LPIC-3 Security Fundamentals

Questions and Answers

What is the purpose of rkhunter?

To detect rootkits and other security threats (correct)

To manage installed packages

To manage system log files

To automate host scans

What is the purpose of a Certificate Authority (CA)?

To issue and sign X.509 certificates (correct)

To store X.509 certificates

To decrypt X.509 certificates

To encrypt X.509 certificates

What is the purpose of file ownership in Linux systems? File ownership is used to restrict access to files only to their ______.

owner

A trust anchor is a root certificate that is trusted by a particular CA.

True

Match the following authentication methods with NFS version 4:

Kerberos authentication = A SSH hostkey authentication = B Winbind authentication = C SSL certificate authentication = D

Determine whether the given solution is correct?

Correct

Which of the following openssl commands generates a certificate signing request (CSR) using the already existing private key contained in the file private/keypair.pem?

openssl req – new -key private/keypair.pem –out req/csr.pem

What is Cryptography?

The art of sending secret messages

What type of activity does HID monitor for?

Unauthorized access attempts

Which of the following is NOT a benefit of using HID?

Provides automatic removal of detected threats

What is a ciphertext?

The encrypted message

Which of the following commands defines an audit rule that monitors read and write operations to the file /etc/firewall/rules and associates the rule with the name firewall?

auditctl –w /etc/firewall/rules –p rw –k firewall

What is a rootkit?

A type of malware that disguises itself as legitimate software

Which of the following commands displays all ebtable rules contained in the table filter including their packet and byte counters?

ebtables -t filter –L --Lc

What is a plaintext?

The original message before encryption

Which protocol is commonly used to transmit X.509 certificates?

LDAP

What is the purpose of the program snort-stat?

It reads syslog files containing Snort information and generates port scan statistics.

Which tool can be used to check for rootkits on a Linux system?

chkrootkit

What happens when the command 'getfattr afile' is run while the file 'afile' has no extended attributes set?

No output is produced and getfattr exits with a value of 0.

What option of mount.cifs specifies the user that appears as the local owner of the files of a mounted CIFS share when the server does not provide ownership information?

uid

Which of the following practices are important for the security of private keys? (Choose TWO correct answers)

Private keys should be included in X509 certificates

What is the purpose of NSEC3 in DNSSEC?

To prevent zone enumeration

Which command is used to run a new shell for a user changing the SELinux context?

newrole

Which file is used to configure AIDE?

/etc/aide/aide.conf

What is the purpose of ndpmon?

It monitors the network for neighbor discovery messages from new IPv6 hosts and routers

What is an asymmetric key?

A key used for both encryption and decryption that is generated in a pair

Which of the following is an example of a behavioral-based HID technique?

Anomaly-based detection

Which command revokes ACL-based write access for groups and named users on the file afile?

setfacl ~m mask: : rx afile

Which command is used to set an extended attribute on a file in Linux?

setfattr

Match the following database names with their usage:

Python = General-purpose programming JavaScript = Client-side scripting for web applications SQL = Database queries CSS = Styling web pages

What is a buffer overflow?

A type of software vulnerability

Which tool can be used to manage the Linux Audit system?

auditd

What is the difference between a SetUID and SetGID bit?

SetUID allows a file to be executed with the permissions of the file owner, while SetGID allows a file to be executed with the permissions of the group owner

Which of the following expressions are valid AIDE rules? (Choose TWO correct answers)

!/var/run/.*

Study Notes

LPIC-3 Security

• The uid option in mount.cifs specifies the user that appears as the local owner of the files of a mounted CIFS share when the server does not provide ownership information.

Private Keys

• Private keys should be created on the systems where they will be used and should never leave them.
• Private keys should have a sufficient length for the algorithm used for key generation.

DNSSEC

• NSEC3 is used to prevent zone enumeration.

SELinux

• The newrole command is used to run a new shell for a user changing the SELinux context.

