LPIC-3 Security Fundamentals

Study Flashcards Play Quiz

Questions and Answers

What is the purpose of rkhunter?

To detect rootkits and other security threats

What is the purpose of a Certificate Authority (CA)?

To issue and sign X.509 certificates

What is the purpose of file ownership in Linux systems? File ownership is used to restrict access to files only to their ______.

owner

A trust anchor is a root certificate that is trusted by a particular CA.

True Signup and view all the answers

Match the following authentication methods with NFS version 4:

Kerberos authentication = A SSH hostkey authentication = B Winbind authentication = C SSL certificate authentication = D Signup and view all the answers

Determine whether the given solution is correct?

Correct Signup and view all the answers

Which of the following openssl commands generates a certificate signing request (CSR) using the already existing private key contained in the file private/keypair.pem?

openssl req – new -key private/keypair.pem –out req/csr.pem Signup and view all the answers

What is Cryptography?

The art of sending secret messages Signup and view all the answers

What type of activity does HID monitor for?

Unauthorized access attempts Signup and view all the answers

Which of the following is NOT a benefit of using HID?

Provides automatic removal of detected threats Signup and view all the answers

What is a ciphertext?

The encrypted message Signup and view all the answers

Which of the following commands defines an audit rule that monitors read and write operations to the file /etc/firewall/rules and associates the rule with the name firewall?

auditctl –w /etc/firewall/rules –p rw –k firewall Signup and view all the answers

What is a rootkit?

A type of malware that disguises itself as legitimate software Signup and view all the answers

Which of the following commands displays all ebtable rules contained in the table filter including their packet and byte counters?

ebtables -t filter –L --Lc Signup and view all the answers

What is a plaintext?

The original message before encryption Signup and view all the answers

Which protocol is commonly used to transmit X.509 certificates?

LDAP Signup and view all the answers

What is the purpose of the program snort-stat?

It reads syslog files containing Snort information and generates port scan statistics. Signup and view all the answers

Which tool can be used to check for rootkits on a Linux system?

chkrootkit Signup and view all the answers

What happens when the command 'getfattr afile' is run while the file 'afile' has no extended attributes set?

No output is produced and getfattr exits with a value of 0. Signup and view all the answers

What option of mount.cifs specifies the user that appears as the local owner of the files of a mounted CIFS share when the server does not provide ownership information?

uid Signup and view all the answers

Which of the following practices are important for the security of private keys? (Choose TWO correct answers)

Private keys should be included in X509 certificates Signup and view all the answers

What is the purpose of NSEC3 in DNSSEC?

To prevent zone enumeration Signup and view all the answers

Which command is used to run a new shell for a user changing the SELinux context?

newrole Signup and view all the answers

Which file is used to configure AIDE?

/etc/aide/aide.conf Signup and view all the answers

What is the purpose of ndpmon?

It monitors the network for neighbor discovery messages from new IPv6 hosts and routers Signup and view all the answers

What is an asymmetric key?

A key used for both encryption and decryption that is generated in a pair Signup and view all the answers

Which of the following is an example of a behavioral-based HID technique?

Anomaly-based detection Signup and view all the answers

Which command revokes ACL-based write access for groups and named users on the file afile?

setfacl ~m mask: : rx afile Signup and view all the answers

Which command is used to set an extended attribute on a file in Linux?

setfattr Signup and view all the answers

Match the following database names with their usage:

Python = General-purpose programming JavaScript = Client-side scripting for web applications SQL = Database queries CSS = Styling web pages Signup and view all the answers

What is a buffer overflow?

A type of software vulnerability Signup and view all the answers

Which tool can be used to manage the Linux Audit system?

auditd Signup and view all the answers

What is the difference between a SetUID and SetGID bit?

SetUID allows a file to be executed with the permissions of the file owner, while SetGID allows a file to be executed with the permissions of the group owner Signup and view all the answers

Which of the following expressions are valid AIDE rules? (Choose TWO correct answers)

!/var/run/.* Signup and view all the answers

Study Notes

LPIC-3 Security

The uid option in mount.cifs specifies the user that appears as the local owner of the files of a mounted CIFS share when the server does not provide ownership information.

