LPIC-3 Security Exam Questions
147 Questions
13 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to Lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What is the purpose of rkhunter?

  • To manage system log files
  • To automate host scans
  • To detect rootkits and other security threats (correct)
  • To manage installed packages

What is a certificate chain?

  • A sequence of certificates used to verify the authenticity of a digital certificate (correct)
  • A sequence of public and private keys used for encryption and decryption
  • A chain of public and private keys used for encryption and decryption
  • A chain of digital signatures used to verify the authenticity of a certificate

What is a Trojan?

  • A type of virus
  • A type of denial-of-service attack
  • A type of malware that disguises itself as legitimate software (correct)
  • A type of phishing scam

What is a rogue access point?

<p>An unauthorized access point that is set up to look like a legitimate one (C)</p> Signup and view all the answers

The purpose of a TLSA record in DANE is to provide information about a TLS server.

<p>False (B)</p> Signup and view all the answers

How are SELinux permissions related to standard Linux permissions?

<p>SELinux permissions override standard Linux permissions</p> Signup and view all the answers

What option of mount.cifs specifies the user that appears as the local owner of the files of a mounted CIFS share when the server does not provide ownership information?

<p>uid</p> Signup and view all the answers

Which of the following practices are important for the security of private keys? (Choose TWO correct answers)

<p>Private keys should have a sufficient length for the algorithm used for key generation. (C), Private keys should be included in X509 certificates. (D)</p> Signup and view all the answers

What is the purpose of NSEC3 in DNSSEC?

<p>To prevent zone enumeration (B)</p> Signup and view all the answers

Which command is used to run a new shell for a user changing the SELinux context?

<p>newrole</p> Signup and view all the answers

Which file is used to configure AIDE?

<p>/etc/aide/aide.conf (B)</p> Signup and view all the answers

Which of the following statements describes the purpose of ndpmon?

<p>It monitors the network for neighbor discovery messages from new IPv6 hosts and routers. (C)</p> Signup and view all the answers

What is an asymmetric key?

<p>A key used for both encryption and decryption that is generated in a pair (B)</p> Signup and view all the answers

Which of the following is an example of a behavioral-based HID technique?

<p>Anomaly-based detection (C)</p> Signup and view all the answers

Which command revokes ACL-based write access for groups and named users on the file afile?

<p>setfacl ~m mask: : rx afile</p> Signup and view all the answers

Which command is used to set an extended attribute on a file in Linux?

<p>setfattr (C)</p> Signup and view all the answers

Determine whether the given solution is correct?

<p>Correct (B)</p> Signup and view all the answers

Which of the following openssl commands generates a certificate signing request (CSR) using the already existing private key contained in the file private/keypair.pem?

<p>openssl req – new -key private/keypair.pem –out req/csr.pem (A)</p> Signup and view all the answers

What is Cryptography?

<p>The art of sending secret messages (A)</p> Signup and view all the answers

What type of activity does HID monitor for?

<p>Unauthorized access attempts (D)</p> Signup and view all the answers

Which of the following is NOT a benefit of using HID?

<p>Provides automatic removal of detected threats (C)</p> Signup and view all the answers

What is a ciphertext?

<p>The encrypted message (D)</p> Signup and view all the answers

What is a rootkit?

<p>A type of malware that disguises itself as legitimate software (C)</p> Signup and view all the answers

Which of the following commands defines an audit rule that monitors read and write operations to the file '/etc/firewall/rules' and associates the rule with the name 'firewall'?

<p>auditctl –w /etc/firewall/rules –p rw –k firewall (A)</p> Signup and view all the answers

What is a plaintext?

<p>The original message before encryption (C)</p> Signup and view all the answers

Which protocol is commonly used to transmit X.509 certificates?

<p>LDAP (B)</p> Signup and view all the answers

What option of mount.cifs specifies the user that appears as the local owner of the files of a mounted CIFS share when the server does not provide ownership information?

<p>uid</p> Signup and view all the answers

Which of the following practices are important for the security of private keys? (Choose TWO correct answers.)

<p>Private keys should have a sufficient length for the algorithm used for key generation. (D), Private keys should be included in X509 certificates. (E)</p> Signup and view all the answers

What is the purpose of NSEC3 in DNSSEC?

<p>To prevent zone enumeration (C)</p> Signup and view all the answers

Which command is used to run a new shell for a user changing the SELinux context?

<p>newrole</p> Signup and view all the answers

Which file is used to configure AIDE?

<p>/etc/aide/aide.conf (C)</p> Signup and view all the answers

Which of the following statements describes the purpose of ndpmon?

<p>It monitors the network for neighbor discovery messages from new IPv6 hosts and routers. (B)</p> Signup and view all the answers

What is an asymmetric key?

<p>A key used for both encryption and decryption that is generated in a pair (B)</p> Signup and view all the answers

Which of the following is an example of a behavioral-based HID technique?

<p>Anomaly-based detection (B)</p> Signup and view all the answers

Which command revokes ACL-based write access for groups and named users on the file afile?

<p>setfacl ~m mask: : rx afile</p> Signup and view all the answers

Which command is used to set an extended attribute on a file in Linux?

<p>setfattr (D)</p> Signup and view all the answers

When OpenVPN sends a control packet to its peer, it expects an acknowledgement in 2 seconds by default. Which of the following options changes the timeout period to 5 seconds?

<p>-- tls-timeout 5 (C)</p> Signup and view all the answers

Which permission bit allows a user to delete a file?

<p>Write (D)</p> Signup and view all the answers

What is the purpose of rkhunter?

<p>To detect rootkits and other security threats (A)</p> Signup and view all the answers

What is a certificate chain?

<p>A sequence of certificates used to verify the authenticity of a digital certificate (D)</p> Signup and view all the answers

Which of the following commands changes the source IP address to 192.0.2.11 for all IPv4 packets which go through the network interface eth0?

<p>iptables ~t nat ~A POSTROUTING ~o eth0 <del>j SNAT --to</del>source 192.0.2.11 (C)</p> Signup and view all the answers

Which statement is used in a parameter file for setkey to create a new SPD entry?

<p>spdadd (C)</p> Signup and view all the answers

Which methods can be used to deactivate a rule in Snort? (Choose TWO correct answers.)

<p>By placing a pass rule in local.rules and restarting Snort. (A), By placing a # in front of the rule and restarting Snort. (B)</p> Signup and view all the answers

Which command adds users using SSSD's local service?

