Linux Essentials for Cybersecurity, 1st edition BY William Rothwell
Email: richard@qwconsultancy.com
Linux Essentials for Cybersecurity (Rothwell/Kinsey) Chapter 1 Distributions and Key Components 1) Linux is a software component called the __________, which is the software that controls the operating system. A) shell B) kernel C) module D) library Answer: B 2) Which of the following is a component of the Linux operating system? A) User utilities B) File systems C) Server software D) All of the above Answer: D 3) Which of the following is rarely installed on Linux server systems because it requires additional hard drive space, CPU cycles, and RAM usage, and also could pose a security risk? A) GUI software B) Kernel modules C) Shells D) Libraries Answer: A 4) Which of the following Linux components refers to a well-defined structure that stores file and directories? A) Server software B) File system C) Kernel module D) Shell Answer: B 5) Which term refers to a software package that often costs nothing? A) Closed source B) Flexible C) Open source D) Commercial Answer: C
1 .
6) Which of the following refers to a specific implementation of a Linux operating system? A) Distribution B) Shell C) Module D) Kernel Answer: A 7) Which type of Linux distribution, which includes Red Hat Enterprise Linux, is designed to be used in a business setting? A) Live distro B) Home or amateur C) Security enhanced D) Commercial Answer: D 8) Which type of Linux distribution, which includes Fedora, is focused on individuals who want a choice other than macOS or Microsoft Windows? A) Commercial B) Security enhanced C) Home or amateur D) Live distro Answer: C 9) A Linux distribution is also called a Linux __________. A) CLI B) shell C) distro D) module Answer: C 10) Which of the following refers to a software program that allows a user to issue commands to the system? A) Kernel B) Shell C) Distro D) Library Answer: B 11) Which of the following is the name of the most popular shell that is available for Linux? A) BASH B) XFCE C) KDE D) None of the above Answer: A
2 .
12) A system with at least __________ of RAM should be able to support at least one VM. A) 2GB B) 4GB C) 6GB D) 8GB Answer: D 13) At any given time, there are about __________ active Linux distributions. A) 100 B) 250 C) 350 D) 500 Answer: B 14) Which of the following is not a Red Hat-based distro? A) Fedora B) RHEL C) Ubuntu D) CentOS Answer: C 15) Which of the following is not a Debian-based distro? A) Kali B) Ubuntu C) Debian D) Linux Mint Answer: A 16) Which of the following is a security-based Linux distribution that enables you to determine what security holes are present in your environment? A) Ubuntu B) Fedora C) Kali D) RHEL Answer: C 17) A native Linux installation is also known as a __________ installation. A) hypervisor B) bare-metal C) hosted D) cloud-based Answer: B
3 .
18) Which of the following is not an example of a hypervisor software program? A) VMware B) Citrix XenServer C) Oracle VirtualBox D) CentOS Answer: D 19) Which of the following is not true when installing a distro using Oracle VirtualBox? A) Typically the default options work well for your initial installations. B) The first step to installing the distro is to add a new “machine.” C) To start the installation process, click the new machine and then click the Launch button. D) On a test system, pick a password that is easy to remember, as password security isn’t as big of a concern in this particular case. Answer: C 20) Which of the following is not true regarding the use of GUI software for a Linux installation? A) Many distributions include a GUI, and you cannot choose to install a different one. B) GUI software allows you to use a mouse and keyboard to interact with the system. C) For personal use, on laptop and desktop systems, having a GUI is normally a good choice. D) The ease of using a GUI environment often outweighs the disadvantages that this software creates. Answer: A
4 .
Linux Essentials for Cybersecurity (Rothwell/Kinsey) Chapter 2 Working on the Command Line 1) Linux offers __________ of command-line utilities, each of which is designed to perform a specific task. A) dozens B) hundreds C) thousands D) millions Answer: C 2) In Linux, every storage location, including remote drives and removable media, is accessible under the top-level directory, which is named __________. A) root (/) B) C: C) home D) bin Answer: A 3) Which of the following Filesystem Hierarchy Standard (FHS) locations contains configuration files for a Linux system? A) /lib B) /home C) /mnt D) /etc Answer: D 4) Which of the following provides additional information for a shell command, such as a filename or user account name, to determine which specific action to take? A) Argument B) Variable C) Option D) None of the above Answer: A 5) To execute a sequence of shell commands, separate each command with a __________ and press the Enter key after the last command has been entered. A) colon B) semicolon C) comma D) period Answer: B
1 .
6) Which of the following shell commands is used to move the shell’s current directory to another directory? A) pwd B) cd C) ls D) file Answer: B 7) Which of the following, also known as a wildcard, refers to any character provided on the command line that represents a portion of a filename? A) Option B) Variable C) File glob D) Argument Answer: C 8) Which of the following shell commands is used to display large chunks of text data, pausing after displaying the first page of information? A) less B) more C) file D) head Answer: A 9) Which of the following shell commands is used to create a new directory? A) ls B) cd C) pwd D) mkdir Answer: D 10) Which option for the cp shell command copies an entire directory structure? A) -v B) -r C) -i D) -n Answer: B 11) Which of the following commands is used to delete a directory and all the files within the directory? A) rm -i B) rmdir C) rm -r D) rm -v Answer: C
2 .
12) Which of the following shell commands is useful for updating the timestamps of critical files for inclusion in automated system backups? A) touch B) file C) mv D) cp Answer: A 13) Which of the following shell commands is used to display information, such as the value of variables? A) tail B) set C) unset D) echo Answer: D 14) Which of the following shell variables defines the primary prompt, often using special character sequences? A) PS1 B) ID C) HOME D) PATH Answer: A 15) To pass variables and their values in to other commands, convert an existing local variable to an environment variable with the __________ command. A) crontab B) env C) export D) echo Answer: C 16) When a user starts a new shell after initially logging in to the system, it is referred to as a __________. A) bash profile B) non-login shell C) bash login D) login shell Answer: B 17) Which of the following refers to a shell feature that allows a collection of commands to be executed by issuing a single command? A) unalias B) alias C) copy D) initialization Answer: B 3 .
18) Which variable for the history command is used to set a numeric value that represents the maximum number of commands to keep in the history list? A) HISTCONTROL B) HISTIGNORE C) HISTFILE D) HISTSIZE Answer: D 19) Which of the following is not true regarding regular expressions (REs)? A) Utilities that use REs normally support basic REs by default and have some option or feature to enable extended REs. B) There are two types of REs: basic and extended. C) Extended REs are the “original,” and basic REs are the newer additions. D) Although documentation may refer to basic REs as obsolete, they are still used by most modern utilities. Answer: C 20) Which of the following compression commands is used to merge multiple files into a single file? A) gzip B) tar C) bzip2 D) xz Answer: B
4 .
Linux Essentials for Cybersecurity (Rothwell/Kinsey) Chapter 3 Getting Help 1) To discover additional information about a Linux command or configuration file, you can use the __________ page. A) man B) auto C) config D) info Answer: A 2) When viewing the content on a man page, you can use the __________ to navigate. A) toolbar B) help menu C) keyboard keys D) mouse Answer: C 3) When referring to the man page for finding help information on Linux commands, “man” is short for which of the following? A) Manage B) Manual C) Manipulate D) Manager Answer: B 4) Which of the following commands is the same as the whatis command in Linux? A) man -k B) passwd C) man -f D) man ls Answer: C 5) When viewing a man page, which movement command moves forward one page in the current document? A) Enter B) b C) Up arrow D) Spacebar Answer: D 6) Which man page section for the ls command is for system calls? A) 2 B) 4 C) 6 D) 8 Answer: A 1 .
7) Which man page section for the ls command is for kernel routines? A) 3 B) 5 C) 7 D) 9 Answer: D 8) Which of the following commands is the same as the apropos command? A) man -f B) mandb C) man -k D) man ls Answer: C 9) When viewing a man page, which movement command is used to display a help screen (a summary of man page movement commands)? A) h B) q C) b D) Enter Answer: A 10) Which of the following commands is used to build or update the database that holds a list of man pages and descriptions? A) man -M B) man cd C) mandb D) man -f Answer: C 11) If you want to specify an alternate location for man pages, you can use which of the following options with the man command? A) -f B) -M C) -b D) -k Answer: B 12) Which of the following options is often used with some Linux commands to provide basic help features? A) -H B) --help C) --H D) -help Answer: B 2 .
13) You can display a list of all the built-in shell commands by running which of the following commands? A) help -s B) h -s C) help -S D) h -S Answer: A 14) Whereas each man page is a single text document, __________ pages are more like reading content from a website that has hyperlinks to provide more structure. A) help B) search C) view D) info Answer: D 15) Which movement command for the info command is used to move up to the parent node? A) p B) u C) b D) t Answer: B 16) Which movement command for the info command is used to move to the last node (the node you were last in)? A) n B) p C) l D) q Answer: C 17) Which of the following is not true when comparing man pages and info pages? A) Info pages are more user friendly, but also require more work for developers to create. B) Man pages are easier to print than info pages. C) Info pages often read more like a tutorial; man pages read more like documentation. D) Often a command will have an info page but not a man page. Answer: D 18) You can find additional user documentation in which of the following directories? A) /usr/share/doc B) /share/doc/usr C) /doc/usr/share D) None of the above Answer: A
3 .
19) Which of the following is commonly found in documentation subdirectories for a software package? A) README file B) Copyright notifications C) A changelog D) All of the above Answer: D 20) Man pages have been around since the early days of __________ in the early 1970s. A) Linux B) Unix C) DOS D) Windows Answer: B
4 .
Linux Essentials for Cybersecurity (Rothwell/Kinsey) Chapter 4 Editing Files 1) The vi (short for visual) text editor was introduced to __________ in the mid-1970s. A) Windows B) Linux C) Unix D) DOS Answer: C 2) An improved version of the vi editor, available on some Linux distributions, is called __________. A) vim B) ed C) gedit D) joe Answer: A 3) To edit a new file with the vi editor, you can just type the command with no arguments or type __________. A) filename vi B) vi filename C) vi D) filename Answer: B 4) Which of the following modes is the default mode of operation for the vi editor? A) Command mode B) Last line mode C) Insert mode D) Ex mode Answer: A 5) Which mode of operation for the vi editor allows you to perform complex operations, such as saving a document to a file with a different name? A) Command mode B) Last line mode C) Insert mode D) First line mode Answer: B
1 .
6) While in insert mode, which key do you press to return to the default mode of operation for the vi editor? A) ; B) Enter C) : D) Escape Answer: D 7) While in command mode, which key do you press to enter into last line mode for the vi editor? A) ; B) Enter C) : D) Escape Answer: C 8) Which vi command to enter insert mode specifies that new inserted text will appear at the beginning of the line? A) I B) a C) i D) A Answer: A 9) Which of the following commands enables the feature that displays “--INSERT--” at the bottom of the screen in a standard vi editor? A) :enter showmode B) :insert showmode C) :set showmode D) None of the above Answer: C 10) While in the command mode of the vi editor, which key do you press to move forward one paragraph? A) { B) } C) ( D) ) Answer: B 11) While in the command mode of the vi editor, which key do you press to move to the top of the screen? A) H B) L C) M D) G Answer: A 2 .
12) While in the command mode of the vi editor, which key do you press to move to the beginning of the next word or punctuation mark? A) b B) W C) B D) w Answer: D 13) Which of the following commands can be used to move forward five words in the vi editor? A) 5W B) 5w C) W5 D) w5 Answer: B 14) In the standard vi editor, you can undo how many actions? A) 0 B) 1 C) 2 D) Unlimited Answer: B 15) Which command do you use in the vi editor if you want to close a document without saving all recent changes? A) :q! B) q:! C) !q: D) :!q Answer: A 16) Which of the following commands is used to copy the current line to the end of the document in the vi editor? A) yy B) y$ C) yG D) yw Answer: C 17) Which of the following commands is used to delete the current line in the vi editor? A) d$ B) dG C) dw D) dd Answer: D
3 .
18) To find text in the vi editor, which character do you type before the search text to search forward in the document? A) ? B) / C) * D) \ Answer: B 19) Which of the following commands is used to save and quit a document in the vi editor? A) :qs B) :sq C) :qw D) :wq Answer: D 20) Which of the following is a GUI-based text editor that includes tools and features like syntax highlighting, insertion of code by clicking a button, and automatic formatting? A) bluefish B) gedit C) kwrite D) nano Answer: A
4 .
Linux Essentials for Cybersecurity (Rothwell/Kinsey) Chapter 5 When Things Go Wrong 1) Which of the following is the first step to take when troubleshooting a problem with a Linux system? A) Document the actions you plan to perform to solve the problem before taking any action. B) Perform only the documented actions to solve the problem. C) Gather all relevant information related to the problem. D) Determine the most likely cause of the problem. Answer: C 2) Which of the following is the most commonly overlooked step in the process of troubleshooting a problem with a Linux system? A) Document the actions you plan to perform to solve the problem before taking any action. B) Perform only the documented actions to solve the problem. C) Gather all relevant information related to the problem. D) Determine the most likely cause of the problem. Answer: A 3) Which of the following methods can be used to help determine the likely cause of a problem with a Linux system? A) Researching your problem on Linux forum sites B) Contacting your system administrator and asking for advice C) Reading documentation, such as man and info pages D) All of the above Answer: D 4) In relation to the steps for troubleshooting a problem with a Linux system, what does POA stand for? A) Process of action B) Plan of attack C) Process of attack D) Plan of action Answer: B 5) Which of the following is not something to consider when planning how you will perform the documentation step when troubleshooting a problem with a Linux system? A) How can I ensure the documentation will be easy to retrieve and reference? B) How can I make the process easy? C) What tools are available? D) Did I get the output that I expected? Answer: D
1 .
