Home
You may like this!
96.
You find that the ssh_host_dsa_key file in /etc/ssh has 0666 (-rw-rw-rw-) permissions. Your SSH server has been in operation for several months. Should you be concerned?
  • A.
    Yes
  • B.
    No
  • C.
    Only if the ssh_host_dsa_key.pub file is also world-readable
  • D.
    Only if you’re launching SSH from a super server
  • E.
    Only if you’re using a laptop computer
  • Answer & Explanation
  • Report
Answer : [A]
Explanation :
The ssh_host_dsa_key file holds one of three critical private keys for SSH. The fact that this key is readable (and writeable!) to the entire world is disturbing, so option A is correct. In principle, a miscreant who has acquired this file might be able to redirect traffic and masquerade as your system, duping users into delivering passwords and other sensitive data. Because of this, option B (No) is an incorrect response, and the conditions imposed by options C, D, and E are all irrelevant, making all of these options incorrect.
Report
Name Email  
97.
For best SSH server security, how should you set the Protocol option in /etc/ssh/sshd_ config?
  • A.
    Protocol 1
  • B.
    Protocol 2
  • C.
    Protocol 1,2
  • D.
    Protocol 2,1
  • E.
    Protocol *
  • Answer & Explanation
  • Report
Answer : [B]
Explanation :
SSH protocol level 2 is more secure than protocol level 1; thus, option B (specifying acceptance of level 2 only) is the safest approach. Option A is the least safe approach because it precludes the use of the safer level 2. Options C and D are exactly equivalent in practice; both support both protocol levels. Option E is invalid.
Report
Name Email  
98.
Why is it unwise to allow root to log on directly using SSH?
  • A.
    Disallowing direct root access means that the SSH server may be run by a non-root user, improving security.
  • B.
    The root password should never be sent over a network connection; allowing root logins in this way is inviting disaster.
  • C.
    SSH stores all login information, including passwords, in a publicly readable file.
  • D.
    When logged on using SSH, root’s commands can be easily intercepted and duplicated by undesirable elements.
  • E.
    Somebody with the root password but no other password can then break into the computer.
  • Answer & Explanation
  • Report
Answer : [E]
Explanation :
Allowing only normal users to log in via SSH effectively requires two passwords for any remote root maintenance, improving security, so option E is correct. Whether or not you permit root logins, the SSH server must normally run as root, since SSH uses port 22, a privileged port. Thus, option A is incorrect. SSH encrypts all connections, so it’s unlikely that the password, or commands issued during an SSH session, will be intercepted, so option B isn’t a major concern. (Nonetheless, some administrators prefer not to take even this small risk.) SSH doesn’t store passwords in a file, so option C is incorrect. Because SSH employs encryption, option D is incorrect (this option better describes Telnet than SSH).
Report
Name Email  
99.
You’ve downloaded a GPG public key from a Web site, into the file fredkey.pub. What must you do with this key to use it?
  • A.
    Type inspect-gpg fredkey.pub.
  • B.
    Type gpg --readkey fredkey.pub.
  • C.
    Type import-gpg fredkey.pub.
  • D.
    Type gpg --import fredkey.pub.
  • E.
    Type gpg-import fredkey.pub.
  • Answer & Explanation
  • Report
Answer : [D]
Explanation :
Option D provides the correct command to import fredkey.pub prior to use. The inspect-gpg, import-gpg, and gpg-import commands of options A, C, and E are fictitious; and there is no --readkey option to gpg, as option B suggests.
Report
Name Email  
100.
You want to send an encrypted message to an email correspondent. You both have GPG. What do you need to exchange before you can send your encrypted message?
  • A.
    Your correspondent must obtain your GPG public key.
  • B.
    Your correspondent must obtain your GPG private key.
  • C.
    You must exchange private keys with your correspondent.
  • D.
    You must obtain your correspondent’s GPG private key.
  • E.
    You must obtain your correspondent’s GPG public key.
  • Answer & Explanation
  • Report
Answer : [E]
Explanation :
The usual method of sending encrypted messages with GPG entails the sender using the recipient’s public key to encrypt the message. Thus, option E is correct. Option A would be correct if your correspondent needed to send you an encrypted message, but the question only specifies your sending the encrypted message. Options B, C, and D all entail delivery of private keys, which is inadvisable at best, because private keys in the wrong hands permit the holder to impersonate the person who owns the keys.
Report
Name Email