Untitled Quiz

Questions and Answers

What characterizes a partition on a physical hard drive?

• It contains only system files.
• It is a fixed division of the hard drive. (correct)
• It requires advanced management systems like LVM.
• It can be resized easily without data loss.

Which command is used to modify an existing user account in Linux?

• useradd
• userdel
• userchange
• usermod (correct)

What is a primary advantage of using logical volumes over partitions?

• They require physical volumes to be fixed in size.
• They offer a way to organize data more simply.
• They can only be used on Linux systems.
• They can be easily resized without data loss. (correct)

Which of the following correctly describes the useradd command?

It is used to create new user accounts. (D)

What does the userdel command do in Linux?

Deletes a user account from the system. (D)

What is a logical volume's most notable characteristic compared to a partition?

It allows for easier expansion and management. (B)

What is a key feature of partitions on a disk?

They can only exist in a single size. (D)

Which command syntax correctly creates a new user named 'john'?

sudo useradd john (D)

What is the first step in creating an encrypted volume using LUKS?

Install necessary tools (A)

Which command is used to format a partition with LUKS?

sudo cryptsetup luksFormat /dev/sdb1 (D)

What will you need to do after encrypting the disk to access its data?

Open the encrypted volume (D)

Which filesystem is suggested to create on the encrypted volume?

ext4 (D)

Which command can be used to add an entry to /etc/fstab for automatic mounting?

sudo blkid /dev/sdb1 (C)

What is the purpose of the command 'sudo umount /mnt/encrypted'?

To unmount the encrypted volume (B)

What should be done first after successfully encrypting a volume?

Open the volume with a passphrase (D)

Which command is used to close the encrypted volume after use?

sudo cryptsetup luksClose my_encrypted_volume (A)

What is the primary function of a DNS server?

To translate domain names into IP addresses (D)

Which type of DNS server acts as an intermediary between the user and other DNS servers?

Recursive DNS Server (A)

What role does a Root DNS Server play in the DNS query process?

It directs queries to the appropriate TLD server. (C)

What type of DNS server is responsible for handling specific domain extensions like .com or .org?

TLD DNS Server (A)

Which DNS server type temporarily stores results to improve response times for repeated queries?

Caching DNS Server (D)

What command is used to install BIND on Debian-based systems?

sudo apt-get install bind9 (D)

Which file needs to be edited to configure a DNS server in Linux using BIND?

/etc/bind/named.conf (B)

In a DNS zone file, what does the SOA record indicate?

Start of Authority (B)

What command is used to allow SSH packets through the firewall?

sudo firewall-cmd --permanent --add-service=ssh (B)

What is the purpose of the command 'sudo firewall-cmd --reload'?

To apply changes made to the firewall configuration (D)

How can you verify if the SSH rule has been successfully added to the firewall?

By executing 'sudo firewall-cmd --list-all' (B)

What does IP masquerading achieve in a private network?

It hides the private IPs behind a single public IP (A)

To permanently enable IP forwarding in Linux, which file must be edited?

/etc/sysctl.conf (B)

What command would you use to set up masquerading on a specific network interface?

sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE (B)

What is the optional step to ensure the firewall starts automatically after a reboot?

sudo systemctl enable firewalld (C)

What is the main function of a firewall?

To allow only trusted users to access the server (B)

What command is used to create a Certificate Signing Request (CSR)?

openssl req -new -key private.key -out request.csr (D)

What information must be provided when generating a CSR using OpenSSL?

Country, State, Organization, Common Name (B)

Which command is used to check the details of a certificate?

openssl x509 -in certificate.crt -text -noout (C)

What is the primary purpose of the limit module in a firewall?

To control the rate of incoming or outgoing packets (C)

How can you renew a certificate according to the content provided?

Generate a new CSR and submit it to your Certificate Authority (D)

What command do you use to revoke a certificate using OpenSSL?

openssl revoke -CAfile certificate.crt (B)

What is the function of the verify command in OpenSSL?

To check the validity of a certificate against CA certificates (D)

What does the command 'openssl genrsa -out private.key 2048' accomplish?

Generates a new private key of 2048 bits (D)

Which Apache mode provides the best scalability for handling increased traffic?

Event (D)

What is a key disadvantage of the Prefork Apache mode?

It has higher resource consumption. (C)

Which of the following is an example of a Mail User Agent (MUA)?

Gmail (C)

What protocol does a Message Transfer Agent (MTA) commonly use to send emails?

SMTP (D)

Which Apache mode is particularly suited for modern applications requiring low latency?

Event (D)

What is the primary function of a Mail Delivery Agent (MDA)?

To deliver emails to the recipient's mailbox. (C)

In what scenario is the Worker mode of Apache generally preferred?

