Network Monitoring Techniques
100 Questions
0 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What is the purpose of the command used to set an extended attribute on a file in Linux?

  • To get the attributes of a file
  • To revoke ACL-based write access for groups and named users on a file
  • To set ACL-based permissions on a file
  • To set an extended attribute on a file (correct)
  • What type of key is used for both encryption and decryption that is generated in a pair?

  • Public key
  • Private key
  • Symmetric key
  • Asymmetric key (correct)
  • What is an example of a behavioral-based HID technique?

  • Signature-based detection
  • Heuristic-based detection
  • Anomaly-based detection (correct)
  • Rule-based detection
  • Which command is used to revoke ACL-based write access for groups and named users on a file?

    <p>setfacl ~m mask: : rx afile</p> Signup and view all the answers

    What is the purpose of monitoring remote hosts by periodically sending echo requests to them?

    <p>To monitor the availability of remote hosts</p> Signup and view all the answers

    Which of the following is NOT a database name that can be used within a Name Service Switch (NSS) configuration file?

    <p>network</p> Signup and view all the answers

    What is the correct option in an Apache HTTPD configuration file to enable OCSP stapling?

    <p>SSLUseStapling</p> Signup and view all the answers

    What is the purpose of the setfacl command in Linux?

    <p>To set ACL-based permissions on a file</p> Signup and view all the answers

    What is the command used to determine whether the given solution is correct?

    <p>ausearch</p> Signup and view all the answers

    Which package management tools can be used to verify the integrity of installed files on a Linux system?

    <p>RPM and DPKG</p> Signup and view all the answers

    What is a honeypot?

    <p>A network security tool designed to lure attackers into a trap</p> Signup and view all the answers

    Which of the following is used to perform DNSSEC validation on behalf of clients?

    <p>Recursive name server</p> Signup and view all the answers

    Which command establishes a trust between a FreeIPA domain and an Active Directory domain?

    <p>ipa trust-add --type ad addom --admin Administrator --password</p> Signup and view all the answers

    What is the command used to set the administrator password for ntop to testing 123?

    <p>ntop --set-admin-password=testing123</p> Signup and view all the answers

    What is a symmetric key?

    <p>A key used for both encryption and decryption that is the same</p> Signup and view all the answers

    What is privilege escalation?

    <p>A type of attack that allows an attacker to gain elevated access</p> Signup and view all the answers

    What is the primary purpose of Linux Malware Detect?

    <p>To detect malware on a Linux system</p> Signup and view all the answers

    What is a rogue access point?

    <p>An unauthorized access point that is set up to look like a legitimate one</p> Signup and view all the answers

    What is the command, included in BIND, that generates DNSSEC keys?

    <p>dnssec-keygen</p> Signup and view all the answers

    What is a Trojan?

    <p>A type of malware that disguises itself as legitimate software</p> Signup and view all the answers

    Which of the following is a valid client configuration for FreeRADIUS?

    <p>client private-network-1 { ip = 192.0.2.0/24 secret = testing123-1 }</p> Signup and view all the answers

    Which DNS record types can the command dnssec-signzone add to a zone?

    <p>NSEC, NSEC3, RRSIG</p> Signup and view all the answers

    What is the purpose of file ownership in Linux systems?

    <p>To restrict access to files only to their owner</p> Signup and view all the answers

    Which of the following is NOT a purpose of managing system log files?

    <p>To automate host scans</p> Signup and view all the answers

    What does the SSLStrictSNIVHostCheck configuration option do in an Apache HTTPD virtual host?

    <p>Serves the virtual host only to clients that support SNI</p> Signup and view all the answers

    Which of the following statements is true about a Root CA's certificate?

    <p>It is a self-signed certificate</p> Signup and view all the answers

    What is a best practice for implementing HID?

    <p>Configuring HID to alert security personnel of potential security incidents</p> Signup and view all the answers

    What is the purpose of the SSLVerifyClient directive in Apache HTTPD?

    <p>To require a client certificate for authentication</p> Signup and view all the answers

    What is a characteristic of a Root CA's certificate?

    <p>It is a self-signed certificate</p> Signup and view all the answers

    What is NOT a recommended approach for implementing HID?