6) Which of the following is the last step to take when troubleshooting a problem with a Linux system? A) Store the documentation that you created. B) Determine if the problem has been correctly solved. C) Consider what you can do to prevent this problem from happening in the future. D) Perform only the documented actions to solve the problem. Answer: C 7) Which of the following files contains information on the OS name and the kernel version of Linux that displays before the prompt in a command-line interface? A) /etc/name B) /etc/issue C) /etc/kernel D) /etc/status Answer: B 8) Which of the following special values for the /etc/issue file displays the baud rate, which is the speed of the connection? A) \b B) \r C) \B D) \R Answer: A 9) Which of the following special values for the /etc/issue file displays the number of users that are currently logged in to the system? A) \m B) \u C) \v D) \n Answer: B 10) If a user logs in via a remote system command-line login, you can display a message by placing information in which of the following files? A) /etc/issue B) /etc/ssh C) /etc/ssh/sshd_config D) /etc/issue.net Answer: D 11) While using a GUI-based login, which of the following keyboard shortcuts is most likely to enable you to access a command-line login? A) Ctrl+Alt+F1 B) Ctrl+Alt+F7 C) Ctrl+Alt+F2 D) Ctrl+Alt+F9 Answer: C 2 .
12) Which of the following is not true regarding security issues for pre-login messages? A) Noting that the system is proprietary and contains confidential information is usually sufficient for a pre-login message. B) You should consider not allowing telnet connections because of security issues. C) It is considered a good idea to provide system information via a pre-login message on remote connections. D) If you do not have a good reason for displaying pre-login information, you should not display it. Answer: C 13) When a distribution uses an FTP server such as the vsftpd server, which of the following files do you modify for pre-login messages? A) /etc/gdm/custom.conf B) /etc/gdm/gdm.conf-custom C) /usr/libexec/gdmlogin D) /etc/vsftpd/vsftpd.conf Answer: D 14) When using GDM as the GUI login manager, which of the following files do you modify for pre-login messages in a Red Hat-based system? A) /etc/gdm/custom.conf B) /etc/gdm/gdm.conf-custom C) /usr/libexec/gdmlogin D) /etc/vsftpd/vsftpd.conf Answer: A 15) When using GDM as the GUI login manager, which of the following files do you modify for pre-login messages in a Debian-based system? A) /etc/gdm/custom.conf B) /etc/gdm/gdm.conf-custom C) /usr/libexec/gdmlogin D) /etc/vsftpd/vsftpd.conf Answer: B 16) What might want to place in the /etc/motd file? A) System updates B) Pre-login message C) User passwords D) A friendly welcome message Answer: D
3 .
17) Which of the following is another term for a pre-login message? A) Banner B) Greeter C) Both A and B D) Neither A nor B Answer: C 18) Which of the following files can be edited to display a post-login message in a command-line interface? A) /etc/motd B) /etc/issue C) /etc/issue.net D) /motd/etc Answer: A 19) The wall command used to broadcast urgent real-time messages on a system is limited to how many lines of text? A) 5 B) 10 C) 15 D) 20 Answer: D 20) Which of the following options for the shutdown command is used to send a wall message stating that the system will be shutting down? A) -h B) -c C) -k D) -r Answer: C
4 .
Linux Essentials for Cybersecurity (Rothwell/Kinsey) Chapter 6 Managing Group Accounts 1) In Linux, access or restrictions can be applied to which of the following for group accounts? A) Files B) Directories C) Other operating system features D) All of the above Answer: D 2) Every Linux user is a member of at least one group, and the first group is called the user’s __________ group. A) main B) primary C) key D) central Answer: B 3) Any additional groups that a Linux user is a member of, after the first group, are called the user’s __________ groups. A) secondary B) minor C) subordinate D) lesser Answer: A 4) Which of the following is a command that provides information on a Linux user’s group membership? A) grp B) id C) uid D) gid Answer: B 5) After a Linux user creates a new file, the user can change the group ownership of the file to another group by using which of the following commands? A) cg B) ls C) chgrp D) touch Answer: C
1 .
6) Which of the following files contains user account information, including the primary group membership for each user? A) /etc/group B) /etc/gshadow C) /etc/groupinfo D) /etc/passwd Answer: D 7) Which of the following files stores information about each group, including the group name, group ID (GID), and secondary user membership? A) /etc/group B) /etc/gshadow C) /etc/groupinfo D) /etc/passwd Answer: A 8) Which of the following files stores additional information for a group, such as group administrators and the group password? A) /etc/group B) /etc/gshadow C) /etc/groupinfo D) /etc/passwd Answer: B 9) Each line in the /etc/group file describes one __________. A) user B) program C) group D) individual Answer: C 10) If one line in the /etc/group file appears as adm:x:4:syslog,bo, which field in this example represents the password placeholder? A) adm B) x C) 4 D) syslog,bo Answer: B 11) If one line in the /etc/group file appears as adm:x:4:syslog,bo, which field in this example represents the group name? A) adm B) x C) 4 D) syslog,bo Answer: A 2 .
12) Which of the following is not a command used to change the contents of the /etc/group file? A) groupmod B) groupins C) groupadd D) groupdel Answer: B 13) Default group accounts in a typical Linux system often have GID values under __________. A) 10 B) 100 C) 1000 D) 10000 Answer: C 14) Which of the following special group accounts is reserved for the system administrator? A) sudo B) lp C) staff D) root Answer: D 15) Which of the following special group accounts is used by the operating system to provide access to specific files? A) lp B) users C) adm D) operators Answer: A 16) In Linux, the acronym UPG stands for which of the following? A) User Protocol Groups B) User Private Groups C) Unified Protocol Groups D) Unified Private Groups Answer: B 17) The purpose of the password field in the /etc/gshadow file is to allow users to temporarily change their primary group by using the __________ command. A) newgrp B) groups C) grep D) gpasswd Answer: A
3 .
18) A group administrator can create a group account by using which of the following commands? A) groupnew B) groupins C) groupadd D) newgroup Answer: C 19) To change the name of an existing group, the group administrator uses the groupmod command with which of the following options? A) -g B) -n C) -1 D) -d Answer: B 20) To allow a user to manage a group, add them as a group administrator by using the __________ option with the gpasswd command. A) -a B) -A C) -d D) -m Answer: B
4 .
Linux Essentials for Cybersecurity (Rothwell/Kinsey) Chapter 7 Managing User Accounts 1) Which of the following files stores the primary account data for local users of a Linux system? A) /etc/shadow B) /etc/gshadow C) /etc/passwd D) /etc/group Answer: C 2) Which of the following files stores user passwords and password-related data for local users of a Linux system? A) /etc/shadow B) /etc/gshadow C) /etc/passwd D) /etc/group Answer: A 3) If one line in the /etc/passwd file appears as root:x:0:0:root:/root:/bin/bash, which field in this example represents the user’s login shell? A) /bin/bash B) x C) /root D) 0:0 Answer: A 4) If one line in the /etc/passwd file appears as root:x:0:0:root:/root:/bin/bash, which field in this example represents the user’s home directory? A) /bin/bash B) x C) /root D) 0:0 Answer: C 5) To see if there are any errors in the /etc/passwd file, execute the __________ command while logged in as the root user. A) pwck B) grep C) useradd D) chfn Answer: A
1 .
6) Which of the following refers to programs that run in the background, performing specific system tasks? A) Controls B) Modules C) Arguments D) Daemons Answer: D 7) Which of the following default user accounts is used by the software that provides DNS (Domain Name System) functions? A) bind B) syslog C) root D) lp Answer: A 8) If one line in the /etc/shadow file appears as bob:*:16484:3:90:5:30:16584:, which field in this example represents the minimum password age? A) bob B) 3 C) * D) 16484 Answer: B 9) If one line in the /etc/shadow file appears as bob:*:16484:3:90:5:30:16584:, which field in this example represents the date of the last password change? A) bob B) 3 C) * D) 16484 Answer: D 10) Which of the following options for the useradd command specifies the user’s UID? A) -d B) -u C) -k D) -g Answer: B 11) Which of the following options for the useradd command displays the default values? A) -d B) -f C) -D D) -u Answer: C
2 .
12) When a __________ directory is used, the entire contents of the specified directory are copied to the new user’s home directory. A) skeleton B) default C) root D) /bin Answer: A 13) As an administrator, you can modify user accounts using the __________ command. A) chfn B) usermod C) pwck D) useradd Answer: B 14) To remove a user and keep the user’s home directory and mail spool, use the __________ command without any additional arguments. A) userdel B) usermod C) deluser D) moduser Answer: A 15) To create a restricted shell account for guest users, the first step is to use the __________ option with the useradd command and provide an argument of /bin/rbash. A) -d B) -m C) -g D) -s Answer: D 16) Which of the following login servers can provide both user and group account data and is commonly used for network-based accounts on Linux distributions? A) Active Directory and Samba B) NIS C) LDAP D) None of the above Answer: C 17) Which of the following commands can be used to provide some users with the ability to execute specific tasks as the administrator? A) usermod B) sudo C) apt-get D) visudo Answer: B 3 .
18) PAM, a powerful tool that allows an administrator to provide many restrictions to user accounts, stands for which of the following? A) Pluggable Account Modules B) Private Authentication Modules C) Pluggable Authentication Modules D) Private Account Modules Answer: C 19) Which of the following PAM categories is used to perform actions prior to and after a service has been provided to a user? A) session B) auth C) password D) account Answer: A 20) Which of the following PAM modules is used to modify password policies? A) pam_mkhomedir B) pam_access C) pam_env D) pam_cracklib Answer: D
4 .
Linux Essentials for Cybersecurity (Rothwell/Kinsey) Chapter 8 Develop an Account Security Policy 1) After you install Kali Linux, you can access the security tools by clicking __________ at the top of the window. A) Applications B) Places C) Files D) Tools Answer: A 2) Which of the following is not one of the categories of Kali Linux tools? A) Password Attacks B) Vulnerability Analysis C) Pre Exploitation D) Reverse Engineering Answer: C 3) A good security policy should include all but which of the following? A) A set of rules that determines what is and is not allowed on systems B) A means to ensure that all rules are being followed C) A well-defined plan to handle when a system is compromised D) A way to ensure that policies remain stable as new information becomes available Answer: D 4) When a system is compromised, which of the following should include who is notified, what actions should be taken, and so on? A) Reporting tools B) Incident response plan C) Web application analysis D) Social engineering tools Answer: B 5) When securing user accounts, which of the following components must be considered? A) Ensuring accounts are not susceptible to attack B) Education of users C) Physical security of the system or network D) All of the above Answer: D 6) The goal in terms of __________ is to make systems, services, and data available to the correct entities while denying access to these resources by unauthorized entities. A) vulnerability B) security C) assessment D) forensics Answer: B 1 .
7) When used to define security principles, the term “entity” refers to which of the following? A) People B) Systems C) Both people and systems D) None of the above Answer: C 8) Which of the following is not true regarding security principles? A) You have to keep an eye on authorized users who may attempt to gain unauthorized access. B) You have to find the right balance between making a system secure and making it available. C) There is always a way to compromise a system if someone has enough time, resources, and knowledge. D) External hackers try to compromise security by making a system deny access to unauthorized entities. Answer: D 9) When you protect systems from theft and hardware errors, you are implementing which of the following? A) Physical security B) Account security C) User education D) None of the above Answer: A 10) When you encourage users to report any suspicious activity immediately, you are implementing which of the following? A) Physical security B) Account security C) User education D) None of the above Answer: C 11) When system logs are used to determine if someone is trying to gain unauthorized access to a system, this is an example of which of the following? A) Physical security B) Account security C) User education D) None of the above Answer: B
2 .
12) Which of the following actions can be performed to prevent a user from changing an account password? A) Make the max field of the /etc/shadow file a higher value than the min field. B) Create a crontab entry to execute a command that prevents password changes. C) Make the min field of the /etc/shadow file a higher value than the max field. D) All of the above Answer: C 13) Which of the following is a software tool that can be used to keep track of all commands executed by users? A) psacct B) accton C) lastcomm D) cron Answer: A 14) Which of the following commands enables you to see a summary of all login times for each user in the last 24 hours? A) mkdir /var/log/account B) tar -xvf acct* C) ac -p --individual-totals D) touch /var/log/account/pact Answer: C 15) How can a system administrator help avoid accidentally running commands that could destroy all system files? A) Run the rm -r /* command when logged in as a regular user. B) Run the rm -r /* command when logged in as a system administrator. C) Log in as a regular user and use the sudo or su command to gain temporary root access. D) It is not possible for a system administrator to run commands that destroy all system files. Answer: C 16) Which of the following is a technique for gathering system information from users by using nontechnical methods? A) Reverse engineering B) Web application analysis C) Sniffing and spoofing D) Social engineering Answer: D 17) Which of the following is a GUI-based utility that can be used to perform password-cracking operations? A) hydra B) Johnny C) ncrack D) john Answer: B 3 .
18) When using the john or Johnny utility, you need to have a file that contains which of the following entries? A) /etc/passwd B) /etc/shadow C) Both /etc/passwd and /etc/shadow D) Neither /etc/passwd or /etc/shadow Answer: C 19) Which of the following tools actively probes a system via a specific protocol, such as FTP? A) john B) hydra C) Johnny D) All of the above Answer: B 20) Which button do you click in the Johnny utility to see what john command was executed? A) Console log B) Passwords C) Statistics D) Settings Answer: A
4 .
Linux Essentials for Cybersecurity (Rothwell/Kinsey) Chapter 9 File Permissions 1) Which of the following commands is used to view the permissions of a file or directory? A) ls -l B) cd C) chmod D) umask Answer: A 2) When setting file permissions, which of the following permissions means users can modify the file contents? A) Read B) Write C) Execute D) All of the above Answer: B 3) When setting directory permissions, which of the following permissions means users are limited to listing files in the directory? A) Read B) Write C) Execute D) None of the above Answer: A 4) Which of the following commands is used to change permissions on files? A) umask B) ls C) cd D) chmod Answer: D 5) Which of the following commands is used to specify which default permissions to exclude when creating a new file or directory? A) chmod B) cd C) umask D) ls Answer: C 6) The rw-r--r-- file corresponds to which of the following umask values? A) 002 B) 022 C) 027 D) 077 Answer: B 1 .
