LPIC-3 Security Exam Questions

59 Questions

What option of mount.cifs specifies the user that appears as the local owner of the files of a mounted CIFS share when the server does not provide ownership information? (Specify ONLY the option name without any values or parameters.)

uid

Which of the following practices are important for the security of private keys? (Choose TWO correct answers.)

Private keys should be included in X509 certificates.

What is the purpose of NSEC3 in DNSSEC?

To prevent zone enumeration

Which command is used to run a new shell for a user changing the SELinux context? (Specify ONLY the command without any path or parameters.)

newrole

Which file is used to configure AIDE?

/etc/aide/aide.conf

Which of the following statements describes the purpose of ndpmon?

It monitors the network for neighbor discovery messages from new IPv6 hosts and routers.

What is an asymmetric key?

A key used for both encryption and decryption that is generated in a pair

Which of the following is an example of a behavioral-based HID technique?

Anomaly-based detection

Which command revokes ACL-based write access for groups and named users on the file afile? (Specify ONLY the command without any path or parameters.)

setfacl ~m mask: : rx afile

Which command is used to set an extended attribute on a file in Linux?

setfattr

What is the purpose of a Certificate Authority (CA)?

To issue and sign X.509 certificates

Which of the following DNS records are used in DNSSEC?

RRSIG

Which command adds users using SSSD’s local service?

sss_useradd

What is the purpose of the Linux Audit system?

To monitor and control access to system resources

Which directive is used in an OpenVPN server configuration to send network configuration information to the client?

push

Which of the following sections are allowed within the Kerberos configuration file krb5.conf?

[domain_realm]

What is the main purpose of Linux Malware Detect?

To detect malware on a Linux system

Which method can be used to deactivate a rule in Snort?

By placing a # in front of the rule and restarting Snort

What type of threat is a Trojan?

A type of malware that disguises itself as legitimate software

What is the purpose of the command iptables -t mangle -A POSTROUTING -o eth0 -j SNAT --to-source 192.0.2.11?

To perform source NAT on outgoing traffic on eth0

What type of access point is set up to look like a legitimate one?

An unauthorized access point that is set up to look like a legitimate one

What is the purpose of the dnssec-keygen command?

To generate DNSSEC keys

What is the purpose of file ownership in Linux systems?

To restrict access to files only to their owner

What type of DNS record can the command dnssec-signzone add to a zone?

NSEC

What is the purpose of a client configuration in FreeRADIUS?

To authenticate and authorize clients

What is the purpose of dnssec-signzone command?

To sign a DNS zone with DNSSEC

What is the function of ndpmon?

To monitor remote hosts by periodically sending echo requests

What is the type of key used for encryption and decryption that is the same?

Symmetric key

Which type of detection is an example of a behavioral-based HID technique?

Anomaly-based detection

What is the command to set an extended attribute on a file in Linux?

setfattr

What is the name of the configuration file for OCSP stapling?

httpd-ssl.conf

Which of the following database names can be used within a Name Service Switch (NSS) configuration file?

all of the above

What is the purpose of an asymmetric key?

Encryption and decryption with a pair of keys

What is the purpose of a trust anchor?

A root certificate that is trusted by a particular CA

What is the command to revoke ACL-based write access for groups and named users on a file?

setfacl ~m mask: : rx

What type of attack floods a network or server with traffic to make it unavailable?

An attack that floods a network or server with traffic to make it unavailable

What is the purpose of a TLSA record in DANE?

To sign a TLS server's public key

Which command is used to set the permissions of a file in Linux?

chmod

Which DNS record is used to publish X.509 certificate and certificate authority information in DNS?

CAA

What type of rules can be specified within the Linux Audit system?

All of the above

Which built-in chain for the iptables nat table is used for Source Network Address Translation (SNAT)?

POSTROUTING

What resources of a shell and its child processes can be controlled by the Bash built-in command ulimit?

All of the above

What type of access control model is established by using SELinux?

Mandatory Access Control (MAC)

Which option of the openvpn command is used to ensure that ephemeral keys are not written to the swap space?

--mlock

Which of the following is an existing attribute namespace in Linux?

system

What type of scan technique is used by nmap to identify open ports?

FIN Scan

Which command is used to view the access control list of a file?

getfacl

What is the purpose of a man-in-the-middle attack?

To intercept communications between two parties

Which command is used to add a new user to FreeIPA?

ipa user-add usera --first User --last A

Which type of traffic is accepted from 10.142.232.1?