<p>sss_useradd (C)</p> Signup and view all the answers

Which DNS records are used in DNSSEC?

<p>RRSIG (C)</p> Signup and view all the answers

What is the purpose of a Certificate Authority (CA)?

<p>To issue and sign X.509 certificates (A)</p> Signup and view all the answers

Is the command 'ipa-server-install' a correct solution?

<p>Correct (A)</p> Signup and view all the answers

Which of the following openssl commands generates a certificate signing request (CSR) using the already existing private key?

<p>openssl req – new -key private/keypair.pem –out req/csr.pem (D)</p> Signup and view all the answers

What is Cryptography?

<p>The art of sending secret messages (D)</p> Signup and view all the answers

Which type of activity does HID monitor for?

<p>Unauthorized access attempts (B)</p> Signup and view all the answers

Which of the following is NOT a benefit of using HID?

<p>Provides automatic removal of detected threats (C)</p> Signup and view all the answers

What is a ciphertext?

<p>The encrypted message (B)</p> Signup and view all the answers

Which of the following commands defines an audit rule that monitors read and write operations to a specified file?

<p>auditctl –w /etc/firewall/rules –p rw –k firewall (A)</p> Signup and view all the answers

What is a rootkit?

<p>A type of malware that disguises itself as legitimate software (C)</p> Signup and view all the answers

Which of the following commands displays all ebtable rules contained in a specified table?

<p>ebtables -t filter –L --Lc (A)</p> Signup and view all the answers

What is a plaintext?

<p>The original message before encryption (B)</p> Signup and view all the answers

Which protocol is commonly used to transmit X.509 certificates?

<p>LDAP (A)</p> Signup and view all the answers

What is the purpose of the program snort-stat?

<p>It reads syslog files containing Snort information and generates port scan statistics. (E)</p> Signup and view all the answers

Which tool can be used to check for rootkits on a Linux system?

<p>chkrootkit (C)</p> Signup and view all the answers

What is the purpose of rkhunter?

<p>To detect rootkits and other security threats (C)</p> Signup and view all the answers

What is a certificate chain?

<p>A sequence of certificates used to verify the authenticity of a digital certificate (B)</p> Signup and view all the answers

Which permission bit allows a user to delete a file?

<p>Write</p> Signup and view all the answers

Which of the following DNS records are used in DNSSEC?

<p>RRSIG (A)</p> Signup and view all the answers

What is the purpose of a Certificate Authority (CA)?

<p>To issue and sign X.509 certificates (A)</p> Signup and view all the answers

What option of mount.cifs specifies the user that appears as the local owner of the files of a mounted CIFS share when the server does not provide ownership information?

<p>uid</p> Signup and view all the answers

Which of the following practices are important for the security of private keys? (Choose TWO correct answers.)

<p>Private keys should be included in X509 certificates. (C), Private keys should have a sufficient length for the algorithm used for key generation. (D)</p> Signup and view all the answers

What is the purpose of NSEC3 in DNSSEC?

<p>To prevent zone enumeration (B)</p> Signup and view all the answers

Which command is used to run a new shell for a user changing the SELinux context?

<p>newrole</p> Signup and view all the answers

Which file is used to configure AIDE?

<p>/etc/aide/aide.conf (D)</p> Signup and view all the answers

What is an asymmetric key?

<p>A key used for both encryption and decryption that is generated in a pair (B)</p> Signup and view all the answers

Which of the following is an example of a behavioral-based HID technique?

<p>Anomaly-based detection (A)</p> Signup and view all the answers

Which command revokes ACL-based write access for groups and named users on the file afile?

<p>setfacl ~m mask: : rx afile</p> Signup and view all the answers

Which command is used to set an extended attribute on a file in Linux?

<p>setfattr (C)</p> Signup and view all the answers

Which option in an Apache HTTPD configuration file enables OCSP stapling?

<p>False (B)</p> Signup and view all the answers

Determine whether the given solution is correct?

<p>Correct (B)</p> Signup and view all the answers

What type of attack is phishing?

<p>A type of social engineering attack (C)</p> Signup and view all the answers

What is the purpose of a Certificate Revocation List (CRL)?

<p>A list of X.509 certificates that have been revoked by a particular CA (A)</p> Signup and view all the answers

What type of record is used to map an IP address to a hostname?

<p>PTR (C)</p> Signup and view all the answers

What is the purpose of AIDE?

<p>To detect intrusions and system changes (A)</p> Signup and view all the answers

What is host intrusion detection (HID)?

<p>A system that monitors and detects potential security threats on a single computer or server (D)</p> Signup and view all the answers

What is the purpose of a DNSKEY record in DNSSEC?

<p>To sign a DNS zone (C)</p> Signup and view all the answers

What is social engineering?

<p>A type of psychological manipulation (D)</p> Signup and view all the answers

What is the purpose of an RRSIG record in DNSSEC?

<p>To sign a DNS zone (D)</p> Signup and view all the answers

What is the primary function of ndpmon?

<p>To monitor remote hosts by periodically sending echo requests (D)</p> Signup and view all the answers

What type of key is used for both encryption and decryption that is generated in a pair?

<p>Asymmetric key (D)</p> Signup and view all the answers

What is an example of a behavioral-based HID technique?

<p>Anomaly-based detection (B)</p> Signup and view all the answers

Which command is used to set an extended attribute on a file in Linux?

<p>setfattr (A)</p> Signup and view all the answers

Which option in an Apache HTTPD configuration file enables OCSP stapling?

<p>ssl-ocsp.conf (D)</p> Signup and view all the answers

Which of the following database names can be used within a Name Service Switch (NSS) configuration file?

<p>all of the above (D)</p> Signup and view all the answers

What type of access control model is established by using SELinux?

<p>Mandatory Access Control (MAC) (D)</p> Signup and view all the answers

Which command revokes ACL-based write access for groups and named users on the file afile?

<p>setfacl ~m mask: : rx afile (B)</p> Signup and view all the answers

What is the purpose of OCSP stapling?

<p>To provide information about a TLS server (D)</p> Signup and view all the answers

Which option of the openvpn command should be used to ensure that ephemeral keys are not written to the swap space?

<p>--mlock (B)</p> Signup and view all the answers

Which command is used to view the access control list of a file?

