LPIC-3 Security: File Systems, Private Keys and DNS

Study Flashcards Play Quiz

Questions and Answers

What option of mount.cifs specifies the user that appears as the local owner of the files of a mounted CIFS share when the server does not provide ownership information?

uid

Which of the following practices are important for the security of private keys? (Choose TWO correct answers.) A. Private keys should be created on the systems where they will be used and should never leave them. B. Private keys should be uploaded to public key servers. C. Private keys should be included in X509 certificates. D. Private keys should have a sufficient length for the algorithm used for key generation. E. Private keys should always be stored as plain text files without any encryption.

A and C

What is the purpose of NSEC3 in DNSSEC? A. To provide information about DNSSEC key signing keys. B. To prevent zone enumeration. C. To authenticate a DNS server. D. To sign a DNS zone.

Which command is used to run a new shell for a user changing the SELinux context?

newrole Signup and view all the answers

Which file is used to configure AIDE? A. /etc/rkhunter.conf B. /etc/audit/auditd.conf C. /etc/aide/aide.conf D. /etc/maldet.conf

/etc/aide/aide.conf Signup and view all the answers

What is an asymmetric key? A. A key used for encryption and decryption that is the same. B. A key used for encryption that is different from the key used for decryption. C. A key used for decryption that is different from the key used for encryption. D. A key used for both encryption and decryption that is generated in a pair.

D Signup and view all the answers

Which of the following is an example of a behavioral-based HID technique? A. Signature-based detection B. Anomaly-based detection C. Heuristic-based detection D. Rule-based detection

B Signup and view all the answers

Which command revokes ACL-based write access for groups and named users on the file afile?

setfacl ~m mask: : rx afile Signup and view all the answers

Which command is used to set an extended attribute on a file in Linux? A. getfattr B. setfattr C. getfacl D. setfacl

setfattr Signup and view all the answers

What option of mount.cifs specifies the user that appears as the local owner of the files of a mounted CIFS share when the server does not provide ownership information?

uid Signup and view all the answers

Which of the following practices are important for the security of private keys? (Choose TWO correct answers)

Private keys should be included in X509 certificates. Signup and view all the answers

What is the purpose of NSEC3 in DNSSEC?

To prevent zone enumeration Signup and view all the answers

Which command is used to run a new shell for a user changing the SELinux context?

newrole Signup and view all the answers

Which file is used to configure AIDE?

/etc/aide/aide.conf Signup and view all the answers

What is an asymmetric key?

A key used for both encryption and decryption that is generated in a pair Signup and view all the answers

Which of the following is an example of a behavioral-based HID technique?

Anomaly-based detection Signup and view all the answers

Which command revokes ACL-based write access for groups and named users on the file 'afile'?

setfacl ~m mask: : rx afile Signup and view all the answers

Which command is used to set an extended attribute on a file in Linux?

setfattr Signup and view all the answers

What is the purpose of ndpmon?

It monitors the network for neighbor discovery messages from new IPv6 hosts and routers. Signup and view all the answers

What is the difference between a SetUID and SetGID bit?

SetUID allows a file to be executed with the permissions of the file owner, while SetGID allows a file to be executed with the permissions of the group owner Signup and view all the answers

Which command is used to manage the Linux Audit system?

auditd Signup and view all the answers

What is the purpose of an extended attribute in Linux?

To store additional metadata about a file Signup and view all the answers

Which package management tools can be used to verify the integrity of installed files on a Linux system?

RPM and DPKG Signup and view all the answers

Which of the following options changes the timeout period for OpenVPN control packets to 5 seconds?

-- tls-timeout 5 Signup and view all the answers

Which permission bit allows a user to delete a file?

Write Signup and view all the answers

What is the purpose of rkhunter?

To detect rootkits and other security threats Signup and view all the answers

What is a certificate chain?

