IS3440 CHAP 1 SECURITY THREATS TO LINUX Flashcards Preview

IS3440 LINUX SECURITY > IS3440 CHAP 1 SECURITY THREATS TO LINUX > Flashcards

Flashcards in IS3440 CHAP 1 SECURITY THREATS TO LINUX Deck (59):
1

____ a web server service used primarily on Linux.

APACHE

2

____ is a Parkerian hexad concept related to the CIA triad concept of integrity. It can help users and administrators verify that important communications, are genuine.

AUTHENTICITY

3

___ a CIA triad concept in which users have access to their data when they want it.

AVAILABILTIY

4

___ is the first thing that is run when you power up an older computer. It identifies and tests connected hardware to a point where an operating system can be loaded from media such as a hard drive.

BASIC INPUT/OUTPUT SYSTEM (BIOS)

5

___ is a user who wants to break into computer systems and networks with malicious purposes in mind.

BLACK-HAT HACKER

6

___ is the private company that is the corporate backer of the Ubuntu distribution.

CANONICAL

7

___ is a vendor-neutral certification for information security created by (ISC) that requires professional experience in multiple security domains.

CERTIFIED INFORMATION SYSTEMS SECURITY PROFESSIONS (CISSP)

8

___ this specifies three goals of information security: confidentiality integrity, and availability.

CIA TRIAD

9

___ is one of the ISECOM channels for security audits.

COMMUNICATIONS SECURITY (COMSEC)

10

___ in the open source community, this is a malicious user who wants to break into a computer system.

CRACKER

11

___ is one of several open source licenses used to share the source code for software.

GNU GENERAL PUBLIC LICENSE (GPL)

12

___ is the open source implementation of PGP, developed by the GNU Foundation.

GNU PRIVACY GUARD (GPG)

13

___ is a recursive acronym for the work of the GNU Foundation, including the clones of UNIX tools and libraries found in current Linux distributions.

GNU'S NOT UNIX (GNU)

14

____ is a US law that specifies confidentiality requirements for personal financial data.

GRAMM-LEACH-BLILEY ACT (GLBA)

15

____ is the organization associated with open source security certification and testing. It qualifies security professionals with four professionals with four certificates.
OSPA; OSPE; SOPT, AND OWPE.

(ISECOM) INSTITUTE FOR SECURITY AND OPEN METHODOLOGIES

16

___ is a CIA triad concept of trust, verified by means such as GPG key.

INTEGRITY

17

___ is an organization for security professionals. It qualifies professionals through the SSCP and CISSP certifications.

(ISC)2 INTERNATIONAL INFORMATION SYSTEMS SECURITY CERTIFICATION CONSORTIUM

18

____ is part of the Transmission Control Protocol/Internet Protocol suite of protocols. It is normally used to send error and network status messages.

(ICMP) INTERNET CONTROL MESSAGE PROTOCOL

19

____ is a version of the Internet Protocol still in common use today that the addresses use 32 bits.

(IPv4) INTERNET PROTOCOL VERSION 4

20

___ is a more recent version of the Internet Protocol in common use that the addresses use 128 bits.

(IPv6) INTERNET PROTOCOL VERSION 6

21

____ is a security control system that limits access to objects such as files and directories to specified users and groups.

MANDATORY ACCESS CONTROL

22

This is a reference to network address translation where private Internet Protocol (IP) addresses on a network ______ with a public IP address, normally the gateway address to the network.

MASQUERADING

23

___ is a file-sharing system connected to a network, normally using file-sharing protocols such as Samba.

(NFS) NETWORK FILE SYSTEM

24

___ is a manual for security audits, testing, and analysis, created through ISECOM.

(OSSTMM) OPEN SOURCE SECUIRTY TESTING METHODOLOGY MANUAL

25

___ is a certification sponsored by ISECOM for professionals who can assess legal requirements, design security tests, and measure controls in the context of the scientific method.

(OSPA) OSSTMM PROFESSIONAL SECURITY ANALYST

26

___ is a certification sponsored by ISECOM for Linux professionals qualified to use various security programs.

(OSPE) OSSTMM PROFESSIONAL SECURITY EXPERT

27

___is a certification sponsored by ISECOM for Linus professionals qualified to use various security programs.

(OSPT) OSSTMM PROFESSIONAL SECURITY TESTER

28

___ is a certification sponsored by ISECOM for professionals who can audit a wireless network infrastructure.

(OWSE) OSSTMM PROFESSIONAL WIRELESS SECURITY EXPERT

29

___ are supplements the CIA triad goals of confidentiality, integrity, and availability with three more goals:
POSSESSION OR CONTROL, AUTHENTICITY, AND UTILITY.