<p>getfacl (C)</p> Signup and view all the answers

What is a man-in-the-middle attack?

<p>An attack that intercepts communications between two parties to steal information (C)</p> Signup and view all the answers

Which of the following names correspond to existing attribute namespaces?

<p>system, trusted, user (A)</p> Signup and view all the answers

Which of the following scan techniques is used with nmap?

<p>Xmas Scan, FIN Scan (B)</p> Signup and view all the answers

Which command is used to add a new user to FreeIPA?

<p>ipa user-add usera --first User --last A (A)</p> Signup and view all the answers

Which of the following is a Linux Extended File Attribute namespace?

<p>trusted (B)</p> Signup and view all the answers

What is the primary purpose of a DNSKEY record in DNSSEC?

<p>To sign a DNS zone (D)</p> Signup and view all the answers

A Certificate Revocation List (CRL) is a list of X.509 certificates that have been issued by a particular CA.

<p>False (B)</p> Signup and view all the answers

What is the purpose of AIDE?

<p>AIDE is used to detect intrusions and system changes.</p> Signup and view all the answers

The DNS record used to map an IP address to a hostname is the _______________________ record.

<p>PTR</p> Signup and view all the answers

Match the following security threats with their definitions:

<p>Phishing = A type of attack where an attacker tricks a user into revealing sensitive information Social Engineering = A type of attack where an attacker tricks a user into revealing sensitive information Malware = A type of virus</p> Signup and view all the answers

What is the purpose of NSEC3 in DNSSEC?

<p>To prevent DNS zone enumeration (D)</p> Signup and view all the answers

Host intrusion detection (HID) is a system that detects malicious traffic on a network.

<p>False (B)</p> Signup and view all the answers

What is the purpose of a Certificate Authority (CA)?

<p>A Certificate Authority (CA) is used to issue and manage digital certificates.</p> Signup and view all the answers

What is the purpose of ndpmon?

<p>Monitor log files for failed login attempts in order to block traffic from offending network nodes (A)</p> Signup and view all the answers

A key used for encryption and decryption that is the same is an asymmetric key.

<p>False (B)</p> Signup and view all the answers

What is the command to set an extended attribute on a file in Linux?

<p>setfattr</p> Signup and view all the answers

The _______________ option in an Apache HTTPD configuration file enables OCSP stapling.

<p>SSLUseStapling</p> Signup and view all the answers

Which of the following database names can be used within a Name Service Switch (NSS) configuration file?

<p>passwd (A), host (B), shadow (C)</p> Signup and view all the answers

Match the following HID techniques with their descriptions:

<p>Signature-based detection = A technique that uses predefined patterns to identify malware Anomaly-based detection = A technique that identifies malware based on its behavior Heuristic-based detection = A technique that uses rules and algorithms to identify malware Rule-based detection = A technique that uses predefined rules to identify malware</p> Signup and view all the answers

The setfacl command is used to revoke ACL-based write access for groups and named users on a file.

<p>False (B)</p> Signup and view all the answers

What is an example of a behavioral-based HID technique?

<p>Anomaly-based detection</p> Signup and view all the answers

Which of the following access control models is established by using SELinux?

<p>Mandatory Access Control (MAC) (B)</p> Signup and view all the answers

The openssl command 'req -new -x509 -nodes -keyout private/keypair.pem -out cert.csr' generates a certificate signing request (CSR) using a new private key.

<p>False (B)</p> Signup and view all the answers

What is a man-in-the-middle attack?

<p>An attack that intercepts communications between two parties to steal information</p> Signup and view all the answers

The option '--mlock' of the openvpn command should be used to ensure that _______________________ keys are not written to the swap space.

<p>ephemeral</p> Signup and view all the answers

Match the following Linux file attributes with their corresponding namespaces:

<p>default = A system = B owner = C user = D trusted = E</p> Signup and view all the answers

The command 'setfacl' is used to view the access control list of a file.

<p>False (B)</p> Signup and view all the answers

Which command is used to add a new user 'usera' to FreeIPA?

<p>ipa user-add usera --first User --last A</p> Signup and view all the answers

Which of the following options of the openvpn command should be used to change the timeout period to 5 seconds?

<p>--ping-restart (C)</p> Signup and view all the answers

What is the purpose of ndpmon?

<p>To monitor log files for failed login attempts in order to block traffic from offending network nodes (A)</p> Signup and view all the answers

What is an asymmetric key?

<p>A key used for both encryption and decryption that is generated in a pair (A)</p> Signup and view all the answers

Which of the following is an example of a behavioral-based HID technique?

<p>Anomaly-based detection (A)</p> Signup and view all the answers

Which command revokes ACL-based write access for groups and named users on the file afile?

<p>setfacl ~m mask: : rx afile (D)</p> Signup and view all the answers

Which command is used to set an extended attribute on a file in Linux?

<p>setfattr (B)</p> Signup and view all the answers

Which option in an Apache HTTPD configuration file enables OCSP stapling?

<p>httpd-ssl.conf (C)</p> Signup and view all the answers

Which of the following database names can be used within a Name Service Switch (NSS) configuration file?

<p>All of the above (D)</p> Signup and view all the answers

What is the purpose of a Certificate Authority (CA)?

<p>To issue digital certificates (A)</p> Signup and view all the answers

What is the purpose of a DNSKEY record in DNSSEC?

<p>To sign a DNS zone (C)</p> Signup and view all the answers

What is phishing?

<p>A type of social engineering attack (C)</p> Signup and view all the answers

What is the purpose of AIDE?

<p>To detect intrusions and system changes (A)</p> Signup and view all the answers

What is host intrusion detection (HID)?

<p>A system that monitors and detects potential security threats on a single computer or server (D)</p> Signup and view all the answers

What is a Certificate Revocation List (CRL)?

<p>A list of X.509 certificates that have been revoked by a particular CA (A)</p> Signup and view all the answers

Which of the following DNS records is used to map an IP address to a hostname?

<p>PTR (A)</p> Signup and view all the answers

What is social engineering?

<p>A type of attack that manipulates individuals into revealing sensitive information (B)</p> Signup and view all the answers

Which of the following is used to verify the authenticity of a DNS query?

<p>RRSIG record (D)</p> Signup and view all the answers

Which access control model is established by using SELinux?

