100 Questions
What is the purpose of the command used to set an extended attribute on a file in Linux?
To set an extended attribute on a file
What type of key is used for both encryption and decryption that is generated in a pair?
Asymmetric key
What is an example of a behavioral-based HID technique?
Anomaly-based detection
Which command is used to revoke ACL-based write access for groups and named users on a file?
setfacl ~m mask: : rx afile
What is the purpose of monitoring remote hosts by periodically sending echo requests to them?
To monitor the availability of remote hosts
Which of the following is NOT a database name that can be used within a Name Service Switch (NSS) configuration file?
network
What is the correct option in an Apache HTTPD configuration file to enable OCSP stapling?
SSLUseStapling
What is the purpose of the setfacl command in Linux?
To set ACL-based permissions on a file
What is the command used to determine whether the given solution is correct?
ausearch
Which package management tools can be used to verify the integrity of installed files on a Linux system?
RPM and DPKG
What is a honeypot?
A network security tool designed to lure attackers into a trap
Which of the following is used to perform DNSSEC validation on behalf of clients?
Recursive name server
Which command establishes a trust between a FreeIPA domain and an Active Directory domain?
ipa trust-add --type ad addom --admin Administrator --password
What is the command used to set the administrator password for ntop to testing 123?
ntop --set-admin-password=testing123
What is a symmetric key?
A key used for both encryption and decryption that is the same
What is privilege escalation?
A type of attack that allows an attacker to gain elevated access
What is the primary purpose of Linux Malware Detect?
To detect malware on a Linux system
What is a rogue access point?
An unauthorized access point that is set up to look like a legitimate one
What is the command, included in BIND, that generates DNSSEC keys?
dnssec-keygen
What is a Trojan?
A type of malware that disguises itself as legitimate software
Which of the following is a valid client configuration for FreeRADIUS?
client private-network-1 { ip = 192.0.2.0/24 secret = testing123-1 }
Which DNS record types can the command dnssec-signzone add to a zone?
NSEC, NSEC3, RRSIG
What is the purpose of file ownership in Linux systems?
To restrict access to files only to their owner
Which of the following is NOT a purpose of managing system log files?
To automate host scans
What does the SSLStrictSNIVHostCheck configuration option do in an Apache HTTPD virtual host?
Serves the virtual host only to clients that support SNI
Which of the following statements is true about a Root CA's certificate?
It is a self-signed certificate
What is a best practice for implementing HID?
Configuring HID to alert security personnel of potential security incidents
What is the purpose of the SSLVerifyClient directive in Apache HTTPD?
To require a client certificate for authentication
What is a characteristic of a Root CA's certificate?
It is a self-signed certificate
What is NOT a recommended approach for implementing HID?
Disabling HID when not actively monitoring for security incidents
Which parameter to openssl s_client specifies the host name to use for TLS Server Name Indication?
-servername
Which of the following lines in an OpenSSL configuration adds an X.509v3 Subject Alternative Name extension for the host names example.org and www.example.org to a certificate?
subjectAltName = DNS: www.example.org, DNS:example.org
What is a buffer overflow?
A type of software vulnerability
Which tool can be used to manage the Linux Audit system?
auditd
What is the difference between a SetUID and SetGID bit?
SetUID allows a file to be executed with the permissions of the file owner, while SetGID allows a file to be executed with the permissions of the group owner
Which of the following expressions are valid AIDE rules?
!/var/run/.*
Which command included in the Linux Audit system provides searching and filtering of the audit log?
ausearch
What is the purpose of the command included in the Linux Audit system that provides searching and filtering of the audit log?
To search and filter the audit log
What is the purpose of monitoring remote hosts by periodically sending echo requests to them?
To monitor remote hosts for availability
What type of key is used for encryption and decryption that is generated in a pair?
Asymmetric key
Which of the following is an example of a behavioral-based HID technique?