Private Keys

Private keys should be created on the systems where they will be used and should never leave them.
Private keys should have a sufficient length for the algorithm used for key generation.

DNSSEC

NSEC3 is used to prevent zone enumeration.

SELinux

The newrole command is used to run a new shell for a user changing the SELinux context.

AIDE

The aide.conf file is used to configure AIDE.
! is used to negate a pattern in AIDE rules.

Asymmetric Keys

An asymmetric key is a key used for both encryption and decryption that is generated in a pair.

Behavioral-Based HIDS

Anomaly-based detection is an example of a behavioral-based HIDS technique.

Linux Audit System

The ausearch command is used to search and filter the audit log.

Package Management Tools

RPM and DPKG are package management tools that can be used to verify the integrity of installed files on a Linux system.

Honeypots

A honeypot is a network security tool designed to lure attackers into a trap.

DNSSEC Validation

A recursive name server is used to perform DNSSEC validation on behalf of clients.

Trust between FreeIPA and Active Directory

The command ipa trust-add --type ad addom --admin Administrator --password is used to establish a trust between a FreeIPA domain and an Active Directory domain.

NTOP

The command ntop --set-admin-password=testing123 is used to set the administrator password for ntop.

Symmetric Keys

A symmetric key is a key used for encryption and decryption that is the same.

Privilege Escalation

Privilege escalation is an attack that exploits a vulnerability to gain elevated privileges.

PAM Modules

The pam_cracklib module checks new passwords against dictionary words and enforces complexity.

TSIG

TSIG is used to sign DNS messages for secure communication.

IP Sets

IP sets are used to group together IP addresses that can be referenced by netfilter rules.

Extended Attributes

Extended attributes are used to store additional metadata about a file.

rkhunter

rkhunter is used to detect rootkits and other security threats.

Mandatory Access Control (MAC)

SELinux is an example of a Mandatory Access Control (MAC) model.

OpenVPN

The --mlock option is used to ensure that ephemeral keys are not written to the swap space.

Scan Techniques

Xmas Scan and FIN Scan are existing scan techniques with nmap.

Access Control Lists (ACLs)

getfacl is used to view the access control list of a file.

FreeIPA

The command ipa user-add usera --first User --last A is used to add a new user to FreeIPA.

Man-in-the-Middle Attack

A man-in-the-middle attack is an attack that intercepts communications between two parties to steal information.

OpenVPN Options

The --tls-timeout 5 option changes the timeout period to 5 seconds.

Certificate Chaining

A certificate chain is a sequence of certificates used to verify the authenticity of a digital certificate.

Network Security

The iptables command is used to change the source IP address to 192.0.2.11 for all IPv4 packets which go through the network interface eth0.

Trojan

A Trojan is a type of malware that disguises itself as legitimate software.

Rogue Access Point

A rogue access point is an unauthorized access point that is set up to look like a legitimate one.

DNSSEC

The dnssec-keygen command is used to generate DNSSEC keys.

Certificate Authority (CA)

A Certificate Authority (CA) is used to issue and sign X.509 certificates.

Linux Malware Detect

Linux Malware Detect is a tool to detect malware on a Linux system.

Linux Audit System

The Linux Audit system is used to detect intrusions and system changes.

DoS Attack

A DoS attack is an attack that floods a network or server with traffic to make it unavailable.

Trust Anchor

A trust anchor is a root certificate that is trusted by a particular CA.

Linux Audit System

The Linux Audit system provides a way to track and monitor system access and changes.

File Ownership

File ownership is used to restrict access to files only to their owner.

File Permissions

The chmod command is used to set the permissions of a file in Linux.

DNS Records

The CAA record is used to publish X.509 certificate and certificate authority information in DNS.

DANE

The TLSA record is used to provide information about a TLS server in DANE.

Shell and Child Processes

The ulimit command is used to control the resources of a shell and its child processes.