    <p>Disabling HID when not actively monitoring for security incidents</p> Signup and view all the answers

    Which parameter to openssl s_client specifies the host name to use for TLS Server Name Indication?

    <p>-servername</p> Signup and view all the answers

    Which of the following lines in an OpenSSL configuration adds an X.509v3 Subject Alternative Name extension for the host names example.org and www.example.org to a certificate?

    <p>subjectAltName = DNS: <a href="http://www.example.org">www.example.org</a>, DNS:example.org</p> Signup and view all the answers

    What is a buffer overflow?

    <p>A type of software vulnerability</p> Signup and view all the answers

    Which tool can be used to manage the Linux Audit system?

    <p>auditd</p> Signup and view all the answers

    What is the difference between a SetUID and SetGID bit?

    <p>SetUID allows a file to be executed with the permissions of the file owner, while SetGID allows a file to be executed with the permissions of the group owner</p> Signup and view all the answers

    Which of the following expressions are valid AIDE rules?

    <p>!/var/run/.*</p> Signup and view all the answers

    Which command included in the Linux Audit system provides searching and filtering of the audit log?

    <p>ausearch</p> Signup and view all the answers

    What is the purpose of the command included in the Linux Audit system that provides searching and filtering of the audit log?

    <p>To search and filter the audit log</p> Signup and view all the answers

    What is the purpose of monitoring remote hosts by periodically sending echo requests to them?

    <p>To monitor remote hosts for availability</p> Signup and view all the answers

    What type of key is used for encryption and decryption that is generated in a pair?

    <p>Asymmetric key</p> Signup and view all the answers

    Which of the following is an example of a behavioral-based HID technique?

    <p>Anomaly-based detection</p> Signup and view all the answers

    Which command is used to set an extended attribute on a file in Linux?

    <p>setfattr</p> Signup and view all the answers

    Which option in an Apache HTTPD configuration file enables OCSP stapling?

    <p>SSLStapling</p> Signup and view all the answers

    Which of the following database names can be used within a Name Service Switch (NSS) configuration file?

    <p>host</p> Signup and view all the answers

    What is the purpose of the setfacl command in Linux?

    <p>To set ACL-based permissions on files</p> Signup and view all the answers

    Which of the following commands revokes ACL-based write access for groups and named users on a file?

    <p>setfacl ~m mask: : rx</p> Signup and view all the answers

    What is the purpose of the command iptables -t mangle -A POSTROUTING -o eth0 -j SNAT –to-source 192.0.2.11?

    <p>To set up source Network Address Translation (NAT)</p> Signup and view all the answers

    Which of the following statements is used in a parameter file for setkey to create a new SPD entry?

    <p>spdadd</p> Signup and view all the answers

    Which DNS record type is used in DNSSEC?

    <p>RRSIG</p> Signup and view all the answers

    What is the purpose of a Certificate Authority (CA)?

    <p>To issue and sign X.509 certificates</p> Signup and view all the answers

    Which directive is used in an OpenVPN server configuration to send network configuration information to the client?

    <p>push</p> Signup and view all the answers

    Which sections are allowed within the Kerberos configuration file krb5.conf?

    <p>[plugins], [capaths], [realms]</p> Signup and view all the answers

    What is the purpose of the Linux Audit system?

    <p>To track and record system events</p> Signup and view all the answers

    Which command adds users using SSSD's local service?

    <p>sss_useradd</p> Signup and view all the answers

    Which tool can be used to check for rootkits on a Linux system?

    <p>chkrootkit</p> Signup and view all the answers

    What happens when the command getfattr afile is run while the file afile has no extended attributes set?

    <p>No output is produced and getfattr exits with a value of 0</p> Signup and view all the answers

    Given a LUKS device mapped using the command cryptsetup luksOpen /dev/sda1 crypt-vol, which of the following commands deletes only the first key?

    <p>cryptsetup luksDelKey /dev/sda 1 1</p> Signup and view all the answers

    Which of the following statements is true regarding eCryptfs?

    <p>eCryptfs cannot be used to encrypt only directories that are the home directory of a regular Linux user.</p> Signup and view all the answers

    Which of the following commands disables the automatic password expiry for the user usera?

