidents.

    SELinux Permissions

    • SELinux permissions are verified after standard Linux permissions.
    • SELinux permissions do not override standard Linux permissions.

    Wireshark Capture Filters

    • tcp portrange 10000-15000 is a valid Wireshark capture filter.

    OpenVAS NVT Feed

    • The command openvas-nvt-sync is used to update NVTs from the OpenVAS NVT feed.

    File Permissions

    • The chown command is used to set the owner and group of a file in Linux.
    • The chmod command is used to set the permissions of a file in Linux.

    Executable Files

    • The permission bit that allows a file to be executed is Execute.

    Automation of Host Scans

    • Cron can be used to automate host scans on a Linux system.

    sysctl Command

    • The sysctl command is used to configure kernel parameters.
    • The data that can be altered by the sysctl command is accessible in /proc/sys.

    Access Control Lists

    • The purpose of an access control list (ACL) in Linux is to specify fine-grained permissions for users and groups.

    NFS Configuration

    • Kerberos authentication was added to NFS in version 4.

    OCSP Stapling

    • OCSP stapling is a mechanism that allows a server to provide proof of the revocation status of its own SSL/TLS certificate.

    FreeIPA Server

    • The command ipa-server-install is used to install and configure a new FreeIPA server, including all sub-components, and creates a new FreeIPA domain.

    OpenSSL Commands

    • The command openssl req –new –key private/keypair.pem –out req/csr.pem is used to generate a certificate signing request (CSR) using the already existing private key contained in the file private/keypair.pem.

    Cryptography

    • Cryptography is the art of sending secret messages.

    HID Monitoring

    • HID monitors for unauthorized access attempts.

    Benefits of HID

    • HID provides real-time detection of security incidents.
    • HID allows for quick response to security incidents.
    • HID helps prevent security incidents from occurring.

    Ciphertext and Plaintext

    • Ciphertext is the encrypted message.
    • Plaintext is the original message before encryption.

    Rootkits

    • A rootkit is a type of malware that disguises itself as legitimate software.

    ebtables

    • The command ebtables -t filter -L -v is used to display all ebtables rules contained in the table filter, including their packet and byte counters.

    LDAP and Certificates

    • LDAP is commonly used to transmit X.509 certificates.

    Snort-stat

    • The purpose of the program snort-stat is to read syslog files containing Snort information and generate port scan statistics.

    chkrootkit

    • chkrootkit is a tool used to check for rootkits on a Linux system.

    LUKS Devices

    • The command cryptsetup luksOpen /dev/sda1 crypt-vol is used to map a LUKS device.
    • The command cryptsetup luksDelKey /dev/mapper/crypt-vol 1 is used to delete a key from a LUKS device.

    eCryptfs

    • eCryptfs is a stacked cryptographic filesystem for Linux.
    • For every file in an eCryptfs directory, there exists a corresponding file that contains the encrypted content.

    User Account Management

    • The command chage --maxdays -1 usera is used to disable the automatic password expiry for the user usera.

    TSIG and DNS

    • TSIG authenticates name servers in order to perform secured zone transfers by using a secret key that is shared between the servers.

    FreeIPA Components

    • FreeIPA includes a Kerberos KDC, a Directory Server, and a Public Key Infrastructure.

    DNSSEC

    • DNSSEC is used to provide authentication of DNS data and verify the integrity of DNS data.

    X.509 Certificates

    • An X.509 certificate contains information such as the subject, issuer, validity dates, and public key.
    • A Certificate Revocation List (CRL) is a list of X.509 certificates that have been revoked by a particular CA.

    AppArmor and SELinux

    • AppArmor and SELinux are both Mandatory Access Control (MAC) systems.
    • AppArmor is implemented in user space only, while SELinux is a Linux kernel module.

    Host Intrusion Detection

    • Host intrusion detection (HID) monitors and detects potential security threats on a single computer or server.

    Social Engineering

    • Social engineering is a type of attack that exploits human psychology to gain access to sensitive information.

    AIDE

    • AIDE is a file integrity checker that detects intrusions and system changes.

    DNS over TLS and DNS over HTTPS

    • DNS over TLS and DNS over HTTPS are used to provide secure communication between DNS clients and servers.

