2. Which of the following laws ensure that all U.S.

-based financial institutions protect personal

financial information of their clients? | c. GLBA
3. Which method is preferable for securing access in the Remote Access Domain? | a. SSH
4. What are the advantages of virtualization in a Linux infrastructure? | c. Only 1 and 3 are
correct
5. Which of the following is one of the best descriptions for OSSTMM? | A methodology used
by open source security professionals to measure compliance
6. Who developed the first Linux kernel? | c. Linus Torvalds
7. The Linux open source license allows anyone to use, modify, and improve the _________. | a.
source code
8. Red Hat and Ubuntu are examples of ______. | b. distributions
9. What is a common use for Linux in the LAN-to-WAN Domain? | b. Gateway
10. What is Canonical? | b. The private company behind Ubuntu
11. What is included in a typical Linux distribution? | d. Kernel, tools, libraries, and applications
12. Which of the following is an open source license? | a. GNU General Public License (GPL)
13. Which of the following is not true of Linux? | Under open source licenses, you may not
compile the source code affiliated with Linux
14. Under OSSTMM, security audits are divided into how many channels? | c. 3
15. What is an entry-level security certification offered by (ISC)2 | a. CISSP
16. Which of the following represents a type of mandatory access control? | b. The FTP service
is allowed to interact with directories other than users' home directories.
17. The default mandatory access control system used for Red Hat distributions is ______. | b.
SELinux
18. Which file permission is not an example of discretionary access control? | d. Boolean
19. Which of the following statements is true about using a mandatory access control system on
Linux? | a. Properly setting up a mandatory access control system requires discipline and
configuration
20. A discretionary access control for a file is a control mechanism that can be set by _______. |
d. the user owner of the file
21. The read, write, and execute permissions of a file are an example of a ________. | a.
discretionary access control
22 Which of the following files is not a part of the shadow password suite? | d. /etc/sudoers
23. The iptables command is used to configure ___________. | c. a firewall
24. Which of the following can serve as an additional "firewall" layer in Linux? | a. Samba
25. What defines the services to be run in Linux? | b. Runlevel
26. Gnome and KDE are __________. | a. graphical desktop environments
27. Apache is a popular type of _____________. | d. Web server package
28. Postfix and Exim are types of _____________. | c. SMTP server packages
system? | a. The boot loader will immediately boot the operating system into the default kernel.
30. The WINE application is an example of a process that runs in ______. | b. user space
31. The open source package trousers is associated most closely with ______. | d. Trusted
Platform Module (TPM)
32. Which Linux directive hides or obscures boot messages? | c. hide
33. Which of the following is not a common server form factor? | d. FireWire
34. What is Pre-boot eXecution Environment (PXE) associated with? | b. Linux installation over
a network
35. What is a TPM chip used for? | d. All of the above
36. What is the primary mission of the Electronic Frontier Foundation (EFF)? | a. Protection of
consumer digital rights
38. Which of the following prevents an individual who has taken an action from later denying
that action? | b. Nonrepudiation
37. Which file lists standard ports for many services? | c. /etc/services
39. Which of the following is not a biometric control? | a. Key card
40. Which of the following is a true statement? | A hash function is a procedure or function that
converts a large amount of data to a single
with? | c. A sequence of programs
browse? | d. SourceForge
43. Where is the GRUB configuration file found? | a. /boot/grub
granted using the principle of least privilege? | c. The user should be given sudo access to
NETWORKING.
45. What user account information can be found in the /etc/passwd file? | a. The user's basic
information, such as the default login shell
password, and various user logins can be performed by editing the ________ file. | b. [Link]