A sequence of certificates used to verify the authenticity of a digital certificate Signup and view all the answers

Which of the following commands changes the source IP address to 192.0.2.11 for all IPv4 packets which go through the network interface eth0?

iptables ~t nat ~A POSTROUTING ~o eth0 <del>j SNAT --to</del>source 192.0.2.11 Signup and view all the answers

Which of the following statements is used in a parameter file for setkey in order to create a new SPD entry?

spdadd Signup and view all the answers

Which of the following methods can be used to deactivate a rule in Snort?

By placing a # in front of the rule and restarting Snort. Signup and view all the answers

Which of the following commands adds users using SSSD’s local service?

sss_useradd Signup and view all the answers

Which of the following DNS records are used in DNSSEC?

RRSIG Signup and view all the answers

What is the purpose of a Certificate Authority (CA)?

To issue and sign X.509 certificates Signup and view all the answers

Which directive is used in an OpenVPN server configuration to send network configuration information to the client?

push Signup and view all the answers

Which of the following sections are allowed within the Kerberos configuration file krb5.conf?

[realms] Signup and view all the answers

When OpenVPN sends a control packet to its peer, it expects an acknowledgement in 2 seconds by default. Which of the following options changes the timeout period to 5 seconds?

-- tls-timeout 5 Signup and view all the answers

What is the purpose of rkhunter?

To detect rootkits and other security threats Signup and view all the answers

Which permission bit allows a user to delete a file?

Write Signup and view all the answers

What is a certificate chain?

A sequence of certificates used to verify the authenticity of a digital certificate Signup and view all the answers

Which of the following commands changes the source IP address to 192.0.2.11 for all IPv4 packets which go through the network interface eth0?

iptables ~t nat ~A POSTROUTING ~o eth0 <del>j SNAT --to</del>source 192.0.2.11 Signup and view all the answers

Which of the following statements is used in a parameter file for setkey in order to create a new SPD entry?

spdadd Signup and view all the answers

Which of the following methods can be used to deactivate a rule in Snort? (Select all that apply)

By placing a pass rule in local.rules and restarting Snort Signup and view all the answers

Which of the following commands adds users using SSSD’s local service?

sss_useradd Signup and view all the answers

Which of the following DNS records are used in DNSSEC?

RRSIG Signup and view all the answers

What is the purpose of a Certificate Authority (CA)?

To issue and sign X.509 certificates Signup and view all the answers

What directive is used in an OpenVPN server configuration to send network configuration information to the client?

push Signup and view all the answers

Determine whether the given solution is correct?

Correct Signup and view all the answers

Which of the following openssl commands generates a certificate signing request (CSR) using the already existing private key contained in the file private/keypair.pem?

openssl req – new -key private/keypair.pem –out req/csr.pem Signup and view all the answers

What is Cryptography?

The art of sending secret messages Signup and view all the answers

What type of activity does HID monitor for?

Unauthorized access attempts Signup and view all the answers

Which of the following is NOT a benefit of using HID?

Provides automatic removal of detected threats Signup and view all the answers

What is a ciphertext?

The encrypted message Signup and view all the answers

Which of the following commands defines an audit rule that monitors read and write operations to the file /etc/firewall/rules and associates the rule with the name firewall?

auditctl –w /etc/firewall/rules –p rw –k firewall Signup and view all the answers

What is a rootkit?

A type of malware that disguises itself as legitimate software Signup and view all the answers

Which of the following commands displays all ebtable rules contained in the table filter including their packet and byte counters?

ebtables -t filter –L --Lc Signup and view all the answers

What is a plaintext?

The original message before encryption Signup and view all the answers

Which protocol is commonly used to transmit X.509 certificates?

LDAP Signup and view all the answers

When OpenVPN sends a control packet to its peer, it expects an acknowledgement in 2 seconds by default. Which of the following options changes the timeout period to 5 seconds?

-- tls-timeout 5 Signup and view all the answers

Which permission bit allows a user to delete a file?

Write Signup and view all the answers

What is the purpose of rkhunter?

To detect rootkits and other security threats Signup and view all the answers

What is a certificate chain?