Anomaly-based detection
Which command is used to set an extended attribute on a file in Linux?
setfattr
Which option in an Apache HTTPD configuration file enables OCSP stapling?
SSLStapling
Which of the following database names can be used within a Name Service Switch (NSS) configuration file?
host
What is the purpose of the setfacl command in Linux?
To set ACL-based permissions on files
Which of the following commands revokes ACL-based write access for groups and named users on a file?
setfacl ~m mask: : rx
What is the purpose of the command iptables -t mangle -A POSTROUTING -o eth0 -j SNAT –to-source 192.0.2.11?
To set up source Network Address Translation (NAT)
Which of the following statements is used in a parameter file for setkey to create a new SPD entry?
spdadd
Which DNS record type is used in DNSSEC?
RRSIG
What is the purpose of a Certificate Authority (CA)?
To issue and sign X.509 certificates
Which directive is used in an OpenVPN server configuration to send network configuration information to the client?
push
Which sections are allowed within the Kerberos configuration file krb5.conf?
[plugins], [capaths], [realms]
What is the purpose of the Linux Audit system?
To track and record system events
Which command adds users using SSSD's local service?
sss_useradd
Which tool can be used to check for rootkits on a Linux system?
chkrootkit
What happens when the command getfattr afile is run while the file afile has no extended attributes set?
No output is produced and getfattr exits with a value of 0
Given a LUKS device mapped using the command cryptsetup luksOpen /dev/sda1 crypt-vol, which of the following commands deletes only the first key?
cryptsetup luksDelKey /dev/sda 1 1
Which of the following statements is true regarding eCryptfs?
eCryptfs cannot be used to encrypt only directories that are the home directory of a regular Linux user.
Which of the following commands disables the automatic password expiry for the user usera?
chage --maxdays -1 usera
What is the role of the cryptsetup luksOpen command?
To map a LUKS device to a file system
What is the purpose of the getfattr command?
To get an extended attribute from a file
Which command is used to delete a key from a LUKS device?
cryptsetup luksDelKey
Which command defines an audit rule that monitors read and write operations to the file /etc/firewall/rules and associates the rule with the name firewall?
auditctl –w /etc/firewall/rules –p rw –k firewall
A rootkit is a type of virus.
False
What is plaintext?
The original message before encryption
The protocol commonly used to transmit X.509 certificates is ___________________.
LDAP
Match the following commands with their purposes:
auditctl = defines an audit rule snort-stat = displays statistics from the running Snort process ebtables = displays all ebtable rules contained in the table filter including their packet and byte counters
The ebtables command displays all ebtable rules contained in the table filter including their packet and byte counters.
True
What is the purpose of the program snort-stat?
It displays statistics from the running Snort process
The ___________________ protocol is commonly used to transmit X.509 certificates.
LDAP
What is the purpose of NSEC3 in DNSSEC?
To prevent zone enumeration
The command newrole is used to run a new shell for a user changing the SELinux context.
True
What is the purpose of ndpmon?
To monitor the network for neighbor discovery messages from new IPv6 hosts and routers.
The file ______________ is used to configure AIDE.
/etc/aide/aide.conf
What is the option of mount.cifs that specifies the user that appears as the local owner of the files of a mounted CIFS share when the server does not provide ownership information?
uid=arg
Match the following practices with their importance for the security of private keys:
Private keys should be created on the systems where they will be used and should never leave them = Important Private keys should be uploaded to public key servers = Not important Private keys should have a sufficient length for the algorithm used for key generation = Important Private keys should always be stored as plain text files without any encryption = Not important
What is the purpose of a Certificate Authority (CA)?
To issue and manage digital certificates
The command ipa-server-install installs and configures a new FreeIPA server, including all sub-components, and creates a new FreeIPA domain.
True
What is the correct openssl command to generate a certificate signing request (CSR) using an existing private key?
openssl req –new -key private/keypair.pem –out req/csr.pem
Cryptography is the art of sending ______________ messages.
secret
What type of activity does HID monitor for?