previous failures? | c. sufficient
48. Which of the following commands is used to edit the /etc/sudoers file? | d. visudo
sudo? | c. root ALL=(ALL) ALL
permissions assigned to that user owner. | a. SUID
52. With which directory is the sticky bit most commonly associated? | d. /tmp
53. Which of the following is the best choice for network authentication? | a. LDAP
54. Which of the following is a fake shell you can use for nonstandard users to enhance security?
| nologinc. sh
55. What is a salt? | . A 56-bit key or value added to a hash
56. What can a black-hat hacker use to decipher hashed passwords? | a. A salt
subject? | a. An administrative tool
58. What might a large increase in the size of an authorization log file indicate? | c. Both A and
B
59. Which directory does the FHS recommend for locating the configuration files? | a. /etc/
60. Which file is used to configure the various mounting options of a filesystem upon boot? |
b. /etc/fstab
service would typically be used? | c. Samba
62. LUKS is a specification for ________. | b. disk encryption
63. Which mounting option enables user quotas on a filesytem? | a. usrquota
secured by mounting it ______. | b. as read-only
65. Which FHS directory can be mounted separately from the root directory? | c. /home/
allocated to the /tmp/ filesystem is full? | b. /tmp/
67. As specified in the FHS, log files are generally found in the _____ directory. | c. /var/
68. The GRUB configuration file is generally located in the ______ directory. | d. /boot/
69. Which of the following can you configure as a separate filesystem? | d. All of the above
70. Which filesystem is a good candidate for mounting in read-only mode? | d. /boot/
71. Which Linux partition type is used for standard partitions with data? | . 83
72. Which Linux filesystem format does not include any type of journaling? | a. ext2
73. Which command formats all Linux filesystems, Microsoft VFAT, and NTFS filesystems? | c.
mkfs
74. The following commands encrypt files in Linux except: | a. fdisk
Which command do you run? | a. gpg --list-keys
enter? | b. The login passphrase
77. Which command changes file ownership in Linux? | d. chown
share by anyone other than the owner? | a. valid users = %S
user? | d. edquota
80. Running a network service in a chroot environment is considered a layer of security because:
| . The service runs in isolation in its own virtual-like environment.
81. The theory of configuring a bastion host is one in which the server has: | A specific function
and minimal services installed to provide its designated services
82. Using Linux as a desktop typically involves the added security risk of: | . Running GUI
application
84. Which file holds configuration settings for the extended internet super server? | a.
/etc/[Link]
d. Sylpheed | c. Thunderbird
85. What is the purpose of the following iptables command? | b. To allow all incoming
connections to port 22 by inserting the rule at the top of the chain
86. From which of the following files does the iptables command read ports of well-known
services? | b. /etc/services
87. A server has the following TCP Wrappers configuration: | All access will be granted
object. | b. Booleans
d. Allow | d. Allow
watched for changes? | c. [Link]
91. Which command starts the SELinux Troubleshooter? | a. sealert -b
92. Which of the following is not an AppArmor mode? | d. Confirm
93. What is the primary AppArmor configuration file? | b. [Link]
94. LAMP stands for Linux/Apache/MySQL/P, where the "P" can stand for ______. | d. All of
the above
95. Which port does MySQL use by default? | d. 3306
96. Which Apache directive specifies an alternative port for Web pages? | a. listen
97. Kernels released for different architectures vary because different platforms have different |
c. CPUs
98. A "vanilla" kernel has _____________. | a. a stock built from the mainline kernel
99. Tuning the kernel parameters, such as the networking functionality, can be accomplished by
editing | a. /etc/[Link]
100. Which of the following commands can automatically detect dependencies during software
installation? | c. yum
101. What is the native package manager for Ubuntu and other Debian-based distributions? | d.
apt
consider using _________. | a. Red Hat Satellite Server
103. The file to configure the various logging subsystem facilities for sysklogd package is
___________. | b. /etc/[Link]
104. AIDE can be described as: | d. A host-based intrusion detection software
the operating system in? | a. Text
106. Which command helps to better understand the networking subsystem? | b. netstat
opened the port? | c. # lsof -ni
vulnerabilities? | a. Nessus�
currently running processes? | c. $ ps aux
110. What is the best first step in responding to a compromised system? | Follow what is
outlined in the incident response plan.
RAM? | a. /proc/kcore
112. When auditing user security, which of the following can you use Squid to audit? | b.
Internet access
requirements of the jurisdiction of the employee and the server? | c. E-mail access
114. Which of the following is more important for administrative accounts than for standard user
accounts? | d. Neither A nor B
standard configuration? | c. Samba has username and password authentication as part of its built-
in functionality.
115. Which of the following types of updates least commonly relates to the Linux kernel? | b.
Updates that address software bugs
d. A passphrase using a public and a private key | A passphrase using a public and a private key
118. Which of the following is an insecure method of remote access? | c. Telnet
119. What is the CUPS service associated with? | d. Printing
120. Which of the following is not true of encryption in Linux? | . You can encrypt whole disks
but not individual partitions.
