303-300-1.pdf

Chat with Document Download Quiz & Flashcards

Document Details

MagnificentZeal

Uploaded by MagnificentZeal

Tags

computing IT exams LPIC-3 Security

Related

Full Transcript

QUESTION & ANSWER HIGHER QUALITY, BETTER SERVICE Provide One Year Free Update! https://www.passquestion.com The safer , easier way to help you pass any IT exams. Exam : 303-300 Title : LPIC-3 Security Version : V8.02 1 / 23 ...

QUESTION & ANSWER HIGHER QUALITY, BETTER SERVICE Provide One Year Free Update! https://www.passquestion.com The safer , easier way to help you pass any IT exams. Exam : 303-300 Title : LPIC-3 Security Version : V8.02 1 / 23 The safer , easier way to help you pass any IT exams. 1.What option of mount.cifs specifies the user that appears as the local owner of the files of a mounted CIFS share when the server does not provide ownership information? (Specify ONLY the option name without any values or parameters.) Solution: uid=arg Determine whether the given solution is correct? A. Correct B. Incorrect Answer: A 2.Which of the following practices are important for the security of private keys? (Choose TWO correct answers.) A.Private keys should be created on the systems where they will be used and should never leave them. B.Private keys should be uploaded to public key servers. C.Private keys should be included in X509 certificates. D.Private keys should have a sufficient length for the algorithm used for key generation. E.Private keys should always be stored as plain text files without any encryption. Answer: C D 3.What is the purpose of NSEC3 in DNSSEC? A.To provide information about DNSSEC key signing keys B.To prevent zone enumeration C.To authenticate a DNS server D.To sign a DNS zone Answer: B 4.Which command is used to run a new shell for a user changing the SELinux context? (Specify ONLY the command without any path or parameters.) Solution: newrole Determine whether the given solution is correct? A. Correct B. Incorrect Answer: A 5.Which file is used to configure AIDE? A./etc/rkhunter.conf B./etc/audit/auditd.conf C./etc/aide/aide.conf D./etc/maldet.conf Answer:C 6.Which of the following statements describes the purpose of ndpmon? A. It monitors the network for neighbor discovery messages from new IPv6 hosts and routers. B. It monitors remote hosts by periodically sending echo requests to them. C. It monitors the availability of a network link by querying network interfaces. 2 / 23 The safer , easier way to help you pass any IT exams. D. It monitors the network for IPv4 nodes that have not yet migrated to IPv6. E. It monitors log files for failed login attempts in order to block traffic from offending network nodes. Answer:A 7.What is an asymmetric key? A. A key used for encryption and decryption that is the same B. A key used for encryption that is different from the key used for decryption C. A key used for decryption that is different from the key used for encryption D. A key used for both encryption and decryption that is generated in a pair Answer: D 8.Which of the following is an example of a behavioral-based HID technique? A. Signature-based detection B. Anomaly-based detection C. Heuristic-based detection D. Rule-based detection Answer: B 9.Which command revokes ACL-based write access for groups and named users on the file afile? A. setfacl –x group: * : rx, user:*: rx afile B. setfacl –x mask: : rx afile C. setfacl ~m mask: : rx afile D. setfacl ~m group: * : rx, user :*: rx afile Answer: C 10.Which command is used to set an extended attribute on a file in Linux? A. getfattr B. setfattr C. getfacl D. setfacl Answer: B 11.Which option in an Apache HTTPD configuration file enables OCSP stapling? (Specify ONLY the option name without any values or parameters.) Solution: httpd-ssl.conf Determine whether the given solution is correct? A.Correct B.Incorrect Answer: B 12.Which of the following database names can be used within a Name Service Switch (NSS) configuration file?