Network Monitoring and Security

Questions and Answers

Which of the following commands is used to view the access control list of a file?

chmod

getfacl (correct)

setfacl

ls

SELinux establishes a Mandatory Access Control (MAC) model.

True

What type of attack involves intercepting communications between two parties to steal information?

man-in-the-middle attack

The openvpn command option to ensure that ephemeral keys are not written to the swap space is __________________.

--mlock

Match the following scan techniques with nmap:

A. = Xmas Scan B. = Zero Scan C. = FIN Scan D. = IP Scan E. = UDP SYN Scan

Which of the following is NOT a namespace for Linux Extended File Attributes?

default

TCP traffic from 10.142.232.1 destined for port 20 or 21 is accepted.

True

What is the command to add a new user usera to FreeIPA?

ipa user-add usera --first User --last A

What is the purpose of ICMP echo requests in a network monitoring tool?

To monitor remote hosts for availability

Asymmetric keys are used for both encryption and decryption with the same key.

False

What is an example of a behavioral-based HID technique?

Anomaly-based detection

The command to revoke ACL-based write access for groups and named users on a file is setfacl _______________________.

~m group: * : rx, user:*: rx

Which command is used to set an extended attribute on a file in Linux?

setfattr

The option "httpd-ssl.conf" in an Apache HTTPD configuration file enables OCSP stapling.

False

Match the following database names with their corresponding uses in a Name Service Switch (NSS) configuration file:

A) host = Host database B) shadow = Shadow password database C) service = Service database D) passwd = Password database

An asymmetric key is a key used for _______________________ and decryption that is generated in a pair.

both encryption

Which of the following DNS records is used to map an IP address to a hostname?

PTR

A Certificate Revocation List (CRL) is a list of X.509 certificates that have been issued by a particular CA.

False

What is the purpose of AIDE?

to detect intrusions and system changes

Phishing is a type of _______________________ attack.

social engineering

Match the following terms with their definitions:

Host Intrusion Detection (HID) = A system that monitors and detects potential security threats on a single computer or server Social Engineering = A type of attack that manipulates users into revealing sensitive information

What is the purpose of a DNSKEY record in DNSSEC?

To sign a DNS zone

A Certificate Revocation List (CRL) is a list of public keys that have been compromised.

False

What is the term for detecting and responding to cyber threats in real-time?

intrusion detection

Study Notes

Network Monitoring

• It monitors remote hosts by periodically sending echo requests to them.

Asymmetric Keys

• An asymmetric key is a key used for both encryption and decryption that is generated in a pair.

HID Techniques

• Anomaly-based detection is a behavioral-based HID technique.

File Permissions

• The command setfacl is used to set access control lists (ACLs) on files.
• The command setfattr is used to set extended attributes on files.
• The command getfacl is used to view the access control list of a file.

DNS

• The PTR record is used to map an IP address to a hostname.
• The DNSKEY record is used to sign a DNS zone in DNSSEC.

Security

• Phishing is a type of social engineering attack.
• Social engineering is a type of attack that aims to deceive individuals into divulging sensitive information.

Access Control

• Mandatory Access Control (MAC) is an access control model established by using SELinux.

VPNs

• The --mlock option of the openvpn command is used to ensure that ephemeral keys are not written to the swap space.

Linux File Attributes

• Linux Extended File Attributes are organized in namespaces, including system, trusted, and user.

Nmap Scan Techniques

• Existing scan techniques with nmap include Xmas Scan and FIN Scan.

User Management

• The ipa user-add command is used to add a new user to FreeIPA.

Security Threats

• A man-in-the-middle attack is an attack that intercepts communications between two parties to steal information.
• A Certificate Revocation List (CRL) is a list of X.509 certificates that have been revoked by a particular CA.
• Host intrusion detection (HID) is a system that monitors and detects potential security threats on a single computer or server.
• AIDE is used to detect intrusions and system changes.

Description

Identify the correct description of a network monitoring tool and understand the concept of asymmetric key in cryptography.