7) In reference to special permission sets, SUID is short for which of the following? A) Specify User ID B) Set Umask ID C) Set User ID D) Specify Umask ID Answer: C 8) Which of the following permissions can be used to execute a command that has access to files and directories using the group ownership of the command? A) SGID B) Octal C) Symbolic D) SUID Answer: A 9) Which of the following permissions changes the behavior of the write permission when applied to a directory? A) SUID B) Sticky bit C) SGID D) Execute Answer: B 10) Which of the following commands can be used to set the sticky bit permission? A) chmod o+t file B) chmod g+s file C) chmod u+s file D) chmod o-t file Answer: A 11) Which of the following is the best solution for allowing the owner of a file to give permissions for specific users and groups? A) SGID B) Sticky bit C) SUID D) Access control lists (ACLs) Answer: D 12) Which of the following commands is used to create an ACL on a file or directory? A) getfacl B) chmod C) setfacl D) mkdir Answer: C
2 .
13) Which of the following is the format of the argument to the -m option for the setfacl command? A) what:who:permission B) who:permission:what C) permission:what:who D) None of the above Answer: A 14) Which of the following specifies the maximum permissions that anyone besides the user owner and “others” have on the file? A) umask value B) mask value C) mkdir D) getfacl Answer: B 15) Which of the following commands is used to change either the user owner or group owner of a file or directory? A) chown B) chgrp C) setfacl D) chattr Answer: A 16) Which of the following commands is designed to change the group ownership of a file? A) chown B) chgrp C) setfacl D) chattr Answer: B 17) A(n) __________ file is completely unchangeable; it cannot be deleted or modified by anyone, including the root user. A) absolute B) reversible C) irreversible D) immutable Answer: D 18) Which option for the chattr command is used to recursively apply changes to an entire directory structure? A) -r B) -V C) -R D) -v Answer: C 3 .
19) SELinux refers to which of the following? A) Security Enabled Linux B) Security Enhanced Linux C) System Enhanced Linux D) System Enabled Linux Answer: B 20) Which of the following commands can be used to determine if SELinux is available (and actively being used) on a system? A) getenforce B) restorecon C) setenforce D) semanage Answer: A
4 .
Linux Essentials for Cybersecurity (Rothwell/Kinsey) Chapter 10 Manage Local Storage: Essentials 1) Which of the following are used to separate a hard disk into smaller components, so that each component can then be treated as a different storage device? A) Virtual filesystems B) Partitions C) Physical filesystems D) Swap devices Answer: B 2) Where are traditional partition tables stored? A) MBR B) GPT C) RAID D) UDF Answer: A 3) __________ filesystems are structures used to organize data on a device, such as a partition, logical volume, or RAID. A) Virtual B) Directory C) Physical D) Simulated Answer: C 4) Which of the following refers to what regular users see when they are looking at files and directories on the operating system? A) Physical filesystems B) Partitions C) Virtual filesystems D) Swap devices Answer: C 5) Which of the following directories is the top of the virtual filesystem structure? A) /var B) / (root) C) /usr D) /boot Answer: B 6) Placing the filesystem under a directory is completed through a process called __________. A) unmounting B) partitioning C) swapping D) mounting Answer: D 1 .
7) Which of the following filesystems contains data that changes often, such a log files, mail files, and spools? A) /var B) /home C) /boot D) /opt Answer: A 8) Which of the following filesystems contains files such as the kernel, bootloader, and initramfs files? A) /var B) /home C) /boot D) /opt Answer: C 9) Which of the following is specifically designed to be used as the filesystem on CD-ROM discs? A) btrfs B) ISO9660 C) UDF D) xfs Answer: B 10) The full collection of partitions on a single storage device is called the __________. A) GUID B) GPT C) partition table D) MBR Answer: C 11) Which of the following commands can you use to create an MBR partition? A) mkfs B) mount C) fsck D) fdisk Answer: D 12) After you create a partition, you can create a filesystem using the __________ command. A) mkfs B) mount C) fsck D) fdisk Answer: A
2 .
13) Which of the following tools allow you to change and view ext-based filesystems? A) tune2fs B) debugfs C) dumpe2fs D) All of the above Answer: D 14) Which of the following would you use to change the percentage of a filesystem reserved for the superuser? A) tune2fs B) debugfs C) dumpe2fs D) fsck Answer: A 15) Which of the following tools allows you to fix unmounted xfs-based filesystems? A) xfs_info B) xfs_repair C) xfsrestore D) xfs_check Answer: B 16) Which of the following commands displays usage of partitions and logical devices? A) du B) cd C) df D) ls Answer: C 17) Which field for the mount command output represents the directory where the filesystem is currently mounted? A) fs_type B) mount_point C) device D) mount_options Answer: B 18) Which of the following mount command options allows you to mount a filesystem as readonly? A) ro B) -o C) rw D) -t Answer: A
3 .
19) When removable media, such as a CD-ROM or DVD, is automatically mounted, it is typically made available under which of the following directories? A) /data B) /rem C) /dev D) /media Answer: D 20) Which of the following commands allows you to see your currently active swap devices? A) swapoff B) swap C) swapon D) mkswap Answer: C
4 .
Linux Essentials for Cybersecurity (Rothwell/Kinsey) Chapter 11 Manage Local Storage: Advanced Features 1) Which of the following is a specification that describes how filesystems are to be encrypted on Linux? A) LUKS B) DMCrypt C) GnuPG D) All of the above Answer: A 2) Which of the following commands is used to create a new encrypted filesystem? A) cryptmount B) modprobe C) cryptsetup D) mkfs Answer: C 3) The purpose of the __________ feature is to have filesystems automatically mounted when a user (or any process) accesses the mount point. A) auto.misc B) auto.master C) fstype D) autofs Answer: D 4) LVM, which stands for __________, is a technology that can be used in place of traditional partitions. A) Logical Volume Manager B) Logical Virtual Memory C) Logical Virtual Manager D) Logical Volume Memory Answer: A 5) Which of the following is a disadvantage of using LVM? A) LVM does not allow you to back up a frozen image of the filesystem while the real filesystem remains active. B) LVM doesn’t provide redundancy like RAID does. C) The LVM feature of striping cannot write data to multiple hard disks concurrently. D) LVM cannot merge multiple storage devices together into a device that the kernel perceives as a single storage device. Answer: B
1 .
6) After a volume group (VG) is created with LVM, the space made available by the physical volumes (PVs) is broken into small chunks called __________. A) filesystems B) logical volumes C) partitions D) physical extents Answer: D 7) Which of the following commands is used to see the size of physical extents, as well as other useful VG information? A) pvcreate B) vgdisplay C) pvdisplay D) vgcreate Answer: B 8) Which of the following commands is used to create an LV using space from a VG? A) vglvcreate B) vgcreate C) lvcreate D) pvcreate Answer: C 9) Which of the following is the first step for making a partition available to the operating system? A) Create a filesystem. B) Verify the mount. C) Mount the filesystem under the mount point. D) Make a mount point. Answer: A 10) The LVM commands are normally executed by symbolic links that refer to which of the following commands? A) /etc/fstab B) /sbin/pvcreate C) /dev/mapper D) /sbin/lvm Answer: D 11) Which of the following commands is used to make an LV smaller by shrinking the size of the filesystem and then shrinking the LV? A) lvremove B) lvreduce C) lvextend D) lvdisplay Answer: B 2 .
12) After completing a backup, you should destroy the LVM snapshot by first unmounting the snapshot VM and then executing the __________ command. A) lvremove B) lvreduce C) lvextend D) lvdisplay Answer: A 13) An administrator can limit how much space a user can use in each filesystem by enabling a __________. A) quota check B) mount option C) snapshot D) disk quota Answer: D 14) Which of the following would you create in order to display a warning to users who exceed the amount of space allotted for their files? A) Flexible limit B) Hard limit C) Soft limit D) None of the above Answer: C 15) Which part of a file stores the file’s metadata, such as file ownership, permissions, and timestamps? A) snapshot B) node C) autofs D) inode Answer: D 16) Which option for the quotacheck command is used to create database file(s)? A) -u B) -c C) -g D) -m Answer: B 17) To enable user quotas, you must first mount the filesystem with the __________ mount option. A) usrquota B) quotaon C) quotacheck D) edquota Answer: A 3 .
18) Which of the following fields of a quota specifies how many files the user currently has in the filesystem? A) blocks B) Filesystem C) inodes D) hard Answer: C 19) Which of the following commands can be executed by the root user to set a grace period on disk quotas? A) quota B) edquota –t C) repquota D) quotaon Answer: B 20) Which of the following is not true regarding hard and soft file links on Linux? A) If you have 10 hard-linked files and you delete any nine of these files, the data is no longer maintained in the remaining file. B) When you create a hard link to a file, there is no way to distinguish the “original” file from the “linked” file. C) Hard-link files share the same inode. D) When you create a soft link, the original file contains the data while the link file “points to” the original file. Answer: A
4 .
Linux Essentials for Cybersecurity (Rothwell/Kinsey) Chapter 12 Manage Network Storage 1) Which of the following is a protocol that was invented in the mid-1980s by IBM for the purpose of being able to share directories between hosts on a LAN? A) DFS B) NFS C) SMB D) CIFS Answer: C 2) Which of the following is an SMB-based protocol made popular on Microsoft Windows systems? A) DFS B) NFS C) LAN D) CIFS Answer: D 3) CIFS is an abbreviation for which of the following? A) Common Internet File System B) Common Internet File Server C) Configuration Internet File System D) Configuration Internet File Server Answer: A 4) Which of the following SAMBA packages contains software used by both the SAMBA server and client utilities? A) SAMBA-common B) SAMBA-swat C) SAMBA-client D) None of the above Answer: A 5) Which of the following is not one of the three sections in the default smb.conf file? A) [printers] B) [security] C) [global] D) [homes] Answer: B
1 .
6) After you make changes to the smb.conf file and before starting the SAMBA server, you should execute which of the following commands to verify the syntax of the configuration file? A) testparm B) smbclient C) smbpasswd D) nmblookup Answer: A 7) Which of the following commands is used to create a new SAMBA account for a Linux user account? A) testparm B) smbclient C) smbpasswd D) nmblookup Answer: C 8) To discover SAMBA servers in your workgroup, execute the __________ command. A) testparm B) smbclient C) smbpasswd D) nmblookup Answer: D 9) After you have discovered a SAMBA server, you can see what shares are available on the SAMBA server by executing the __________ command. A) testparm B) smbclient C) smbpasswd D) nmblookup Answer: B 10) Which of the following commands shows the status of the SAMBA server, including which machines are connected to it and what resource is being accessed? A) smbrank B) stat C) smbstatus D) symlink Answer: C 11) Which of the following is a Distributed File System (DFS) protocol that was originally created by Sun Microsystems in 1984? A) NFS B) SMB C) CIFS D) SAMBA Answer: A 2 .
12) NFS requires another service called RPC, which stands for which of the following? A) Reverse Procedure Call B) Remote Portmap Call C) Remote Procedure Call D) Reverse Portmap Call Answer: C 13) Which of the following NFS sharing options specifies that file data changes are made to disk immediately, which has an impact on performance, but is less likely to result in data loss? A) rw B) async C) ro D) sync Answer: D 14) Which of the following NFS server processes handles the recovery process if the NFS server is rebooted when NFS clients are actively using the NFS server’s resources? A) rpc.idmapd B) rpc.statd C) rpc.mountd D) rpc.rquotad Answer: B 15) Which of the following NFS server processes exists only on systems that run NFSv4? A) rpc.idmapd B) rpc.statd C) rpc.mountd D) rpc.rquotad Answer: A 16) Which of the following is an NFS utility that can be compared to an old-fashioned telephone operator? A) libwrap B) rpcinfo C) exportfs D) portmap Answer: D 17) Which of the following commands can be used on the NFS server to display what is currently shared or to temporarily share a resource? A) nfsstat B) showmount C) exportfs D) mount Answer: C
3 .
18) Which of the following NFS mount options specifies how many times to retry to mount an NFS share? A) rsize= B) retrans= C) timeo= D) retry= Answer: B 19) Which of the following is a network storage solution based on the communication protocol provided by SCSI? A) WWID B) LUN C) iSCSI D) Initiator Answer: C 20) After installing the iscsi-initiator-utils package, you can use which of the following commands to see the name of the targets provided by an iSCSI server? A) iscsiadm B) iscsid C) tgtd D) sendtargets Answer: A
4 .
Linux Essentials for Cybersecurity (Rothwell/Kinsey) Chapter 13 Develop a Storage Security Policy 1) Which of the following is not recommended when developing a security plan for storage devices? A) A database with private company data should be stored in an external-facing web server. B) Sensitive data needs to be secure from prying eyes, including users who have valid access to the system. C) A data recovery system should be put in place to allow for the quick recovery of lost data. D) All critical data needs to be backed up on a regular basis in the event that a storage device fails or a disaster (such as fire or flood) destroys the storage devices. Answer: A 2) Who is responsible for developing a solid strategy for backing up an organization’s data? A) End user B) System administrator C) CEO D) President Answer: B 3) Which of the following refers to a backup that is performed only on the files that have changed since a previous backup? A) Full backup B) Intermittent backup C) Incremental backup D) Standard backup Answer: C 4) Which of the following directories to consider including in a backup strategy rarely changes because this is the location of most of the system’s commands, documentation, and programs? A) /bin B) /usr C) /var D) /boot Answer: B 5) Which of the following directories to consider including in a backup strategy contains thirdparty software installed on the system? A) /opt B) /sbin C) /home D) /etc Answer: A
1 .
6) Which of the following directories either are not stored on the hard drive or contain temporary information that never needs to be backed up? A) /etc B) /lib C) /bin D) /proc Answer: D 7) Which of the following is not true regarding how often you should perform backups? A) Backups typically use a different schedule for different directories. B) There is no exact rule that tells you how often to perform backups. C) Backups should always be performed on a daily basis. D) Backups can be scheduled based on how often data changes in each directory. Answer: C 8) According to the text example, which of the following levels is associated with a full backup? A) Level 0 B) Level 1 C) Level 2 D) Level 3 Answer: A 9) Which backup strategy is based on a mathematical puzzle game? A) Bacula B) Tower of Hanoi C) Amanda D) None of the above Answer: B 10) The “3-2-1 Rule” for backups states that you should store three copies of all important backup data, use at least two types of media for the backups, and make sure at least one backup is kept __________. A) onsite B) hidden C) online D) offsite Answer: D 11) Which of the following backup storage locations offers the advantages of low cost and medium shelf life, but requires a lot of maintenance? A) Remote B) Disk C) Tape D) Optical media Answer: C
2 .