Unauthorized access attempts
Match the following terms with their definitions:
Ciphertext = The encrypted message HID = Host-based Intrusion Detection CSR = Certificate Signing Request CA = Certificate Authority
HID provides automatic removal of detected threats.
False
What is the purpose of a Certificate Revocation List (CRL)?
A mechanism that allows a server to provide proof of the revocation status of all certificates issued by a particular Certificate Authority
What is an attack that floods a network or server with traffic to make it unavailable?
Denial of Service (DoS) attack
When OpenVPN sends a control packet to its peer, it expects an acknowledgement in 5 seconds by default.
False
What is the purpose of rkhunter?
To detect rootkits and other security threats
The _______ permission bit allows a user to delete a file.
Write
Which of the following commands changes the source IP address to 192.0.2.11 for all IPv4 packets which go through the network interface eth0?
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 192.0.2.11
Match the following security threats with their descriptions:
Rootkit = A malicious software that hides itself in a system Certificate chain = A sequence of certificates used to verify the authenticity of a digital certificate Rogue access point = A wireless access point that is set up by an attacker to eavesdrop on wireless communications
A _______ is a chain of digital signatures used to verify the authenticity of a certificate.
Certificate chain
Rkhunter is used to manage system log files.
False
What is the purpose of an extended attribute in Linux?
To store additional metadata about a file
The pam_cracklib module checks new passwords against dictionary words and enforces complexity.
True
What is the purpose of TSIG in DNS?
To sign DNS messages for secure communication
The purpose of IP sets is to group together IP addresses that can be referenced by ____________________.
netfilter rules
Which of the following is an attack that targets a specific user or organization?
None of the above
Match the following file with its configuration purpose:
rkhunter = configuration file /etc/rkhunter.conf = used to configure rkhunter /etc/audit/auditd.conf = used to configure auditd /etc/aide/aide.conf = used to configure aide
The command iptables -A INPUT -d 10.142.232.1 -p tcp --dport 20:21 -j ACCEPT forwards all TCP traffic not on port 20 or 21 to the IP address 10.142.232.1.
False
What is the purpose of the pam_cracklib module?
To check new passwords against dictionary words and enforce complexity.
Study Notes
Network Monitoring and Security
- A monitoring tool can be used to monitor remote hosts by periodically sending echo requests to them.
- It can also monitor the availability of a network link by querying network interfaces.
Cryptography and Keys
- An asymmetric key is a key used for both encryption and decryption that is generated in a pair.
- A symmetric key is a key used for encryption and decryption that is the same.
Host-Based Intrusion Detection (HID)
- A behavioral-based HID technique is an example of anomaly-based detection.
- HID can be used to monitor log files for failed login attempts in order to block traffic from offending network nodes.
Linux and File Management
- The
setfacl
command is used to set or modify ACL (Access Control List) permissions on a file. - The
setfattr
command is used to set an extended attribute on a file in Linux.
Apache HTTPD and SSL
- The
httpd-ssl.conf
file is not the correct solution for enabling OCSP stapling in an Apache HTTPD configuration file. - The
SSLStrictSNIVHostCheck
configuration option makes Apache HTTPD require a client certificate for authentication.
Database and NSS
- The
shadow
,passwd
, andgroup
databases can be used within a Name Service Switch (NSS) configuration file.
OpenSSL and Certificates
- The
openssl s_client
command can be used to specify the host name to use for TLS Server Name Indication (SNI). - The
subjectAltName
parameter is used to add an X509v3 Subject Alternative Name extension to a certificate.
Security Threats and Vulnerabilities
- A buffer overflow is a type of software vulnerability.
- A Trojan is a type of malware that disguises itself as legitimate software.
- A rogue access point is an unauthorized access point that is set up to look like a legitimate one.
Linux Audit and AIDE
- The
auditd
command is used to manage the Linux Audit system. - AIDE (Advanced Intrusion Detection Environment) is a tool used to detect malware on a Linux system.
