IS3440 CHAP 1 SECURITY THREATS TO LINUX Flashcards

1
Q

____ a web server service used primarily on Linux.

A

APACHE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

____ is a Parkerian hexad concept related to the CIA triad concept of integrity. It can help users and administrators verify that important communications, are genuine.

A

AUTHENTICITY

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

___ a CIA triad concept in which users have access to their data when they want it.

A

AVAILABILTIY

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

___ is the first thing that is run when you power up an older computer. It identifies and tests connected hardware to a point where an operating system can be loaded from media such as a hard drive.

A

BASIC INPUT/OUTPUT SYSTEM (BIOS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

___ is a user who wants to break into computer systems and networks with malicious purposes in mind.

A

BLACK-HAT HACKER

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

___ is the private company that is the corporate backer of the Ubuntu distribution.

A

CANONICAL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

___ is a vendor-neutral certification for information security created by (ISC) that requires professional experience in multiple security domains.

A

CERTIFIED INFORMATION SYSTEMS SECURITY PROFESSIONS (CISSP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

___ this specifies three goals of information security: confidentiality integrity, and availability.

A

CIA TRIAD

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

___ is one of the ISECOM channels for security audits.

A

COMMUNICATIONS SECURITY (COMSEC)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

___ in the open source community, this is a malicious user who wants to break into a computer system.

A

CRACKER

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

___ is one of several open source licenses used to share the source code for software.

A

GNU GENERAL PUBLIC LICENSE (GPL)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

___ is the open source implementation of PGP, developed by the GNU Foundation.

A

GNU PRIVACY GUARD (GPG)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

___ is a recursive acronym for the work of the GNU Foundation, including the clones of UNIX tools and libraries found in current Linux distributions.

A

GNU’S NOT UNIX (GNU)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

____ is a US law that specifies confidentiality requirements for personal financial data.

A

GRAMM-LEACH-BLILEY ACT (GLBA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

____ is the organization associated with open source security certification and testing. It qualifies security professionals with four professionals with four certificates.
OSPA; OSPE; SOPT, AND OWPE.

A

(ISECOM) INSTITUTE FOR SECURITY AND OPEN METHODOLOGIES

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

___ is a CIA triad concept of trust, verified by means such as GPG key.

A

INTEGRITY

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

___ is an organization for security professionals. It qualifies professionals through the SSCP and CISSP certifications.

A

(ISC)2 INTERNATIONAL INFORMATION SYSTEMS SECURITY CERTIFICATION CONSORTIUM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

____ is part of the Transmission Control Protocol/Internet Protocol suite of protocols. It is normally used to send error and network status messages.

A

(ICMP) INTERNET CONTROL MESSAGE PROTOCOL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

____ is a version of the Internet Protocol still in common use today that the addresses use 32 bits.

A

(IPv4) INTERNET PROTOCOL VERSION 4

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

___ is a more recent version of the Internet Protocol in common use that the addresses use 128 bits.

A

(IPv6) INTERNET PROTOCOL VERSION 6

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

____ is a security control system that limits access to objects such as files and directories to specified users and groups.

A

MANDATORY ACCESS CONTROL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

This is a reference to network address translation where private Internet Protocol (IP) addresses on a network ______ with a public IP address, normally the gateway address to the network.

A

MASQUERADING

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

___ is a file-sharing system connected to a network, normally using file-sharing protocols such as Samba.

A

(NFS) NETWORK FILE SYSTEM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

___ is a manual for security audits, testing, and analysis, created through ISECOM.

A

(OSSTMM) OPEN SOURCE SECUIRTY TESTING METHODOLOGY MANUAL

25
Q

___ is a certification sponsored by ISECOM for professionals who can assess legal requirements, design security tests, and measure controls in the context of the scientific method.

A

(OSPA) OSSTMM PROFESSIONAL SECURITY ANALYST

26
Q

___ is a certification sponsored by ISECOM for Linux professionals qualified to use various security programs.

A

(OSPE) OSSTMM PROFESSIONAL SECURITY EXPERT

27
Q

___is a certification sponsored by ISECOM for Linus professionals qualified to use various security programs.

A

(OSPT) OSSTMM PROFESSIONAL SECURITY TESTER

28
Q

___ is a certification sponsored by ISECOM for professionals who can audit a wireless network infrastructure.

A

(OWSE) OSSTMM PROFESSIONAL WIRELESS SECURITY EXPERT

29
Q

___ are supplements the CIA triad goals of confidentiality, integrity, and availability with three more goals:
POSSESSION OR CONTROL, AUTHENTICITY, AND UTILITY.

A

PARKERIAN HEXAD

30
Q

___ is a sequence of characters used to control access, frequently used to verify connections to encrypted services such as SSH. This can use spaces.