121. You set up an FTP server and configured it to allow users to access their home directories.
Which directive should you also include in the configuration file for security purposes? | b.
chroot_local_user = YES
Which directive in the [Link] file limits the number of simultaneous connections to 10, by
source? | c. per_source = 10
123. Which command restarts a system only if the system was already running? | b. condrestart
124. You should set Linux to deactivate most services in runlevels _______. | c. 0, 1, and 6
125. Bastion hosts are designed for which network area? | . Demilitarized zone (DMZ)
126. If you use a DHCP server, the U.S. National Security Agency (NSA) recommends the
following except: | b. Allow client decline messages.
127. Most default Linux installations configure swap space in a separate partition or logical
volume. The normal size of that partition or logical volume is _______ the amount of RAM. | b.
two times
128. On a virtual machine (VM), which network option directly accesses the same network
services as the host system, allowing the VM to connect to the network as if it were just another
client? | a. Bridged
129. Which of the following is a protocol that supports remote logins to a GUI system? | c. SSH
130. What is a text-based interface for the apt package? | . Aptitude
131. What is the Red Hat GUI package manager? | b. Pirut
132. You want to stop running Samba on an Ubuntu system, but you might use Samba on the
same system again in the near future. What is the best choice? | c. Deactivate the Samba service
but leave Samba installed.
Where do you find regular service scripts, such as start, stop, restart, and status? | c. /etc/init.
134. Which of the following is associated with WIDS? | c. WPA
135. You want to find out which ports are associated with certain TCP/IP services. Which
organization specifies default port numbers and protocols for thousands of services? | d. IANA
136. For which reason would an administrator set up an obscure port? | b. Security
137. You want to use TCP Wrappers to protect services dynamically linked to [Link].0.
Which command do you run to determine if a dynamic link already exists between the noted
service and TCP Wrappers? | c. ldd
138. You want to set up maximum protection with TCP Wrappers. What rule do you include in
the /etc/[Link] file to deny access to all daemons from all clients? | . ALL : ALL
139. A black-hat can use Van Eck phreaking to exploit which of the following? | b.
Electromagnetic output from CRT and LCD monitors
140. What technique can a black-hat hacker use to find any modem connection on your network
with security weaknesses? | c. War dialing
141. Which wireless security algorithm should no longer be used because of weak security? | a.
WEP
142. The well-known TCP/IP port numbers range from 0 to _____. | c. 1023
143. You used a protocol analyzer to capture some network traffic. You want to focus on FTP
traffic. Which port number do you include in the filter? | a. 21
144. Which iptables command temporarily disables the current firewall? | a. iptables -F
145. What does Kerberos require? | a. Network Time Protocol (NTP)
146. Which of the following uses Authentication Header and Encapsulating Security Payload? |
a. IPSec
147. Which of the following does RADIUS not provide to remote users who want to connect to
a network service? | . Availability
148. Which of the following does not ordinarily transmit data in clear text? | c. SSH
149. Which ports does IPSec use to tunnel information? | c. 50, 51
150. Which letter is usually added to the name of a protocol to represent the more secure
version? | d. S
151. Any Linux system configured with _____ can be set up as a server on a Microsoft network.
| a. Samba
152. You are writing documentation for a broad audience and want to use a fictitous domain
name. The domain name should not be available registration on the Internet. Which domain
name can you use safely? | b. [Link]
154. You are configuring Kerberos for network authentication. Which of the following steps do
you perform first? | d. Modify the /etc/[Link] file.
154. During Kerberos configuration, what does the following command accomplish? | b. Sets up
user-account information along with encryption keys
155. What is the general command syntax for login into a remote system with SSH? | a. ssh
user@hostname
156. You are setting up Samba as a primary domain controller. What should be the value of the
security directive? | d. user
157. A __________ is an entity that issues digital certificates. | b. certificate authority
158. Which command do you use to create a self-signed certificate? | c. openssl
159. When creating a self-signed certificate, which of the following information is not required?
| d. The root password
160. What is Squid? | b. Proxy server
161. In the following, what does the ending period represent? [Link]. | c. The root
domain
162. Recursive queries are commonly associated with which of the following? | d. DNS servers
163. Which of the following DNS-related items is a target for black-hat hackers? | a. Transition
SIGnature (TSIG) key
164. In Apache Web Server, what is the ServerTokens directive associated with? | c. What
displays when a user navigates to a nonexistent Web page
165. In Apache Web Server, what is the KeepAlive directive associated with? | b. Persistent
connections from remote systems
166. 13. What do the following Apache directives accomplish, collectively? | Limits Web site
accessibility to a certain IP address network
167. You want to use certificates on your Web site. What is the primary difference between
creating an official certificate through a certificate authority (CA) versus creating a self-signed
certificate? | a. With an official CA certification, your Web site visitors won't get an "invalid
security certificate" error message.