(Choose THREE correct answers). A. host B. shadow 3 / 23 The safer , easier way to help you pass any IT exams. C. service D. passwd E. group Answer: B D E 13.Which of the following parameters to openssl s_client specifies the host name to use for TLS Server Name Indication? A. -tlsname B. -servername C. -sniname D. -vhost E. -host Answer: B 14.Which of the following lines in an OpenSSL configuration adds an X 509v3 Subject Alternative Name extension for the host names example.org and www.example.org to a certificate? A.subjectAltName = DNS: www.example.org, DNS:example.org B.extension= SAN: www.example.org, SAN:example.org C.subjectAltName: www.example.org, subjectAltName: example.org D.commonName = subjectAltName= www.example.org, subjectAltName = example.org E.subject= CN= www.example.org, CN=example.org Answer:A 15.What is a buffer overflow? A. A type of virus B. A type of malware that disguises itself as legitimate software C. A type of denial-of-service attack D. A type of software vulnerability Answer: D 16.Which tool can be used to manage the Linux Audit system? A. auditd B. rkhunter C. chkrootkit D. maldet Answer: A 17.What is the difference between a SetUID and SetGID bit? A. SetUID applies to files, while SetGID applies to directories B. SetUID allows a file to be executed with the permissions of the file owner, while SetGID allows a file to be executed with the permissions of the group owner C. SetUID allows a user to change the owner of a file, while SetGID allows a user to change the group owner of a file D. There is no difference between SetUID and SetGID 4 / 23 The safer , easier way to help you pass any IT exams. Answer: B 18.Which of the following expressions are valid AIDE rules? (Choose TWO correct answers.) A. !/var/run/.* B. append: /var/log/* C. /usr=all D. #/bin/ E. /etc p+i+u+g Answer: A E 19.Which command included in the Linux Audit system provides searching and filtering of the audit log? (Specify ONLY the command without any path or parameters.) Solution: ausearch Determine whether the given solution is correct? A. Correct B. Incorrect Answer: A 20.Which package management tools can be used to verify the integrity of installed files on a Linux system? A. RPM and DPKG B. APT and YUM C. dpkg and aptitude D.yum and zypper Answer: A 21.What is a honeypot? A. A type of virus B. A network security tool designed to lure attackers into a trap C. A type of phishing scam D. A type of denial-of-service attack Answer: B 22.Which of the following is used to perform DNSSEC validation on behalf of clients? A. Recursive name server B. Authoritative name server C. Secondary name server D. Primary name server Answer:A 23.Given a proper network and name resolution setup, which of the following commands establishes a trust between a FreeIPA domain and an Active Directory domain? A. ipa trust-add --type ad addom --admin Administrator --password B. ipa-ad –add-trust --account ADDOM\Administrator--query-password 5 / 23 The safer , easier way to help you pass any IT exams. C. net ad ipajoin addom –U Administrator -p D. trustmanager add –-domain ad: //addom --user Administrator –w E. ipa ad join addom -U Administrator -w Answer: A 24.Which of the following command lines sets the administrator password for ntop to testing 123? A. ntop --set-admin-password=testing123 B. ntop --set-password=testing123 C. ntop --reset-password=testing123 D. ntop --set-new-password=testing123 Answer:A 25.What is a symmetric key? A. A key used for encryption and decryption that is the same B. A key used for encryption that is different from the key used for decryption C. A key used for decryption that is different from the key used for encryption D. A key used for both encryption and decryption that is generated randomly Answer: A 26.What is privilege escalation? A. An attack that targets a specific user or organization B. An attack that aims to steal sensitive information C. An attack that exploits a vulnerability to gain elevated privileges D.An attack that floods a network or server with traffic to make it unavailable Answer: C 27.Which PAM module checks new passwords against dictionary words and enforces complexity? (Specially the module name only without any path.) Solution: pam_cracklib Determine whether the given solution is correct? A. Correct B. Incorrect Answer: A 28.What is the purpose of TSIG in DNS? A. To encrypt DNS queries B. To sign DNS messages for secure communication C. To provide information about DNS servers D. To map a domain name to an IP address Answer: B 29.What is the purpose of IP sets? A. They group together IP addresses that are assigned to the same network interfaces. B. They group together IP addresses and networks that can be referenced by the network routing table. 