- The
ausearch
command is used to provide searching and filtering of the audit log.
Package Management and Verification
- The
RPM
andDPKG
package management tools can be used to verify the integrity of installed files on a Linux system.
Honeypot and DNS
- A honeypot is a network security tool designed to lure attackers into a trap.
- Recursive name servers are used to perform DNSSEC validation on behalf of clients.
FreeIPA and Active Directory
- The
ipa trust-add
command is used to establish a trust between a FreeIPA domain and an Active Directory domain.
ntop and Malware Detection
- The
ntop
command is used to set the administrator password for ntop. - Linux Malware Detect is a tool used to detect malware on a Linux system.
Privilege Escalation and File Ownership
- Privilege escalation is the act of exploiting a bug or vulnerability to gain elevated access to a system or network.
- File ownership in Linux systems is used to restrict access to files, enable multiple users to access files simultaneously, and to ensure that files are backed up regularly.
Apache HTTPD and SSL/TLS
- The
SSLVerifyClient
configuration option is used to make Apache HTTPD require a client certificate for authentication. - The
dnssec-keygen
command is used to generate DNSSEC keys.
DNS and DNSSEC
- The
dnssec-signzone
command is used to add DNSSEC records to a zone. - The
NSEC
,NSEC3
, andRRSIG
DNS record types can be added to a zone using thednssec-signzone
command.
FreeRADIUS and Client Configuration
- The
client
configuration stanza is used to specify a client configuration for FreeRADIUS. - The
ipaddr
andsecret
parameters are used to specify the IP address and password for a client configuration.
CA and Certificate Management
- A Root CA certificate is a self-signed certificate that does not include the private key of the CA.
- The
Require valid-x509
configuration option is used to make Apache HTTPD require a client certificate for authentication.
HID and Security Best Practices
- A best practice for implementing HID is to configure it to alert security personnel of potential security incidents.
- HID should not be installed on every computer in the network, and should not be disabled when not actively monitoring for security incidents.
SELinux and Permissions
- SELinux permissions are related to standard Linux permissions in that they provide additional access controls for files and system resources.
- SELinux permissions can be used to restrict access to files and system resources, and to provide additional security features.
Network Monitoring
- ICMP echo requests are sent periodically to remote hosts to monitor their availability.
- Network links are monitored by querying network interfaces.
Cryptography
- Asymmetric keys are used for encryption and decryption, where one key is used for encryption and another key is used for decryption.
- These keys are generated in a pair.
Access Control
- SetUID allows a file to be executed with the permissions of the file owner.
- SetGID allows a file to be executed with the permissions of the group owner.
Database Configuration
- NSS (Name Service Switch) configuration files can contain database names such as shadow, passwd, and group.
OpenSSL
- The
-servername
parameter specifies the host name to use for TLS Server Name Indication.
Certificate Management
- A Certificate Authority (CA) issues and signs X.509 certificates.
Linux File System
-
setfattr
is used to set extended attributes on a file. -
getfattr
is used to view the extended attributes of a file.
Linux Security
- Linux Audit system is used to monitor and track system events.
-
auditd
is the tool used to manage the Linux Audit system.
Denial of Service Attacks
- A buffer overflow is a type of software vulnerability.
System Hardening
- SELinux (Security-Enhanced Linux) is an access control model that enforces mandatory access control.
Network Scanning
- Nmap is used for network scanning, and techniques include Xmas Scan, Zero Scan, and FIN Scan.
Identity and Access Management
- FreeIPA is an identity management system.
-
ipa user-add
is the command used to add a new user to FreeIPA.
Man-in-the-Middle Attacks
- A man-in-the-middle attack intercepts communications between two parties to steal information.
OpenVPN
-
openvpn
is used to establish VPN connections. -
--mlock
is an option used to ensure that ephemeral keys are not written to the swap space.
DNS Security
- DNSSEC uses RRSIG records to provide authentication and integrity.