For high traffic applications needing efficient resource use. (A)

Which of the following statements is true about the Prefork mode?

It is simple but resource-heavy. (D)

Flashcards

Partition

A fixed division of a physical storage device, like a hard drive, creating separate storage areas.

Logical Volume (LV)

A flexible, resizable storage unit managed by LVM. It can combine multiple physical devices, like multiple hard drives, and easily resize.

LVM

Logical Volume Manager. A system allowing advanced management of storage devices by grouping multiple physical devices into a single pool.

useradd

A Linux command for creating new user accounts.

usermod

A Linux command for modifying existing user accounts, like changing a password or shell.

userdel

A Linux command for deleting an existing user account.

Encrypted volume

A storage area where data is protected using encryption, making it unreadable without a password or key.

Disk setup

The process of configuring a hard drive or storage device, such as creating partitions. Often done at the start.

Encrypting a partition with LUKS

Using cryptsetup to encrypt a disk partition using the Linux Unified Key Setup (LUKS) system.

cryptsetup luksFormat

The command to initialize a disk partition for LUKS encryption. Asks for confirmation and passphrase.

cryptsetup luksOpen

The command to open/mount an encrypted volume with a passphrase.

mkfs.ext4

Creates a filesystem (ext4) on the encrypted volume.

Mapped device

A temporary virtual device that allows access to encrypted data housed in the encrypted partition.

/dev/mapper

A directory location containing the device paths for encrypted devices, making them accessible.

UUID

Unique Identifier (UUID) for the mapped volume, essential for automatic mounting.

fstab

Configuration file that automatically mounts encrypted volumes, allowing access at boot

SSH Firewall Rule

A rule that allows Secure Shell (SSH) connections through a firewall.

Firewalld Reload

Applying changes to the firewall configuration.

Firewall

A network security system that controls network traffic.

IP Masquerade

A technique using one public IP address to represent multiple private network devices.

iptables

A command-line utility for controlling network traffic (Linux firewall tool).

IP Forwarding

A network function allowing a device to route traffic for other devices.

POSTROUTING

A chain in iptables that is used to modify packets after they are routed.

Firewalld startup

Automatically starting the firewall service on system boot.

DNS server

A server that translates domain names (like www.google.com) into IP addresses (like 142.250.190.78) for computers to connect to websites over the internet.

Recursive DNS server

Acts as a middleman between the user and other DNS servers. It looks up requested domain names by querying other DNS servers and provides the IP to the user.

Authoritative DNS server

Stores information about specific domain names and their associated IP addresses. When someone queries a domain, it provides the correct IP address.

Root DNS server

The top-level server directing queries to the correct Top-Level Domain (TLD) server.

TLD DNS server

Handles specific domain extensions like .com, .org, .net, etc. It directs queries to the appropriate authoritative DNS server for the domain.

Caching DNS server

Temporarily stores (caches) DNS query results to speed up future requests for the same domain.

What is the purpose of DNS?

DNS (Domain Name System) translates domain names (like www.google.com) into IP addresses (like 142.250.190.78) so that computers can connect to websites or other devices over the internet. It acts like a phonebook for the internet, making it easier to remember and access websites.

What does a DNS server do when you type a website address?

When you type a website address (like www.google.com), a DNS server will look up the corresponding IP address and provide it to your computer, allowing you to connect to that website.

openssl req

A command used in OpenSSL to create a Certificate Signing Request (CSR). It's used to start the process of obtaining a digital certificate.

openssl x509

A command in OpenSSL used to manipulate and examine X.509 certificates. It's used for tasks such as checking certificate details, verifying certificates, and signing certificates.

openssl verify

A command used to validate a digital certificate. This checks if the certificate is trustworthy and hasn't been tampered with.

Firewall modules

Additional features or tools that extend the functionality of a firewall, allowing for more specific and advanced filtering of network traffic.

Limit module

A firewall module that controls the rate of incoming or outgoing network traffic. It prevents overloading the system by setting limits on the number of packets allowed in a specified time.

DoS attack

Denial of Service attack. A malicious attempt to disrupt the normal functioning of a website or network service by sending an excessive amount of traffic.

Prefork Mode

Apache's mode where each request is handled by a separate process. Provides stability, but uses more resources for each process.

Worker Mode

Apache's mode where requests are handled by threads, sharing common resources, making it more efficient for higher traffic.

Event Mode

Apache's mode optimized for high-concurrency and low latency, ideal for modern web applications.

MTA (Message Transfer Agent)

The component responsible for transferring emails between servers. It acts like a post office.

MDA (Mail Delivery Agent)

The component responsible for delivering emails to the recipient's mailbox on the server. It acts like a postman.