    <p>chage --maxdays -1 usera</p> Signup and view all the answers

    What is the role of the cryptsetup luksOpen command?

    <p>To map a LUKS device to a file system</p> Signup and view all the answers

    What is the purpose of the getfattr command?

    <p>To get an extended attribute from a file</p> Signup and view all the answers

    Which command is used to delete a key from a LUKS device?

    <p>cryptsetup luksDelKey</p> Signup and view all the answers

    Which command defines an audit rule that monitors read and write operations to the file /etc/firewall/rules and associates the rule with the name firewall?

    <p>auditctl –w /etc/firewall/rules –p rw –k firewall</p> Signup and view all the answers

    A rootkit is a type of virus.

    <p>False</p> Signup and view all the answers

    What is plaintext?

    <p>The original message before encryption</p> Signup and view all the answers

    The protocol commonly used to transmit X.509 certificates is ___________________.

    <p>LDAP</p> Signup and view all the answers

    Match the following commands with their purposes:

    <p>auditctl = defines an audit rule snort-stat = displays statistics from the running Snort process ebtables = displays all ebtable rules contained in the table filter including their packet and byte counters</p> Signup and view all the answers

    The ebtables command displays all ebtable rules contained in the table filter including their packet and byte counters.

    <p>True</p> Signup and view all the answers

    What is the purpose of the program snort-stat?

    <p>It displays statistics from the running Snort process</p> Signup and view all the answers

    The ___________________ protocol is commonly used to transmit X.509 certificates.

    <p>LDAP</p> Signup and view all the answers

    What is the purpose of NSEC3 in DNSSEC?

    <p>To prevent zone enumeration</p> Signup and view all the answers

    The command newrole is used to run a new shell for a user changing the SELinux context.

    <p>True</p> Signup and view all the answers

    What is the purpose of ndpmon?

    <p>To monitor the network for neighbor discovery messages from new IPv6 hosts and routers.</p> Signup and view all the answers

    The file ______________ is used to configure AIDE.

    <p>/etc/aide/aide.conf</p> Signup and view all the answers

    What is the option of mount.cifs that specifies the user that appears as the local owner of the files of a mounted CIFS share when the server does not provide ownership information?

    <p>uid=arg</p> Signup and view all the answers

    Match the following practices with their importance for the security of private keys:

    <p>Private keys should be created on the systems where they will be used and should never leave them = Important Private keys should be uploaded to public key servers = Not important Private keys should have a sufficient length for the algorithm used for key generation = Important Private keys should always be stored as plain text files without any encryption = Not important</p> Signup and view all the answers

    What is the purpose of a Certificate Authority (CA)?

    <p>To issue and manage digital certificates</p> Signup and view all the answers

    The command ipa-server-install installs and configures a new FreeIPA server, including all sub-components, and creates a new FreeIPA domain.

    <p>True</p> Signup and view all the answers

    What is the correct openssl command to generate a certificate signing request (CSR) using an existing private key?

    <p>openssl req –new -key private/keypair.pem –out req/csr.pem</p> Signup and view all the answers

    Cryptography is the art of sending ______________ messages.

    <p>secret</p> Signup and view all the answers

    What type of activity does HID monitor for?

    <p>Unauthorized access attempts</p> Signup and view all the answers

    Match the following terms with their definitions:

    <p>Ciphertext = The encrypted message HID = Host-based Intrusion Detection CSR = Certificate Signing Request CA = Certificate Authority</p> Signup and view all the answers

    HID provides automatic removal of detected threats.

    <p>False</p> Signup and view all the answers

    What is the purpose of a Certificate Revocation List (CRL)?

    <p>A mechanism that allows a server to provide proof of the revocation status of all certificates issued by a particular Certificate Authority</p> Signup and view all the answers

    What is an attack that floods a network or server with traffic to make it unavailable?

    <p>Denial of Service (DoS) attack</p> Signup and view all the answers

    When OpenVPN sends a control packet to its peer, it expects an acknowledgement in 5 seconds by default.

    <p>False</p> Signup and view all the answers

    What is the purpose of rkhunter?