TCP traffic on port 20 and 21

What is the purpose of rkhunter?

To detect rootkits and other security threats

What is a certificate chain?

A sequence of certificates used to verify the authenticity of a digital certificate

What is the purpose of file ownership in Linux systems?

To restrict access to files only to their owner

What is a trust anchor?

A root certificate that is trusted by a particular CA

What is a Trojan?

A type of malware that disguises itself as legitimate software

What is a rogue access point?

An unauthorized access point that is set up to look like a legitimate one

What is a TLSA record in DANE used for?

To sign a TLS server's public key

What is the purpose of an access control list in Linux?

To specify fine-grained permissions for users and groups

What authentication method was added to NFS in version 4?

Kerberos authentication

Study Notes

Network Monitoring

Ping is used to monitor remote hosts by periodically sending echo requests to them.
It monitors the availability of a network link by querying network interfaces.

Asymmetric Keys

An asymmetric key is a key used for both encryption and decryption that is generated in a pair.

HID Techniques

Anomaly-based detection is an example of a behavioral-based HID technique.

File Access Control

The setfacl command is used to set access control lists (ACLs) on files.
The setfacl –x command revokes ACL-based write access for groups and named users on a file.
The setfattr command is used to set extended attributes on a file in Linux.

Apache HTTPD Configuration

The OCSP stapling option in an Apache HTTPD configuration file enables OCSP stapling.

Database Names

The following database names can be used within a Name Service Switch (NSS) configuration file: passwd, host, and shadow.

Access Control Models

SELinux establishes Mandatory Access Control (MAC).

OpenVPN

The --mlock option of the openvpn command ensures that ephemeral keys are not written to the swap space.

Linux Extended File Attributes

Linux Extended File Attributes are organized in namespaces: system, trusted, and user.

Nmap Scan Techniques

Xmas Scan and FIN Scan are existing scan techniques with nmap.

File Access Control List

The getfacl command is used to view the access control list of a file.

FreeIPA

The ipa user-add command adds a new user to FreeIPA.

Man-in-the-Middle Attack

A man-in-the-middle attack intercepts communications between two parties to steal information.

Setkey

The spdadd option is used in a parameter file for setkey to create a new SPD entry.

Snort

Placing a # in front of a rule and restarting Snort, or placing a pass rule in local.rules and restarting Snort, can be used to deactivate a rule in Snort.

SSSD

The sss_useradd command adds users using SSSD's local service.

DNSSEC

RRSIG records are used in DNSSEC.

Certificate Authority

A Certificate Authority (CA) issues and signs X.509 certificates.

OpenVPN Server Configuration

The push directive is used in an OpenVPN server configuration to send network configuration information to the client.

Kerberos Configuration

The following sections are allowed within the Kerberos configuration file krb5.conf: [plugins], [domain], [capaths], and [realms].

Linux Audit System

The Linux Audit system detects intrusions and system changes.

Linux Malware Detect

Linux Malware Detect is a tool to detect malware on a Linux system.

Trojan

A Trojan is a type of malware that disguises itself as legitimate software.

Rogue Access Point

A rogue access point is an unauthorized access point that is set up to look like a legitimate one.

DNSSEC Key Generation

The dnssec-keygen command generates DNSSEC keys.

FreeRADIUS Client Configuration

The client private-network-1 stanza is a valid client configuration for FreeRADIUS.

DNS Record Types

The dnssec-signzone command can add ASIG, NSEC, NSEC3, and RRSIG records to a zone.

File Ownership

File ownership in Linux systems restricts access to files only to their owner.

DoS Attack

A DoS attack floods a network or server with traffic to make it unavailable.

Trust Anchor

A trust anchor is a root certificate that is trusted by a particular CA.

Linux Audit System Rules

The following types can be specified within the Linux Audit system: control rules, file system rules, and system call rules.

Iptables NAT Table

The following keywords can be specified within the iptables nat table: OUTPUT, POSTROUTING, and PREROUTING.

File Permissions

The chmod command is used to set the permissions of a file in Linux.

DNS Records

The CAA record is used to publish X.509 certificate and certificate authority information in DNS.

DANE

The TLSA record is used to authenticate a TLS server's public key in DANE.

Practice questions for LPIC-3 Security exam, covering topics such as file system management and security. Prepare for your IT certification exam with these questions.

Make Your Own Quizzes and Flashcards

Convert your notes into interactive study material.