6 / 23 The safer , easier way to help you pass any IT exams. C. They group together IP addresses that can be referenced by netfilter rules. D. They group together IP and MAC addresses used by the neighbors on the local network. E. They group together IP addresses and user names that can be referenced from /etc/hosts.allow and /etc/hosts.deny Answer: C 30.What is the purpose of an extended attribute in Linux? A. To store additional metadata about a file B. To encrypt a file for secure transmission C. To compress a file to save disk space D. To mark a file as executable Answer: A 31.Which file is used to configure rkhunter? A. /etc/rkhunter.conf B. /etc/audit/auditd.conf C. /etc/aide/aide.conf D. /etc/maldet.conf Answer: A 32.What effect does the following command have on TCP packets? iptables- A INPUT d 10.142.232.1 p tcp --dport 20:21 j ACCEPT A. Forward all TCP traffic not on port 20 or 21 to the IP address 10.142.232.1 B. Drop all TCP traffic coming from 10.142.232.1 destined for port 20 or 21. C. Accept only TCP traffic from 10.142.232.1 destined for port 20 or 21. D. Accept all TCP traffic on port 20 and 21 for the IP address 10.142.232.1 Answer: D 33.Which of the following access control models is established by using SELinux? A. Security Access Control (SAC) B. Group Access Control (GAC) C. User Access Control (UAC) D. Discretionary Access Control (DAC) E. Mandatory Access Control (MAC) Answer: E 34.Which option of the openvpn command should be used to ensure that ephemeral keys are not written to the swap space? A. --mlock B. --no-swap C. --root-swap D. --keys-no-swap Answer: A 7 / 23 The safer , easier way to help you pass any IT exams. 35.Linux Extended File Attributes are organized in namespaces. Which of the following names correspond to existing attribute namespaces?(Choose THREE correct answers.) A. default B. system C. owner D. trusted E. user Answer: BDE 36.Which of the following terms refer to existing scan techniques with nmap? (Choose TWO correct answers.) A. Xmas Scan B. Zero Scan C. FIN Scan D. IP Scan E. UDP SYN Scan Answer: A C 37.Which command is used to view the access control list of a file? A. ls B. chmod C. getfacl D. setfacl Answer: C 38.Which of the following commands adds a new user usera to FreeIPA? A. useradd usera --directory ipa --gecos “User A” B. idap- useradd –H Idaps://ipa-server CN=UserA --attribs “Firstname: User: Lastname: A” C. ipa-admin create user --account usera –-fname User --iname A D. ipa user-add usera --first User --last A E. ipa-user- add usera --name “User A” Answer: D 39.What is a man-in-the-middle attack? A. An attack that targets a specific user or organization B. An attack that aims to steal sensitive information C. An attack that intercepts communications between two parties to steal information D. An attack that floods a network or server with traffic to make it unavailable Answer: C 40.Which of the following prefixes could be present in the output of getcifsacl? (Choose THREE correct answers.) A. ACL B. GRANT 8 / 23 The safer , easier way to help you pass any IT exams. C. GROUP D. OWNER E. SID Answer: A C E 41.When OpenVPN sends a control packet to its peer, it expects an acknowledgement in 2 seconds by default. Which of the following options changes the timeout period to 5 seconds? A. -- tls-timeout 5 B. -- tls- timeout 500 C. -- tls- timer 5 D. -- tls- timer 500 Answer: A 42.Which permission bit allows a user to delete a file? A. Read B. Write C. Execute D. SetUID Answer: B 43.What is the purpose of rkhunter? A. To manage system log files B. To detect rootkits and other security threats C. To manage installed packages D. To automate host scans Answer: B 44.What is a certificate chain? A. A chain of digital signatures used to verify the authenticity of a certificate B. A sequence of certificates used to verify the authenticity of a digital certificate C. A chain of public and private keys used for encryption and decryption D. A sequence of public and private keys used for encryption and decryption Answer: B 45.Which of the following commands changes the source IP address to 192.0.2.11 for all IPv4 packets which go