12) Which of the following backup storage locations is fast and easily available, but is not portable? A) Remote B) Disk C) Tape D) Optical media Answer: B 13) Which of the following backup storage locations depends on network access and could be expensive and slow? A) Remote B) Disk C) Tape D) Optical media Answer: A 14) Which of the following backup storage locations offers decent speed and low cost, but low storage capacity? A) Remote B) Disk C) Tape D) Optical media Answer: D 15) Which of the following commands is useful for backing up entire devices, whether entire hard disks, individual partitions, or logical volumes? A) tar B) rsync C) dd D) cpio Answer: C 16) Which of the following commands was originally designed to back up filesystems to tape devices, and can now also be used to back up to non-tape devices? A) tar B) rsync C) dd D) cpio Answer: A 17) Which of the following commands is designed to back up files to a remote system and can communicate via Secure Shell (SSH), making the backup process secure? A) tar B) rsync C) dd D) cpio Answer: B 3 .
18) Which of the following is a third-party backup utility that is an open source software tool popular on both Unix and Linux distributions? A) Bacula B) Tower of Hanoi C) Amanda D) gzip Answer: C 19) Which of the following is a third-party backup utility that supports clients from different platforms, including Linux, Microsoft Windows, macOS, and Unix? A) Amanda B) bzip2 C) Tower of Hanoi D) Bacula Answer: D 20) Which of the following options for the tar command is used to create a tar ball? A) -c B) -t C) -C D) -z Answer: A
4 .
Linux Essentials for Cybersecurity (Rothwell/Kinsey) Chapter 14 crontab and at 1) Any system user can create a(n) __________ entry that will result in a daemon executing a program on a routine basis. A) crontab B) at C) system D) table Answer: A 2) Which of the following crontab command options is used to list the entries in the crontab file? A) -r B) -u C) -l D) -e Answer: C 3) Which of the following crontab command options is used to specify a user account? A) -r B) -u C) -l D) -e Answer: B 4) Each line of the crontab table is broken into fields, separated by one or more __________ characters. A) colon B) space C) semicolon D) asterisk Answer: B 5) Which field of the crontab table can include only values between 0 and 7? A) 4 B) 3 C) 1 D) 5 Answer: D 6) To create a crontab entry, execute the crontab command with the __________ option. A) -l B) -r C) -e D) -u Answer: C 1 .
7) Each user has their own collection of crontab entries that only the root user has access to. These files are typically located in which of the following directories? A) /var/spool/cron B) /etc/cron.deny C) /etc/crontab D) /etc/cron.allow Answer: A 8) The system administrator edits the __________ file to enable executing system-critical processes at specific intervals. A) /var/spool/cron B) /etc/cron.deny C) /etc/crontab D) /etc/cron.allow Answer: C 9) All users listed in the __________ file are denied access to the crontab command while all other users can execute the crontab command successfully. A) /var/spool/cron B) /etc/cron.deny C) /etc/crontab D) /etc/cron.allow Answer: B 10) Use the __________ file when you want to allow access to a few users but deny access to most users. A) /var/spool/cron B) /etc/cron.deny C) /etc/crontab D) /etc/cron.allow Answer: D 11) Which field of the /etc/crontab file includes the name of the command to execute? A) 6 B) 2 C) 7 D) 4 Answer: C 12) Most default /etc/crontab files are designed to execute the __________ script. A) run-parts B) www-data C) sync D) None of the above Answer: A
2 .
13) The /etc/anacrontab file is used by the __________ command to determine how to execute commands that were missed by the crond daemon while a system was shut down. A) crontab B) tab C) etc D) anacron Answer: D 14) Which field of the /etc/anacrontab file contains the command that should be executed? A) 2 B) 4 C) 1 D) 3 Answer: B 15) The __________ system provides users with a way to execute a program at one specific time in the future. A) crontab B) anacron C) at D) time Answer: C 16) The output for the atq command includes which of the following? A) User name B) Job number C) Date the command will execute D) All of the above Answer: D 17) Which of the following commands is used to remove an at job before it is executed? A) atrm B) atq C) atr D) atqt Answer: A 18) Which of the following files are used to control access to the at command? A) /etc/at.allow B) /etc/at.deny C) Both A and B D) Neither A nor B Answer: C
3 .
19) Which field of the /etc/anacrontab file contains the name of the command that was skipped? A) 1 B) 3 C) 4 D) 2 Answer: B 20) Which field of the crontab table specifies the hour that a command should execute? A) 6 B) 2 C) 3 D) 1 Answer: B
4 .
Linux Essentials for Cybersecurity (Rothwell/Kinsey) Chapter 15 Scripting 1) Which of the following refers to creating small programs based on the Linux commands that you want to routinely (or occasionally) execute? A) Executing B) Scripting C) Compiling D) Parsing Answer: B 2) Which of the following is not true when comparing scripting and compiled languages? A) Scripts traditionally are not compiled. B) Scripts often take less coding to perform a task. C) Compiled languages can be executed directly from source code. D) Scripting languages are typically easier to learn. Answer: C 3) Which of the following is not one of the three most commonly used scripting languages on Linux? A) Perl B) BASH C) MySQL D) Python Answer: C 4) Which of the following is a disadvantage to BASH shell scripting? A) You can use Linux commands natively in BASH shell scripts. B) Just about every Linux (and Unix) distribution will have the BASH shell. C) The language allows loop controls, variables, and exit status values. D) BASH shell scripting doesn’t include object-oriented programming. Answer: D 5) BASH scripts on a Linux distribution are files that end in which of the following characters? A) .sh B) .wc C) .sc D) .ba Answer: A 6) The Perl scripting language can be used for which of the following applications? A) Code testing B) Data parsing C) Web development D) All of the above Answer: D 1 .
7) Which of the following is not true regarding aspects of the Perl scripting language? A) Perl’s syntax is fairly simple, derived primarily from the C language. B) Perl code is inflexible; you are limited by the structure. C) Perl has very powerful features, such as robust regular expressions. D) It normally does not take very long to learn Perl. Answer: B 8) Which of the following scripting languages, created by Guido van Rossum in the late 1980’s, has a very rigid indentation scheme? A) BASH B) Perl C) Python D) None of the above Answer: C 9) Which of the following is not true regarding the Python scripting language? A) It is extendable or embedded. B) It has a small standard library. C) The data structures are more diverse than those of many languages. D) It has object-oriented features. Answer: B 10) The Python scripting language is often used for which of the following applications? A) Scientific applications B) System tools C) Network-based applications D) All of the above Answer: D 11) To start a BASH script, enter __________ as the first line of the script file in a text editor. A) #!/bin/bash B) #hello.sh C) echo $PATH D) $./hello.sh Answer: A 12) Comments in a BASH script start with the __________ character and extend to the end of the line. A) * B) $ C) # D) / Answer: C
2 .
13) There are variables available in BASH scripts that represent the arguments passed into the script. The first argument is assigned to which of the following variables? A) $0 B) $1 C) #0 D) #1 Answer: B 14) In the BASH shell, an “else, if” statement is spelled __________ and is not required if you don’t want to perform additional conditional checks. A) elseif B) fi C) elif D) else,if Answer: C 15) When using conditional statements in BASH scripts, which of the following is true regarding the spacing around the square brackets? A) There should be no spaces before or after a square bracket. B) There should be a space before but not after each square bracket. C) There should be a space after but not before each square bracket. D) There should be a space before and after each square bracket. Answer: D 16) Variables used in BASH scripts should be surrounded by which of the following? A) Double quotes B) Single quotes C) Square brackets D) Parentheses Answer: A 17) If you want to perform integer (numeric) comparison operations in a BASH script, which option results in true if the first value is greater than or equal to the second value? A) -gt B) -ne C) -ge D) -le Answer: C 18) Which flow control statement in the BASH scripting language executes a block of code repeatedly as long as the conditional statement is false? A) The until loop B) The case statement C) The while loop D) The for loop Answer: A 3 .
19) In a case statement in the BASH scripting language, which character can be used to represent “or”? A) * B) ? C) | D) [] Answer: C 20) Command substitution, the process of executing a subcommand within a larger command, can be performed using which of the following methods? A) ($cmd) B) $(cmd) C) (#cmd) D) #(cmd) Answer: B
4 .
Linux Essentials for Cybersecurity (Rothwell/Kinsey) Chapter 16 Common Automation Tasks 1) Which of the following directories contains programs that will be executed once per week? A) /etc/cron.week B) /etc/cron.weekly C) /etc/week.cron D) /etc/weekly.cron Answer: B 2) Which of the following directories contains programs that will be executed once per day? A) /etc/cron.day B) /etc/cron.weekday C) /etc/cron.daily D) /etc/day.cron Answer: C 3) Which of the following commands displays a file with a number at the beginning of each line? A) nl B) ba C) ls D) fi Answer: A 4) Which of the following commands allows automatic rotation, compression, removal, and mailing of log files? A) logger B) file C) grep D) logrotate Answer: D 5) Which of the following indicates that the code line is part of a BASH script? A) /usr/bin/logger B) #!/bin/sh C) EXITVALUE=$? D) /usr/sbin/logrotate Answer: B 6) Which section of the man page indicates that the argument to the logrotate command is its configuration file? A) SYNOPSIS B) NAME C) DESCRIPTION D) EXAMPLES Answer: A 1 .
7) When a command or program finishes execution in a BASH script and the command executed successfully, it will return an exit status value of __________ to the calling program. A) 2 B) 1 C) 0 D) 3 Answer: C 8) Which of the following lines exits a script with a “success” return value of 0? A) 0 exit B) exit zero C) zero exit D) exit 0 Answer: D 9) Which of the following commands makes entries in the system log? A) logger B) log C) logrotate D) grep Answer: A 10) Which of the following commands is used to filter out comment lines and blank lines? A) trap B) touch C) grep D) mandb Answer: C 11) A scripting feature called __________ will execute a file as if the code from that file was embedded within the script. A) locating B) sourcing C) logging D) finding Answer: B 12) Which of the following commands optimizes the functionality of the man page when executed automatically on a daily basis? A) renice B) mandb C) touch D) trap Answer: B
2 .
13) Which of the following Fedora scripts is used to initialize or manually update index database caches? A) mlocate B) logrotate C) man-db.cron (p 278) D) None of the above Answer: C 14) Which of the following commands doesn’t search the live filesystem, but rather searches from a database that is generated automatically daily? A) extract B) find C) ionice D) locate Answer: D 15) Which of the following statements is true regarding the locate and find commands? A) The locate command is faster than the find command. B) The find command searches from a database that is generated automatically daily. C) The locate command searches the live filesystem. D) The find command is faster than the locate command. Answer: A 16) Which of the following commands creates the database that is used by the locate command? A) renice B) dbcreate C) updatedb D) ionice Answer: C 17) Which of the following, in coding terms, refers to a location where people share programs? A) Archive B) Repository C) Collection D) Library Answer: B 18) Which of the following Fedora scripts is used to generate the database that the locate command uses daily? A) mlocate B) logrotate C) man-db.cron D) None of the above Answer: A
3 .
19) Which of the following directories contains programs that will be executed once per month? A) /etc/cron.month B) /etc/monthly.cron C) /etc/cron.monthly D) /etc/month.cron Answer: C 20) Which of the following directories contains programs that will be executed once per hour? A) /etc/hour.cron B) /etc/cron.hourly C) /etc/cron.hour D) /etc/hourly.cron Answer: B
4 .
Linux Essentials for Cybersecurity (Rothwell/Kinsey) Chapter 17 Develop an Automation Security Policy 1) Which of the following is recommended for securing the crontab and at commands? A) Create written rules for the use of crontab and at that all users must follow, with consequences for misuse. B) On workstations, provide access to users who routinely use the workstations and deny all others. C) On system-critical servers, consider removing access to the crontab and at commands for all users. D) All of the above Answer: D 2) Which of the following permissions does the text recommend for securing the /etc/crontab file? A) -rwx-----B) -rw-----C) drwx----D) drwxr-xr-x Answer: B 3) Which of the following permissions does the text recommend for securing the /etc/cron.hourly file? A) drwx----B) -rw-r--r-C) -rw-----D) -rwx-----Answer: A 4) Which of the following permissions does the text recommend for securing the /etc/at.allow file? A) drwx----B) -rwx-----C) -rwsr-xr-x D) -rw-----Answer: D 5) Which of the following permissions does the text recommend for securing the /usr/bin/at file? A) -rw-----B) drwx----C) -rwx-----D) -rw-r--r-Answer: C
1 .
6) Which of the following is not true regarding security concerns for crontab and at? A) If you remove a user’s ability to use the crontab and at commands, then any of that user’s existing crontab and at jobs would still execute. B) Every system has the same crontab and at systems. C) Disabling access only limits the user’s ability to create more crontab and at jobs. D) Your security policy should have a procedure in place to identify and remove existing jobs when a user is blocked access. Answer: B 7) Having a security policy for BASH scripts is important, because __________ will make use of existing scripts to compromise the system. A) hackers B) end users C) system administrators D) managers Answer: A 8) Which of the following is not true when securing access to BASH scripts? A) Make sure only the authorized users have access to the scripts and the ability to execute them. B) Never place SUID or SGID permission on a BASH script. C) A good permission set for a script is -rwxrwx--- whereas a bad permission set is -rwxr-x---. D) Placing BASH scripts on a publicly accessible system poses a greater threat than on an internal server. Answer: C 9) Which of the following is not true regarding security issues for script contents? A) A script security policy should require all scripts to be free of any sensitive data. B) In order to execute a script, the read permission has to be enabled for a user. C) Unlike with most system binary commands, a user can see everything in a BASH script. D) It is safer to use a variable rather than an absolute path when executing script commands. Answer: D 10) Which of the following shell settings causes your shell script to exit prematurely if an unset variable is used? A) set -e B) set -u C) set -x D) set -f Answer: B 11) Which of the following shell settings causes a script to exit automatically if any command in the script fails? A) set -f B) set -x C) set -u D) set -e Answer: D 2 .