168. You want to use your Squid proxy server to filter some Web addresses and enforce other
controls. You decide to channel all Web requests from inside your network through the proxy
server. Which port number do you use with the redirect option in the iptables command to
accomplish this task? | d. 3128
Which commands are required to limit remote access with Squid? | b. acl, http_access
170. Which of the following is not a type of DNS server? | a. Backup domain
171. You are configuring a master authoritative DNS server for a domain on an internal network
for security purposes. Which of the following should not be part of the Berkeley Internet Name
Domain (BIND) configuration? | b. Recursive querying
172. When configuring an authoritative DNS server for a public system, which of the following
is a type of attack you should protect against? | d. Phishing
173. What is a VoIP solution that uses Session Initiation Protocol (SIP) and the Real-time
Transport Protocol (RTP)? | b. Asterisk
174. Which of the following is the correct method to apply a new kernel built on a Linux
system? | Install it as a new kernel leaving the original kernel in place.
175. Which of the following is an advantage of compiling a customized kernel rather than using
a vendorsupplied kernel? | A custom kernel can be compiled with only the necessary modules
and features.
176. A security compliance team finds that a local file server has been mistakenly configured to
forward packets and needs to be fixed immediately. How can a Linux system administrator
verify that the Linux system is forwarding IPv4 packets? | d. Verify the kernel by viewing the
/proc/sys/net/ipv4/ip_forward file
177. How can kernel parameters be changed without rebooting the computer system? | c. By
modifying the value of files in the /proc filesystem
178. How can you disable the packet forwarding on a running kernel? | Issue the # echo "0" >
/proc/sys/net/ipv4/ip_forward command.
179. Which of the following indicators explains that the [Link] version of the Linux kernel is
stable? | b. Majorrevision
180. What does the following option in the /etc/[Link] file do? | b. Prevents systems from
replying to ping requests (broadcasts)
181. What does the following option in the /etc/[Link] file do
net.ipv4.icmp_ignore_bogus_error_responses = 1 | a. Ignores ICMP messages that do not
conform to standards
182. On a computer network, packets with addresses that should not be possible are known as
______. | c. Martian packets
183. Before customizing a kernel, you should clean the directories associated with the source
code by using which command? | b. make clean
184. To customize a kernel, which command opens a kernel customization editing tool? | c.
make menuconfig
185. Why is it important to install antivirus software for a Samba file server in a Microsoft
Windows environment? | Because shared files on the Samba server can contain viruses that can
infect Windows clients
186. ClamAV can be described as: | c. An open source anti-virus solution mainly used on Linux
e-mail gateways
187. Which term describes a common malware targeted for Linux operating systems that allows
a blackhat hacker to take over the computer system with administrative privileges? | b. Rootkit