AIDE

• The aide.conf file is used to configure AIDE.
• ! is used to negate a pattern in AIDE rules.

Asymmetric Keys

• An asymmetric key is a key used for both encryption and decryption that is generated in a pair.

Behavioral-Based HIDS

• Anomaly-based detection is an example of a behavioral-based HIDS technique.

Linux Audit System

• The ausearch command is used to search and filter the audit log.

Package Management Tools

• RPM and DPKG are package management tools that can be used to verify the integrity of installed files on a Linux system.

Honeypots

• A honeypot is a network security tool designed to lure attackers into a trap.

DNSSEC Validation

• A recursive name server is used to perform DNSSEC validation on behalf of clients.

Trust between FreeIPA and Active Directory

• The command ipa trust-add --type ad addom --admin Administrator --password is used to establish a trust between a FreeIPA domain and an Active Directory domain.

NTOP

• The command ntop --set-admin-password=testing123 is used to set the administrator password for ntop.

Symmetric Keys

• A symmetric key is a key used for encryption and decryption that is the same.

Privilege Escalation

• Privilege escalation is an attack that exploits a vulnerability to gain elevated privileges.

PAM Modules

• The pam_cracklib module checks new passwords against dictionary words and enforces complexity.

TSIG

• TSIG is used to sign DNS messages for secure communication.

IP Sets

• IP sets are used to group together IP addresses that can be referenced by netfilter rules.

Extended Attributes

• Extended attributes are used to store additional metadata about a file.

rkhunter

• rkhunter is used to detect rootkits and other security threats.

Mandatory Access Control (MAC)

• SELinux is an example of a Mandatory Access Control (MAC) model.

OpenVPN

• The --mlock option is used to ensure that ephemeral keys are not written to the swap space.

Scan Techniques

• Xmas Scan and FIN Scan are existing scan techniques with nmap.

Access Control Lists (ACLs)

• getfacl is used to view the access control list of a file.

FreeIPA

• The command ipa user-add usera --first User --last A is used to add a new user to FreeIPA.

Man-in-the-Middle Attack

• A man-in-the-middle attack is an attack that intercepts communications between two parties to steal information.

OpenVPN Options

• The --tls-timeout 5 option changes the timeout period to 5 seconds.

Certificate Chaining

• A certificate chain is a sequence of certificates used to verify the authenticity of a digital certificate.

Network Security

• The iptables command is used to change the source IP address to 192.0.2.11 for all IPv4 packets which go through the network interface eth0.

Trojan

• A Trojan is a type of malware that disguises itself as legitimate software.

Rogue Access Point

• A rogue access point is an unauthorized access point that is set up to look like a legitimate one.

DNSSEC

• The dnssec-keygen command is used to generate DNSSEC keys.

Certificate Authority (CA)

• A Certificate Authority (CA) is used to issue and sign X.509 certificates.

Linux Malware Detect

• Linux Malware Detect is a tool to detect malware on a Linux system.

Linux Audit System

• The Linux Audit system is used to detect intrusions and system changes.

DoS Attack

• A DoS attack is an attack that floods a network or server with traffic to make it unavailable.

Trust Anchor

• A trust anchor is a root certificate that is trusted by a particular CA.

Linux Audit System

• The Linux Audit system provides a way to track and monitor system access and changes.

File Ownership

• File ownership is used to restrict access to files only to their owner.

File Permissions

• The chmod command is used to set the permissions of a file in Linux.

DNS Records

• The CAA record is used to publish X.509 certificate and certificate authority information in DNS.

DANE

• The TLSA record is used to provide information about a TLS server in DANE.

Shell and Child Processes

• The ulimit command is used to control the resources of a shell and its child processes.

Apache HTTPD

• The SSLStrictSNIVHostCheck on configuration has an effect on an Apache HTTPD virtual host.### Virtual Host and SSL
• The virtual host is used as a fallback default for all clients that do not support SNI.
• The virtual host is served only on the common name and Subject Alternative Name.