12) Which of the following shell settings causes the expansion of wildcards to be avoided? A) set -u B) set -e C) set -f D) set -x Answer: C 13) The permissions for the /var/spool/at directory should be __________. A) -rwsr-xr-x B) drwx-----C) -rw-r--r-D) drwxr-xr-x Answer: B 14) Which of the following permissions does the text recommend for securing the /etc/cron.d file? A) drwx----B) -rw-r--r-C) drwxr-xr-x D) -rwsr-xr-x Answer: A 15) Which of the following permissions does the text recommend for securing the /etc/cron.allow file? A) drwx----B) -rw-----C) -rwsr-xr-x D) -rwx-----Answer: B 16) Which of the following permissions does the text recommend for securing the /usr/bin/crontab file? A) -rw-----B) -rwsr-xr-x C) -rwx-----D) drwx----Answer: C 17) Which of the following permissions does the text recommend for securing the /etc/anacrontab file? A) -rwx-----B) drwx----C) -rwsr-xr-x D) -rw-----Answer: D 3 .
18) Which of the following permissions does the text recommend for securing the /etc/cron.monthly file? A) drwx----B) -rwsr-xr-x C) -rwx-----D) -rw-----Answer: A 19) Which of the following permissions does the text recommend for securing the /etc/cron.deny file? A) drwx----B) -rw-r--r-C) -rw-----D) -rwx-----Answer: C 20) Which of the following permissions does the text recommend for securing the /etc/cron.daily file? A) -rw-----B) drwx----C) -rwx-----D) drwxr-xr-x Answer: B
4 .
Linux Essentials for Cybersecurity (Rothwell/Kinsey) Chapter 18 Networking Basics 1) A network is created when at least __________ or more computers communicate through some sort of connection. A) 1 B) 2 C) 3 D) 4 Answer: B 2) Which of the following technologies can be used for a network connection? A) Wireless B) Ethernet C) Fiber optic D) All of the above Answer: D 3) Each computer on a network is called a __________, and it can include many different systems, such as desktop and laptop computers, printers, routers, switches, and cell phones. A) host B) subnet C) protocol D) LAN Answer: A 4) Which of the following is true regarding the LAN and WAN general classes of networks? A) A WAN is a network that describes all the hosts that communicate directly with one another on the same network. B) A WAN is a collection of LANs that can communicate through routers or switches. C) A LAN is a network that describes a collection of WANs. D) A city is analogous to a WAN and the entire country is analogous to a LAN. Answer: B 5) Which of the following is a well-defined message that includes data as well as metadata sent across networks? A) Packet header B) IP address C) Network packet D) Port Answer: C
1 .
6) Which of the following is a unique numeric-based value that is like the street name on a traditional envelope? A) Packet header B) IP address C) Network packet D) Port Answer: B 7) Which of the following is a program that is running on the host, listening for incoming messages on a specific port number? A) Protocol B) Subnet C) Client D) Service Answer: D 8) Which of the following is a well-defined standard for network communications between two hosts? A) Protocol B) Subnet C) Client D) Service Answer: A 9) A __________ is a host on a network that offers a service; it serves something to the receiver, which is known as a client. A) port B) network packet C) server D) protocol Answer: C 10) Which of the following protocols is used to determine where to send information across a network? A) IP address B) TCP C) ICMP D) UDP Answer: A 11) In reference to networking, UDP is an acronym for which of the following? A) Unique Database Protocol B) User Datagram Protocol C) Unique Datagram Protocol D) User Database Protocol Answer: B 2 .
12) Which of the following is not true regarding IPv4 and IPv6? A) IPv4 uses a method called dotted decimal notation, a 32-bit number divided into four octets. B) IPv4 has a more efficient routing technique than IPv6. C) IPv4 has been an Internet standard for a long time and is slowly being replaced by IPv6. D) IPv6 uses a technique called hexadecimal notation, which uses a 128-bit number. Answer: B 13) Which of the following refers to the process of dividing a larger network into a smaller one and results in the loss of assignable IP addresses? A) Autoconfiguration B) NAT C) Subnetting D) Routing Answer: C 14) Which of the following is an example of an IPv4 address? A) 192.168.100 B) 11000000 C) 11000000.10101000 D) 192.168.100.25 Answer: D 15) Which class of IPv4 addresses is only used for research and development? A) C B) E C) B D) A Answer: B 16) Which of the following subnet masks is essentially the same format as dotted decimal notation? A) Variable-Length Subnet Mask (VLSM) format B) Binary format C) Classless Inter-Domain Routing (CIDR) format D) None of the above Answer: A 17) Which of the following ranges of IP addresses are for private use only? A) 10.0.0.0-10.255.255.255 B) 172.16.0.0-172.31.255.255 C) 192.168.0.0-192.168.255.255 D) All of the above Answer: D
3 .
18) Which of the following protocol suites is used primarily to send error messages and for determining the status of network devices? A) ICMP B) IP C) UDP D) TCP Answer: A 19) The /etc/services file is useful to administrators in that it contains ports that have been assigned to services by the __________. A) ICMP B) CIDR C) IANA D) System administrator Answer: C 20) Which of the following network ports is associated with the SMTP service that is used to send email? A) 22 B) 25 C) 110 D) 389 Answer: B
4 .
Linux Essentials for Cybersecurity (Rothwell/Kinsey) Chapter 19 Network Configuration 1) __________ devices are the most common network device on Linux systems. A) Ethernet B) Persistent C) Wireless D) Gateway Answer: A 2) Which of the following commands lists active network devices when executed with no arguments? A) nmcli B) ifup C) ifconfig D) ifdown Answer: C 3) Which output component of the ifconfig command includes statistics regarding how many network packets have been received correctly? A) TX errors B) TX packets C) RX errors D) RX packets Answer: D 4) Which of the following flags that can be assigned an interface indicates that the interface is active? A) BROADCAST B) UP C) PROMISC D) MULTICAST Answer: B 5) Some Linux distributions include __________, an automated tool that configures network settings without any interaction on your part. A) ESSID B) ARP C) Network Manager D) WPA Answer: C
1 .
6) Which of the following commands can be used to determine if the Network Manager is running on your system? A) systemctl disable NetworkManager B) nmcli device status C) systemctl stop NetworkManager D) None of the above Answer: B 7) The Internet Protocol (IP) is part of a __________ networking model called the ISO-OSI network model. A) three-layer B) five-layer C) seven-layer D) nine-layer Answer: C 8) In the event that a remote system has its network card replaced, which option of the arp command is used to delete an entry from the ARP table? A) -d B) -I C) -i D) -D Answer: A 9) Which of the following commands can be used to display or modify the routing table? A) arp B) routing C) ifconfig D) route Answer: D 10) Which of the following is not true regarding the ip command? A) The ip command is designed to replace the ifconfig, arp, and route commands. B) The ip command is no longer under development. C) The ip command provides more features than the ifconfig, arp, and route commands. D) If you inherit an older or legacy system, the ip command might not exist. Answer: B 11) Which of the following commands is normally used to perform simple hostname-to-IPaddress translation operations? A) hostname B) dig C) host D) netstat Answer: C
2 .
12) Which of the following commands is useful for performing DNS queries on specific DNS servers? A) hostname B) dig C) host D) netstat Answer: B 13) Which of the following options for the netstat command displays information based on a specific interface? A) -i B) -a C) -s D) -t Answer: A 14) The Red Hat variety of Linux distributions includes which of the following? A) Fedora B) CentOS C) Red Hat Enterprise Linux D) All of the above Answer: D 15) Which of the following universal files is used by applications to determine the sources from which to obtain name-service information, as well as in what order? A) /etc/sysctl.conf B) /etc/nsswitch.conf C) /etc/resolv.conf D) /etc/hosts Answer: B 16) Which of the following commands is used to verify that a remote host can respond to a network connection? A) traceroute B) auto C) ping D) netcat Answer: C 17) Which of the following commands is used to display the router hops from one system to another (in other words, from one router to another)? A) traceroute B) auto C) ping D) netcat Answer: A 3 .
18) Which of the following commands is a utility that can be used for debugging network issues? A) traceroute B) auto C) ping D) netcat Answer: D 19) Which of the following commands displays the parameters of a wireless network interface? A) iwlist B) iwconfig C) eth0 D) mode Answer: B 20) If you are trying to attach a wireless device to a wireless access point (wireless router), you could execute the __________ command to see a list of available wireless routers. A) iwlist B) iwconfig C) eth0 D) Ad-Hoc Answer: A
4 .
Linux Essentials for Cybersecurity (Rothwell/Kinsey) Chapter 20 Network Service Configuration: Essential Services 1) Which of the following is the de facto standard name resolution solution for the majority of systems connected to the Internet? A) DNS B) LDAP C) NIS D) DHCP Answer: A 2) The original __________ were .com, .org, .net, .int, .edu, .gov, and .mil; many others have been added in recent years. A) domain names B) subdomains C) FQDNs D) top-level domains Answer: D 3) How many root servers are there at the top of the DNS domain structure? A) 9 B) 11 C) 13 D) 15 Answer: C 4) The primary configuration file for the BIND server is the __________ file. A) /etc/named.conf B) /var/named/named.ca C) /etc/resolv.conf D) /var/named/named.localhost Answer: A 5) Which zone file contains a list of the root servers? A) /var/named/named.localhost B) /var/named/named.ca C) /etc/named.conf D) /etc/resolv.conf Answer: B 6) Which of the following refers to the system where you make changes directly to the zone files? A) Master name server B) Authoritative name server C) Slave name server D) Reverse lookup zone Answer: A 1 .
7) Which of the following is not true regarding zone file syntax? A) Each record consists of fields of data separated by either spaces or tabs (whitespace). B) Each line defines a record, and in most cases the end of the line is the end of the record. C) Comment lines begin with a colon (:) character and continue to the end of the line. D) When times are given in the zone file, the default time value is seconds. Answer: C 8) Which of the following zone record types is used in reverse lookup zone files to translate IP addresses into domain names? A) Address record type B) Name server record type C) Canonical record type D) Pointer record type Answer: D 9) To start the process of creating a chroot __________, you first need to create directories where all the files are placed. A) device B) jail C) signature D) account Answer: B 10) Which of the following occurs when a fake DNS server provides incorrect data when a query is performed? A) Zone transfer B) TSIG C) DNS spoofing D) TTL Answer: C 11) DHCP stands for which of the following? A) Dynamic Host Configuration Protocol B) Domain Host Configuration Process C) Dynamic Host Configuration Process D) Domain Host Configuration Protocol Answer: A 12) After installing the correct DHCP server package, you can configure the server by editing the __________ file. A) /etc/named.conf B) dhcpd.leases C) /etc/dhcpd.conf D) ddns-update-style Answer: C 2 .
13) Which of the following is the most widely used email server on Linux? A) SMTP B) Postfix C) Sendmail D) IMAP Answer: B 14) Which of the following major components to email is responsible for accepting the email message from the MUA and sending it to the correct receiving mail server? A) MDA B) MSA C) POP D) MTA Answer: D 15) Which of the following Postfix settings should be set to yes on publicly accessible Postfix servers to prevent techniques that are used to harvest email addresses? A) relay_domains B) disable_vrfy_command C) relayhost D) inet_interfaces Answer: B 16) Which of the following files is useful to redirect email to local user accounts? A) /etc/postfix/virtual B) /etc/postfix/main.cf C) /etc/aliases D) $HOME/mail.backup Answer: C 17) Which of the following programs can perform actions like blocking SPAM, redirecting mail to other user accounts, and making copies of the email message and sending them to other accounts? A) Procmail B) MTA C) Postfix D) Dovecot Answer: A 18) Which of the following procmail flags is used to perform case-sensitive matching? A) W B) H C) D D) B Answer: C
3 .
19) Which of the following is not true when comparing the IMAP and POP protocols? A) IMAP supports the feature of folders or mailboxes. B) POP is generally considered a simpler protocol, resulting in an easier implementation. C) With IMAP, individual parts of a message can be retrieved separately. D) POP allows multiple simultaneous connections. Answer: D 20) Which setting for the Dovecot server specifies the location of where Dovecot stores its data? A) mail_location B) base_dir C) listen D) !include Answer: B
4 .
Linux Essentials for Cybersecurity (Rothwell/Kinsey) Chapter 21 Network Service Configuration: Web Services 1) Which of the following is another name for the Apache Hypertext Transfer Protocol Server? A) Apache Web Server B) httpd C) Apache D) All of the above Answer: D 2) Which of the following is a protocol that has been a standard for web pages since the 1990s, and allows for a client program (web browser) to request data from a server program? A) Ubuntu B) HTTP C) Apache D) HTML Answer: B 3) Which of the following basic Apache directives can be a critical setting when your web server is not performing correctly? A) LogLevel B) DocumentRoot C) Listen D) ServerRoot Answer: A 4) By default, the location where Apache web pages reside is the __________ directory. A) /etc/apache B) /etc/httpd C) /var/www/html D) /etc/httpd/conf Answer: C 5) Which client restriction setting for the Apache Web Server makes sure that a specific number of httpd processes are always available? A) MaxClients B) MinSpareServers C) StartServers D) MaxRequestsPerChild Answer: B 6) All web domains share a single IP address in which of the following virtual hosting methods? A) Name-based virtual hosts B) IP-based virtual hosts C) Both A and B D) None of the above Answer: A 1 .
7) In Apache Web Server, HTTPS uses which of the following ports? A) 80 B) 21 C) 443 D) 280 Answer: C 8) With asymmetric cryptography, how many keys are used to encrypt and decrypt data? A) 1 B) 2 C) 3 D) 4 Answer: B 9) Which of the following is a concern regarding the use of SSL? A) Having a large number of Certificate Authority (CA) machines increases the chance that one could be compromised. B) Man-in-the-middle attacks are possible when you connect through a router that can exploit the connection. C) If the security key gets into the wrong hands, the encrypted data can be compromised. D) All of the above Answer: D 10) To create an SSL certificate, you must have the __________ software package installed. A) genrsa B) newreq C) openssl D) openssl-perl Answer: C 11) Which of the following critical Apache SSL directives is used to create footers with useful information for debugging purposes? A) ServerSignature B) TraceEnable C) ServerTokens D) SSLProtocol Answer: A 12) Which of the following proxy servers is designed to act as a gateway between two networks, such as when an IPv4-based network needs to communicate with an IPv6-based network? A) Forward proxy B) Reverse proxy C) Tunneling proxy D) Squid proxy Answer: C 2 .
