Home
You may like this!
81.
Typing lsof -i | grep LISTEN as root produces three lines of output, corresponding to the sendmail, sshd, and proftpd servers. What can you conclude about the security of this system?
  • A.
    Everything’s OK; the presence of sshd ensures that data are being encrypted via SSH.
  • B.
    The sendmail and sshd servers are OK, but the FTP protocol used by proftpd is insecure and should never be used.
  • C.
    The sendmail server should be replaced by Postfix or qmail for improved security, but sshd and proftpd are fine.
  • D.
    Because sendmail and proftpd both use unencrypted text-mode data transfers, neither is appropriate on a network-connected computer.
  • E.
    No conclusion can be drawn without further information; the listed servers may or may not be appropriate or authentic.
  • Answer & Explanation
  • Report
Answer : [E]
Explanation :
The server names alone are insufficient to determine whether they’re legitimate. The computer in question may or may not need to run any of these servers, and their presence may or may not be intentional, accidental, or the sign of an intrusion. Thus, option E is correct. Contrary to option A, the mere presence of an SSH server does not ensure security. Although, as option B asserts, FTP is not a secure protocol, it’s still useful in some situations, so the mere presence of an FTP server is not, by itself, grounds for suspicion. Similarly, in option C, although some administrators prefer Postfix or qmail to sendmail for security reasons, sendmail isn’t necessarily bad, and the names alone don’t guarantee that the sshd and proftpd servers are legitimate. As option D states, sendmail and proftpd both use unencrypted text-mode transfers; but this is appropriate in some situations, so option D is incorrect.
Report
Name Email  
82.
As part of a security audit, you plan to use Nmap to check all the computers on your network for unnecessary servers. Which of the following tasks should you do prior to running your Nmap check?
  • A.
    Back up /etc/passwd on the target systems to eliminate the possibility of its being damaged.
  • B.
    Obtain the root passwords to the target systems so that you can properly configure them to accept the Nmap probes.
  • C.
    Obtain written permission from your boss to perform the Nmap sweep.
  • D.
    Configure /etc/sudoers on the computer you intend to use for the sweep, to give yourself the ability to run Nmap.
  • E.
    Disable any firewall between the computer that’s running Nmap and the servers you intend to scan.
  • Answer & Explanation
  • Report
Answer : [C]
Explanation : Although Nmap and other port scanners are useful security tools, they’re also used by crackers, and many organizations have policies restricting their use. Thus, you should always obtain permission to use such tools prior to using them, as option C specifies. A port scanner can’t cause damage to /etc/passwd, so there’s no need to back it up, contrary to option A. A port scanner also doesn’t need the root password on a target system to operate, so you don’t need this information, making option B incorrect. (In fact, asking for the root password could be seen as extremely suspicious!) Although you could use sudo to run Nmap, there’s no need to do so to perform a TCP scan, and you can perform a UDP scan by running Nmap as root in other ways (such as via a direct login or by using su). Thus, option D isn’t strictly necessary, although you might want to tweak /etc/sudoers as a matter of system policy. As a firewall is part of your network’s security, you probably want it running when you perform a network scan, contrary to option E. Furthermore, it would be safer to leave the firewall running and scan from behind it, if you want to test the security of the network in case of a firewall breach.
Report
Name Email  
83.
Your login server is using PAM, and you want to limit users’ access to system resources. Which configuration file will you need to edit?
  • A.
    /etc/limits.conf
  • B.
    /etc/pam/limits.conf
  • C.
    /etc/security/limits.conf
  • D.
    /etc/security/pam/limits.conf
  • E.
    /usr/local/limits.conf
  • Answer & Explanation
  • Report
Answer : [C]
Explanation :
The /etc/security/limits.conf (option C) file holds the configuration settings that allow you to limit users’ access. The other options listed don’t give the correct path to this file.
Report
Name Email  
84.
Which of the following tools might you use to check for open ports on a local computer? (Select three.)
  • A.
    Nmap
  • B.
    netstat
  • C.
    lsof
  • D.
    portmap
  • E.
    services
  • Answer & Explanation
  • Report
Answer : [A, B, C]
Explanation :
Nmap (option A) is usually used to perform scans of remote computers, but it can scan the computer on which it’s run, as well. The netstat (option B) and lsof (option C) utilities can both identify programs that are listening for connections (that is, open ports) on the local computer. The portmap program (option D) is used by the Network File System (NFS) and some other servers, but it’s not used to identify open ports. There is no standard Linux services program (option E), although the /etc/services file holds a mapping of port numbers to common service names.
Report
Name Email  
85.
Which of the following commands will locate all program files on a computer on which the SUID bit is set?
  • A.
    find / -type SUID
  • B.
    find / -perm +4000 -type f
  • C.
    find / -perm +SUID -type f
  • D.
    find / -type +4000
  • E.
    find / -suid
  • Answer & Explanation
  • Report
Answer : [B]
Explanation :
The -perm option to find locates files with the specified permissions, and +4000 is a permission code that matches SUID files. The -type f option restricts matches to files in order to avoid false alarms on directories. Option B uses these features correctly. Options A, C, and D use these features incorrectly. Option E specifies a fictitious -suid parameter to find.
Report
Name Email