A sequence of certificates used to verify the authenticity of a digital certificate Signup and view all the answers

Which of the following commands changes the source IP address to 192.0.2.11 for all IPv4 packets which go through the network interface eth0?

iptables ~t nat ~A POSTROUTING ~o eth0 <del>j SNAT --to</del>source 192.0.2.11 Signup and view all the answers

Which of the following statements is used in a parameter file for setkey in order to create a new SPD entry?

spdadd Signup and view all the answers

Which of the following methods can be used to deactivate a rule in Snort?

By placing a # in front of the rule and restarting Snort Signup and view all the answers

Which of the following commands adds users using SSSD’s local service?

sss_useradd Signup and view all the answers

Which of the following DNS records are used in DNSSEC?

RRSIG Signup and view all the answers

What is the purpose of a Certificate Authority (CA)?

To issue and sign X.509 certificates Signup and view all the answers

The ______ barked

dog Signup and view all the answers

Determine whether the given solution is correct?

Correct Signup and view all the answers

Study Notes

LPIC-3 Security

Mounting CIFS Shares

The uid option specifies the user that appears as the local owner of the files when the server does not provide ownership information.

Private Key Security

Private keys should not be created on a system where they will be used, and should never leave that system.
Private keys should have sufficient length for the algorithm used for key generation.

DNSSEC

NSEC3 is used to prevent zone enumeration.
TSIG is used to sign DNS messages for secure communication.

OpenSSL

openssl s_client specifies the host name to use for TLS Server Name Indication.

AIDE

aide.conf is used to configure AIDE.
Rules are added to aide.conf to specify what files to monitor.

Audit System

ausearch is used to search and filter the audit log.

Linux File Attributes

Extended attributes can store additional metadata about a file.
setfattr is used to set extended attributes on a file.

PAM

pam_cracklib checks new passwords against dictionary words and enforces complexity.

Access Control

SELinux is a Mandatory Access Control (MAC) system.

OpenVPN

openvpn uses ephemeral keys by default.
The --mlock option ensures that ephemeral keys are not written to swap space.

Snort

Snort can be used to detect intrusions and system changes.

Certificate Authority

A Certificate Authority (CA) issues and signs X.509 certificates.

DNS

DNSSEC keys can be generated using dnssec-keygen.
RRSIG is a DNS record type used in DNSSEC.

Network Security

IPSec is used to secure network communications.
IP sets are used to group together IP addresses and networks that can be referenced by netfilter rules.

Authentication

rkhunter is used to detect rootkits and other security threats.
Linux Malware Detect is used to detect malware on a Linux system.

Linux Permissions

The chmod command is used to set permissions on a file.
The chown command is used to set the ownership of a file.

Firewall Configuration

iptables is used to configure network traffic rules.
The nat table is used to perform Network Address Translation.

System Security

A buffer overflow is a type of software vulnerability.
Privilege escalation is an attack that exploits a vulnerability to gain elevated privileges.

DNS Security

DNSSEC is used to secure DNS communications.
TLSA records are used in DNS-Based Authentication of Named Entities (DANE).
A trust anchor is a root certificate that is trusted by a particular CA.### Security Configurations
The virtual host is used as a fallback default for all clients that do not support SNI.
To require a client certificate for authentication in Apache HTTPD, the configuration option SSLVerifyClient require is used.

Certificate Authority (CA)

A Root CA has a self-signed certificate, does not include the private key of the CA, and must contain an X509v3 Authority extension.
A Root CA certificate is a self-signed certificate that identifies the CA.

Host Intrusion Detection (HID)

HID monitors for unauthorized access attempts and alerts security personnel of potential security incidents.
HID does not automatically remove detected threats.

Linux Permissions

SELinux permissions are verified before standard Linux permissions.
The command chown is used to set the owner and group of a file in Linux.
SELinux permissions are verified after standard Linux permissions.

Wireshark

Valid Wireshark capture filters include port range 10000:tcp-15000:tcp and tcp portrange 10000-15000.

OpenVAS

The command openvas-nvt-sync is used to update NVTs from the OpenVAS NVT feed.

File Permissions

The permission bit that allows a file to be executed is the execute bit.

Automation

Cron can be used to automate host scans on a Linux system.