    LPIC-3 Security

    Mounting CIFS Shares

    • The uid option of mount.cifs specifies the user that appears as the local owner of the files of a mounted CIFS share when the server does not provide ownership information.

    Security Practices

    • Private keys should be created on the systems where they will be used and should never leave them.
    • Private keys should have a sufficient length for the algorithm used for key generation.
    • Private keys should not be stored as plain text files without encryption.

    DNSSEC

    • NSEC3 is used to prevent zone enumeration.

    Access Control

    • Forcing a file to be executed with the permissions of the file owner is achieved by setting the SetUID bit.
    • The difference between SetUID and SetGID is that SetUID allows a file to be executed with the permissions of the file owner, while SetGID allows a file to be executed with the permissions of the group owner.

    Symmetric and Asymmetric Keys

    • A symmetric key is used for encryption and decryption and is the same for both.
    • An asymmetric key, also known as a key pair, is used for encryption and decryption and is generated in a pair.

    Linux Audit System

    • The ausearch command is used to search and filter the audit log.

    Network Security

    • A honeypot is a network security tool designed to lure attackers into a trap.
    • IP sets group together IP addresses that can be referenced by netfilter rules.

    Authentication and Authorization

    • rkhunter is used to detect rootkits and other security threats.

    Digital Certificates

    • A certificate chain is a sequence of certificates used to verify the authenticity of a digital certificate.
    • A Certificate Authority (CA) issues and signs X.509 certificates.

    Threats and Attacks

    • A buffer overflow is a type of software vulnerability.
    • A man-in-the-middle attack intercepts communications between two parties to steal information.
    • A Trojan is a type of malware that disguises itself as legitimate software.
    • A rogue access point is an unauthorized access point set up to look like a legitimate one.

    System Hardening

    • Linux Malware Detect is a tool used to detect malware on a Linux system.
    • pam_cracklib is a PAM module that checks new passwords against dictionary words and enforces complexity.

    DNS and DNSSEC

    • RRSIG is a DNS record type used in DNSSEC.
    • dnssec-keygen generates DNSSEC keys.

    File Permissions and Access Control

    • Linux file ownership is used to restrict access to files only to their owner.
    • chmod is used to set the permissions of a file in Linux.

    Network Security Tools

    • iptable is used to configure firewall rules.
    • nftables is used to configure packet filtering and classification.

    Let me know if you'd like me to clarify or expand on any of these points!### Virtual Host and SSL

    • The virtual host is used as a fallback default for all clients that do not support SNI.
    • The virtual host is served only on the common name and Subject Alternative.

    Apache HTTPD Configuration

    • To require a client certificate for authentication, use the configuration option SSLVerifyClient require.
    • SSLRequestClientCert is used to request a client certificate, but it does not require one.
    • SSLVerifyClient is used to specify the verification level for client certificates.

    Root CA Certificate

    • A Root CA certificate is a self-signed certificate.
    • It does not include the private key of the CA.
    • It must contain an X509v3 Authority extension.

    Host-Based Intrusion Detection (HID)

    • HID is a system that monitors and detects potential security threats on a single computer or server.
    • Best practice for implementing HID is to configure it to alert security personnel of potential security incidents.

    SELinux Permissions

    • SELinux permissions are verified after standard Linux permissions.
    • SELinux permissions do not override standard Linux permissions.

    Wireshark Capture Filters

    • tcp portrange 10000-15000 is a valid Wireshark capture filter.

    OpenVAS NVT Feed

    • The command openvas-nvt-sync is used to update NVTs from the OpenVAS NVT feed.

    File Permissions

    • The chown command is used to set the owner and group of a file in Linux.
    • The chmod command is used to set the permissions of a file in Linux.

    Executable Files

    • The permission bit that allows a file to be executed is Execute.

    Automation of Host Scans

    • Cron can be used to automate host scans on a Linux system.

    sysctl Command

    • The sysctl command is used to configure kernel parameters.
    • The data that can be altered by the sysctl command is accessible in /proc/sys.

    Access Control Lists

    • The purpose of an access control list (ACL) in Linux is to specify fine-grained permissions for users and groups.

    NFS Configuration

    • Kerberos authentication was added to NFS in version 4.

    OCSP Stapling

    • OCSP stapling is a mechanism that allows a server to provide proof of the revocation status of its own SSL/TLS certificate.