PARKERIAN HEXAD

30

___ is a sequence of characters used to control access, frequently used to verify connections to encrypted services such as SSH. This can use spaces.

PASSPHRASE

31

___ is one of the ISECOM channels for security.

(PHYSSEC) PHYSICAL SECURITY

32

___ is a malicious packet of ICMP data to a system that may be used to crash a target computer system.

PING OF DEATH

33

____ is a Parkerian hexad concept for control of confidential information.

POSSESSION OR CONTROL

34

___ is a program that encrypts messages and more with digital signatures based on private and public encryption keys. (First, the sender can use a private ___ key to encrypt a message, then the recipient can use a public ___ key to decrypt that message.)

(PGP) PRETTY GOOD PRIVACY

35

___ is a file and printer sharing service compatible with Microsoft's Common Internet File System.

SAMBA

36

___ is a US law that specifies financial-disclosure requirements for public companies.

(SOX) SARBANES-OXLEY ACT

37

___ is one of the ISECOM channels for security audits, related to non-physical communications over the electromagnetic spectrum.

(SPECSEC) SPECTRUM SECURITY

38

___ is an attack where a malicious user assumes the identity of another user or organization.

SPOOFING

39

___ is a service that caches internet data to speed response times that can also track the sites browsed by users.

SQUID

40

___ is a vendor-neutral certification for information security created by (ISC)2. It is suited to candidates working toward becoming security professionals.

(SSCP) SYSTEMS SECURITY CERTIFIED PRACTITIONER

41

___ is a protocol and service that uses clear-text authentication.

TELNET

42

___ is a member of the protocol suite that supports reliable connections.

(TCP) TRANSMISSION CONTROL PROTOCOL

43

___ is the first thing that is run when you power up a relatively new computer. It identifies and tests connected hardware to a point where an operating system can be loaded from media such as a hard drive.

(UEFI) UNIFIED EXTENSIBLE FIRMWARE INTERFACE

44

___ is a member of the (TCP/IP) protocol suite that supports congenialness "best-efforts" communications.

(UDP) USER DATAGRAM PROTOCOL (UDP

45

___ in the Linux community, this is a user who wants to create better software. In the non-Linux community, it is an authorized user who runs security diagnostic tools to test the security features of a system or network.

WHITE HAT HACKER

46

1. Which of the following terms is associated with malicious users in the open source community?

1. Hacker
2. Crackers
3. Techies
4. Nerds

Crackers

47

2. Which of the following concepts is NOT part of the CIA triad?

1. Authority
2. Access
3. Authenticity
4. Availability

Authenticity

48

3. Which of the following security certifications is associated with open source software?

1. SSCP
2. CISSP
3. RHCE
4. OSPA

OSPA

49

4. Which of the following OSSTMM channels is associated with wireless security?

1. COMSEC
2. SPECSEC
3. PHYSSEC
4. WIRESEC

SPECSEC

50

5. Which of the following is NOT an OSSTMM audit phase?

1. Licensing
2. Regulatory
3. Definitions
4. Information

Licensing

51

6. Which of the following components makes up the core of the Linux operating system?

1. Cloned software from UNIX
2. The kernel
3. Linux libraries
4. Linux services

The kernel

52

7. Which of the following is na open source license?

1. Freeware
2. Public domain
3. GNU GPL
4. Any Microsoft license

GNU GPL

53

8. From the following options, name the component that is NOT part of a Linux User Domain.

1. Regular users
2. Regular groups
3. Service users
4. Computer users

Computer users

54

9. From the following options, select a security advantage of open source software.

1. The efforts of the open source community
2. Secrecy in the source code
3. No information is released before a solution is available
4. None of the above

The efforts of the open source community

55

10. Which of the following methods can be used to recover from an unbeatable situation in Linux, minimizing any risk of lost data? (Select two).

1. Recovery mode
2. Live CD
3. Reinstalling Linux
4. UEFI modification

Recovery mode

Live CD

56

11. From the following list, which is a system management tool for Linux?

1. Red Hat Zenworks
2. The Ubuntu
3. Landscape
4. Systems management server

Landscape

57

12. Which of the following is a positive effect of virtualization on security?

1. Many virtual machines will confuse malicious users
2. Virtual machines can be configured with many services
3. Virtual machines can be configured as firewalls
4. Additional virtual machines make it possible to configure more bastion hosts.

Additional virtual machines make it possible to configure more bastion hosts.

58

13. A developer who just wants to create better software in the open source world ins known as a ___.

Hacker

59

14. The open source license associated with the GNU project is ___.

General Public License
also acceptable:
GPL, GNU, GPL, GNU General Public License