MUA (Mail User Agent)

The application you use to read, send, and manage emails. It's like your personal mailbox.

SMTP (Simple Mail Transfer Protocol)

A protocol used by MTAs to send emails.

IMAP or POP3

Protocols used by MUAs to fetch emails from the server.

Study Notes

Linux System Administrator Duties

• Responsible for keeping the system running efficiently
• Monitoring system health (CPU, memory, disk usage, network) to prevent overload
• Identifying issues using tools like top, htop, or vmstat to pinpoint resource-intensive processes
• Tuning system settings (cache size, scheduling, network) to optimize performance based on workload
• Reviewing system logs to detect hardware/software errors or security issues
• Ensuring efficient hardware resource utilization (distributing workloads, cleaning up unused files)
• Proactively identifying and resolving potential issues to prevent system slowdowns or crashes

Piping and Redirecting

• Piping connects the output of one command to the input of another for extended functionality.

• Redirection saves command output to a file (e.g., ls -l > file_list.txt or ls -l >> file_list.txt).

Hard Links vs. Symbolic Links

• Hard Link: A direct reference to the original file, sharing the same data. Deleting the original file breaks the hard link.
• Symbolic Link (Soft Link): A shortcut or pointer to the original file. Deleting the original file breaks the symbolic link; it will not work.

Linux Distributions

• Ubuntu: Popular desktop distribution known for user-friendliness and community support. Focuses on regular updates and LTS versions.
• Fedora: Cutting-edge, development-focused distribution.
• Debian: Stable, highly reliable distribution commonly used for servers and desktops. Known for its comprehensive software repositories and robust community support.
• CentOS: Free and community-supported version of Red Hat Enterprise Linux. Focuses on stability.

RPM and YUM

• RPM (Red Hat Package Manager): A tool for managing software packages (installation, updating, removal and querying). It works with pre-compiled .rpm files.
• YUM (Yellowdog Updater Modified): A higher-level tool built on top of RPM that simplifies package management. It handles dependencies automatically and connects to online repositories for downloading and installing packages/updates. Commands are easy to use

Creating a YUM Repository

• Install createrepo: Necessary for creating a repository.

• Establish a directory for the repository (sudo mkdir /var/www/html/myrepo).

• Copy .rpm files to the repository directory (cp /path/to/your/rpm/files/*.rpm /var/www/html/myrepo/).

• Use createrepo to generate metadata for the repository (/var/www/html/myrepo/).

• Create myrepo.repo file in /etc/yum.repos.d/ for clients to recognize repository. Populate the file with baseurl, name,enabled, and gpgcheck parameters

Bash Shell

• A popular and default shell in many Linux systems.
• User-friendly for beginners and advanced users.
• Strong scripting capabilities using loops, conditionals, and functions.
• Offers command history and tab completion for efficiency.

C Shell (csh) and Korn Shell (ksh)

• C Shell: User-friendly, syntax similar to C programming. Designed for ease of job control and command history.
• Korn Shell: Combines features of Bourne Shell and C Shell, offering advanced scripting capabilities (like arrays and floating-point arithmetic). Faster execution compared to other shells.

Mounting a Device

• Plug in the device (USB drive, external hard disk, etc.).

• Find the device name using lsblk or fdisk -l. (e.g. /dev/sdb1).

• Create a mount point (e.g. sudo mkdir /mnt/usb).

• Use mount to attach the device to the mount point (sudo mount /dev/sdb1 /mnt/usb).

• Access the files through the mount point.

• Unmount the device when finished (sudo umount /mnt/usb).

Enabling SSH Server on RHEL

• Install the SSH server package (e.g. sudo yum install openssh-server).

• Start the SSH service (sudo systemctl start sshd).

• Enable SSH to start automatically at boot (sudo systemctl enable sshd).

• Allow SSH traffic through the firewall (sudo firewall-cmd --permanent --add-service=ssh). Reload firewall (sudo firewall-cmd --reload).

• Verify SSH service status (sudo systemctl status sshd).

File Systems Supported by Linux

• EXT4: Default filesystem for most Linux distributions (large files, volumes, fast, reliable).

• NTFS: Developed by Microsoft; commonly used by Windows. Linux can read and write through the ntfs-3g driver.

• FAT32: Simple, widely used but limited (maximum file size)filesystem for devices like USB drives. Supported by most Linux systems.

• Btrfs: Modern Linux filesystem; supports snapshots, versioning, and built-in tools for data integrity and management.

Partition vs. Logical Volume

• Partition: A fixed division of a physical storage device, acts as a basic structure for organizing data. Cannot easily change size without reformatting.
• Logical Volume (LV): A flexible, resizable storage unit managed by LVM. Allows grouping multiple physical devices, resizability, adding/removing LVs without losing data, making them more manageable compared to partitions

User Management Commands

• useradd: Creates new user accounts.