    FreeIPA Server

    • The command ipa-server-install is used to install and configure a new FreeIPA server, including all sub-components, and creates a new FreeIPA domain.

    OpenSSL Commands

    • The command openssl req –new –key private/keypair.pem –out req/csr.pem is used to generate a certificate signing request (CSR) using the already existing private key contained in the file private/keypair.pem.

    Cryptography

    • Cryptography is the art of sending secret messages.

    HID Monitoring

    • HID monitors for unauthorized access attempts.

    Benefits of HID

    • HID provides real-time detection of security incidents.
    • HID allows for quick response to security incidents.
    • HID helps prevent security incidents from occurring.

    Ciphertext and Plaintext

    • Ciphertext is the encrypted message.
    • Plaintext is the original message before encryption.

    Rootkits

    • A rootkit is a type of malware that disguises itself as legitimate software.

    ebtables

    • The command ebtables -t filter -L -v is used to display all ebtables rules contained in the table filter, including their packet and byte counters.

    LDAP and Certificates

    • LDAP is commonly used to transmit X.509 certificates.

    Snort-stat

    • The purpose of the program snort-stat is to read syslog files containing Snort information and generate port scan statistics.

    chkrootkit

    • chkrootkit is a tool used to check for rootkits on a Linux system.

    LUKS Devices

    • The command cryptsetup luksOpen /dev/sda1 crypt-vol is used to map a LUKS device.
    • The command cryptsetup luksDelKey /dev/mapper/crypt-vol 1 is used to delete a key from a LUKS device.

    eCryptfs

    • eCryptfs is a stacked cryptographic filesystem for Linux.
    • For every file in an eCryptfs directory, there exists a corresponding file that contains the encrypted content.

    User Account Management

    • The command chage --maxdays -1 usera is used to disable the automatic password expiry for the user usera.

    TSIG and DNS

    • TSIG authenticates name servers in order to perform secured zone transfers by using a secret key that is shared between the servers.

    FreeIPA Components

    • FreeIPA includes a Kerberos KDC, a Directory Server, and a Public Key Infrastructure.

    DNSSEC

    • DNSSEC is used to provide authentication of DNS data and verify the integrity of DNS data.

    X.509 Certificates

    • An X.509 certificate contains information such as the subject, issuer, validity dates, and public key.
    • A Certificate Revocation List (CRL) is a list of X.509 certificates that have been revoked by a particular CA.

    AppArmor and SELinux

    • AppArmor and SELinux are both Mandatory Access Control (MAC) systems.
    • AppArmor is implemented in user space only, while SELinux is a Linux kernel module.

    Host Intrusion Detection

    • Host intrusion detection (HID) monitors and detects potential security threats on a single computer or server.

    Social Engineering

    • Social engineering is a type of attack that exploits human psychology to gain access to sensitive information.

    AIDE

    • AIDE is a file integrity checker that detects intrusions and system changes.

    DNS over TLS and DNS over HTTPS

    • DNS over TLS and DNS over HTTPS are used to provide secure communication between DNS clients and servers.

    Network Monitoring

    • It monitors remote hosts by periodically sending echo requests to them.

    Asymmetric Keys

    • An asymmetric key is a key used for both encryption and decryption that is generated in a pair.

    HID Techniques

    • Anomaly-based detection is a behavioral-based HID technique.

    File Permissions

    • The command setfacl is used to set access control lists (ACLs) on files.
    • The command setfattr is used to set extended attributes on files.
    • The command getfacl is used to view the access control list of a file.

    DNS

    • The PTR record is used to map an IP address to a hostname.
    • The DNSKEY record is used to sign a DNS zone in DNSSEC.

    Security

    • Phishing is a type of social engineering attack.
    • Social engineering is a type of attack that aims to deceive individuals into divulging sensitive information.

    Access Control

    • Mandatory Access Control (MAC) is an access control model established by using SELinux.

    VPNs

    • The --mlock option of the openvpn command is used to ensure that ephemeral keys are not written to the swap space.

    Linux File Attributes

    • Linux Extended File Attributes are organized in namespaces, including system, trusted, and user.

    Nmap Scan Techniques

    • Existing scan techniques with nmap include Xmas Scan and FIN Scan.

    User Management

    • The ipa user-add command is used to add a new user to FreeIPA.

