FedVTE- Linux Operating System Security Questions and Answers Rated A

Document Content and Description Below

FedVTE- Linux Operating System Security Questions and Answers Rated A What program could you use on a Linux system to securely copy files to a Linux host running the SSH server daemon? ✔✔SCP Single user mode in Linux is a security risk if a malicious actor has physical access to the host ✔✔True srm is a tool used to securely delete files from the file system ✔✔True What software installation package format is used on Red Hat? ✔✔DPKG (?) With IPTables what default policy should be used for packets for maximum security? ✔✔DROP IPSec PPTP and SSL are all examples of: ✔✔VPNs A BASH script must be compiled into an executable object in order to run. ✔✔False You can use SSH to tunnel and encrypt traffic between a client and a server. ✔✔True chroot confines a process to a specific directory ✔✔True GID UID and EUID stand for: ✔✔Group User and Effective User Identification numbers What is Unified Extensible Firmware Interface designed to do? ✔✔Prevent malicious actors from modifying the boot loader or booting the computer with a different operating system Which of the following are package management programs which install or update or remove packages on a Linux system? ✔✔All 2003:da3:1637:ffff:ffff:ffff:ffff:ffff is an example of what type of address? ✔✔IPv6 Bro, Snort, Suricata are examples of what kind of Linux security feature? ✔✔Network Intrusion Detection Systems In addition to the internal authentication via /etc/passwd and /etc/shadow files, what services can be used to authenticate users to a Linux host? ✔✔Fedora Directory Service (?) What program could you use to create or edit a Linux BASH script? ✔✔All of the above What program should be used to change a user password? ✔✔passwd Why are there very few viruses on Linux? ✔✔All When connecting to an untrusted wireless access points how can you increase your security and safety of using that access point? ✔✔Use a VPN to encrypt your traffic If you use GRUB to manage different boot options on your Linux host and want to increase security especially for physical access you should ✔✔Configure GRUB to prompt for a password to boot a partition A process is an address space and a set of data structures which track the process status priority owner signals and resources. ✔✔True What hashing algorithms can be used to hash passwords in the /etc/shadow file? ✔✔All of these Misconfigurations are a more likely security threat than viruses on Linux. ✔✔True What type of attack is enabled by lack of input validation in applications? ✔✔SQL injection If you wanted to protect a Linux system from being booted into single user mode which security feature would you configure and use? ✔✔GRUB What base directory would you put a script in if you wanted it to automatically start when the operating system starts? ✔✔/etc/rc.d Regularly reviewing user accounts on a system and disable old unused accounts is a good step to take in hardening a system. ✔✔True RPM will check for dependencies and install them when installing a program. ✔✔True Which documents or resources can you review for guidance on hardening a Linux system: ✔✔All of these What tool is used to perform automated installs of Red Hat Linux? ✔✔Kickstart To quickly deny a user access to the system set their login shell to /bin/false. ✔✔True Which command could you use to update software on a Linux host? ✔✔Both apt-get upgrade and yum update What programs could you use to remotely interact with a Linux system? ✔✔All Which of the following is not a security misconfiguration on Linux? ✔✔Setting a GRUB password Package repositories are collections of software and source files used by package management systems to install, update, and remove software on a Linux system. ✔✔True When hardening a Linux system you should consider doing the following ✔✔All of the above In a hardened Linux environment the firewalls default policy should be ✔✔Deny All (or Drop) What does the command find / -xdev -nouser do? ✔✔Finds files that belong to user accounts that are no longer on the system 127.0.0.1 is an example of what type of address? ✔✔IPv4 What Linux security feature can be used to log, drop, reject, or alter packets? ✔✔IPTables Scripting is a good way to automate manual or time intensive tasks such as backups or running programs on a scheduled basis or monitoring and checking system settings. ✔✔True What program allows you to interactively execute programs or commands as the root user? ✔✔sudo Which file in Linux tells the system which DNS server to use? ✔✔/etc/resolv.conf What tool could you use to monitor current file system activity? ✔✔LSOF (?) Why might you install a custom repository and direct all the Linux clients in your network to it? ✔✔All An attacker who places an entry such as 74.213.42.219 www.cmu.edu in the /etc/hosts file could redirect users to a malicious server. ✔✔True What program could you use to conduct a technical vulnerability scan of a Linux host? ✔✔Nessus What service would you use to schedule a script to run at a certain pre-determined time? ✔✔cron What is the most restrictive and secure setting for state and policy in SELinux? ✔✔Enforcing - Strict The Pluggable Authentication Module (PAM) provides: ✔✔A centralized authentication functions for programs and applications on the system

[Show More]

Last updated: 3 years ago

Preview 1 out of 6 pages

Buy Now

Instant download