91.
You want to use xinetd access controls to limit who may access a server that’s launched via
xinetd. Specifically, only users on the 192.168.7.0/24 network block should be able to use
that server. How may you do this?
- A.Enter hosts_allow = 192.168.7.0/24 in the /etc/xinetd.d configuration file for the server in question.
- B.Enter only_from = 192.168.7.0/24 in the /etc/xinetd.d configuration file for the server in question.
- C.Enter server : 192.168.7., where server is the server’s name, in the /etc/hosts .allow file.
- D.Enter server : 192.168.7., where server is the server’s name, in the /etc/hosts .deny file.
- E.Type iptables -L 192.168.7.0 to enable only users of 192.168.7.0/24 to access the server.
- Answer & Explanation
- Report
Answer : [B]
Explanation :
Explanation :
| Option B correctly describes how to accomplish this goal. Option A is incorrect because the hosts_allow option isn’t a legal xinetd configuration file option. Option C correctly describes how to configure the described restriction using TCP Wrappers, which is generally used with inetd, but it’s not the way this is done using xinetd. Option D also describes a TCP Wrappers description, but it reverses the meaning. Option E’s iptables utility configures a firewall. Although a firewall rule could be a useful redundant measure, the question specifies a xinetd configuration; and option E’s use of iptables is incorrect. |
92.
Of the following, which is the best password?
- A.Odysseus
- B.iA71Oci^My~~~~~~
- C.pickettomato
- D.Denver2Colorado
- E.123456
- Answer & Explanation
- Report
Answer : [C]
Explanation :
Explanation :
| Ideally, passwords should be completely random but still memorable. Option B’s password was generated from a personally meaningful acronym and then modified to change the case of some letters, add random numbers and symbols, and extend its length using a repeated character. This creates a password that’s close to random but still memorable. Option A uses a well-known mythological figure, who is likely to be in a dictionary. Option C uses two common words, which is arguably better than option A, but not by much. Option D uses two closely related words separated by a single number, which is also a poor choice for a password. Option E uses a sequential series of numbers, which is a poor (but sadly common) password choice. |
93.
Which of the following types of attacks involves sending bogus email to lure unsuspecting
individuals into divulging sensitive financial or other information?
- A.Phishing
- B.Script kiddies
- C.Spoofing
- D.Ensnaring
- E.Hacking
- Answer & Explanation
- Report
Answer : [A]
Explanation :
Explanation :
| Phishing (option A) involves sending bogus email or setting up fake Web sites that lure unsuspecting individuals into divulging sensitive financial or other information. Script kiddies (option B) are intruders who use root kits. Spoofing (option C) involves pretending data is coming from one computer when it’s coming from another. Ensnaring (option D) isn’t a type of attack. Hacking (option E) refers to either lawful use of a computer for programming or other advanced tasks or breaking into computers. |
94.
Ordinary users report being unable to log onto a computer, but root has no problems doing
so. What might you check for to explain this situation?
- A.A misbehaving syslogd daemon
- B.A login process that’s running as root
- C.The presence of an /etc/nologin file
- D.The presence of an SUID bit on /bin/login
- D.Inappropriate use of shadow passwords
- Answer & Explanation
- Report
Answer : [C]
Explanation :
Explanation :
| The /etc/nologin file, if present, prevents logins from ordinary users; only root may log in. You might set this file when performing maintenance and then forget to remove it, thus explaining the symptoms in the question. Thus, option C is correct. The syslogd daemon mentioned in option A records system messages and is unlikely to produce the specified symptoms. The login process ordinarily runs as root and is normally SUID root, so options B and D are also incorrect. Shadow passwords, as in option E, are used on almost all modern Linux systems, and are not likely to cause these symptoms. |
95.
Which servers might you consider retiring after activating an SSH server? (Select two.)
- A.SMTP
- B.Telnet
- C.FTP
- D.NTP
- E.NTP
- Answer & Explanation
- Report
Answer : [B, C]
Explanation :
Explanation :
| SSH is most directly a replacement for Telnet (option B), but SSH also includes file-transfer features that enable it to replace FTP (option C) in many situations. SSH is not a direct replacement for the Simple Mail Transfer Protocol (SMTP; option A), the Network Time Protocol (NTP; option D), or Samba (option E). |
|
|
||||||||||||||||||||||||||||