    Security Threats

    • A man-in-the-middle attack is an attack that intercepts communications between two parties to steal information.
    • A Certificate Revocation List (CRL) is a list of X.509 certificates that have been revoked by a particular CA.
    • Host intrusion detection (HID) is a system that monitors and detects potential security threats on a single computer or server.
    • AIDE is used to detect intrusions and system changes.

    Network Monitoring

    • It monitors remote hosts by periodically sending echo requests to them.

    Asymmetric Keys

    • An asymmetric key is a key used for both encryption and decryption that is generated in a pair.

    HID Techniques

    • Anomaly-based detection is a behavioral-based HID technique.

    File Permissions

    • The command setfacl is used to set access control lists (ACLs) on files.
    • The command setfattr is used to set extended attributes on files.
    • The command getfacl is used to view the access control list of a file.

    DNS

    • The PTR record is used to map an IP address to a hostname.
    • The DNSKEY record is used to sign a DNS zone in DNSSEC.

    Security

    • Phishing is a type of social engineering attack.
    • Social engineering is a type of attack that aims to deceive individuals into divulging sensitive information.

    Access Control

    • Mandatory Access Control (MAC) is an access control model established by using SELinux.

    VPNs

    • The --mlock option of the openvpn command is used to ensure that ephemeral keys are not written to the swap space.

    Linux File Attributes

    • Linux Extended File Attributes are organized in namespaces, including system, trusted, and user.

    Nmap Scan Techniques

    • Existing scan techniques with nmap include Xmas Scan and FIN Scan.

    User Management

    • The ipa user-add command is used to add a new user to FreeIPA.

    Security Threats

    • A man-in-the-middle attack is an attack that intercepts communications between two parties to steal information.
    • A Certificate Revocation List (CRL) is a list of X.509 certificates that have been revoked by a particular CA.
    • Host intrusion detection (HID) is a system that monitors and detects potential security threats on a single computer or server.
    • AIDE is used to detect intrusions and system changes.

    Network Monitoring

    • It monitors remote hosts by periodically sending echo requests to them.

    Asymmetric Keys

    • An asymmetric key is a key used for both encryption and decryption that is generated in a pair.

    HID Techniques

    • Anomaly-based detection is a behavioral-based HID technique.

    File Permissions

    • The command setfacl is used to set access control lists (ACLs) on files.
    • The command setfattr is used to set extended attributes on files.
    • The command getfacl is used to view the access control list of a file.

    DNS

    • The PTR record is used to map an IP address to a hostname.
    • The DNSKEY record is used to sign a DNS zone in DNSSEC.

    Security

    • Phishing is a type of social engineering attack.
    • Social engineering is a type of attack that aims to deceive individuals into divulging sensitive information.

    Access Control

    • Mandatory Access Control (MAC) is an access control model established by using SELinux.

    VPNs

    • The --mlock option of the openvpn command is used to ensure that ephemeral keys are not written to the swap space.

    Linux File Attributes

    • Linux Extended File Attributes are organized in namespaces, including system, trusted, and user.

    Nmap Scan Techniques

    • Existing scan techniques with nmap include Xmas Scan and FIN Scan.

    User Management

    • The ipa user-add command is used to add a new user to FreeIPA.

    Security Threats

    • A man-in-the-middle attack is an attack that intercepts communications between two parties to steal information.
    • A Certificate Revocation List (CRL) is a list of X.509 certificates that have been revoked by a particular CA.
    • Host intrusion detection (HID) is a system that monitors and detects potential security threats on a single computer or server.
    • AIDE is used to detect intrusions and system changes.

    Studying That Suits You

    Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

    Quiz Team

    Related Documents

    303-300-1.pdf

    Description

    Practice questions for the LPIC-3 Security certification exam, covering various security topics and Linux system administration.

    More Like This

    LPIC-3 Security Exam Questions
    59 questions
    LPIC-3 Security Exam
    36 questions

    LPIC-3 Security Exam

    MagnificentZeal avatar
    MagnificentZeal
    LPIC-3 Security Exam Questions
    19 questions
    LPIC-3 Security Exam
    28 questions

    LPIC-3 Security Exam

    MagnificentZeal avatar
    MagnificentZeal
    Use Quizgecko on...
    Browser
    Browser