Apache HTTPD

The SSLStrictSNIVHostCheck on configuration has an effect on an Apache HTTPD virtual host.### Virtual Host and SSL
The virtual host is used as a fallback default for all clients that do not support SNI.
The virtual host is served only on the common name and Subject Alternative Name.

Apache HTTPD Configuration

To require a client certificate for authentication in Apache HTTPD, use SSLVerifyClient require.

Certificate Authority

A Root CA certificate is self-signed.
A Root CA certificate does not include the private key of the CA.
A Root CA certificate must contain an X509v3 Authority extension.

Host Intrusion Detection (HID)

HID monitors for unauthorized access attempts.
To implement HID, configure it to alert security personnel of potential security incidents.
HID does not provide automatic removal of detected threats.

SELinux Permissions

SELinux permissions are verified after standard Linux permissions.
SELinux permissions do not override standard Linux permissions.

Linux Commands

chown is used to set the owner and group of a file in Linux.
openvas-nvt-sync is the command to update NVTs from the OpenVAS NVT feed.

Wireshark Capture Filters

tcp portrange 10000-15000 is a valid Wireshark capture filter.

Linux Security

cron can be used to automate host scans on a Linux system.
ip is used to set the owner and group of a file in Linux.

Access Control List (ACL)

An ACL specifies fine-grained permissions for users and groups.

Authentication

Kerberos authentication was added to NFS in version 4.

OCSP Stapling

OCSP stapling allows a server to provide proof of the revocation status of its own SSL/TLS certificate.

FreeIPA

ipa-server-install installs and configures a new FreeIPA server, including all sub-components, and creates a new FreeIPA domain.

OpenSSL Commands

openssl req –new –key private/keypair.pem –out req/csr.pem generates a certificate signing request (CSR) using the already existing private key contained in the file private/keypair.pem.

Cryptography

Cryptography is the art of sending secret messages.

HID Monitoring

HID monitors for unauthorized access attempts.

Ciphertext and Plaintext

Ciphertext is the encrypted message.
Plaintext is the original message before encryption.

Audit Rule

auditctl –w /etc/firewall/rules –p rw –k firewall defines an audit rule that monitors read and write operations to the file /etc/firewall/rules and associates the rule with the name firewall.

Rootkit

A rootkit is a type of malware that disguises itself as legitimate software.

ebtables Rules

ebtables -t filter –L –v displays all ebtable rules contained in the table filter, including their packet and byte counters.

Snort-stat

Snort-stat displays statistics from the running Snort process.

Rootkits on Linux

chkrootkit is a tool that can be used to check for rootkits on a Linux system.

LUKS Device

cryptsetup luksDelKey /dev/sda 1 0 deletes the first key from the LUKS device /dev/sda.

eCryptfs

eCryptfs is a stacked cryptographic filesystem for Linux.
eCryptfs encrypts files and directories in Linux.

FreeIPA Components

FreeIPA includes a Kerberos KDC, Public Key Infrastructure, and Directory Server.

DNSSEC

TSIG is used to authenticate name servers in order to perform secured zone transfers.
DNSSEC signs the DNS zone using a key signing key.

X.509 Certificates

An X.509 certificate contains the identity of a website.
An X.509 certificate is used to verify the identity of a website.

Certificate Revocation List (CRL)

A CRL is a list of X.509 certificates that have been revoked by a particular CA.

DNSKEY Record

The DNSKEY record is used to sign a DNS zone.

Host Intrusion Detection (HID)

HID monitors and detects potential security threats on a single computer or server.

Phishing

Phishing is a type of social engineering attack that exploits human psychology to gain access to sensitive information.

AIDE

AIDE is used to detect intrusions and system changes.

Social engineering is a type of attack that exploits human psychology to gain access to sensitive information.

DNS over TLS and DNS over HTTPS

DNS over TLS and DNS over HTTPS provide secure communication between DNS clients and servers.

Studying That Suits You

Use AI to generate personalized quizzes and flashcards to suit your learning preferences.