<p>Mandatory Access Control (MAC) (D)</p> Signup and view all the answers

What is the purpose of the '--mlock' option in OpenVPN?

<p>To ensure ephemeral keys are not written to the swap space (C)</p> Signup and view all the answers

Which of the following is an example of a scan technique in nmap?

<p>Xmas Scan (A)</p> Signup and view all the answers

What is a man-in-the-middle attack?

<p>An attack that intercepts communications between two parties to steal information (C)</p> Signup and view all the answers

Which command is used to view the access control list of a file?

<p>getfacl (C)</p> Signup and view all the answers

Which of the following Linux Extended File Attributes are organized into namespaces?

<p>System, Trusted, and User (C)</p> Signup and view all the answers

What is the purpose of the 'ipa user-add' command?

<p>To add a new user to FreeIPA (D)</p> Signup and view all the answers

Which of the following is a benefit of using Host-based Intrusion Detection (HID)?

<p>Real-time detection of malicious activity (A)</p> Signup and view all the answers

Flashcards

What is a honeypot?

A security tool designed to lure attackers into a trap, often resembling a vulnerable system.

What is Host Intrusion Detection (HID)?

A system that monitors and detects potential security threats on a single computer or server.

What is the ausearch command?

The command used to search and filter the audit log in the Linux Audit System.

What is chkrootkit?

A tool used to check for rootkits on a Linux system.

Signup and view all the flashcards

Where should private keys be created?

A security practice that involves creating private keys on the systems where they will be used and never leaving those systems.

Signup and view all the flashcards

What is eCryptfs?

A stacked cryptographic filesystem for Linux that encrypts data on a per-file basis.

Signup and view all the flashcards

What is OCSP Stapling?

A method that allows a server to provide proof of the revocation status of its own SSL/TLS certificate, streamlining the validation process.

Signup and view all the flashcards

What is phishing?

A type of social engineering attack that aims to deceive individuals into divulging sensitive information by impersonating a trustworthy entity.

Signup and view all the flashcards

What is social engineering?

A type of attack that exploits human psychology to gain access to sensitive information through manipulation or deception.

Signup and view all the flashcards

What is iptables?

The command used to configure firewall rules in Linux.

Signup and view all the flashcards

What is TSIG in DNS?

A process that is used to authenticate name servers in order to perform secured zone transfers by using a shared secret key.

Signup and view all the flashcards

What is dnssec-keygen?

The command used to generate DNSSEC keys.

Signup and view all the flashcards

Where can you alter the sysctl data?

The file that contains the data that can be altered by the sysctl command in the sys directory.

Signup and view all the flashcards

What does HID monitoring do?

It monitors for unauthorized access attempts and helps detect security threats.

Signup and view all the flashcards

What is Mandatory Access Control (MAC)?

A type of access control model where permissions are enforced based on predefined rules set by the system.

Signup and view all the flashcards

What is DNS over HTTPS (DoH)?

A network security tool designed to provide secure communication between DNS clients and servers.

Signup and view all the flashcards

What is the SetUID bit?

A method that forces a file to be executed with the permissions of the file owner.

Signup and view all the flashcards

What is the command used to map a LUKS device?

A command used to map a LUKS device in Linux.

Signup and view all the flashcards

What is a Certificate Revocation List (CRL)?

A list of X.509 certificates that have been revoked by a particular CA.

Signup and view all the flashcards

What is the command to view ebtables rules?

The command used to display all ebtables rules.

Signup and view all the flashcards

What is the setfattr command?

The command used to set extended attributes on files in Linux.

Signup and view all the flashcards

What is the chage command?

A command used to disable the automatic password expiry for a user

Signup and view all the flashcards

What is a DNSKEY record?

It's a DNS record type used in DNSSEC that provides authentication of DNS data.

Signup and view all the flashcards

What is an anomaly-based detection technique?

Anomaly-based detection is a behavioral-based HID technique that monitors patterns and deviations from normal behavior to identify potential security threats.

Signup and view all the flashcards

What is the ipa user-add command?

The command used to add a new user to FreeIPA.

Signup and view all the flashcards

What is a rootkit?

A security measure that prevents malicious users from accessing a system's root permissions by disguising itself as legitimate software.

Signup and view all the flashcards

What is system hardening?

A security practice that aims to protect a computer system by hardening its configuration and security settings to make it more resistant to attacks.

Signup and view all the flashcards

What is the --mlock option for OpenVPN?

The option that allows a user to configure OpenVPN to ensure that ephemeral keys are not written to the swap space.

Signup and view all the flashcards

What is a symmetric key?

A cryptographic system that uses the same key for both encryption and decryption.

Signup and view all the flashcards

Study Notes

LPIC-3 Security

Mounting CIFS Shares

  • The uid option of mount.cifs specifies the user that appears as the local owner of the files of a mounted CIFS share when the server does not provide ownership information.

Security Practices

  • Private keys should be created on the systems where they will be used and should never leave them.
  • Private keys should have a sufficient length for the algorithm used for key generation.
  • Private keys should not be stored as plain text files without encryption.

DNSSEC

  • NSEC3 is used to prevent zone enumeration.

Access Control

  • Forcing a file to be executed with the permissions of the file owner is achieved by setting the SetUID bit.
  • The difference between SetUID and SetGID is that SetUID allows a file to be executed with the permissions of the file owner, while SetGID allows a file to be executed with the permissions of the group owner.

Symmetric and Asymmetric Keys

  • A symmetric key is used for encryption and decryption and is the same for both.
  • An asymmetric key, also known as a key pair, is used for encryption and decryption and is generated in a pair.

Linux Audit System

  • The ausearch command is used to search and filter the audit log.

Network Security

  • A honeypot is a network security tool designed to lure attackers into a trap.
  • IP sets group together IP addresses that can be referenced by netfilter rules.

Authentication and Authorization

  • rkhunter is used to detect rootkits and other security threats.

Digital Certificates

  • A certificate chain is a sequence of certificates used to verify the authenticity of a digital certificate.
  • A Certificate Authority (CA) issues and signs X.509 certificates.

Threats and Attacks

  • A buffer overflow is a type of software vulnerability.
  • A man-in-the-middle attack intercepts communications between two parties to steal information.
  • A Trojan is a type of malware that disguises itself as legitimate software.
  • A rogue access point is an unauthorized access point set up to look like a legitimate one.