13) Which of the following proxy servers is configured just for the server side of the communication? A) Forward proxy B) Reverse proxy C) Tunneling proxy D) Squid proxy Answer: B 14) Which of the following proxy servers is designed to work only on the client side of the communication? A) Forward proxy B) Reverse proxy C) Tunneling proxy D) Squid proxy Answer: A 15) Which of the following Squid configuration settings allows you to perform authentication of the client using a variety of authentication methods? A) http_access B) acl C) cache_dir D) auth_param Answer: D 16) The default Squid configuration file normally has which of the following statements? A) http_access B) acl C) Both A and B D) None of the above Answer: C 17) Which of the following is the basic syntax for an acl statement? A) acl data name type B) acl name type data C) acl type name data D) acl name data type Answer: B 18) Which of the following access control lists, already defined in the Squid configuration file, is a special ACL for the management of Squid’s cache? A) localhost B) all C) to_localhost D) manager Answer: D
3 .
19) Which feature of Nginx, when used as a reverse proxy server, is provided by a combination of features, including compression of both inbound and outbound data and caching static web server content? A) Authentication B) Load balancing C) Web acceleration D) Support for multiple protocols Answer: C 20) After configuring a proxy server, you may want to test it by setting up a client system to use the proxy server. Which of the following is the first step when using Firefox for this test? A) Access the menu options for the browser. B) Click the Manual proxy configuration option. C) Click the Preferences button. D) Click Advanced in the left pane and then click Network. Answer: A
4 .
Linux Essentials for Cybersecurity (Rothwell/Kinsey) Chapter 22 Connecting to Remote Systems 1) LDAP is an acronym for which of the following? A) Linux Directory Active Protocol B) Lightweight Directory Access Protocol C) Lightweight Directory Active Protocol D) Linux Directory Access Protocol Answer: B 2) For Linux, __________ is the most commonly used open source directory service. A) SSSD B) Active Directory C) OpenLDAP D) LDIF Answer: C 3) Which of the following key LDAP terms defines the attributes and specifies what the attributes can store? A) Schema B) Object C) DN D) CN Answer: A 4) Which of the following key LDAP terms is the relative name of an object? A) DN B) Attribute C) CN D) Schema Answer: C 5) After you have installed the OpenLDAP software, a configuration file named __________ should be saved to the system. A) rootdn B) openldap-server C) rootpw D) slapd.conf Answer: D 6) Which of the following options of the ldapsearch command indicates to use simple authentication instead of SASL? A) -S B) -x C) -b D) -X Answer: B 1 .
7) Which of the following options used with the ldapadd command has the ldapadd command query for the rootdn password? A) -f B) -D C) -W D) -x Answer: C 8) Which of the following commands that are designed to make modifications to the OpenLDAP database uses an LDIF file to change an existing object? A) slapindex B) ldapdelete C) slapcat D) ldapmodify Answer: D 9) Which of the following options for the ldapsearch command displays only the search results and the version of LDAP? A) -L B) -LL C) -LLL D) -LLLL Answer: B 10) When specifying a filter for ldapsearch, which of the following is used as the logical NOT operator? A) | B) % C) ! D) & Answer: C 11) Which of the following FTP servers is the default for most of the major Linux distributions? A) ProFTPd B) vsftpd C) Pure-FTPd D) None of the above Answer: B 12) Which of the following anonymous FTP settings, if set to Yes, displays the contents of the message file when the user enters the directory? A) anon_upload_enable= B) dirmessage_enable= C) local_enable= D) anonymous_enable= Answer: B 2 .
13) Which directive setting in the vsftpd.conf file can be used to display a small, pre-login message? A) ftpd_banner= B) write_enable= C) anon_max_rate= D) max_per_ip= Answer: A 14) After connecting to an FTP server, you can use the __________ command to copy multiple files from the current local directory to the current remote directory. A) get B) put C) mget D) mput Answer: D 15) Which of the following is designed to replace unsecure remote communication operations, such as the telnet, ftp, rlogin, rsh, rcp, and rexec commands/protocols? A) LDAP B) LDIF C) SSH D) SSSD Answer: C 16) The two different Secure Shell (SSH) protocols are numbered __________. A) 0 and 1 B) 1 and 2 C) 0 and 2 D) 2 and 4 Answer: B 17) Which of the following is the standard port number that SSH listens to? A) 22 B) 80 C) 389 D) 636 Answer: A 18) Which of the following SSH server settings, if set to yes, provides an easy way to allow graphical programs to be executed on the SSH server and displayed on the SSH client? A) X11Forwarding B) PrintMotd C) PermitEmptyPasswords D) MaxAuthTries Answer: A 3 .
19) Which of the following SSH client commands allows you to transfer files to and from an SSH server via the command line? A) sftp B) ssh C) scp D) sshd Answer: C 20) Which of the following is a utility that allows you to have a passphrase for an RSA key and avoid having to type it for each connection? A) ssh-copy-id B) ssh-keygen C) ssh-rsa D) ssh-agent Answer: D
4 .
Linux Essentials for Cybersecurity (Rothwell/Kinsey) Chapter 23 Develop a Network Security Policy 1) Which of the following is not one of the three key components of a network security policy? A) Network Time Protocol B) Kernel parameters C) Firewalls D) TCP wrappers Answer: C 2) Kernel parameters modify the behavior of the kernel by adjusting key features, such as which of the following? A) Optimizing memory usage B) Enhancing the security of the system C) Changing how the kernel manages devices D) All of the above Answer: D 3) Kernel parameters can be modified by making changes in the __________ file. A) /etc/sysctl.conf B) /etc/hosts.deny C) /usr/bin D) /etc/hosts.allow Answer: A 4) Which of the following commands is often used to determine if a remote host is accessible through the network? A) ldd B) echo C) ping D) libwrap Answer: C 5) Responding to ping requests can leave a system vulnerable to which of the following? A) TCP wrappers B) DoS attacks C) Man-in-the-middle attacks D) All of the above Answer: B 6) __________ are used when server programs that have been compiled with the libwrap library call that library when a system tries to access the service. A) Ping requests B) Kernel parameters C) TCP wrappers D) Firewalls Answer: C 1 .
7) Which of the following commands can be used to determine which services use the libwrap library? A) echo B) libwrap C) grep D) ldd Answer: D 8) The syntax of the rules in the /etc/hosts.allow and /etc/hosts.deny files is __________. A) service_list: client_list [options] B) client_list: service_list [options] C) server_list: client_list [options] D) client_list: server_list [options] Answer: A 9) Which of the following values for the client_list command matches clients that can be resolved via the hostname resolver? A) LOCAL B) KNOWN C) ALL D) UNKNOWN Answer: B 10) Which of the following values for the client_list command matches clients without a dot in their hostname? A) LOCAL B) KNOWN C) ALL D) UNKNOWN Answer: A 11) The system clock for a network can be set manually or configured from which of the following? A) Kernel parameter B) TCP wrapper C) NTP server D) Ping request Answer: C 12) Which of the following commands displays the system clock? A) time B) ls C) clock D) date Answer: D 2 .
13) Which of the following date formats displays the day of the month? A) %D B) %m C) %d D) %Y Answer: C 14) Which of the following date formats displays the full weekday name (such as Sunday)? A) %A B) %b C) %a D) %B Answer: A 15) Which of the following methods sets the system clock to the specified time? A) set-ntp [0|1] B) set-time [time] C) set-timezone [zone] D) tzselect Answer: B 16) Which of the following is a menu-driven, CLI-based tool that allows a user to select a time zone? A) set-timezone B) set-ntp C) tzselect D) set-time Answer: C 17) On Red Hat-based distributions, the system time zone is set by the __________ file. A) /usr/share/zoneinfo B) /etc/timezone C) /usr/bin/tzselect D) /etc/localtime Answer: D 18) Which setting for the /etc/ntp.conf file is used to regularly update the system clock without having to access an NTP server? A) restrict B) driftfile C) server D) None of the above Answer: B
3 .
19) Which of the following is a link to a cluster of NTP servers that are geographically spread throughout the world? A) pool.ntp.org B) /etc/ntp.conf C) onecoursesource.com D) None of the above Answer: A 20) Which of the following options for the ntpq command is used to list host IP addresses rather than names? A) -h B) -p C) -n D) -d Answer: C
4 .
Linux Essentials for Cybersecurity (Rothwell/Kinsey) Chapter 24 Process Control 1) Which of the following could be considered a process? A) A web browser B) A command executed from a BASH shell C) A program started by the operating system D) All of the above Answer: D 2) Which of the following commands is used to list processes that are running on the system? A) ps B) uptime C) pgrep D) top Answer: A 3) Which of the following outputs of the ps command refers to the terminal window that started the process? A) TIME B) PID C) TTY D) CMD Answer: C 4) When using the ps command with the –f option, which of the following outputs displays a value of 1 if it is currently executing code on the CPU, or a value of 0 if it is currently sleeping? A) C B) PPID C) STIME D) UID Answer: A 5) Which of the following options for the pgrep command displays the process name and PID? A) -u B) -l C) -G D) -n Answer: B 6) Which of the following commands displays process information that is updated on a regular basis (by default, every two seconds)? A) ps B) uptime C) pgrep D) top Answer: D 1 .
7) In the output for the top command, which line displays CPU statistics since the last time top data was refreshed? A) First line B) Second line C) Third line D) Fourth line Answer: C 8) Which command within the execution of the top command changes the default value from kilobytes to another value? A) Z B) s C) E D) k Answer: C 9) Which command-line option for the top command sets the time between data refreshes? A) -d B) -u C) -n D) -t Answer: A 10) Which of the following commands displays how long the system has been up for and its load average? A) ps B) uptime C) pgrep D) top Answer: B 11) In the output for the uptime command, a load average of 2.0 on a single CPU system means __________ utilization (processes were often waiting for the CPU because it was busy). A) 50% B) 100% C) 150% D) 200% Answer: D 12) Consistent utilization of a CPU over __________ indicates a problem and can cause servers to lag in response time. A) 25% B) 50% C) 75% D) 100% Answer: D 2 .
13) Which of the following commands provide a good overview of how much memory is available and how much is currently used? A) uptime B) pgrep C) free D) top Answer: C 14) Which option for the free command displays a line that shows the total of each column? A) -t B) -m C) -k D) -g Answer: A 15) A process that is run __________ leaves the BASH shell available for the user to execute additional commands. A) in the foreground B) in the background C) offline D) online Answer: B 16) Each job is assigned a job number, which uses the __________ syntax. A) #job B) #job_number C) %job D) %job_number Answer: D 17) To pause a program that is running in the foreground, hold down the Ctrl key and press __________. A) p B) x C) z D) s Answer: C 18) Which of the following commands can be used to change the state of a process, including to stop a process? A) end B) kill C) stop D) halt Answer: B 3 .
19) Which of the following commands will execute a child process when the parent process is stopped? A) pkill B) hup C) xkill D) nohup Answer: D 20) Which of the following commands is used to change the priority value of an existing process? A) renice B) high C) nice D) low Answer: A
4 .
Linux Essentials for Cybersecurity (Rothwell/Kinsey) Chapter 25 System Logging 1) __________ provide administrators with useful information to aid in troubleshooting problems and identify potential hacking attempts. A) Journals B) System logs C) Processes D) Services Answer: B 2) Which of the following logging services has existed since 1980? A) syslog B) journald C) rsyslog D) syslog-ng Answer: A 3) Which of the following options for the syslogd command specifies the configuration file? A) -r B) -x C) -f D) -S Answer: C 4) Which of the following is the standard location for log files to be placed by the syslogd and rsyslogd daemons? A) /etc/default/rsyslog B) /etc/syslog.conf C) /etc/sysconfig/rsyslog D) /var/log Answer: D 5) The __________ file is the configuration file for the syslogd daemon that tells the daemon where to send the log entries it receives. A) /etc/syslog.conf B) /var/log/auth.log C) /etc/default/rsyslog D) /var/log/syslog Answer: A
1 .
6) Which facility for the /etc/syslog.conf file logs message designed to place a timestamp in log files? A) cron B) uucp C) mark D) lpr Answer: C 7) Which of the following priority levels for the /etc/syslog.conf file is the most serious? A) warning B) alert C) debug D) notice Answer: B 8) Which of the following priority levels for the /etc/syslog.conf file is the least serious? A) err B) crit C) info D) emerg Answer: C 9) A new section in the /etc/rsyslog.conf file called __________ allows you to provide settings for all log file entries. A) GLOBAL DIRECTIVES B) LOCAL DIRECTIVES C) DIRECTIVES D) None of the above Answer: A 10) When using rsyslogd, most log rules are not stored in the /etc/rsyslog.conf file, but rather in files in the __________ directory. A) /etc/rsyslog.d B) /etc/syslog.conf C) /var/log/cron D) /etc/rsyslog.r Answer: A 11) When creating your own /etc/syslog.conf entry, which of the following is the first step? A) Use the logger command B) Restart the syslogd server C) Use the logrotate command D) Modify the /etc/syslog.conf file Answer: D
2 .
12) Which of the following options for the logger command specifies the facility and priority? A) -s B) -p C) -t D) -i Answer: B 13) Which of the following options for the logger command logs the PID of the logger process? A) -s B) -p C) -t D) -i Answer: D 14) Which of the following is a utility designed to ensure that the partition that holds the log files has enough room to handle the log files? A) logger B) syslogd C) logrotate D) rsyslogd Answer: C 15) The __________ file is the primary configuration file for the logrotate command. A) /etc/logrotate.conf B) /usr/sbin/logrotate C) /etc/logrotate.d D) /usr/bin/logger Answer: A 16) Which of the following settings in the /etc/logrotate.conf file specifies the compression utility to use when compressing backup log files? A) compress B) compresscmd C) nocompress D) create Answer: B 17) Which of the following settings in the /etc/logrotate.conf file only rotates the log file if the size is at least the value specified by X. A) rotate x B) datetext C) minsize X D) mail address Answer: C
3 .
