



Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
A linux security exam covering various topics related to linux security, including open-source code, package management, access controls, authentication, logging, and file system security. The exam covers a wide range of concepts and principles, such as the cia triad, mandatory and discretionary access controls, pluggable authentication modules (pam), shadow password suite, and linux file and directory permissions. The document also touches on topics like virtual machines, network protocols, and encryption. Overall, this exam seems to provide a comprehensive assessment of the student's understanding of linux security fundamentals and best practices.
Typology: Exams
1 / 6
This page cannot be seen from the preview
Don't miss anything!




One benefit of open source code is the ability to learn what the code does and how the program operates. - Answers -True Open source code in an online software repository cannot be altered by an attacker. - Answers -False Mint is a derivative of the Debian distribution. - Answers -True All packages in a source-based distribution of Linux must be compiled from source - Answers -True The C-I-A triad is an expansion of the Parkerian hexad. - Answers -False The package-management system in Linux is used to restrict permissions on files and folders. - Answers -False The Linux open source license allows anyone to use, modify, and improve the source code. - Answers -True Open source code rarely comes with an associated cryptographic hash. - Answers - False Most Linux distributions currently use a package called ipchains as firewall software. - Answers -False The process of fixing commercial software is typically less constrained by human resource issues than open source software projects. - Answers -False In a Linux system, a smaller number of packages means a smaller surface area for attack. - Answers -True A black-hat hacker is someone who performs attacks against victims for malicious purposes. - Answers -True The C-I-A triad is the core and defining set of concepts with respect to information security. - Answers -True Source-based distributions of Linux enable you to decide how many packages you want to include in it. - Answers -True Transmission Control Protocol (TCP) is a protocol and service for synchronizing clocks across systems on a network. - Answers -False
The init process is the super process that is responsible for starting all processes other than those specified by the runlevel during system startup. - Answers -True Without proper controls in place, an attacker who gets access to a host system can make changes to any virtual machine on that host. - Answers -True Malware written for Windows graphical user interface (GUI) applications may affect Linux GUI applications. - Answers -False A hypervisor is a software interface designed specifically for virtual machines with limited resources. - Answers -False SELinux and AppArmor provide mandatory access controls. - Answers -True Because administrators can configure a system to display graphical user interface (GUI) clients on a remote terminal, malware on one Linux GUI application can spread across a network to other GUI systems. - Answers -True The graphical user interface (GUI) is beyond the basic Linux operating system. - Answers -True A virtual machine must be periodically updated just like any other system. - Answers - True The Linux startup process begins automatically after the boot process loads the Linux kernel. - Answers -True Samba can be configured to authenticate to a Windows Active Directory server. - Answers -True LILO is the default boot loader for Ubuntu, Red Hat, and many other Linux distributions.
Regular Linux file and directory permissions are read, write, and traverse. - Answers - False In the password shadow suite, the difference between /etc/shadow and /etc/gshadow is that with /etc/gshadow, passwords are rarely configured. - Answers -True Pluggable authentication modules (PAM) solves administrative permission problems by providing higher-level functions without having the whole program gain administrative access. - Answers -False The term "copyleft" is associated with the GNU General Public License (GPL). - Answers -True Security results from appropriate controls and processes, and can't be measured at a point in time - Answers -True Most Linux distributions have pre-compiled packages, which determine all the dependencies. - Answers -True GNU's Not Unix (GNU) refers to commercial versions of Linux software. - Answers - False In the Linux operating system, the kernel interfaces with the hardware to manage memory and file systems and make sure programs are run. - Answers -True A hardened Linux system typically contains fewer packages to be monitored for updates in case vulnerabilities are found in the software. - Answers -True In the shadow password suite, the /etc/group file contains basic information for each group account - Answers -True Regular Linux users may not be given administrative privileges to run administrative commands from regular accounts. - Answers -False A rainbow table is a set of precomputed stored hashes that are mapped to a plaintext password. - Answers -True Log files that record login attempts and login failures classify log messages as auth and authpriv. - Answers -True The set user ID (SUID) bit is a special permission that allows others to execute a given file with the rights of the user owner of the file. - Answers -True In the shadow password suite, the /etc/passwd file may store a hashed password for a group. - Answers -False
faillog_enab - Answers -where the failed login attempts are collected FTMP_FiILE - Answers -where login failures are kept SYSLOG_SG_ENABLE - Answers -where the group sg logs are kept CHMOD 2770 - Answers -sets up special octal permissions. Allows the directory command to go though on that system,Read, Write, not execute. CHMOD 777 - Answers -Sticky bit- Allows you to add and delete. Can put files on there and delete the files that you want. CHMOD 1777 - Answers -Generic directory and is accessible and useable by anyone on the system. PAMs Pluggable Authentication Module - Answers -how we determine who has root access SAMBA - Answers -Connects Windows Device to Linux Device (LDAP) 100,000 project - Answers -Low Priority group <100 Project - Answers -High Priority group/administrative suite NIS - Answers -Mostly Unsecure LDAP would be the better alternative Discretionary Access - Answers -Giving away authorization at your discretion Mandatory Access - Answers -Follow a list of rules to be authorized In Linux, three major services that network files and folders are the Network File System (NFS), Samba, and the File Transfer Protocol (FTP). - Answers -True The ls -p command displays file and folder permissions. - Answers -False In the filesystem hierarchy standard (FHS), the top-level root directory (indicated by the forward slash [/]), is never mounted separately. - Answers -False A journaled filesystem keeps track of changes to be written to the filesystem. - Answers -True A chroot jail is a special way of confining a program to a specific part of the filesystem. - Answers -True