System Hardening

  • Linux Malware Detect is a tool used to detect malware on a Linux system.
  • pam_cracklib is a PAM module that checks new passwords against dictionary words and enforces complexity.

DNS and DNSSEC

  • RRSIG is a DNS record type used in DNSSEC.
  • dnssec-keygen generates DNSSEC keys.

File Permissions and Access Control

  • Linux file ownership is used to restrict access to files only to their owner.
  • chmod is used to set the permissions of a file in Linux.

Network Security Tools

  • iptable is used to configure firewall rules.
  • nftables is used to configure packet filtering and classification.

Let me know if you'd like me to clarify or expand on any of these points!### Virtual Host and SSL

  • The virtual host is used as a fallback default for all clients that do not support SNI.
  • The virtual host is served only on the common name and Subject Alternative.

Apache HTTPD Configuration

  • To require a client certificate for authentication, use the configuration option SSLVerifyClient require.
  • SSLRequestClientCert is used to request a client certificate, but it does not require one.
  • SSLVerifyClient is used to specify the verification level for client certificates.

Root CA Certificate

  • A Root CA certificate is a self-signed certificate.
  • It does not include the private key of the CA.
  • It must contain an X509v3 Authority extension.

Host-Based Intrusion Detection (HID)

  • HID is a system that monitors and detects potential security threats on a single computer or server.
  • Best practice for implementing HID is to configure it to alert security personnel of potential security incidents.

SELinux Permissions

  • SELinux permissions are verified after standard Linux permissions.
  • SELinux permissions do not override standard Linux permissions.

Wireshark Capture Filters

  • tcp portrange 10000-15000 is a valid Wireshark capture filter.

OpenVAS NVT Feed

  • The command openvas-nvt-sync is used to update NVTs from the OpenVAS NVT feed.

File Permissions

  • The chown command is used to set the owner and group of a file in Linux.
  • The chmod command is used to set the permissions of a file in Linux.

Executable Files

  • The permission bit that allows a file to be executed is Execute.

Automation of Host Scans

  • Cron can be used to automate host scans on a Linux system.

sysctl Command

  • The sysctl command is used to configure kernel parameters.
  • The data that can be altered by the sysctl command is accessible in /proc/sys.

Access Control Lists

  • The purpose of an access control list (ACL) in Linux is to specify fine-grained permissions for users and groups.

NFS Configuration

  • Kerberos authentication was added to NFS in version 4.

OCSP Stapling

  • OCSP stapling is a mechanism that allows a server to provide proof of the revocation status of its own SSL/TLS certificate.

FreeIPA Server

  • The command ipa-server-install is used to install and configure a new FreeIPA server, including all sub-components, and creates a new FreeIPA domain.

OpenSSL Commands

  • The command openssl req –new –key private/keypair.pem –out req/csr.pem is used to generate a certificate signing request (CSR) using the already existing private key contained in the file private/keypair.pem.

Cryptography

  • Cryptography is the art of sending secret messages.

HID Monitoring

  • HID monitors for unauthorized access attempts.

Benefits of HID

  • HID provides real-time detection of security incidents.
  • HID allows for quick response to security incidents.
  • HID helps prevent security incidents from occurring.

Ciphertext and Plaintext

  • Ciphertext is the encrypted message.
  • Plaintext is the original message before encryption.

Rootkits

  • A rootkit is a type of malware that disguises itself as legitimate software.

ebtables

  • The command ebtables -t filter -L -v is used to display all ebtables rules contained in the table filter, including their packet and byte counters.

LDAP and Certificates

  • LDAP is commonly used to transmit X.509 certificates.

Snort-stat

  • The purpose of the program snort-stat is to read syslog files containing Snort information and generate port scan statistics.

chkrootkit

  • chkrootkit is a tool used to check for rootkits on a Linux system.

LUKS Devices

  • The command cryptsetup luksOpen /dev/sda1 crypt-vol is used to map a LUKS device.
  • The command cryptsetup luksDelKey /dev/mapper/crypt-vol 1 is used to delete a key from a LUKS device.

eCryptfs

  • eCryptfs is a stacked cryptographic filesystem for Linux.
  • For every file in an eCryptfs directory, there exists a corresponding file that contains the encrypted content.

User Account Management

  • The command chage --maxdays -1 usera is used to disable the automatic password expiry for the user usera.

TSIG and DNS

  • TSIG authenticates name servers in order to perform secured zone transfers by using a secret key that is shared between the servers.

FreeIPA Components

  • FreeIPA includes a Kerberos KDC, a Directory Server, and a Public Key Infrastructure.

DNSSEC

  • DNSSEC is used to provide authentication of DNS data and verify the integrity of DNS data.

X.509 Certificates

  • An X.509 certificate contains information such as the subject, issuer, validity dates, and public key.
  • A Certificate Revocation List (CRL) is a list of X.509 certificates that have been revoked by a particular CA.

AppArmor and SELinux

  • AppArmor and SELinux are both Mandatory Access Control (MAC) systems.
  • AppArmor is implemented in user space only, while SELinux is a Linux kernel module.

Host Intrusion Detection

  • Host intrusion detection (HID) monitors and detects potential security threats on a single computer or server.

Social Engineering

  • Social engineering is a type of attack that exploits human psychology to gain access to sensitive information.

AIDE

  • AIDE is a file integrity checker that detects intrusions and system changes.

DNS over TLS and DNS over HTTPS

  • DNS over TLS and DNS over HTTPS are used to provide secure communication between DNS clients and servers.

LPIC-3 Security

Mounting CIFS Shares

  • The uid option of mount.cifs specifies the user that appears as the local owner of the files of a mounted CIFS share when the server does not provide ownership information.

Security Practices

  • Private keys should be created on the systems where they will be used and should never leave them.
  • Private keys should have a sufficient length for the algorithm used for key generation.
  • Private keys should not be stored as plain text files without encryption.

DNSSEC

  • NSEC3 is used to prevent zone enumeration.

Access Control

  • Forcing a file to be executed with the permissions of the file owner is achieved by setting the SetUID bit.
  • The difference between SetUID and SetGID is that SetUID allows a file to be executed with the permissions of the file owner, while SetGID allows a file to be executed with the permissions of the group owner.

Symmetric and Asymmetric Keys

  • A symmetric key is used for encryption and decryption and is the same for both.
  • An asymmetric key, also known as a key pair, is used for encryption and decryption and is generated in a pair.