Apache HTTPD Configuration

• To require a client certificate for authentication in Apache HTTPD, use SSLVerifyClient require.

Certificate Authority

• A Root CA certificate is self-signed.
• A Root CA certificate does not include the private key of the CA.
• A Root CA certificate must contain an X509v3 Authority extension.

Host Intrusion Detection (HID)

• HID monitors for unauthorized access attempts.
• To implement HID, configure it to alert security personnel of potential security incidents.
• HID does not provide automatic removal of detected threats.

SELinux Permissions

• SELinux permissions are verified after standard Linux permissions.
• SELinux permissions do not override standard Linux permissions.

Linux Commands

• chown is used to set the owner and group of a file in Linux.
• openvas-nvt-sync is the command to update NVTs from the OpenVAS NVT feed.

Wireshark Capture Filters

• tcp portrange 10000-15000 is a valid Wireshark capture filter.

Linux Security

• cron can be used to automate host scans on a Linux system.
• ip is used to set the owner and group of a file in Linux.

Access Control List (ACL)

• An ACL specifies fine-grained permissions for users and groups.

Authentication

• Kerberos authentication was added to NFS in version 4.

OCSP Stapling

• OCSP stapling allows a server to provide proof of the revocation status of its own SSL/TLS certificate.

FreeIPA

• ipa-server-install installs and configures a new FreeIPA server, including all sub-components, and creates a new FreeIPA domain.

OpenSSL Commands

• openssl req –new –key private/keypair.pem –out req/csr.pem generates a certificate signing request (CSR) using the already existing private key contained in the file private/keypair.pem.

Cryptography

• Cryptography is the art of sending secret messages.

HID Monitoring

• HID monitors for unauthorized access attempts.

Ciphertext and Plaintext

• Ciphertext is the encrypted message.
• Plaintext is the original message before encryption.

Audit Rule

• auditctl –w /etc/firewall/rules –p rw –k firewall defines an audit rule that monitors read and write operations to the file /etc/firewall/rules and associates the rule with the name firewall.

Rootkit

• A rootkit is a type of malware that disguises itself as legitimate software.

ebtables Rules

• ebtables -t filter –L –v displays all ebtable rules contained in the table filter, including their packet and byte counters.

Snort-stat

• Snort-stat displays statistics from the running Snort process.

Rootkits on Linux

• chkrootkit is a tool that can be used to check for rootkits on a Linux system.

LUKS Device

• cryptsetup luksDelKey /dev/sda 1 0 deletes the first key from the LUKS device /dev/sda.

eCryptfs

• eCryptfs is a stacked cryptographic filesystem for Linux.
• eCryptfs encrypts files and directories in Linux.

FreeIPA Components

• FreeIPA includes a Kerberos KDC, Public Key Infrastructure, and Directory Server.

DNSSEC

• TSIG is used to authenticate name servers in order to perform secured zone transfers.
• DNSSEC signs the DNS zone using a key signing key.

X.509 Certificates

• An X.509 certificate contains the identity of a website.
• An X.509 certificate is used to verify the identity of a website.

Certificate Revocation List (CRL)

• A CRL is a list of X.509 certificates that have been revoked by a particular CA.

DNSKEY Record

• The DNSKEY record is used to sign a DNS zone.

Host Intrusion Detection (HID)

• HID monitors and detects potential security threats on a single computer or server.

Phishing

• Phishing is a type of social engineering attack that exploits human psychology to gain access to sensitive information.

AIDE

• AIDE is used to detect intrusions and system changes.

Social Engineering

• Social engineering is a type of attack that exploits human psychology to gain access to sensitive information.

DNS over TLS and DNS over HTTPS

• DNS over TLS and DNS over HTTPS provide secure communication between DNS clients and servers.

Description

This quiz covers essential security concepts, including file sharing, private key management, DNS security, and SELinux. Test your knowledge of LPIC-3 security principles!