IS3440 CHAP 1 SECURITY THREATS TO LINUX

Question 1

____ a web server service used primarily on Linux.

Answer 1

APACHE

Question 2

____ is a Parkerian hexad concept related to the CIA triad concept of integrity. It can help users and administrators verify that important communications, are genuine.

Answer 2

AUTHENTICITY

Question 3

___ a CIA triad concept in which users have access to their data when they want it.

Answer 3

AVAILABILTIY

Question 4

___ is the first thing that is run when you power up an older computer. It identifies and tests connected hardware to a point where an operating system can be loaded from media such as a hard drive.

Answer 4

BASIC INPUT/OUTPUT SYSTEM (BIOS)

Question 5

___ is a user who wants to break into computer systems and networks with malicious purposes in mind.

Answer 5

BLACK-HAT HACKER

Question 6

___ is the private company that is the corporate backer of the Ubuntu distribution.

Answer 6

CANONICAL

Question 7

___ is a vendor-neutral certification for information security created by (ISC) that requires professional experience in multiple security domains.

Answer 7

CERTIFIED INFORMATION SYSTEMS SECURITY PROFESSIONS (CISSP)

Question 8

___ this specifies three goals of information security: confidentiality integrity, and availability.

Answer 8

CIA TRIAD

Question 9

___ is one of the ISECOM channels for security audits.

Answer 9

COMMUNICATIONS SECURITY (COMSEC)

Question 10

___ in the open source community, this is a malicious user who wants to break into a computer system.

Answer 10

CRACKER

Question 11

___ is one of several open source licenses used to share the source code for software.

Answer 11

GNU GENERAL PUBLIC LICENSE (GPL)

Question 12

___ is the open source implementation of PGP, developed by the GNU Foundation.

Answer 12

GNU PRIVACY GUARD (GPG)

Question 13

___ is a recursive acronym for the work of the GNU Foundation, including the clones of UNIX tools and libraries found in current Linux distributions.

Answer 13

GNU’S NOT UNIX (GNU)

Question 14

____ is a US law that specifies confidentiality requirements for personal financial data.

Answer 14

GRAMM-LEACH-BLILEY ACT (GLBA)

Question 15

____ is the organization associated with open source security certification and testing. It qualifies security professionals with four professionals with four certificates.
OSPA; OSPE; SOPT, AND OWPE.

Answer 15

(ISECOM) INSTITUTE FOR SECURITY AND OPEN METHODOLOGIES

Question 16

___ is a CIA triad concept of trust, verified by means such as GPG key.

Answer 16

INTEGRITY

Question 17

___ is an organization for security professionals. It qualifies professionals through the SSCP and CISSP certifications.

Answer 17

(ISC)2 INTERNATIONAL INFORMATION SYSTEMS SECURITY CERTIFICATION CONSORTIUM

Question 18

____ is part of the Transmission Control Protocol/Internet Protocol suite of protocols. It is normally used to send error and network status messages.

Answer 18

(ICMP) INTERNET CONTROL MESSAGE PROTOCOL

Question 19

____ is a version of the Internet Protocol still in common use today that the addresses use 32 bits.

Answer 19

(IPv4) INTERNET PROTOCOL VERSION 4

Question 20

___ is a more recent version of the Internet Protocol in common use that the addresses use 128 bits.

Answer 20

(IPv6) INTERNET PROTOCOL VERSION 6

Question 21

____ is a security control system that limits access to objects such as files and directories to specified users and groups.

Answer 21

MANDATORY ACCESS CONTROL

Question 22

This is a reference to network address translation where private Internet Protocol (IP) addresses on a network ______ with a public IP address, normally the gateway address to the network.

Answer 22

MASQUERADING

Question 23

___ is a file-sharing system connected to a network, normally using file-sharing protocols such as Samba.

Answer 23

(NFS) NETWORK FILE SYSTEM

Question 24

___ is a manual for security audits, testing, and analysis, created through ISECOM.

Answer 24

(OSSTMM) OPEN SOURCE SECUIRTY TESTING METHODOLOGY MANUAL

Question 25

___ is a certification sponsored by ISECOM for professionals who can assess legal requirements, design security tests, and measure controls in the context of the scientific method.

Answer 25

(OSPA) OSSTMM PROFESSIONAL SECURITY ANALYST

Question 26

___ is a certification sponsored by ISECOM for Linux professionals qualified to use various security programs.

Answer 26

(OSPE) OSSTMM PROFESSIONAL SECURITY EXPERT

Question 27

___is a certification sponsored by ISECOM for Linus professionals qualified to use various security programs.

Answer 27

(OSPT) OSSTMM PROFESSIONAL SECURITY TESTER

Question 28

___ is a certification sponsored by ISECOM for professionals who can audit a wireless network infrastructure.

Answer 28

(OWSE) OSSTMM PROFESSIONAL WIRELESS SECURITY EXPERT

Question 29

___ are supplements the CIA triad goals of confidentiality, integrity, and availability with three more goals: POSSESSION OR CONTROL, AUTHENTICITY, AND UTILITY.

Answer 29

PARKERIAN HEXAD

Question 30

___ is a sequence of characters used to control access, frequently used to verify connections to encrypted services such as SSH. This can use spaces.