through the network interface eth0? A. iptables ~t nat ~A POSTROUTING ~o eth0 ~j SNAT --to~source 192.0.2.11 B. iptables ~t nat ~A PREROUTING ~i eth0 ~j SNAT --to~source 192.0.2.11 C. iptables ~t nat ~A POSTROUTING ~i eth0 ~j DNAT --to~source 192.0.2.11 D. iptables ~t mangle ~A POSTROUTING ~i eth0 ~j SNAT –to~source 192.0.2.11 E. iptables ~t mangle ~A POSTROUTING ~0 eth0 ~j SNAT –to~source 192.0.2.11 Answer: A 46.Which of the following statements is used in a parameter file for setkey in order to create a new SPD 9 / 23 The safer , easier way to help you pass any IT exams. entry? A. spd B. addspd C. newspd D. spdnew E. spdadd Answer: E 47.Which of the following methods can be used to deactivate a rule in Snort? (Choose TWO correct answers.) A. By placing a # in front of the rule and restarting Snort. B. By placing a pass rule in local.rules and restarting Snort. C. By deleting the rule and waiting for Snort to reload its rules files automatically. D. By adding a pass rule to /etc/snort/rules.deactivated and waiting for Snort to reload its rules files automatically. Answer: A B 48.Which of the following commands adds users using SSSD’s local service? A. sss_adduser B. sss_useradd C. sss_add D. sss-addlocaluser E. sss_local_adduser Answer: B 49.Which of the following DNS records are used in DNSSEC? A. MX B. TXT C. RRSIG D. PTR Answer: C 50.What is the purpose of a Certificate Authority (CA)? A. To issue and sign X.509 certificates B. To encrypt X.509 certificates C. To decrypt X.509 certificates D. To store X.509 certificates Answer: A 51.Which directive is used in an OpenVPN server configuration in order to send network configuration information to the client? (Specify ONLY the option name without any values or parameters.) Solution: push Determine whether the given solution is correct? 10 / 23 The safer , easier way to help you pass any IT exams. A. Correct B. Incorrect Answer: A 52.Which of the following sections are allowed within the Kerberos configuration file krb5.conf? (Choose THREE correct answers.) A. [plugins] B. [crypto] C. [domain] D. [capaths] E. [realms] Answer: A D E 53.What is the purpose of the Linux Audit system? A. To manage system log files B. To automate host scans C. To detect intrusions and system changes D. To manage installed packages Answer: C 54.What is Linux Malware Detect? A. A package management tool B. A tool to automate host scans C. A tool to detect malware on a Linux system D. A configuration management tool Answer: C 55.What is a Trojan? A. A type of virus B. A type of malware that disguises itself as legitimate software C. A type of denial-of-service attack D. A type of phishing scam Answer: B 56.What is a rogue access point? A. A legitimate access point that is incorrectly configured B. An unauthorized access point that is set up to look like a legitimate one C. A type of virus D. A type of phishing scam Answer: B 57.Which command, included in BIND, generates DNSSEC keys? (Specify ONLY the command without any path or parameters.) Solution: dnssec-keygen 11 / 23 The safer , easier way to help you pass any IT exams. Determine whether the given solution is correct? A. Correct B. Incorrect Answer: A 58.Which of the following stanzas is a valid client configuration for FreeRADIUS? A. client private-network-1 { ipaddr = 192.0.2.0/24 password = testing123-1 } B. client private-network-1 { ip = 192.0.2.0/24 password = testing123-1 } C. client private-network-1 { ip = 192.0.2.0/24 passwd = testing123-1 } D. client private-network-1 { ip = 192.0.2.0/24 secret = testing123-1 } E. client private-network-1 { ipaddr = 192.0.2.0/24 secret = testing123-1 } Answer: E 59.Which of the following DNS record types can the command dnssec-signzone add to a zone? (Choose THREE correct answers.) A. ASIG B. NSEC C. NSEC3 D. NSSIG E. RRSIG Answer: B C E 60.What is the purpose of file ownership in Linux systems? A. To restrict access to files only to their owner B. To enable multiple users to access files simultaneously C. To ensure that files are backed up regularly D. To protect files from being accidentally deleted Answer: A 12 / 23 The safer , easier way to help you pass any IT exams. 