Kerberos
- Kerberos is an authentication protocol used for secure authentication.
Linux Extended File Attributes
- Linux Extended File Attributes are organized in namespaces such as trusted, user, and security.
Snort Rules
- Snort is an intrusion detection system.
- Rules can be deactivated by placing a
#
in front of the rule and restarting Snort.
Certificate Management
- A Certificate Authority (CA) issues and signs X.509 certificates.
Linux System Security
-
chkrootkit
is a tool used to check for rootkits on a Linux system.
LUKS
-
cryptsetup
is used to manage LUKS devices. -
cryptsetup luksDelKey
is used to delete a key from a LUKS device.
eCryptfs
- eCryptfs is a stacked cryptographic filesystem.
- eCryptfs can be used to encrypt directories that are the home directory of a regular Linux user.
LPIC-3 Security
-
mount.cifs
optionuid=arg
specifies the user that appears as the local owner of the files of a mounted CIFS share when the server does not provide ownership information.
Private Key Security
- Private keys should be created on the systems where they will be used and should never leave them.
- Private keys should have a sufficient length for the algorithm used for key generation.
DNSSEC
- NSEC3 prevents zone enumeration.
SELinux
- The command
newrole
is used to run a new shell for a user changing the SELinux context.
AIDE Configuration
- The file
/etc/aide/aide.conf
is used to configure AIDE.
ndpmon
- ndpmon monitors the network for neighbor discovery messages from new IPv6 hosts and routers.
PAM Module
- The PAM module
pam_cracklib
checks new passwords against dictionary words and enforces complexity.
TSIG
- TSIG signs DNS messages for secure communication.
IP Sets
- IP sets group together IP addresses that can be referenced by netfilter rules.
Extended Attributes
- Extended attributes in Linux store additional metadata about a file.
rkhunter Configuration
- The file
/etc/rkhunter.conf
is used to configure rkhunter.
TCP Packet Filtering
- The command
iptables -A INPUT -d 10.142.232.1 -p tcp --dport 20:21 -j ACCEPT
filters TCP packets.
getcifsacl
- The output of
getcifsacl
may include prefixesACL
,GROUP
, andSID
.
OpenVPN
- The option
--tls-timeout 5
changes the timeout period for OpenVPN control packets.
File Permissions
- The
Write
permission bit allows a user to delete a file.
rkhunter
- rkhunter detects rootkits and other security threats.
Certificate Chain
- A certificate chain is a sequence of certificates used to verify the authenticity of a digital certificate.
IP Address Masquerading
- The command
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 192.0.2.11
changes the source IP address to 192.0.2.11 for all IPv4 packets that go through the network interface eth0.
FreeIPA Server
- The command
ipa-server-install
installs and configures a new FreeIPA server, including all sub-components, and creates a new FreeIPA domain.
OpenSSL
- The command
openssl req -new -key private/keypair.pem -out req/csr.pem
generates a certificate signing request (CSR) using the already existing private key.
Cryptography
- Cryptography is the art of sending secret messages.
HID
- HID monitors for unauthorized access attempts.
Ciphertext
- A ciphertext is the encrypted message.
Audit Rule
- The command
auditctl -w /etc/firewall/rules -p rw -k firewall
defines an audit rule that monitors read and write operations to the file/etc/firewall/rules
and associates the rule with the namefirewall
.
Rootkit
- A rootkit is a type of malware that disguises itself as legitimate software.
ebtable Rules
- The command
ebtables -t filter -L --Lc
displays all ebtable rules contained in the table filter, including their packet and byte counters.
Plaintext
- A plaintext is the original message before encryption.
X.509 Certificate Transmission
- The protocol LDAP is commonly used to transmit X.509 certificates.
snort-stat
- The program
snort-stat
reads syslog files containing Snort information and generates port scan statistics.
This quiz covers various network monitoring techniques, including ping sweeps, network link availability, and log file analysis.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free