    <p>To detect rootkits and other security threats</p> Signup and view all the answers

    The _______ permission bit allows a user to delete a file.

    <p>Write</p> Signup and view all the answers

    Which of the following commands changes the source IP address to 192.0.2.11 for all IPv4 packets which go through the network interface eth0?

    <p>iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 192.0.2.11</p> Signup and view all the answers

    Match the following security threats with their descriptions:

    <p>Rootkit = A malicious software that hides itself in a system Certificate chain = A sequence of certificates used to verify the authenticity of a digital certificate Rogue access point = A wireless access point that is set up by an attacker to eavesdrop on wireless communications</p> Signup and view all the answers

    A _______ is a chain of digital signatures used to verify the authenticity of a certificate.

    <p>Certificate chain</p> Signup and view all the answers

    Rkhunter is used to manage system log files.

    <p>False</p> Signup and view all the answers

    What is the purpose of an extended attribute in Linux?

    <p>To store additional metadata about a file</p> Signup and view all the answers

    The pam_cracklib module checks new passwords against dictionary words and enforces complexity.

    <p>True</p> Signup and view all the answers

    What is the purpose of TSIG in DNS?

    <p>To sign DNS messages for secure communication</p> Signup and view all the answers

    The purpose of IP sets is to group together IP addresses that can be referenced by ____________________.

    <p>netfilter rules</p> Signup and view all the answers

    Which of the following is an attack that targets a specific user or organization?

    <p>None of the above</p> Signup and view all the answers

    Match the following file with its configuration purpose:

    <p>rkhunter = configuration file /etc/rkhunter.conf = used to configure rkhunter /etc/audit/auditd.conf = used to configure auditd /etc/aide/aide.conf = used to configure aide</p> Signup and view all the answers

    The command iptables -A INPUT -d 10.142.232.1 -p tcp --dport 20:21 -j ACCEPT forwards all TCP traffic not on port 20 or 21 to the IP address 10.142.232.1.

    <p>False</p> Signup and view all the answers

    What is the purpose of the pam_cracklib module?

    <p>To check new passwords against dictionary words and enforce complexity.</p> Signup and view all the answers

    Study Notes

    Network Monitoring and Security

    • A monitoring tool can be used to monitor remote hosts by periodically sending echo requests to them.
    • It can also monitor the availability of a network link by querying network interfaces.

    Cryptography and Keys

    • An asymmetric key is a key used for both encryption and decryption that is generated in a pair.
    • A symmetric key is a key used for encryption and decryption that is the same.

    Host-Based Intrusion Detection (HID)

    • A behavioral-based HID technique is an example of anomaly-based detection.
    • HID can be used to monitor log files for failed login attempts in order to block traffic from offending network nodes.

    Linux and File Management

    • The setfacl command is used to set or modify ACL (Access Control List) permissions on a file.
    • The setfattr command is used to set an extended attribute on a file in Linux.

    Apache HTTPD and SSL

    • The httpd-ssl.conf file is not the correct solution for enabling OCSP stapling in an Apache HTTPD configuration file.
    • The SSLStrictSNIVHostCheck configuration option makes Apache HTTPD require a client certificate for authentication.

    Database and NSS

    • The shadow, passwd, and group databases can be used within a Name Service Switch (NSS) configuration file.

    OpenSSL and Certificates

    • The openssl s_client command can be used to specify the host name to use for TLS Server Name Indication (SNI).
    • The subjectAltName parameter is used to add an X509v3 Subject Alternative Name extension to a certificate.

    Security Threats and Vulnerabilities

    • A buffer overflow is a type of software vulnerability.
    • A Trojan is a type of malware that disguises itself as legitimate software.
    • A rogue access point is an unauthorized access point that is set up to look like a legitimate one.

    Linux Audit and AIDE

    • The auditd command is used to manage the Linux Audit system.
    • AIDE (Advanced Intrusion Detection Environment) is a tool used to detect malware on a Linux system.
    • The ausearch command is used to provide searching and filtering of the audit log.

    Package Management and Verification

    • The RPM and DPKG package management tools can be used to verify the integrity of installed files on a Linux system.