61.What is a DoS attack? A. An attack that targets a specific user or organization B. An attack that aims to steal sensitive information C. An attack that floods a network or server with traffic to make it unavailable D. An attack that exploits a vulnerability in software Answer: C 62.What is a trust anchor? A. A root certificate that is trusted by a particular CA B. A list of public keys that are trusted by a particular CA C. A list of private keys that are trusted by a particular CA D. A key pair that is generated by a particular CA Answer: A 63. Which of the following types can be specified within the Linux Audit system? (Choose THREE correct answers.) A. Control rules B. File system rules C. Network connection rules D. Console rules E. System call rules Answer: A B E 64.Which of the following keywords are built-in chairs for the iptables nat table? (Choose THREE correct answers.) A. OUTPUT B. MASQUERADE C. PROCESSING D. POSTROUTING E. PREROUTING Answer: A D E 65.Which command is used to set the permissions of a file in Linux? A. chown B. chmod C. chgrp D. setfacl Answer: B 66.Which of the following DNS records is used to publish X.509 certificate and certificate authority information in DNS? A. DS B. CAA C. NSEC 13 / 23 The safer , easier way to help you pass any IT exams. D. A Answer: B 67.What is the purpose of a TLSA record in DANE? A. To provide information about a TLS server B. To sign a TLS server's public key C. To authenticate a DNS server D. To map a domain name to an IP address Answer: B 68.Which of the following resources of a shell and its child processes can be controlled by the Bash build- in command ulimit? (Choose THREE correct answers.) A. The maximum size of written files B. The maximum number of open file descriptors C. The maximum number of newly created files D. The maximum number of environment variables E. The maximum number of user processes Answer: A B E 69.What effect does the configuration SSLStrictSNIVHostCheck on have on an Apache HTTPD virtual host? A. The clients connecting to the virtual host must provide a client certificate that was issued by the same CA that issued the server’s certificate. B. The virtual host is served only to clients that support SNI. C. All of the names of the virtual host must be within the same DNS zone. D. The virtual host is used as a fallback default for all clients that do not support SNI. E. Despite its configuration, the virtual host is served only on the common name and Subject Alternative Answer: B 70.Which of the following configuration options makes Apache HTTPD require a client certificate for authentication? A. Limit valid-x509 B. SSLRequestClientCert always C. Require valid-x509 D. SSLVerifyClient require E. SSLPolicy valid-client-cert Answer: D 71.Which of the following statements are true regarding the certificate of a Root CA? (Choose THREE correct answers.) A. It is a self-signed certificate. B. It does not include the private key of the CA. C. It must contain a host name as the common name. 14 / 23 The safer , easier way to help you pass any IT exams. D. It has an infinite lifetime and never expires. E. It must contain an X509v3 Authority extension. Answer: A B E 72.Which of the following is a best practice for implementing HID? A. Install HID on every computer in the network B. Configure HID to block all incoming traffic C. Configure HID to alert security personnel of potential security incidents D. Disable HID when not actively monitoring for security incidents Answer: C 73.How are SELinux permissions related to standard Linux permissions? (Choose TWO correct answers.) A. SELinux permissions override standard Linux permissions. B. Standard Linux permissions override SELinux permissions. C. SELinux permissions are verified before standard Linux permissions. D. SELinux permissions are verified after standard Linux permissions. Answer: B D 74.Which command is used to set the owner and group of a file in Linux? A. chown B. chmod C. chgrp D. setfacl Answer: A 75.Which of the following statements are valid wireshark capture filters? (Choose TWO correct answers.) A. port range 10000:tcp-15000:tcp B. port-range tcp 10000-15000 C. tcp portrange 10000-15000 D. portrange 10000/tcp-15000/tcp E. portrange 10000-15000 and tcp Answer: C E 76.What command is used to update NVTs from the OpenVAS NVT feed? (Specify ONLY the command without any path or parameters). Solution: openvas-nvt-sync Determine whether the given solution is correct? A. Correct B. Incorrect Answer: A 77.Which permission bit allows a file to be executed? 