Linux Audit System

  • The ausearch command is used to search and filter the audit log.

Network Security

  • A honeypot is a network security tool designed to lure attackers into a trap.
  • IP sets group together IP addresses that can be referenced by netfilter rules.

Authentication and Authorization

  • rkhunter is used to detect rootkits and other security threats.

Digital Certificates

  • A certificate chain is a sequence of certificates used to verify the authenticity of a digital certificate.
  • A Certificate Authority (CA) issues and signs X.509 certificates.

Threats and Attacks

  • A buffer overflow is a type of software vulnerability.
  • A man-in-the-middle attack intercepts communications between two parties to steal information.
  • A Trojan is a type of malware that disguises itself as legitimate software.
  • A rogue access point is an unauthorized access point set up to look like a legitimate one.

System Hardening

  • Linux Malware Detect is a tool used to detect malware on a Linux system.
  • pam_cracklib is a PAM module that checks new passwords against dictionary words and enforces complexity.

DNS and DNSSEC

  • RRSIG is a DNS record type used in DNSSEC.
  • dnssec-keygen generates DNSSEC keys.

File Permissions and Access Control

  • Linux file ownership is used to restrict access to files only to their owner.
  • chmod is used to set the permissions of a file in Linux.

Network Security Tools

  • iptable is used to configure firewall rules.
  • nftables is used to configure packet filtering and classification.

Let me know if you'd like me to clarify or expand on any of these points!### Virtual Host and SSL

  • The virtual host is used as a fallback default for all clients that do not support SNI.
  • The virtual host is served only on the common name and Subject Alternative.

Apache HTTPD Configuration

  • To require a client certificate for authentication, use the configuration option SSLVerifyClient require.
  • SSLRequestClientCert is used to request a client certificate, but it does not require one.
  • SSLVerifyClient is used to specify the verification level for client certificates.

Root CA Certificate

  • A Root CA certificate is a self-signed certificate.
  • It does not include the private key of the CA.
  • It must contain an X509v3 Authority extension.

Host-Based Intrusion Detection (HID)

  • HID is a system that monitors and detects potential security threats on a single computer or server.
  • Best practice for implementing HID is to configure it to alert security personnel of potential security incidents.

SELinux Permissions

  • SELinux permissions are verified after standard Linux permissions.
  • SELinux permissions do not override standard Linux permissions.

Wireshark Capture Filters

  • tcp portrange 10000-15000 is a valid Wireshark capture filter.

OpenVAS NVT Feed

  • The command openvas-nvt-sync is used to update NVTs from the OpenVAS NVT feed.

File Permissions

  • The chown command is used to set the owner and group of a file in Linux.
  • The chmod command is used to set the permissions of a file in Linux.

Executable Files

  • The permission bit that allows a file to be executed is Execute.

Automation of Host Scans

  • Cron can be used to automate host scans on a Linux system.

sysctl Command

  • The sysctl command is used to configure kernel parameters.
  • The data that can be altered by the sysctl command is accessible in /proc/sys.

Access Control Lists

  • The purpose of an access control list (ACL) in Linux is to specify fine-grained permissions for users and groups.

NFS Configuration

  • Kerberos authentication was added to NFS in version 4.

OCSP Stapling

  • OCSP stapling is a mechanism that allows a server to provide proof of the revocation status of its own SSL/TLS certificate.

FreeIPA Server

  • The command ipa-server-install is used to install and configure a new FreeIPA server, including all sub-components, and creates a new FreeIPA domain.

OpenSSL Commands

  • The command openssl req –new –key private/keypair.pem –out req/csr.pem is used to generate a certificate signing request (CSR) using the already existing private key contained in the file private/keypair.pem.

Cryptography

  • Cryptography is the art of sending secret messages.

HID Monitoring

  • HID monitors for unauthorized access attempts.

Benefits of HID

  • HID provides real-time detection of security incidents.
  • HID allows for quick response to security incidents.
  • HID helps prevent security incidents from occurring.

Ciphertext and Plaintext

  • Ciphertext is the encrypted message.
  • Plaintext is the original message before encryption.

Rootkits

  • A rootkit is a type of malware that disguises itself as legitimate software.

ebtables

  • The command ebtables -t filter -L -v is used to display all ebtables rules contained in the table filter, including their packet and byte counters.

LDAP and Certificates

  • LDAP is commonly used to transmit X.509 certificates.

Snort-stat

  • The purpose of the program snort-stat is to read syslog files containing Snort information and generate port scan statistics.

chkrootkit

  • chkrootkit is a tool used to check for rootkits on a Linux system.

LUKS Devices

  • The command cryptsetup luksOpen /dev/sda1 crypt-vol is used to map a LUKS device.
  • The command cryptsetup luksDelKey /dev/mapper/crypt-vol 1 is used to delete a key from a LUKS device.

eCryptfs

  • eCryptfs is a stacked cryptographic filesystem for Linux.
  • For every file in an eCryptfs directory, there exists a corresponding file that contains the encrypted content.

User Account Management

  • The command chage --maxdays -1 usera is used to disable the automatic password expiry for the user usera.

TSIG and DNS

  • TSIG authenticates name servers in order to perform secured zone transfers by using a secret key that is shared between the servers.

FreeIPA Components

  • FreeIPA includes a Kerberos KDC, a Directory Server, and a Public Key Infrastructure.

DNSSEC

  • DNSSEC is used to provide authentication of DNS data and verify the integrity of DNS data.

X.509 Certificates

  • An X.509 certificate contains information such as the subject, issuer, validity dates, and public key.
  • A Certificate Revocation List (CRL) is a list of X.509 certificates that have been revoked by a particular CA.

AppArmor and SELinux

  • AppArmor and SELinux are both Mandatory Access Control (MAC) systems.
  • AppArmor is implemented in user space only, while SELinux is a Linux kernel module.

Host Intrusion Detection

  • Host intrusion detection (HID) monitors and detects potential security threats on a single computer or server.

Social Engineering

  • Social engineering is a type of attack that exploits human psychology to gain access to sensitive information.

AIDE

  • AIDE is a file integrity checker that detects intrusions and system changes.

DNS over TLS and DNS over HTTPS

  • DNS over TLS and DNS over HTTPS are used to provide secure communication between DNS clients and servers.