Access Control List (ACL)

The purpose of an access control list in Linux is to specify fine-grained permissions for users and groups.

NFS

Kerberos authentication was added to NFS in version 4.

OCSP Stapling

OCSP stapling is a mechanism that allows a server to provide proof of the revocation status of its own SSL/TLS certificate.

FreeIPA

The command ipa-server-install installs and configures a new FreeIPA server, including all sub-components, and creates a new FreeIPA domain.

OpenSSL

The command openssl req –new -key private/keypair.pem –out req/csr.pem generates a certificate signing request (CSR) using an existing private key.

Cryptography

Cryptography is the art of sending secret messages.
Ciphertext is the encrypted message.
Plaintext is the original message before encryption.

Rootkits

A rootkit is a type of malware that disguises itself as legitimate software.

Audit Rules

The command auditctl –w /etc/firewall/rules –p rw –k firewall defines an audit rule that monitors read and write operations to the file /etc/firewall/rules and associates the rule with the name "firewall".

ebtables

The command ebtables -t filter –L –v displays all ebtable rules contained in the table filter including their packet and byte counters.

Snort-stat

The program snort-stat reads syslog files containing Snort information and generates port scan statistics.

chkrootkit

The tool chkrootkit is used to check for rootkits on a Linux system.

eCryptfs

eCryptfs is a stacked cryptographic filesystem that stores encrypted data and metadata.
eCryptfs cannot be used to encrypt only directories that are the home directory of a regular Linux user.

LUKS

The command cryptsetup luksDelKey /dev/sda 1 deletes only the first key from a LUKS device.

FreeIPA

FreeIPA includes a DHCP server, Kerberos KDC, and Directory Server.

DNSSEC

DNSSEC is a security extension to DNS that provides authentication of DNS data.
The command dnssec-keygen is used to generate keys for DNSSEC.

Security Information and Event Management (SIEM) System

A SIEM system is a type of HID tool.

X.509 Certificate

An X.509 certificate is a digital document that verifies the identity of a website.
An X.509 certificate contains information such as the subject, issuer, and validity period.

Certificate Revocation List (CRL)

A CRL is a list of X.509 certificates that have been revoked by a particular CA.

Social engineering is a type of attack that exploits human psychology to gain access to sensitive information.

DNS over TLS and DNS over HTTPS

DNS over TLS and DNS over HTTPS provide secure communication between DNS clients and servers.

LPIC-3 Security

Mounting CIFS Shares

The uid option specifies the user that appears as the local owner of the files when the server does not provide ownership information.

Private Key Security

Private keys should not be created on a system where they will be used, and should never leave that system.
Private keys should have sufficient length for the algorithm used for key generation.

DNSSEC

NSEC3 is used to prevent zone enumeration.
TSIG is used to sign DNS messages for secure communication.

OpenSSL

openssl s_client specifies the host name to use for TLS Server Name Indication.

AIDE

aide.conf is used to configure AIDE.
Rules are added to aide.conf to specify what files to monitor.

Audit System

ausearch is used to search and filter the audit log.

Linux File Attributes

Extended attributes can store additional metadata about a file.
setfattr is used to set extended attributes on a file.

PAM

pam_cracklib checks new passwords against dictionary words and enforces complexity.

Access Control

SELinux is a Mandatory Access Control (MAC) system.

OpenVPN

openvpn uses ephemeral keys by default.
The --mlock option ensures that ephemeral keys are not written to swap space.

Snort

Snort can be used to detect intrusions and system changes.

Certificate Authority

A Certificate Authority (CA) issues and signs X.509 certificates.

DNS

DNSSEC keys can be generated using dnssec-keygen.
RRSIG is a DNS record type used in DNSSEC.

Network Security

IPSec is used to secure network communications.
IP sets are used to group together IP addresses and networks that can be referenced by netfilter rules.

Authentication

rkhunter is used to detect rootkits and other security threats.
Linux Malware Detect is used to detect malware on a Linux system.

Linux Permissions

The chmod command is used to set permissions on a file.
The chown command is used to set the ownership of a file.