18) On modern Linux systems, the logging process is handled by the __________ service. A) systemd-journal B) system-journal C) system-journald D) systemd-journald Answer: D 19) Which of the following options to the journalctl command shows only kernel messages? A) -r B) -k C) -a D) --priority=value Answer: B 20) In the Storage=value setting for the /etc/systemd/journald.conf file, the value can be set to all but which of the following options? A) zero B) persistent C) auto D) volatile Answer: A
4 .
Linux Essentials for Cybersecurity (Rothwell/Kinsey) Chapter 26 Red Hat-Based Software Management 1) Which of the following is a tool that is commonly used to manage software for Red Hat-based distributions? A) dnf B) rpm C) yum D) All of the above Answer: D 2) Which of the following contains a collection of files that make up a complete software program? A) Metadata B) Software package C) Architecture D) Software repository Answer: B 3) In the Red Hat package named ntpdate-4.7.6p5-22.fc27.x86_64.rpm, the fc27 component refers to which of the following? A) Distro B) Software name C) Extension D) Version Answer: A 4) All software package metadata is stored in which of the following directories? A) /var/cache B) /usr/bin C) /var/lib/rpm D) /sbin/ldconfig Answer: C 5) Which of the following distributions use RPM Package Manager? A) Fedora B) RHEL C) CentOS D) All of the above Answer: D 6) Which of the following commands displays all installed packages? A) rpm -q B) rpm -qa C) rpm -a D) rpm -qi Answer: B 1 .
7) Which of the following commands lists the configuration files for a package? A) rpm -qc pkgname B) rpm -qi pkgname C) rpm -ql pkgname D) rpm -qd pkgname Answer: A 8) Which of the following is a general-purpose, patent-free, lossless data compression library that is used by many different programs? A) libwrap B) rpm C) zlib D) vsftpd Answer: C 9) Software packages often need features, called __________, from other packages. A) dependencies B) metadata C) capabilities D) precedents Answer: A 10) Which of the following commands lists what package provides a dependency? A) rpm -q --whatrequires capability B) rpm -qa --last C) rpm -q --provides pkgname D) rpm -q --whatprovides capability Answer: D 11) Which of the following installation methods for the rpm command should be used in most cases to install or upgrade a software package? A) rpm -i B) rpm -U C) rpm -F D) None of the above Answer: B 12) Which of the following is not true regarding installing a software package obtained from the Internet or via email? A) Never install a software package from an untrusted source, especially on a critical system. B) Always look at the content of the software package before installing it. C) The organization that created the software package always provides a digital signature. D) Use a virus- or worm-scanning tool on the software before installing the package. Answer: C
2 .
13) Which of the following options should be used with the rpm command to remove a software package? A) -v B) -h C) -e D) -q Answer: C 14) Which of the following commands can be used to extract specific files from an RPM file without having to reinstall the entire RPM? A) rpm B) rpm2cpio C) cpio D) cpio2rpm Answer: B 15) The YUM utility, which was designed to overcome some drawbacks to the rpm command, stands for which of the following? A) Yellowdog Upgrade Manager B) Yellowdog Update, Modified C) Yellowdog Update Manager D) Yellowdog Updater, Modified Answer: D 16) Which of the following is a location, typically network accessible, that contains RPM packages and a small database that describes the relationship between these packages? A) Repository B) Plug-in C) Distro D) Mirror Answer: A 17) Which of the following is the primary configuration file for yum commands? A) /etc/yum.repos.d B) /etc/yum.conf C) /var/cache/yum D) /etc/yum/pluginconf.d Answer: B 18) Which of the following yum commands removes a specified software package and any dependency packages from the system? A) groupremove B) update C) remove D) install Answer: C 3 .
19) Which of the following yum plug-ins automatically captures the filesystem during updates? A) snapshot B) versionlock C) fastmirror D) None of the above Answer: A 20) Which of the following distributions includes a command-line tool called zypper that works similar to the yum command? A) Fedora B) SUSE C) Red Hat D) CentOS Answer: B
4 .
Linux Essentials for Cybersecurity (Rothwell/Kinsey) Chapter 27 Debian-Based Software Management 1) The Debian package manager is used on which of the following Linux distributions? A) Ubuntu B) Debian C) Mint D) All of the above Answer: D 2) Which of the following Debian commands is the equivalent of the Red Hat rpm command? A) apt-cache B) dpkg C) apt D) apt-get Answer: B 3) Debian software package files are distributed with a(n) ________ extension. A) .ru B) .ko C) .deb D) .gz Answer: C 4) Which of the following options for the dpkg command includes a list of the configuration files for the package? A) -s B) -l C) -c D) -V Answer: A 5) To install a software package with the dpkg command, use the __________ option. A) -S B) -i C) -V D) -I Answer: B 6) Which of the following options for the dpkg command is used to extract files and replace missing or corrupted system files? A) -L B) -x C) -V D) -c Answer: B 1 .
7) Which of the following commands removes a package on a Debian-based system, including all of the package’s configuration files? A) dpkg -r pkg_name B) dpkg -p pkg_name C) dpkg -R pkg_name D) dpkg -P pkg_name Answer: D 8) APT, which stands for __________, is a collection of commands that provide the same functionality that yum or dnf provides on Red Hat-based systems. A) Automated Package Tool B) Advanced Package Troubleshooter C) Advanced Package Tool D) Automated Package Troubleshooter Answer: C 9) Which of the following APT utilities provides additional features for more advanced package management operations? A) apt-get B) apt C) apt-cache D) apt-zip Answer: A 10) The APT commands make use of repositories, called __________, from where packages can be downloaded. A) origins B) sources C) lists D) resources Answer: B 11) Which of the following fields of an APT configuration file indicates whether the packages in the source repository are regular packages or source packages? A) Component B) Source location C) Suite D) Type Answer: D 12) Which of the following fields of an APT configuration file indicates the subdirectory under the URL where the package files are stored? A) Component B) Source location C) Suite D) Type Answer: C 2 .
13) Which option for the apt list command is used to display packages that are installed and have a newer version available? A) --updatable B) --installed C) --upgrade D) --upgradable Answer: D 14) Which of the following commands provides a method to search for packages using a regular expression? A) apt-cache B) apt C) apt show D) apt find Answer: A 15) To display all packages that begin with “vi”, you can execute which of the following commands? A) apt show vi? B) apt show vi# C) apt show vi* D) apt show “vi” Answer: C 16) Which of the following commands can be used to display the reverse dependencies of a package? A) apt-cache revdep B) apt-cache rdepends C) apt-cache deprev D) apt-cache depends Answer: B 17) Which of the following options for the apt install command is used to indicate which version of the distribution to use for the package version? A) /target_release B) =pkg_version_number C) Both A and B D) None of the above Answer: A 18) Which option for the apt-get install command is used to fix broken dependencies? A) -s B) -y C) -f D) --reinstall Answer: C 3 .
19) Package groups are available in the interactive __________ utility, which is a command-line utility that is normally installed by default. A) aptitude B) tasksel, C) synaptic D) None of the above Answer: A 20) To purge a package, removing all the package files including configuration files, use the __________ command. A) apt remove B) apt-get purge C) apt-get remove D) apt purge Answer: B
4 .
Linux Essentials for Cybersecurity (Rothwell/Kinsey) Chapter 28 System Booting 1) Which of the following is not one of the four primary phases of the boot process of a Linux operating system? A) BIOS/UEFI phase B) Bootloader phase C) Pre-kernel phase D) Kernel phase Answer: C 2) Which of the following is considered firmware, a program embedded within the hardware? A) UEFI B) BIOS C) RAID D) LVM Answer: B 3) UEFI is short for which of the following? A) Unified Extensible Filesystem Interface B) User Extensible Firmware Interface C) User Extensible Filesystem Interface D) Unified Extensible Firmware Interface Answer: D 4) Which of the following is a software program provided by the operating system that is designed to access files on the hard drive and start the booting of the operating system? A) The kernel B) The bootloader C) MBR D) GUI Answer: B 5) During the __________ phase of the boot process of a Linux operating system, the kernel configures itself and loads kernel modules. A) kernel B) post-kernel C) bootloader D) BIOS/UEFI Answer: A
1 .
6) Once the kernel has completed all its tasks, it starts a process called the __________ phase that finishes booting the operating system. A) kernel B) post-kernel C) bootloader D) BIOS/UEFI Answer: B 7) Which of the following is a bootup technology that is commonly used on modern Linux systems? A) Upstart B) systemd C) SysVinit D) All of the above Answer: D 8) Which of the following is not true when comparing the GRUB and GRUB 2 technologies? A) Legacy GRUB uses a single, simple configuration file; GRUB 2 uses a more complex system. B) GRUB 2 was developed to overcome the limitations of Legacy GRUB. C) GRUB supports more operating systems than GRUB 2. D) GRUB 2 supports LVM and RAID devices; Legacy GRUB cannot access these devices. Answer: C 9) Which of the following Legacy GRUB configuration settings indicates which title to boot if a title is not selected before the timeout value is reached? A) timeout B) default C) hiddenmenu D) splashimage Answer: B 10) During the boot process for Legacy GRUB, you can perform which of the following operations that change how the system boots? A) Modify parameters for a title B) Execute GRUB commands via the GRUB command line C) Select an alternative title for booting D) All of the above Answer: D 11) On Red Hat-based distributions, the primary configuration file for GRUB 2 is __________. A) /boot/grub2/grub B) /boot/grub/grub.cfg C) /etc/default/grub D) /etc/grub.d Answer: A
2 .
12) Which of the following /etc/default/grub settings contains values to add to the kernel line to pass parameters to the kernel (such as quiet and rhgb)? A) GRUB_DEFAULT B) GRUB_TIMEOUT C) GRUB_CMDLINE_LINUX D) GRUB_TIMEOUT_STYLE Answer: C 13) Which of the following kernel documentation locations is for older versions of the kernel (typically before version 3.0) and requires installation of the kernel-devel package? A) The /usr/share/doc/kernel-doc*/Documentation directory B) The /usr/src/linux/Documentation directory C) The https://www.kernel.org/doc site D) None of the above Answer: B 14) Which of the following is an identifier assigned to an open file, for example, when a process opens a file, either for reading or writing? A) file-max B) file-handle C) file-nr D) nr-open Answer: B 15) When working with modules, the __________ command is useful because its output tells you which kernel you are currently using. A) ls B) kernel C) uname D) pwd Answer: C 16) When a module is loaded into memory, you can see it in the output of the __________ command. A) lsmod B) depmod C) grep D) mount Answer: A 17) Which of the following commands searches the modules.dep file to find the location of the module that you want to load? A) insmod B) lsmod C) modprobe D) modinfo Answer: C 3 .
18) Kernel parameters can be modified on the fly by changing files in the __________ directory. A) /usr/share/doc B) /lib/modules C) /usr/src/linux D) /proc/sys Answer: D 19) To view all the kernel and kernel module parameters, execute the sysctl command with the __________ option. A) -q B) -a C) -w D) -p Answer: B 20) Which of the following key settings of a service unit file is used to indicate which target to associate with the service? A) WantedBy B) ExecStart C) After D) Before Answer: A
4 .
Linux Essentials for Cybersecurity (Rothwell/Kinsey) Chapter 29 Develop a Software Management Security Policy 1) Which of the following is a recommended practice for keeping software packages up to date to help ensure software security? A) Install any software update that fixes a bug or security vulnerability. B) Keep a log of all software updates. C) Perform updates automatically via a crontab job on workstation systems. D) All of the above Answer: D 2) A default installation of Kali Linux has almost __________ software packages. A) 100 B) 1000 C) 3000 D) 5000 Answer: C 3) The text recommends creating how many categories in which to place software when considering whether to remove unnecessary packages? A) 3 B) 4 C) 5 D) 6 Answer: A 4) You go through the process of determining if a software package should be installed by __________ the package. A) updating B) exploring C) scanning D) securing Answer: B 5) Before approving a software package, you should look at the files it provides, particularly the __________ programs (typically located in a /bin or /sbin directory). A) server B) shell C) executable D) None of the above Answer: C
1 .
6) You should vet software packages on a(n) __________ system where you can safely install packages without any concern of impacting a critical system. A) active B) temporary C) permanent D) test Answer: D 7) Many administrators rely on which of the following commands to download and install software programs? A) dnf B) apt-get C) yum D) All of the above Answer: D 8) Your security policy should include a process in which the __________ location of software packages is confirmed before installing packages. A) source B) destination C) original D) final Answer: A 9) Which of the following is a system designed to provide a single location where you can learn about security-related software issues? A) SUID B) MITRE C) CVE D) SGID Answer: C 10) CVE is short for which of the following? A) Command Vulnerabilities and Exposures B) Common Vulnerabilities and Exposures C) Command Vulnerabilities and Environments D) Common Vulnerabilities and Environments Answer: B 11) Which of the following is not true regarding the CVE system? A) When a vulnerability is discovered and reported, it is assigned a unique ID. B) The system is maintained by the MITRE Corporation. C) The CVE system provides a search tool for locating specific software. D) You must pay subscription fees in order to access CVE data. Answer: D
2 .
12) You can download CVEs and use the __________ command to find the ones that are related to the software installed on your system. A) grep B) rpm C) dpkg D) dnf Answer: A 13) Which of the following information is provided in a CVE? A) The date the CVE was created B) Organization that assigned the CVE a unique ID C) References to additional information D) All of the above Answer: D 14) Many organizations only install and support one or two distributions because of the work involved in __________ each system. A) updating B) downloading C) securing D) reviewing Answer: C 15) Your security plan should include a regular review of __________ as well as a review of the distribution’s security alerts. A) SGIDs B) CVEs C) SUIDs D) xinetd Answer: B 16) Red Hat uses __________ to inform security personnel of any potential vulnerabilities. A) RHELs B) CVEs C) Data Feeds D) RHSAs Answer: D 17) Which of the following is a collection of older services, normally referred to as “legacy services,” that your organization may need to use? A) xinetd B) telnet C) RHSAs D) CVEs Answer: A
3 .