15 / 23 The safer , easier way to help you pass any IT exams. A. Read B. Write C. Execute D. SetUID Answer: C 78.How can host scans be automated on a Linux system? A. Using OpenSCAP B. Using chkrootkit C. Using Linux Audit system D. Using cron Answer: D 79.In which path is the data, which can be altered by the sysctl command, accessible? A. /dev/sys/ B. /sys/ C. /proc/sys/ D. /sysctl/ Answer: C 80.What is the purpose of an access control list in Linux? A. To specify fine-grained permissions for users and groups B. To encrypt a file for secure transmission C. To compress a file to save disk space D. To mark a file as executable Answer: A 81.Which of the following authentication methods was added to NFS in version 4? A. Kerberos authentication B. SSH hostkey authentication C. Winbind authentication D. SSL certificate authentication Answer: A 82.What is OCSP stapling? A. A mechanism that allows a server to provide proof of the revocation status of its own SSL/TLS certificate B. A mechanism that allows a server to provide proof of the revocation status of all certificates issued by a particular Certificate Authority C. A mechanism that allows a server to provide proof of its own identity to clients D. A mechanism that allows a server to provide proof of a client's identity to other servers Answer: A 83.Which command installs and configures a new FreeIPA server, including all sub-components, and creates a new FreeIPA domain? 16 / 23 The safer , easier way to help you pass any IT exams. (Specially ONLY the command without any path or parameters). Solution: ipa-server-install Determine whether the given solution is correct? A. Correct B. Incorrect Answer: A 84.Which of the following openssl commands generates a certificate signing request (CSR) using the already existing private key contained in the file private/ keypair.pem? A. openssl req –key private/keypair.pem –out req/csr.pem B. openssl req – new -key private/keypair.pem –out req/csr.pem C. openssl gencsr -key private/keypair.pem –out req/csr.pem D. openssl gencsr –new- key private/keypair.pem –out req/csr.pem Answer: B 85.What is Cryptography? A. The art of sending secret messages B. The art of sending public messages C. The art of sending anonymous messages D. The art of decoding messages Answer: A 86.What type of activity does HID monitor for? A. Malware infections B. Unauthorized access attempts C. Network traffic D. File and folder changes Answer: B 87.Which of the following is NOT a benefit of using HID? A. Provides real-time detection of security incidents B. Allows for quick response to security incidents C. Helps prevent security incidents from occurring D. Provides automatic removal of detected threats Answer: D 88.What is a ciphertext? A. The original message before encryption B. The encrypted message C. The key used to encrypt the message D. The algorithm used to encrypt the message Answer: B 89.Which of the following commands defines an audit rule that monitors read and write operations to the 17 / 23 The safer , easier way to help you pass any IT exams. file/ etc/firewall/rules and associates the rule with the name firewall? A. auditctl -N firewall –r r: /etc/firewall/rules –r w: etc/firewall/rules B. auditctl -A –f /etc/firewall/rules –o r –o w –l firewall C. auditctl –w /etc/firewall/rules –p rw –k firewall D. auditctl –-read /etc/firewall/rules –-write /etc/firewall/rules --label firewall E. echo “n: firewall r:/etc/firewall/rules: w:/etc/firewall/rules:“ | auditctl ~ Answer: C 90.What is a rootkit? A. A type of virus B. A type of malware that disguises itself as legitimate software C. A type of denial-of-service attack D. A type of phishing scam Answer: B 91.Which of the following commands displays all ebtable rules contained in the table filter including their packet and byte counters? A. ebtables -t nat –L -v B. ebtables -L -t filter -Lv C. ebtables -t filter –L --Lc D. ebtables -t filter –Ln -L E. ebtables –L –Lc –t filter Answer: C 92.What is a plaintext? A. The original message before encryption B. The encrypted message C. The key used to encrypt the message D. The algorithm used to encrypt the message Answer: A 93.Which protocol is commonly used to transmit X.509 certificates? A. HTTPS B. FTPS C. SMTPS D. LDAP Answer: D 94.What is the purpose of the program snort-stat? A. It displays statistics from the running Snort process. B. It returns the status of all configured network devices. C. It reports whether the Snort process is still running and processing packets. D. It displays the status of all Snort processes. E. It reads syslog files containing Snort information and generates port scan statistics. 