Answer 30

PASSPHRASE

Question 31

___ is one of the ISECOM channels for security.

Answer 31

(PHYSSEC) PHYSICAL SECURITY

Question 32

___ is a malicious packet of ICMP data to a system that may be used to crash a target computer system.

Answer 32

PING OF DEATH

Question 33

____ is a Parkerian hexad concept for control of confidential information.

Answer 33

POSSESSION OR CONTROL

Question 34

___ is a program that encrypts messages and more with digital signatures based on private and public encryption keys. (First, the sender can use a private ___ key to encrypt a message, then the recipient can use a public ___ key to decrypt that message.)

Answer 34

(PGP) PRETTY GOOD PRIVACY

Question 35

___ is a file and printer sharing service compatible with Microsoft's Common Internet File System.

Answer 35

SAMBA

Question 36

___ is a US law that specifies financial-disclosure requirements for public companies.

Answer 36

(SOX) SARBANES-OXLEY ACT

Question 37

___ is one of the ISECOM channels for security audits, related to non-physical communications over the electromagnetic spectrum.

Answer 37

(SPECSEC) SPECTRUM SECURITY

Question 38

___ is an attack where a malicious user assumes the identity of another user or organization.

Answer 38

SPOOFING

Question 39

___ is a service that caches internet data to speed response times that can also track the sites browsed by users.

Answer 39

SQUID

Question 40

___ is a vendor-neutral certification for information security created by (ISC)2. It is suited to candidates working toward becoming security professionals.

Answer 40

(SSCP) SYSTEMS SECURITY CERTIFIED PRACTITIONER

Question 41

___ is a protocol and service that uses clear-text authentication.

Answer 41

TELNET

Question 42

___ is a member of the protocol suite that supports reliable connections.

Answer 42

(TCP) TRANSMISSION CONTROL PROTOCOL

Question 43

___ is the first thing that is run when you power up a relatively new computer. It identifies and tests connected hardware to a point where an operating system can be loaded from media such as a hard drive.

Answer 43

(UEFI) UNIFIED EXTENSIBLE FIRMWARE INTERFACE

Question 44

___ is a member of the (TCP/IP) protocol suite that supports congenialness "best-efforts" communications.

Answer 44

(UDP) USER DATAGRAM PROTOCOL (UDP

Question 45

___ in the Linux community, this is a user who wants to create better software. In the non-Linux community, it is an authorized user who runs security diagnostic tools to test the security features of a system or network.

Answer 45

WHITE HAT HACKER

Question 46

1. Which of the following terms is associated with malicious users in the open source community? 1. Hacker 2. Crackers 3. Techies 4. Nerds

Answer 46

Crackers

Question 47

2. Which of the following concepts is NOT part of the CIA triad? 1. Authority 2. Access 3. Authenticity 4. Availability

Answer 47

Authenticity

Question 48

3. Which of the following security certifications is associated with open source software? 1. SSCP 2. CISSP 3. RHCE 4. OSPA

Answer 48

OSPA

Question 49

4. Which of the following OSSTMM channels is associated with wireless security? 1. COMSEC 2. SPECSEC 3. PHYSSEC 4. WIRESEC

Answer 49

SPECSEC

Question 50

5. Which of the following is NOT an OSSTMM audit phase? 1. Licensing 2. Regulatory 3. Definitions 4. Information

Answer 50

Licensing

Question 51

6. Which of the following components makes up the core of the Linux operating system? 1. Cloned software from UNIX 2. The kernel 3. Linux libraries 4. Linux services

Answer 51

The kernel

Question 52

7. Which of the following is na open source license? 1. Freeware 2. Public domain 3. GNU GPL 4. Any Microsoft license

Answer 52

GNU GPL

Question 53

8. From the following options, name the component that is NOT part of a Linux User Domain. 1. Regular users 2. Regular groups 3. Service users 4. Computer users

Answer 53

Computer users

Question 54

9. From the following options, select a security advantage of open source software. 1. The efforts of the open source community 2. Secrecy in the source code 3. No information is released before a solution is available 4. None of the above

Answer 54

The efforts of the open source community

Question 55

10. Which of the following methods can be used to recover from an unbeatable situation in Linux, minimizing any risk of lost data? (Select two). 1. Recovery mode 2. Live CD 3. Reinstalling Linux 4. UEFI modification

Answer 55

Recovery mode Live CD

Question 56

11. From the following list, which is a system management tool for Linux? 1. Red Hat Zenworks 2. The Ubuntu 3. Landscape 4. Systems management server

Answer 56

Landscape

Question 57

12. Which of the following is a positive effect of virtualization on security? 1. Many virtual machines will confuse malicious users 2. Virtual machines can be configured with many services 3. Virtual machines can be configured as firewalls 4. Additional virtual machines make it possible to configure more bastion hosts.

Answer 57

Additional virtual machines make it possible to configure more bastion hosts.

Question 58

13. A developer who just wants to create better software in the open source world ins known as a ___.

Answer 58

Hacker

Question 59

14. The open source license associated with the GNU project is ___.

Answer 59

General Public License also acceptable: GPL, GNU, GPL, GNU General Public License