    Honeypot and DNS

    • A honeypot is a network security tool designed to lure attackers into a trap.
    • Recursive name servers are used to perform DNSSEC validation on behalf of clients.

    FreeIPA and Active Directory

    • The ipa trust-add command is used to establish a trust between a FreeIPA domain and an Active Directory domain.

    ntop and Malware Detection

    • The ntop command is used to set the administrator password for ntop.
    • Linux Malware Detect is a tool used to detect malware on a Linux system.

    Privilege Escalation and File Ownership

    • Privilege escalation is the act of exploiting a bug or vulnerability to gain elevated access to a system or network.
    • File ownership in Linux systems is used to restrict access to files, enable multiple users to access files simultaneously, and to ensure that files are backed up regularly.

    Apache HTTPD and SSL/TLS

    • The SSLVerifyClient configuration option is used to make Apache HTTPD require a client certificate for authentication.
    • The dnssec-keygen command is used to generate DNSSEC keys.

    DNS and DNSSEC

    • The dnssec-signzone command is used to add DNSSEC records to a zone.
    • The NSEC, NSEC3, and RRSIG DNS record types can be added to a zone using the dnssec-signzone command.

    FreeRADIUS and Client Configuration

    • The client configuration stanza is used to specify a client configuration for FreeRADIUS.
    • The ipaddr and secret parameters are used to specify the IP address and password for a client configuration.

    CA and Certificate Management

    • A Root CA certificate is a self-signed certificate that does not include the private key of the CA.
    • The Require valid-x509 configuration option is used to make Apache HTTPD require a client certificate for authentication.

    HID and Security Best Practices

    • A best practice for implementing HID is to configure it to alert security personnel of potential security incidents.
    • HID should not be installed on every computer in the network, and should not be disabled when not actively monitoring for security incidents.

    SELinux and Permissions

    • SELinux permissions are related to standard Linux permissions in that they provide additional access controls for files and system resources.
    • SELinux permissions can be used to restrict access to files and system resources, and to provide additional security features.

    Network Monitoring

    • ICMP echo requests are sent periodically to remote hosts to monitor their availability.
    • Network links are monitored by querying network interfaces.

    Cryptography

    • Asymmetric keys are used for encryption and decryption, where one key is used for encryption and another key is used for decryption.
    • These keys are generated in a pair.

    Access Control

    • SetUID allows a file to be executed with the permissions of the file owner.
    • SetGID allows a file to be executed with the permissions of the group owner.

    Database Configuration

    • NSS (Name Service Switch) configuration files can contain database names such as shadow, passwd, and group.

    OpenSSL

    • The -servername parameter specifies the host name to use for TLS Server Name Indication.

    Certificate Management

    • A Certificate Authority (CA) issues and signs X.509 certificates.

    Linux File System

    • setfattr is used to set extended attributes on a file.
    • getfattr is used to view the extended attributes of a file.

    Linux Security

    • Linux Audit system is used to monitor and track system events.
    • auditd is the tool used to manage the Linux Audit system.

    Denial of Service Attacks

    • A buffer overflow is a type of software vulnerability.

    System Hardening

    • SELinux (Security-Enhanced Linux) is an access control model that enforces mandatory access control.

    Network Scanning

    • Nmap is used for network scanning, and techniques include Xmas Scan, Zero Scan, and FIN Scan.

    Identity and Access Management

    • FreeIPA is an identity management system.
    • ipa user-add is the command used to add a new user to FreeIPA.

    Man-in-the-Middle Attacks

    • A man-in-the-middle attack intercepts communications between two parties to steal information.

    OpenVPN

    • openvpn is used to establish VPN connections.
    • --mlock is an option used to ensure that ephemeral keys are not written to the swap space.

    DNS Security

    • DNSSEC uses RRSIG records to provide authentication and integrity.

    Kerberos

    • Kerberos is an authentication protocol used for secure authentication.

    Linux Extended File Attributes

    • Linux Extended File Attributes are organized in namespaces such as trusted, user, and security.

    Snort Rules

    • Snort is an intrusion detection system.
    • Rules can be deactivated by placing a # in front of the rule and restarting Snort.