18 / 23 The safer , easier way to help you pass any IT exams. Answer: E 95.Which tool can be used to check for rootkits on a Linux system? A. chkrootkit B. AIDE C. OpenSCAP D. rpm Answer: A 96.What happens when the command getfattr afile is run while the file afile has no extended attributes set? A. getfattr prints a warning and exits with a values of 0. B. getfattr prints a warning and exits with a value of 1. C. No output is produced and getfattr exits with a value of 0. D. No outputs is produced and getfattr exits with a value of 1. Answer: C 97.A LUKS device was mapped using the command: cryptsetup luksOpen/dev/sda1 crypt-vol Given that this device has three different keys, which of the following commands deletes only the first key? A. cryptsetup luksDelKey /dev/sda 1 0 B. cryptsetup luksDelkey /dev/sda 1 1 C. cryptsetup luksDelKey / dev /mapper/crypt- vol 1 D. cryptsetup luksDelKey / dev /mapper/crypt- vol 0 Answer: B 98.Which of the following statements is true regarding eCryptfs? A. For every file in an eCryptfs directory there exists a corresponding file that contains the encrypted content. B. The content of all files in an eCryptfs directory is stored in an archive file similar to a tar file with an additional index to improve performance. C. After unmounting an eCryptfs directory, the directory hierarchy and the original file names are still visible, although, it is not possible to view the contents of the files. D. When a user changes his login password, the contents of his eCryptfs home directory has to be re- encrypted using his new login password. E. eCryptfs cannot be used to encrypt only directories that are the home directory of a regular Linux user. Answer: E 99.Which of the following commands disables the automatic password expiry for the user usera? A. chage --maxdays none usera B. chage --maxdays 99 usera C. chage --maxdays -1 usera D. chage --lastday none usera E. chage --lastday 0 usera Answer: C 19 / 23 The safer , easier way to help you pass any IT exams. 100.How does TSIG authenticate name servers in order to perform secured zone transfers? A. Both servers mutually verify their X509 certificates. B. Both servers use a secret key that is shared between the servers. C. Both servers verify appropriate DANE records for the labels of the NS records used to delegate the transferred zone. D. Both servers use DNSSEC to mutually verify that they are authoritative for the transferred zone. Answer: B 101.Which of the following components are part of FreeIPA? (Choose THREE correct answers.) A. DHCP Server B. Kerberos KDC C. Intrusion Detection System D. Public Key Infrastructure E. Directory Server Answer: B D E 102.Which of the following utilities is used to generate keys for DNSSEC? A. dnssec-dsfromkey B. rndc C. delv D. dnssec-keygen Answer: D 103.Which of the following commands makes the contents of the eCryptfs encrypted directory ~/Private available to the user? A. ecryptfsclient B. ecryptfs.mount C. ecryptfs-mount-private D. decryptfs E. ecryptfs-manage-directory Answer: C 104.Which of the following is an example of an HID tool? A. Antivirus software B. Firewall C. Security information and event management (SIEM) system D. Intrusion prevention system (IPS) Answer: C 105.An X509 certificate contains the following information: X509v3 Basic Constraints: critical CA:TRUE, pathlen:0 Which of the following statements are true regarding the certificate? (Choose THREE correct answers.) 