LPIC-3 Security

Mounting CIFS Shares

  • The uid option of mount.cifs specifies the user that appears as the local owner of the files of a mounted CIFS share when the server does not provide ownership information.

Security Practices

  • Private keys should be created on the systems where they will be used and should never leave them.
  • Private keys should have a sufficient length for the algorithm used for key generation.
  • Private keys should not be stored as plain text files without encryption.

DNSSEC

  • NSEC3 is used to prevent zone enumeration.

Access Control

  • Forcing a file to be executed with the permissions of the file owner is achieved by setting the SetUID bit.
  • The difference between SetUID and SetGID is that SetUID allows a file to be executed with the permissions of the file owner, while SetGID allows a file to be executed with the permissions of the group owner.

Symmetric and Asymmetric Keys

  • A symmetric key is used for encryption and decryption and is the same for both.
  • An asymmetric key, also known as a key pair, is used for encryption and decryption and is generated in a pair.

Linux Audit System

  • The ausearch command is used to search and filter the audit log.

Network Security

  • A honeypot is a network security tool designed to lure attackers into a trap.
  • IP sets group together IP addresses that can be referenced by netfilter rules.

Authentication and Authorization

  • rkhunter is used to detect rootkits and other security threats.

Digital Certificates

  • A certificate chain is a sequence of certificates used to verify the authenticity of a digital certificate.
  • A Certificate Authority (CA) issues and signs X.509 certificates.

Threats and Attacks

  • A buffer overflow is a type of software vulnerability.
  • A man-in-the-middle attack intercepts communications between two parties to steal information.
  • A Trojan is a type of malware that disguises itself as legitimate software.
  • A rogue access point is an unauthorized access point set up to look like a legitimate one.

System Hardening

  • Linux Malware Detect is a tool used to detect malware on a Linux system.
  • pam_cracklib is a PAM module that checks new passwords against dictionary words and enforces complexity.

DNS and DNSSEC

  • RRSIG is a DNS record type used in DNSSEC.
  • dnssec-keygen generates DNSSEC keys.

File Permissions and Access Control

  • Linux file ownership is used to restrict access to files only to their owner.
  • chmod is used to set the permissions of a file in Linux.

Network Security Tools

  • iptable is used to configure firewall rules.
  • nftables is used to configure packet filtering and classification.

Let me know if you'd like me to clarify or expand on any of these points!### Virtual Host and SSL

  • The virtual host is used as a fallback default for all clients that do not support SNI.
  • The virtual host is served only on the common name and Subject Alternative.

Apache HTTPD Configuration

  • To require a client certificate for authentication, use the configuration option SSLVerifyClient require.
  • SSLRequestClientCert is used to request a client certificate, but it does not require one.
  • SSLVerifyClient is used to specify the verification level for client certificates.

Root CA Certificate

  • A Root CA certificate is a self-signed certificate.
  • It does not include the private key of the CA.
  • It must contain an X509v3 Authority extension.

Host-Based Intrusion Detection (HID)

  • HID is a system that monitors and detects potential security threats on a single computer or server.
  • Best practice for implementing HID is to configure it to alert security personnel of potential security incidents.

SELinux Permissions

  • SELinux permissions are verified after standard Linux permissions.
  • SELinux permissions do not override standard Linux permissions.

Wireshark Capture Filters

  • tcp portrange 10000-15000 is a valid Wireshark capture filter.

OpenVAS NVT Feed

  • The command openvas-nvt-sync is used to update NVTs from the OpenVAS NVT feed.

File Permissions

  • The chown command is used to set the owner and group of a file in Linux.
  • The chmod command is used to set the permissions of a file in Linux.

Executable Files

  • The permission bit that allows a file to be executed is Execute.

Automation of Host Scans

  • Cron can be used to automate host scans on a Linux system.

sysctl Command

  • The sysctl command is used to configure kernel parameters.
  • The data that can be altered by the sysctl command is accessible in /proc/sys.

Access Control Lists

  • The purpose of an access control list (ACL) in Linux is to specify fine-grained permissions for users and groups.

NFS Configuration

  • Kerberos authentication was added to NFS in version 4.

OCSP Stapling

  • OCSP stapling is a mechanism that allows a server to provide proof of the revocation status of its own SSL/TLS certificate.

FreeIPA Server

  • The command ipa-server-install is used to install and configure a new FreeIPA server, including all sub-components, and creates a new FreeIPA domain.

OpenSSL Commands

  • The command openssl req –new –key private/keypair.pem –out req/csr.pem is used to generate a certificate signing request (CSR) using the already existing private key contained in the file private/keypair.pem.

Cryptography

  • Cryptography is the art of sending secret messages.

HID Monitoring

  • HID monitors for unauthorized access attempts.

Benefits of HID

  • HID provides real-time detection of security incidents.
  • HID allows for quick response to security incidents.
  • HID helps prevent security incidents from occurring.

Ciphertext and Plaintext

  • Ciphertext is the encrypted message.
  • Plaintext is the original message before encryption.

Rootkits

  • A rootkit is a type of malware that disguises itself as legitimate software.

ebtables

  • The command ebtables -t filter -L -v is used to display all ebtables rules contained in the table filter, including their packet and byte counters.

LDAP and Certificates

  • LDAP is commonly used to transmit X.509 certificates.

Snort-stat

  • The purpose of the program snort-stat is to read syslog files containing Snort information and generate port scan statistics.

chkrootkit

  • chkrootkit is a tool used to check for rootkits on a Linux system.

LUKS Devices

  • The command cryptsetup luksOpen /dev/sda1 crypt-vol is used to map a LUKS device.
  • The command cryptsetup luksDelKey /dev/mapper/crypt-vol 1 is used to delete a key from a LUKS device.

eCryptfs

  • eCryptfs is a stacked cryptographic filesystem for Linux.
  • For every file in an eCryptfs directory, there exists a corresponding file that contains the encrypted content.

User Account Management

  • The command chage --maxdays -1 usera is used to disable the automatic password expiry for the user usera.

TSIG and DNS

  • TSIG authenticates name servers in order to perform secured zone transfers by using a secret key that is shared between the servers.

FreeIPA Components

  • FreeIPA includes a Kerberos KDC, a Directory Server, and a Public Key Infrastructure.

DNSSEC

  • DNSSEC is used to provide authentication of DNS data and verify the integrity of DNS data.