    Certificate Management

    • A Certificate Authority (CA) issues and signs X.509 certificates.

    Linux System Security

    • chkrootkit is a tool used to check for rootkits on a Linux system.

    LUKS

    • cryptsetup is used to manage LUKS devices.
    • cryptsetup luksDelKey is used to delete a key from a LUKS device.

    eCryptfs

    • eCryptfs is a stacked cryptographic filesystem.
    • eCryptfs can be used to encrypt directories that are the home directory of a regular Linux user.

    LPIC-3 Security

    • mount.cifs option uid=arg specifies the user that appears as the local owner of the files of a mounted CIFS share when the server does not provide ownership information.

    Private Key Security

    • Private keys should be created on the systems where they will be used and should never leave them.
    • Private keys should have a sufficient length for the algorithm used for key generation.

    DNSSEC

    • NSEC3 prevents zone enumeration.

    SELinux

    • The command newrole is used to run a new shell for a user changing the SELinux context.

    AIDE Configuration

    • The file /etc/aide/aide.conf is used to configure AIDE.

    ndpmon

    • ndpmon monitors the network for neighbor discovery messages from new IPv6 hosts and routers.

    PAM Module

    • The PAM module pam_cracklib checks new passwords against dictionary words and enforces complexity.

    TSIG

    • TSIG signs DNS messages for secure communication.

    IP Sets

    • IP sets group together IP addresses that can be referenced by netfilter rules.

    Extended Attributes

    • Extended attributes in Linux store additional metadata about a file.

    rkhunter Configuration

    • The file /etc/rkhunter.conf is used to configure rkhunter.

    TCP Packet Filtering

    • The command iptables -A INPUT -d 10.142.232.1 -p tcp --dport 20:21 -j ACCEPT filters TCP packets.

    getcifsacl

    • The output of getcifsacl may include prefixes ACL, GROUP, and SID.

    OpenVPN

    • The option --tls-timeout 5 changes the timeout period for OpenVPN control packets.

    File Permissions

    • The Write permission bit allows a user to delete a file.

    rkhunter

    • rkhunter detects rootkits and other security threats.

    Certificate Chain

    • A certificate chain is a sequence of certificates used to verify the authenticity of a digital certificate.

    IP Address Masquerading

    • The command iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 192.0.2.11 changes the source IP address to 192.0.2.11 for all IPv4 packets that go through the network interface eth0.

    FreeIPA Server

    • The command ipa-server-install installs and configures a new FreeIPA server, including all sub-components, and creates a new FreeIPA domain.

    OpenSSL

    • The command openssl req -new -key private/keypair.pem -out req/csr.pem generates a certificate signing request (CSR) using the already existing private key.

    Cryptography

    • Cryptography is the art of sending secret messages.

    HID

    • HID monitors for unauthorized access attempts.

    Ciphertext

    • A ciphertext is the encrypted message.

    Audit Rule

    • The command auditctl -w /etc/firewall/rules -p rw -k firewall defines an audit rule that monitors read and write operations to the file /etc/firewall/rules and associates the rule with the name firewall.

    Rootkit

    • A rootkit is a type of malware that disguises itself as legitimate software.

    ebtable Rules

    • The command ebtables -t filter -L --Lc displays all ebtable rules contained in the table filter, including their packet and byte counters.

    Plaintext

    • A plaintext is the original message before encryption.

    X.509 Certificate Transmission

    • The protocol LDAP is commonly used to transmit X.509 certificates.

    snort-stat

    • The program snort-stat reads syslog files containing Snort information and generates port scan statistics.

    Studying That Suits You

    Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

    Quiz Team

    Related Documents

    303-300-1.pdf

    Description

    This quiz covers various network monitoring techniques, including ping sweeps, network link availability, and log file analysis.

    More Like This

    Network Administration
    10 questions

    Network Administration

    VibrantSalamander avatar
    VibrantSalamander
    guy 6 .pdf
    17 questions

    guy 6 .pdf

    FervidSunflower avatar
    FervidSunflower
    Network Monitoring and Security
    24 questions
    Connecting Networks v6.0 Chapter 5
    40 questions
    Use Quizgecko on...
    Browser
    Browser