Firewall Configuration

iptables is used to configure network traffic rules.
The nat table is used to perform Network Address Translation.

System Security

A buffer overflow is a type of software vulnerability.
Privilege escalation is an attack that exploits a vulnerability to gain elevated privileges.

DNS Security

DNSSEC is used to secure DNS communications.
TLSA records are used in DNS-Based Authentication of Named Entities (DANE).
A trust anchor is a root certificate that is trusted by a particular CA.### Security Configurations
The virtual host is used as a fallback default for all clients that do not support SNI.
To require a client certificate for authentication in Apache HTTPD, the configuration option SSLVerifyClient require is used.

Certificate Authority (CA)

A Root CA has a self-signed certificate, does not include the private key of the CA, and must contain an X509v3 Authority extension.
A Root CA certificate is a self-signed certificate that identifies the CA.

Host Intrusion Detection (HID)

HID monitors for unauthorized access attempts and alerts security personnel of potential security incidents.
HID does not automatically remove detected threats.

Linux Permissions

SELinux permissions are verified before standard Linux permissions.
The command chown is used to set the owner and group of a file in Linux.
SELinux permissions are verified after standard Linux permissions.

Wireshark

Valid Wireshark capture filters include port range 10000:tcp-15000:tcp and tcp portrange 10000-15000.

OpenVAS

The command openvas-nvt-sync is used to update NVTs from the OpenVAS NVT feed.

File Permissions

The permission bit that allows a file to be executed is the execute bit.

Automation

Cron can be used to automate host scans on a Linux system.

Access Control List (ACL)

The purpose of an access control list in Linux is to specify fine-grained permissions for users and groups.

NFS

Kerberos authentication was added to NFS in version 4.

OCSP Stapling

OCSP stapling is a mechanism that allows a server to provide proof of the revocation status of its own SSL/TLS certificate.

FreeIPA

The command ipa-server-install installs and configures a new FreeIPA server, including all sub-components, and creates a new FreeIPA domain.

OpenSSL

The command openssl req –new -key private/keypair.pem –out req/csr.pem generates a certificate signing request (CSR) using an existing private key.

Cryptography

Cryptography is the art of sending secret messages.
Ciphertext is the encrypted message.
Plaintext is the original message before encryption.

Rootkits

A rootkit is a type of malware that disguises itself as legitimate software.

Audit Rules

The command auditctl –w /etc/firewall/rules –p rw –k firewall defines an audit rule that monitors read and write operations to the file /etc/firewall/rules and associates the rule with the name "firewall".

ebtables

The command ebtables -t filter –L –v displays all ebtable rules contained in the table filter including their packet and byte counters.

Snort-stat

The program snort-stat reads syslog files containing Snort information and generates port scan statistics.

chkrootkit

The tool chkrootkit is used to check for rootkits on a Linux system.

eCryptfs

eCryptfs is a stacked cryptographic filesystem that stores encrypted data and metadata.
eCryptfs cannot be used to encrypt only directories that are the home directory of a regular Linux user.

LUKS

The command cryptsetup luksDelKey /dev/sda 1 deletes only the first key from a LUKS device.

FreeIPA

FreeIPA includes a DHCP server, Kerberos KDC, and Directory Server.

DNSSEC

DNSSEC is a security extension to DNS that provides authentication of DNS data.
The command dnssec-keygen is used to generate keys for DNSSEC.

Security Information and Event Management (SIEM) System

A SIEM system is a type of HID tool.

X.509 Certificate

An X.509 certificate is a digital document that verifies the identity of a website.
An X.509 certificate contains information such as the subject, issuer, and validity period.

Certificate Revocation List (CRL)

A CRL is a list of X.509 certificates that have been revoked by a particular CA.

Social engineering is a type of attack that exploits human psychology to gain access to sensitive information.

DNS over TLS and DNS over HTTPS

DNS over TLS and DNS over HTTPS provide secure communication between DNS clients and servers.

Studying That Suits You

Use AI to generate personalized quizzes and flashcards to suit your learning preferences.