Linux OS Security End of Course Prep Questions And
Answers
What program could you use to conduct a technical vulnerability scan of a Linux host? -
Answer- A. Nessus
When connecting to an untrusted wireless access points how can you increase your
security and safety of using that access point? - Answer- A. Use a VPN to encrypt your
traffic
What service would you use to schedule a script to run at a certain pre-determined
time? - Answer- A. cron
What does the command find / -xdev -nouser do? - Answer- A. Finds files that belong to
user accounts that are no longer on the system
Which documents or resources can you review for guidance on hardening a Linux
system: - Answer- ALL OF THESE
A. NSA hardening guide
B. DISA STIG
C. National Vulnerability Database
D. All of these
In a hardened Linux environment the firewalls default policy should be - Answer- B.
Deny All (or Drop)
What base directory would you put a script in if you wanted it to automatically start when
the operating system starts? - Answer-
If you use GRUB to manage different boot options on your Linux host and want to
increase security especially for physical access you should - Answer- A. Configure
GRUB to prompt for a password to boot a partition
127.0.0.1 is an example of what type of address? - Answer- A. IPv4
What program allows you to interactively execute programs or commands as the root
user? - Answer- A. sudo
An attacker who places an entry such as 74.213.42.219 www.cmu.edu in the /etc/hosts
file could redirect users to a malicious server. - Answer- A. True
, What is Unified Extensible Firmware Interface designed to do? - Answer- A. Prevent
malicious actors from modifying the boot loader or booting the computer with a different
operating system
Single user mode in Linux is a security risk if a malicious actor has physical access to
the host. - Answer- A. True
Bro, Snort, Suricata are examples of what kind of Linux security feature? - Answer- A.
Network Intrusion Detection Systems
Misconfigurations are a more likely security threat than viruses on Linux. - Answer- A.
True
What type of attack is enabled by lack of input validation in applications? - Answer- A.
SQL injection
What program should be used to change a user password? - Answer- A. passwd
Package repositories are collections of software and source files used by package
management systems to install, update, and remove software on a Linux system. -
Answer- A. True
In addition to the internal authentication via /etc/passwd and /etc/shadow files, what
services can be used to authenticate users to a Linux host? - Answer-
GID UID and EUID stand for: - Answer-
You can use SSH to tunnel and encrypt traffic between a client and a server. - Answer-
A. True
2003:da3:1637:ffff:ffff:ffff:ffff:ffff is an example of what type of address? - Answer- B.
IPv6
What Linux security feature can be used to log, drop, reject, or alter packets? - Answer-
A. IPTables
Scripting is a good way to automate manual or time intensive tasks such as backups or
running programs on a scheduled basis or monitoring and checking system settings. -
Answer- A. True
What tool could you use to monitor current file system activity? - Answer- A. LSOF
What programs could you use to remotely interact with a Linux system? - Answer- ALL
OF THESE
A. NX
Answers
What program could you use to conduct a technical vulnerability scan of a Linux host? -
Answer- A. Nessus
When connecting to an untrusted wireless access points how can you increase your
security and safety of using that access point? - Answer- A. Use a VPN to encrypt your
traffic
What service would you use to schedule a script to run at a certain pre-determined
time? - Answer- A. cron
What does the command find / -xdev -nouser do? - Answer- A. Finds files that belong to
user accounts that are no longer on the system
Which documents or resources can you review for guidance on hardening a Linux
system: - Answer- ALL OF THESE
A. NSA hardening guide
B. DISA STIG
C. National Vulnerability Database
D. All of these
In a hardened Linux environment the firewalls default policy should be - Answer- B.
Deny All (or Drop)
What base directory would you put a script in if you wanted it to automatically start when
the operating system starts? - Answer-
If you use GRUB to manage different boot options on your Linux host and want to
increase security especially for physical access you should - Answer- A. Configure
GRUB to prompt for a password to boot a partition
127.0.0.1 is an example of what type of address? - Answer- A. IPv4
What program allows you to interactively execute programs or commands as the root
user? - Answer- A. sudo
An attacker who places an entry such as 74.213.42.219 www.cmu.edu in the /etc/hosts
file could redirect users to a malicious server. - Answer- A. True
, What is Unified Extensible Firmware Interface designed to do? - Answer- A. Prevent
malicious actors from modifying the boot loader or booting the computer with a different
operating system
Single user mode in Linux is a security risk if a malicious actor has physical access to
the host. - Answer- A. True
Bro, Snort, Suricata are examples of what kind of Linux security feature? - Answer- A.
Network Intrusion Detection Systems
Misconfigurations are a more likely security threat than viruses on Linux. - Answer- A.
True
What type of attack is enabled by lack of input validation in applications? - Answer- A.
SQL injection
What program should be used to change a user password? - Answer- A. passwd
Package repositories are collections of software and source files used by package
management systems to install, update, and remove software on a Linux system. -
Answer- A. True
In addition to the internal authentication via /etc/passwd and /etc/shadow files, what
services can be used to authenticate users to a Linux host? - Answer-
GID UID and EUID stand for: - Answer-
You can use SSH to tunnel and encrypt traffic between a client and a server. - Answer-
A. True
2003:da3:1637:ffff:ffff:ffff:ffff:ffff is an example of what type of address? - Answer- B.
IPv6
What Linux security feature can be used to log, drop, reject, or alter packets? - Answer-
A. IPTables
Scripting is a good way to automate manual or time intensive tasks such as backups or
running programs on a scheduled basis or monitoring and checking system settings. -
Answer- A. True
What tool could you use to monitor current file system activity? - Answer- A. LSOF
What programs could you use to remotely interact with a Linux system? - Answer- ALL
OF THESE
A. NX