188. Which environment is best suited for using the Red Hat Satellite Server? | a. The LAN of
enterprises
189. The apt-* commands are a series of commands developed for ______ Linux distribution. |
c. Debian
190. Which of the following yum commands checks for available updates? | d. yum check-
update
191. The commercially supported update system for the Ubuntu distribution is: | c. Landscape
192. Which Linux distribution is known as "a rebuild of RHEL" because the developers use the
RHEL source code released by Red Hat under open source licenses? | b. CentOS
193. Which Linux distribution is primarily supported by the "community," although Red Hat
engineers develop software for the distribution? | c. Fedora
194. Of the following, which Linux distributions are released with long-term support (LTS)
every two years? | a. Ubuntu
195. Which organization maintains the Common Vulnerabilities and Exposures (CVE) list? | d.
MITRE Corporation
196. Which desktop environment is the Konqueror Web browser part of, by default? | c. KDE
197. Which of the following enables you to check an Online Certificate Status Protocol (OCSP)
server for the current status of a digital certificate? | a. Apache
198. Which of the following is self-replicating malware that differs from a virus in that it does
not require direct user involvement to spread? | c. Worm
199. What is SpamAssassin? | c. An e-mail filter
200. What is a commonly used bug tracking system derived from Mozilla's system and now used
by Red Hat and many others? | d. Bugzilla
201. Which of the following is not an Ubuntu repository? | a. OpenSource
202. What is Anaconda? | b. A Linux installation program
203. Which of the following directories should not be made read-only? | d. All of the above
204. What is the general name of a fully functional version of a Linux distribution that runs in
RAM and does not require a hard disk? | c. Live CD
205. Which of the following is not a characteristic of a gold Linux baseline? | a. GUI
206. You may create multiple gold baseline configurations to reflect separation in different
_________. | b. filesystems
207. Standard logging services store logs in subdirectories of ____________. | d. /var/log/
208. What does a baseline configuration include? | c. Both A and B
209. Regarding system and kernel log services, which log message priority is considered most
important, and might be shown as "panic" or "crit"? | d. emerg
210. Log entries associated with printing are stored in which of the following? | b. CUPS logs
211. You want to review information on users who connect to Web sites configured on your
Apache server. Which directive in the Apache log configuration file helps you capture this
information? | d. LogFormat
212. You want to check the status of files compared to a baseline; specifically, you want to
compare the state of stable directories. Which of the following can help you compare this task? |
a. Tripwire
213. You want to check the status of files compared to a baseline; specifically, you want to
compare the state of stable directories. Which of the following can help you compare this task?
| . Rsyslog
214. 4. The security test tool SAINT began as the open source version of __________. | a.
SATAN
216. In what form is SAINT available? | c. Both A and B
215. To use Nessus�, you must first create a _________. | b. user
217. After running SAINT, you discover an issue that allows unauthorized access to your
network. Which SAINT reporting level does the issue fall under? | a. Critical problems
218. Which command uses the GAPING_SECURITY_HOLE option? | d. nc
219. Which of the following is not an example of live media with penetration testing tools? | b.
Nessus
220. You turned off an iptables firewall to test it with the nmap tool. How do you restart the
firewall? | d. iptables restart
221. Which tool is generally not used to decrypt and test passwords? | b. Nessus�
d. netstat -t | a. lsof -ni
223. Which command uses the ping command to display a list of active systems on a network? |
a. nmap -sP [Link]/8
224. Of the following virtualization solutions, which one runs Linux systems only as guests? | b.
Microsoft Virtual Server
225. Which of the following is a valid reason to use a Live CD on a suspected compromised
system? | c. The Live CD can be used for forensic analysis.
226. Which of the following commands is used to transfer data over an SSH connection in
encrypted format? | b. rsync -e ssh
227. Which of the following do you need to work with an encrypted filesystem during a digital
forensic investigation? | c. Both A and B
228. Which instrument documents where evidence came from, how that evidence was
duplicated, and the methods used to analyze that evidence? | d. Chain of custody
229. Which command creates a bit-by-bit duplicate of an original disk? | a. dd
230. What is a drawback of the rsync command for backing up files? | c. It transmits data in
clear text.
231. What is one of the first steps in incident response? | b. Confirm the breach.
232. Which command does not include free space in the duplication process? | d. rsync
233. You want to see which users are currently logged into a system including information on
the process currently being executed by the logged-in user. Which command can you use? | a. w
234. You want to find executable files in user directories. Which command is the best choice? | .
find
235. You are performing computer forensics and need to review data currently in RAM. What
do you do to ensure you don't lose or modify the RAM data? | b. Use a forensics kit such as
Helix Knoppix
236. You are performing computer forensics. You just transferred data from the victim's hard
disk to a forensic system. What is the next step you should perform? | c. Create a checksum file.
237. What is the best description of a functional bug? | a. A flaw in software that prevents part of
a program from running properly
238. Which command upgrades rather than installs a Linux distribution? | b. apt-get dist-upgrade
239. Which software, when available, should allow you to configure Linux as a domain
controller on a Microsoft Active Directory network? | c. Samba 4.0
240. What is Content Scramble System (CSS) associated with? | d. Digital rights management
241. Where is the best place to report bugs you encounter in open source software? | a. Bug
reporting site
242. What is the name of the emerging firewall that is expected to replace iptables? | b. nftables