20 / 23 The safer , easier way to help you pass any IT exams. A. This certificate belongs to a certification authority. B. This certificate may be used to sign certificates of subordinate certification authorities. C. This certificate may never be used to sign any other certificates. D. This certificate may be used to sign certificates that are not also a certification authority. E. This certificate will not be accepted by programs that do not understand the listed extension. Answer: A B D 106.Which of the following are differences between AppArmor and SELinux? (Choose TWO correct answers) A. AppArmor is implemented in user space only. SELinux is a Linux Kernel Module. B. AppArmor is less complex and easier to configure than SELinux. C. AppArmor neither requires nor allows any specific configuration. SELinux must always be manually configured. D. SELinux stores information in extended file attributes. AppArmor does not maintain file specific information and states. E. The SELinux configuration is loaded at boot time and cannot be changed later on. AppArmor provides user space tools to change its behavior. Answer: B D 107.What is an X.509 Certificate? A. A digital document that verifies the identity of a website B. A digital document that verifies the identity of a person C. A digital document that verifies the identity of a device D. A digital document that verifies the identity of a company Answer: A 108.Which of the following statements is true about chroot environments? A. Symbolic links to data outside the chroot path are followed, making files and directories accessible B. Hard links to files outside the chroot path are not followed, to increase security C. The chroot path needs to contain all data required by the programs running in the chroot environment D. Programs are not able to set a chroot path by using a function call, they have to use the command chroot E. When using the command chroot, the started command is running in its own namespace and cannot communicate with other processes Answer: C 109.Which of the following information, within a DNSSEC- signed zone, is signed by the key signing key? A. The non-DNSSEC records like A, AAAA or MX. B. The zone signing key of the zone. C. The RRSIG records of the zone. D. The NSEC or NSEC3 records of the zone. E. The DS records pointing to the zone. Answer: B 21 / 23 The safer , easier way to help you pass any IT exams. 110.Which of the following DNS records is used to map an IP address to a hostname? A. PTR B. SOA C. NS D. A Answer: A 111.What is host intrusion detection (HID)? A. A system that detects malicious traffic on a network B. A system that monitors and detects potential security threats on a single computer or server C. A system that prevents malware from infecting a network D. A system that scans files and folders for viruses Answer: B 112.What is a Certificate Revocation List (CRL)? A. A list of X.509 certificates that have been issued by a particular CA B. A list of X.509 certificates that have been revoked by a particular CA C. A list of public keys that have been compromised D. A list of private keys that have been compromised Answer: B 113.What is the purpose of a DNSKEY record in DNSSEC? A. To verify the authenticity of a DNS query B. To sign a DNS zone C. To provide information about a DNS server D. To map an IP address to a hostname Answer: B 114.What is phishing? A. A type of virus B. A type of malware that disguises itself as legitimate software C. A type of denial-of-service attack D. A type of social engineering attack Answer: D 115.What is the purpose of AIDE? A. To manage system log files B. To detect intrusions and system changes C. To manage installed packages D. To automate host scans Answer: B 116.What is social engineering? A. A type of virus 22 / 23 The safer , easier way to help you pass any IT exams. B. A type of malware that disguises itself as legitimate software C. A type of denial-of-service attack D. A type of attack that exploits human psychology to gain access to sensitive information Answer: D 117.What is the purpose of DNS over TLS and DNS over HTTPS? A. To improve DNS performance B. To provide secure communication between DNS clients and servers C. To reduce DNS query times D. To allow DNS servers to communicate securely with each other Answer: B 118.Which DNS label points to the DANE information used to secure HTTPS connections to https://www.example.com/? A. example.com B. dane.www.example.com C. soa.example.com D. www.example.com E. _443_tcp.www.example.com Answer: E 23 / 23

Use Quizgecko on...
Browser
Open
Browser
Browser