• usermod: Modifies existing user accounts (e.g., password, shell).

• userdel: Deletes user accounts.

Encrypted Volume Creation

• Install cryptsetup
• Identify the disk/partition (lsblk).
• Use cryptsetup luksFormat to format the device with LUKS encryption.
• Use cryptsetup luksOpen to open the encrypted volume.
• Create a filesystem (e.g., mkfs.ext4).
• Mount the encrypted volume.
• Configure (optional): add to /etc/fstab
• Close the encrypted volume when finished.

Snapshots in LVM

• Snapshots in LVM freeze the current state of an LVM volume as a new snapshot volume.
• Used for backups, allowing safe rollback to a previous state.
• Significantly easier on resources and operations than traditional backups due to fast snapshot creation.

Samba Server

• A software that allows Linux/Unix systems to share directories and files with Windows (and other systems) over a network.
• Enables cross-platform sharing of files and printers.

Network File System (NFS)

• A protocol for sharing files and directories between systems on a network.

• Client systems mount shared directories from the NFS server to access files remotely; this is similar to local storage.

• Advantages: Easy sharing across platforms; centralized storage for improved data consistency; transparent access.

• Disadvantages: Security concerns without proper configuration (unauthorized access); performance issues; dependence on network availability.

Firewalls

• A security system that controls network traffic based on predefined rules, protecting servers and networks from unauthorized access. Traffic filtering is used to determine whether to allow or block traffic.
• Firewalls block potentially malicious traffic from unauthorized sources (hackers/malware). They restrict access to certain ports and services. They act as a barrier and log traffic.

IP Masquerading

• Method for hiding private IP addresses behind a single public IP used to allow devices in a private network to access the internet.
• Requires IP forwarding enabled. Use to mask private IPs from external networks.
• It essentially masks private devices behind a single public IP for inbound traffic, maintaining security from unauthorized outside connections.

OpenSSL Certificates

• OpenSSL is a tool used for managing SSL/TLS certificates which are used for encrypting communication between servers and clients.
• Uses commands like openssl genrsa, openssl req, openssl x509 to generate private keys, create CSRs, and generate signed certificates.

Firewall Modules

• Firewall modules enhance firewall functionality with specific features (e.g., rate limiting).
• The limit module manages incoming/outgoing traffic rates, protecting against overload.

iptables

• A command-line tool in Linux for configuring a firewall by setting up, managing, and controlling the firewall.

• It filters and directs network traffic based on rules.

• Tables: filter (default), nat, mangle, raw

• Chains: INPUT(incoming), FORWARD(passing through), OUTPUT(outgoing)

• Rules: Specific conditions and actions applied to packets (e.g., allowing or blocking traffic).

DNS Server

• A server that translates domain names (like example.com) into IP addresses.

• Acts like a phonebook for the internet.

• Types of DNS Servers:

  • Recursive: Intermediary between user and other servers
  • Authoritative: Stores information about specific domains
  • Root: Top-level server for directing requests
  • TLD (Top Level Domain): Handles specific domains. (.com,.orgetc.)
  • Caching: Temporarily stores results for faster repeated lookups.

DHCP Server

• Dynamic Host Configuration Protocol server dynamically assigns IP addresses and other network settings (e.g., gateway, DNS server addresses) to devices on a network.
• Automates IP configuration for devices on a network without manual intervention; avoids conflicts and simplifies network administration.

Apache Modes

• Apache Mode: Various Multi-Processing Modules (MPMs) used in handling incoming client requests—ways to execute multiple requests simultaneously.

• Parameters:

  • MaxClients and MaxConnectionsPerChild: Limit to prevent overload or abuse.
  • Memory Usage: prefork uses more RAM than worker/event because processes are independent.
  • Scalability: worker/event modes scale better with increased traffic because of resource efficiency.
  • Response Time: worker/event modes have faster response times than prefork.

Email Protocols (MTA, MDA, MUA)

• MTA (Message Transfer Agent): Transfers emails between servers. Protocols like SMTP are used to send emails.
• MDA (Mail Delivery Agent): Delivers the email to the recipient's mailbox (local storage).
• MUA (Mail User Agent): The client application you use to send and receive emails (e.g., Outlook, Thunderbird).

Shell Scripts

• A script contains a series of commands in a text file; executed in order to automate tasks. Designed to be reusable and to avoid typing individual commands repeatedly.

High Availability (HA)

• Systems are reliable; operational and accessible with minimal downtime.
• Methods including redundancy (backup systems, load balancing), automatic failover protocols, monitoring, and geographic distribution enhance availability through continuous operation.