18) The primary configuration file for the xinetd daemon is the __________ file. A) /etc/xinetd.d B) /usr/sbin/in.telnetd C) /etc/xinetd.conf D) /etc/xinetd.d/telnet Answer: C 19) Which of the following settings in the /etc/xinetd.conf file indicates how many concurrent connections are allowed? A) instances B) per_source C) cps D) includedir Answer: A 20) Which of the following settings in the /etc/xinetd.d directory indicates the executable file for the service? A) disable B) user C) log_on_failure D) server Answer: D
4 .
Linux Essentials for Cybersecurity (Rothwell/Kinsey) Chapter 30 Footprinting 1) Footprinting, the process of discovering information about a network or system with the intent to use this information to compromise security measures, is also known as __________. A) port scanning B) reconnaissance C) exploration D) package sniffing Answer: B 2) Which of the following commands is used to probe a remote system to determine which network ports are reachable from the local system? A) netstat B) lsof C) nmap D) nc Answer: C 3) Which of the following options of the nmap command can be used to scan UDP ports? A) -O B) -sU C) -p D) -sV Answer: B 4) Which of the following options of the nmap command displays service version information? A) -O B) -sU C) -p D) -sV Answer: D 5) Which of the following commands can be used to view activity of local network information, as opposed to scanning remote network ports? A) netstat B) lsof C) nmap D) nc Answer: A
1 .
6) Which of the following options of the netstat command displays a summary of network packet information broken down by protocol? A) -r B) -i C) -s D) -c Answer: C 7) Which of the following options of the netstat command displays the routing table (similar to the route command)? A) -r B) -i C) -s D) -c Answer: A 8) Which columns in the output of the netstat -i command include received and transmitted packets that were not receivable by this interface? A) RX-DRP and TX-DRP B) RX-OVR and TX-OVR C) RX-ERR and TX-ERR D) RX-OK and TX-OK Answer: B 9) Which option for the netstat command provides numeric values instead of names? A) -e B) -l C) -p D) -n Answer: D 10) Which of the following commands is designed to list open files? A) nc B) netstat C) lsof D) tcpdump Answer: C 11) Which of the following options for the lsof command lists open network sockets? A) -P B) -i C) -n D) -N Answer: B
2 .
12) Which of the following commands is used for just about anything involving TCP or UDP? A) nc B) netstat C) lsof D) tcpdump Answer: A 13) Which of the following options for the nc command is used on the client side to close a connection automatically after a timeout value is reached? A) -k B) -w C) -u D) -6 Answer: B 14) Which of the following commands is a “packet sniffer” that allows you to view local network traffic? A) nc B) netstat C) lsof D) tcpdump Answer: D 15) Which of the following options for the tcpdump command can be used to limit the output to a specific number of network packets? A) -r B) -w C) -c D) -i Answer: C 16) Which of the following commands provides information about domain registration? A) whois B) traceroute C) nslookup D) ping Answer: A 17) Which of the following is a Kali Linux tool that uses the nmap command to probe systems and generate reports? A) recon-ng B) SPARTA C) netdiscover D) ZENMAP Answer: B
3 .
18) The DNS Analysis tools in Kali Linux are primarily used to gather DNS information, similar to the __________ command. A) whois B) traceroute C) netstat D) nslookup Answer: D 19) In Kali Linux, the OSINT tools primarily use OSINT techniques to gather intelligence about a target, similar to the __________ command. A) whois B) traceroute C) netstat D) nslookup Answer: A 20) The Route Analysis tools in Kali Linux are designed to determine the route that is taken to get to a specific host or network, similar to the __________ command. A) whois B) traceroute C) netstat D) nslookup Answer: B
4 .
Linux Essentials for Cybersecurity (Rothwell/Kinsey) Chapter 31 Firewalls 1) Which of the following is a network appliance that is designed to either allow or block network traffic? A) Firewall B) Network server C) Router D) Chain Answer: A 2) To create firewall rules on a Linux system, you can use the __________ command. A) chain B) systemctl C) iptables D) None of the above Answer: C 3) The iptables command allows you to create firewall rules that provide which of the following functions? A) Perform NAT operations B) Block network packets C) Forward network packets to another system D) All of the above Answer: D 4) Packets that are routed to another network first must pass through a set of firewall rules on the __________ filtering point. A) INPUT B) FORWARD C) PREROUTING D) POSTROUTING Answer: B 5) After the FORWARD filtering point, packets are sent to the __________ filtering point. A) POSTROUTING B) OUTPUT C) PREROUTING D) INPUT Answer: A
1 .
6) Which of the following is a set of firewall rules that determines what actions to take on a specific packet? A) port B) chain C) target D) policy Answer: B 7) Which of the following actions (called targets) allows a packet to continue to the next step, such as a filtering point or routing decision? A) DROP B) REJECT C) LOG D) ACCEPT Answer: D 8) Which of the following actions (called targets) does not allow a packet to continue to the next step, but sends a response message to the origin of the packet informing it of the rejection? A) DROP B) REJECT C) LOG D) ACCEPT Answer: B 9) To configure a system to either allow or block incoming packets, you place firewall rules on the __________ filter chain. A) OUTPUT B) PREROUTING C) INPUT D) FORWARD Answer: C 10) How many firewall services should be active on a segment of the system at one time? A) 1 B) 2 C) 3 D) 4 Answer: A 11) Which of the following options for the iptables command removes all firewall rules in a chain? A) -F B) -D C) -A D) -L Answer: A 2 .
12) Which of the following options for the iptables command will place a new firewall rule at the end of the chain? A) -F B) -D C) -A D) -L Answer: C 13) Which of the following files displays a list of protocols that can be used in conjunction with the -p option for the iptables command? A) /etc/passwd B) /etc/services C) /etc/sysconf.conf D) /etc/protocols Answer: D 14) Which of the following options is required for iptables to make use of an extension module, an optional add-on feature for iptables? A) -L B) -m C) -c D) -N Answer: B 15) You can combine multiple criteria to create a more complex firewall __________. A) rule B) IP address C) protocol D) interface Answer: A 16) In a situation where an interface is assigned multiple IP addresses, use the __________ option to indicate the firewall rule applies to a destination address. A) -a B) -d C) -A D) -F Answer: B 17) You can save firewall rules into a file by using the __________ command. A) iptables-services B) iptables-rules C) iptables-restore D) iptables-save Answer: D
3 .
18) If you are going to disallow access to a remote system, it might be considered more “user friendly” to use the __________ target rather than the DROP target. A) FORWARD B) OUTPUT C) REJECT D) INPUT Answer: C 19) Which of the following is a form of NAT that is used when you have an internal network with statically assigned private IP addresses? A) MASQUERADE B) SNAT C) DNAT D) DHCP Answer: B 20) Which of the following is a form of NAT that is used when you have an internal network with dynamically assigned private IP addresses? A) MASQUERADE B) SNAT C) DNAT D) DHCP Answer: A
4 .
Linux Essentials for Cybersecurity (Rothwell/Kinsey) Chapter 32 Intrusion Detection 1) Which of the following major hacks occurring in the last few years resulted in the data of more than 40 million credit cards being compromised? A) The eBay hack of 2013–2014 B) The Target hack of 2013 C) The Equifax hack of 2017 D) None of the above Answer: B 2) Which of the following topics should be included in a recovery plan within a security policy? A) There should be a plan in place to bring the compromised system(s) offline. B) There should be a list of people who need to be notified, in a specific order. C) A full diagnostic should be performed on the server(s). D) All of the above Answer: D 3) Which of the following commands can be used to display all active TCP connections? A) netstat -ta B) netstat -taupe C) nmap D) tcdump Answer: A 4) Which of the following commands displays all open ports, which is important because hackers often will open new ports to create more backdoors into the system? A) netstat -ta B) netstat -taupe C) nmap D) tcdump Answer: B 5) The __________ command is not as vulnerable to hackers as other commands, because you run this command from a different system than the potentially hacked system. A) netstat -ta B) netstat -taupe C) nmap D) tcdump Answer: C
1 .
6) Which of the following tools allows you to probe network traffic, searching for any suspicious activity? A) netstat -ta B) netstat -taupe C) nmap D) tcpdump Answer: D 7) Which of the following tools provides a GUI-based front end to the tcpdump command? A) MD5 B) Wireshark C) NIDS D) HIDS Answer: B 8) Which of the following files can be modified by a hacker to create a backdoor? A) /etc/passwd B) /etc/shadow C) Both A and B D) None of the above Answer: C 9) Any account that has a UID (user ID) of __________ has full administrative rights. A) 0 B) 1 C) 2 D) 3 Answer: A 10) If the password field for the nncp account is __________, this allows someone to log in with this user name and not have to provide a password. A) too short B) empty C) too long D) set to zero Answer: B 11) Which of the following is a package management tool that determines if a file has changed since it was installed? A) diff B) cmp C) nmap D) rpm -V Answer: D
2 .
12) Which of the following commands compare differences in files? A) cmp B) diff C) Both A and B D) None of the above Answer: C 13) Which of the following commands is similar to the md5sum command? A) sha1sum B) sha256sum C) sha512sum D) All of the above Answer: D 14) Which of the following file-change tools uses a unique key based on a file’s attributes and contents to create a one-way hash value? A) diff B) MD5 checksum C) cmp D) rpm -V Answer: B 15) Which of the following IDS categories includes an IDS that attempts to automatically react or respond to intrusions? A) Passive IDS B) Reactive or Active IDS C) NIDS D) HIDS Answer: B 16) Which of the following IDS categories includes a network-based IDS, designed to discover intrusions or attempts by monitoring key networks? A) Passive IDS B) Reactive or Active IDS C) NIDS D) HIDS Answer: C 17) Which of the following IDS categories includes an IDS that detects possible intrusions and then notifies administrators? A) Passive IDS B) Reactive or Active IDS C) NIDS D) HIDS Answer: A
3 .
18) Which of the following is a tool that is designed to report when key system files have been changed, and includes both a commercial version and an open source version? A) Security Onion B) AIDE C) Snort D) Tripwire Answer: D 19) Which of the following is an IDS tool that has been available for more than 20 years that is used to provide real-time analysis of traffic and can also be used to log network packets? A) Security Onion B) AIDE C) Snort D) Tripwire Answer: C 20) Which of the following is a distribution that primarily focuses on IDS tools? A) Security Onion B) AIDE C) Snort D) Tripwire Answer: A
4 .
Linux Essentials for Cybersecurity (Rothwell/Kinsey) Chapter 33 Additional Security Tasks 1) Which of the following is a service that scans specific log files, searching for IP addresses of systems that attempt to breach a system via repeated connection attempts? A) BugTraq B) US-CERT C) fail2ban D) CERT Answer: C 2) Which of the following is the primary configuration file for the fail2ban utility? A) /etc/fail2ban/jail.conf B) /etc/openvpn/easy-rsa/keys C) /etc/fail2ban/action.d/iptables.conf D) /etc/openvpn/easy-rsa/vars Answer: A 3) Which of the following key fail2ban configuration settings allows you to create “white lists” of IP addresses to never ban? A) maxretry B) ignoreip C) enabled D) findtime Answer: B 4) Which of the following key fail2ban configuration settings specifies the period of time, in seconds, that the maxretry entry uses? A) bantime B) enabled C) ignoreip D) findtime Answer: D 5) In order to configure OpenVPN, you must perform five primary steps. Which of the following is the first of these steps? A) Generate the VPN Server certificate. B) Configure a Certificate Authority (CA). C) Generate the VPN Client certificate. D) Configure the VPN server. Answer: B
1 .
6) The first step in setting up a Certificate Authority (CA) is to create a directory and copy some files from the __________ directory. A) /usr/share/easy-rsa B) /etc/openvpn/easy-rsa C) /etc/openvpn/easy-rsa/vars D) /etc/openvpn/easy-rsa/keys Answer: A 7) To create a server certificate, execute the __________ script followed by the name you want to give your server. A) ./build-dh B) ./build-key C) ./build-key-server D) ./build-ca Answer: C 8) To create a VPN client certificate, execute the __________ script, providing the name of the client as an argument. A) ./build-dh B) ./build-key C) ./build-key-server D) ./build-ca Answer: B 9) After generating the VPN client certificate, which of the following keys need to be copied to the VPN client? A) vpnclient1.key B) ca.crt C) vpnclient1.crt D) All of the above Answer: D 10) On a typical Ubuntu system, the sample configuration files included with the OpenVPN software package are located in which of the following directories? A) /etc/openvpn/easy-rsa/keys B) /etc/openvpn/easy-rsa/vars C) /usr/share/doc/openvpn/examples/sample-config-files D) /usr/share/doc/openvpn/sample-config-files Answer: C 11) The gpg utility is an acronym for which of the following? A) GNU Private Guard B) GNU Privacy Guard C) GNU Private Gateway D) GNU Privacy Gateway Answer: B 2 .
12) Which of the following utilities can be used to create public and private encryption keys? A) gpg B) pgp C) gnupg D) fail2ban Answer: A 13) Which of the following options for the gpg command is used to specify the name of the public key file? A) --export B) --decrypt C) --encrypt D) --output Answer: D 14) A user can encrypt a file using which of the following options with the gpg command? A) --export B) --decrypt C) --encrypt D) --output Answer: C 15) After a file has been encrypted, the only way it can be decrypted is with the private key on your system, using which of the following options with the gpg command? A) --export B) --decrypt C) --encrypt D) --output Answer: B 16) Which of the following options for the gpg command is used to specify the key that you want to send? A) --export B) --decrypt C) --encrypt D) --output Answer: A 17) Which of the following security alert services is an email-based program that is sponsored by Security Focus? A) US-CERT B) NCCIC C) BugTraq D) CERT Answer: C
3 .
18) Which of the following security alert services is the Nation’s flagship cyber defense, incident response, and operational integration center? A) US-CERT B) NCCIC C) BugTraq D) CERT Answer: A 19) Which of the following security alert services is a component of a larger organization at Carnegie Mellon University called the Software Engineering Institute (SEI)? A) US-CERT B) NCCIC C) BugTraq D) CERT Answer: D 20) CERT is an acronym for which of the following? A) Cybersecurity Emergency Response Teams B) Computer Emergency Response Teams C) Cybersecurity Emergency Response Transmission D) Computer Emergency Response Transmission Answer: B
4 .