A

PASSPHRASE

31
Q

___ is one of the ISECOM channels for security.

A

(PHYSSEC) PHYSICAL SECURITY

32
Q

___ is a malicious packet of ICMP data to a system that may be used to crash a target computer system.

A

PING OF DEATH

33
Q

____ is a Parkerian hexad concept for control of confidential information.

A

POSSESSION OR CONTROL

34
Q

___ is a program that encrypts messages and more with digital signatures based on private and public encryption keys. (First, the sender can use a private ___ key to encrypt a message, then the recipient can use a public ___ key to decrypt that message.)

A

(PGP) PRETTY GOOD PRIVACY

35
Q

___ is a file and printer sharing service compatible with Microsoft’s Common Internet File System.

A

SAMBA

36
Q

___ is a US law that specifies financial-disclosure requirements for public companies.

A

(SOX) SARBANES-OXLEY ACT

37
Q

___ is one of the ISECOM channels for security audits, related to non-physical communications over the electromagnetic spectrum.

A

(SPECSEC) SPECTRUM SECURITY

38
Q

___ is an attack where a malicious user assumes the identity of another user or organization.

A

SPOOFING

39
Q

___ is a service that caches internet data to speed response times that can also track the sites browsed by users.

A

SQUID

40
Q

___ is a vendor-neutral certification for information security created by (ISC)2. It is suited to candidates working toward becoming security professionals.

A

(SSCP) SYSTEMS SECURITY CERTIFIED PRACTITIONER

41
Q

___ is a protocol and service that uses clear-text authentication.

A

TELNET

42
Q

___ is a member of the protocol suite that supports reliable connections.

A

(TCP) TRANSMISSION CONTROL PROTOCOL

43
Q

___ is the first thing that is run when you power up a relatively new computer. It identifies and tests connected hardware to a point where an operating system can be loaded from media such as a hard drive.

A

(UEFI) UNIFIED EXTENSIBLE FIRMWARE INTERFACE

44
Q

___ is a member of the (TCP/IP) protocol suite that supports congenialness “best-efforts” communications.

A

(UDP) USER DATAGRAM PROTOCOL (UDP

45
Q

___ in the Linux community, this is a user who wants to create better software. In the non-Linux community, it is an authorized user who runs security diagnostic tools to test the security features of a system or network.

A

WHITE HAT HACKER

46
Q
  1. Which of the following terms is associated with malicious users in the open source community?
  2. Hacker
  3. Crackers
  4. Techies
  5. Nerds
A

Crackers

47
Q
  1. Which of the following concepts is NOT part of the CIA triad?
  2. Authority
  3. Access
  4. Authenticity
  5. Availability
A

Authenticity

48
Q
  1. Which of the following security certifications is associated with open source software?
  2. SSCP
  3. CISSP
  4. RHCE
  5. OSPA
A

OSPA

49
Q
  1. Which of the following OSSTMM channels is associated with wireless security?
  2. COMSEC
  3. SPECSEC
  4. PHYSSEC
  5. WIRESEC
A

SPECSEC

50
Q
  1. Which of the following is NOT an OSSTMM audit phase?
  2. Licensing
  3. Regulatory
  4. Definitions
  5. Information
A

Licensing

51
Q
  1. Which of the following components makes up the core of the Linux operating system?
  2. Cloned software from UNIX
  3. The kernel
  4. Linux libraries
  5. Linux services
A

The kernel

52
Q
  1. Which of the following is na open source license?
  2. Freeware
  3. Public domain
  4. GNU GPL
  5. Any Microsoft license
A

GNU GPL

53
Q
  1. From the following options, name the component that is NOT part of a Linux User Domain.
  2. Regular users
  3. Regular groups
  4. Service users
  5. Computer users
A

Computer users

54
Q
  1. From the following options, select a security advantage of open source software.
  2. The efforts of the open source community
  3. Secrecy in the source code
  4. No information is released before a solution is available
  5. None of the above
A

The efforts of the open source community

55
Q
  1. Which of the following methods can be used to recover from an unbeatable situation in Linux, minimizing any risk of lost data? (Select two).
  2. Recovery mode
  3. Live CD
  4. Reinstalling Linux
  5. UEFI modification
A

Recovery mode

Live CD

56
Q
  1. From the following list, which is a system management tool for Linux?
  2. Red Hat Zenworks
  3. The Ubuntu
  4. Landscape
  5. Systems management server
A

Landscape

57
Q
  1. Which of the following is a positive effect of virtualization on security?
  2. Many virtual machines will confuse malicious users
  3. Virtual machines can be configured with many services
  4. Virtual machines can be configured as firewalls
  5. Additional virtual machines make it possible to configure more bastion hosts.
A

Additional virtual machines make it possible to configure more bastion hosts.

58
Q
  1. A developer who just wants to create better software in the open source world ins known as a ___.
A

Hacker

59
Q
  1. The open source license associated with the GNU project is ___.
A

General Public License
also acceptable:
GPL, GNU, GPL, GNU General Public License