X.509 Certificates

  • An X.509 certificate contains information such as the subject, issuer, validity dates, and public key.
  • A Certificate Revocation List (CRL) is a list of X.509 certificates that have been revoked by a particular CA.

AppArmor and SELinux

  • AppArmor and SELinux are both Mandatory Access Control (MAC) systems.
  • AppArmor is implemented in user space only, while SELinux is a Linux kernel module.

Host Intrusion Detection

  • Host intrusion detection (HID) monitors and detects potential security threats on a single computer or server.

Social Engineering

  • Social engineering is a type of attack that exploits human psychology to gain access to sensitive information.

AIDE

  • AIDE is a file integrity checker that detects intrusions and system changes.

DNS over TLS and DNS over HTTPS

  • DNS over TLS and DNS over HTTPS are used to provide secure communication between DNS clients and servers.

Network Monitoring

  • It monitors remote hosts by periodically sending echo requests to them.

Asymmetric Keys

  • An asymmetric key is a key used for both encryption and decryption that is generated in a pair.

HID Techniques

  • Anomaly-based detection is a behavioral-based HID technique.

File Permissions

  • The command setfacl is used to set access control lists (ACLs) on files.
  • The command setfattr is used to set extended attributes on files.
  • The command getfacl is used to view the access control list of a file.

DNS

  • The PTR record is used to map an IP address to a hostname.
  • The DNSKEY record is used to sign a DNS zone in DNSSEC.

Security

  • Phishing is a type of social engineering attack.
  • Social engineering is a type of attack that aims to deceive individuals into divulging sensitive information.

Access Control

  • Mandatory Access Control (MAC) is an access control model established by using SELinux.

VPNs

  • The --mlock option of the openvpn command is used to ensure that ephemeral keys are not written to the swap space.

Linux File Attributes

  • Linux Extended File Attributes are organized in namespaces, including system, trusted, and user.

Nmap Scan Techniques

  • Existing scan techniques with nmap include Xmas Scan and FIN Scan.

User Management

  • The ipa user-add command is used to add a new user to FreeIPA.

Security Threats

  • A man-in-the-middle attack is an attack that intercepts communications between two parties to steal information.
  • A Certificate Revocation List (CRL) is a list of X.509 certificates that have been revoked by a particular CA.
  • Host intrusion detection (HID) is a system that monitors and detects potential security threats on a single computer or server.
  • AIDE is used to detect intrusions and system changes.

Network Monitoring

  • It monitors remote hosts by periodically sending echo requests to them.

Asymmetric Keys

  • An asymmetric key is a key used for both encryption and decryption that is generated in a pair.

HID Techniques

  • Anomaly-based detection is a behavioral-based HID technique.

File Permissions

  • The command setfacl is used to set access control lists (ACLs) on files.
  • The command setfattr is used to set extended attributes on files.
  • The command getfacl is used to view the access control list of a file.

DNS

  • The PTR record is used to map an IP address to a hostname.
  • The DNSKEY record is used to sign a DNS zone in DNSSEC.

Security

  • Phishing is a type of social engineering attack.
  • Social engineering is a type of attack that aims to deceive individuals into divulging sensitive information.

Access Control

  • Mandatory Access Control (MAC) is an access control model established by using SELinux.

VPNs

  • The --mlock option of the openvpn command is used to ensure that ephemeral keys are not written to the swap space.

Linux File Attributes

  • Linux Extended File Attributes are organized in namespaces, including system, trusted, and user.

Nmap Scan Techniques

  • Existing scan techniques with nmap include Xmas Scan and FIN Scan.

User Management

  • The ipa user-add command is used to add a new user to FreeIPA.

Security Threats

  • A man-in-the-middle attack is an attack that intercepts communications between two parties to steal information.
  • A Certificate Revocation List (CRL) is a list of X.509 certificates that have been revoked by a particular CA.
  • Host intrusion detection (HID) is a system that monitors and detects potential security threats on a single computer or server.
  • AIDE is used to detect intrusions and system changes.

Network Monitoring

  • It monitors remote hosts by periodically sending echo requests to them.

Asymmetric Keys

  • An asymmetric key is a key used for both encryption and decryption that is generated in a pair.

HID Techniques

  • Anomaly-based detection is a behavioral-based HID technique.

File Permissions

  • The command setfacl is used to set access control lists (ACLs) on files.
  • The command setfattr is used to set extended attributes on files.
  • The command getfacl is used to view the access control list of a file.

DNS

  • The PTR record is used to map an IP address to a hostname.
  • The DNSKEY record is used to sign a DNS zone in DNSSEC.

Security

  • Phishing is a type of social engineering attack.
  • Social engineering is a type of attack that aims to deceive individuals into divulging sensitive information.

Access Control

  • Mandatory Access Control (MAC) is an access control model established by using SELinux.

VPNs

  • The --mlock option of the openvpn command is used to ensure that ephemeral keys are not written to the swap space.

Linux File Attributes

  • Linux Extended File Attributes are organized in namespaces, including system, trusted, and user.

Nmap Scan Techniques

  • Existing scan techniques with nmap include Xmas Scan and FIN Scan.

User Management

  • The ipa user-add command is used to add a new user to FreeIPA.

Security Threats

  • A man-in-the-middle attack is an attack that intercepts communications between two parties to steal information.
  • A Certificate Revocation List (CRL) is a list of X.509 certificates that have been revoked by a particular CA.
  • Host intrusion detection (HID) is a system that monitors and detects potential security threats on a single computer or server.
  • AIDE is used to detect intrusions and system changes.

Studying That Suits You

Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

Quiz Team

Related Documents

303-300-1.pdf

Description

Practice questions for the LPIC-3 Security certification exam, covering various security topics and Linux system administration.

More Like This

LPIC-3 Security Exam Questions
59 questions

LPIC-3 Security Exam Questions

MagnificentZeal avatar
MagnificentZeal
LPIC-3 Security Exam 303-300
64 questions

LPIC-3 Security Exam 303-300

MagnificentZeal avatar
MagnificentZeal
LPIC-3 Security Exam
36 questions

LPIC-3 Security Exam

MagnificentZeal avatar
MagnificentZeal
LPIC-3 Security Exam
28 questions

LPIC-3 Security Exam

MagnificentZeal avatar
MagnificentZeal
Use Quizgecko on...
Browser
Open
Browser
Browser