IS3440 CHAP 12 BUILDING AND MAINTAINING A SECURITY BASELINE Flashcards Preview

IS3440 LINUX SECURITY > IS3440 CHAP 12 BUILDING AND MAINTAINING A SECURITY BASELINE > Flashcards

Flashcards in IS3440 CHAP 12 BUILDING AND MAINTAINING A SECURITY BASELINE Deck (26):
1

COMMAND ___ is a log priority that specifies problems that require immediate attention.

alert

2

COMMAND ___ is the lowest log priority; also provides the greatest detail.

debug

3

COMMAND ___ is a log priority that specifies very important messages; may also be shown as COMMAND panic or crit.

emerg

4

COMMAND ___ is a log priority that adds error messages; may also be shown as COMMAND error.

err

5

COMMAND ___ is a log priority that adds logging notes at the information level.

info

6

COMMAND ___ is a log priority that includes messages that might require attention.

notice

7

COMMAND ___ is a log priority that provides warning messages; may also be shown as COMMAND warning.

warn

8

___ is an intrusion detection system; available in both Red Hat and Ubuntu repositories.

(AIDE) Advanced Intrusion Detection Environment

9

___ is the Red Hat installation program.

Anaconda

10

___ is the latest system for system and kernel logs; also supports secure transmission of log information to a central logging server.

RSyslog

11

___ is an intrusion detection system; open source and commercial versions are available.

Tripwire

12

1. Which of the following options support remote updates from a Web-based interface?

1. Minimal installation
2. No automatic updates
3. Install security updates automatically
4. Manage system with Landscape

Manage system with Landscape

13

2. Which of the following package groups are included in a default RHEL 5 installation?

1. Automatic updates
2. KDE
3. GNOME
4. Secure Shell server

GNOME

14

3. What is the mount option that disables executable binaries in an /etc/fstab configuration file?

noexec

15

4. which of the following directories is normally NOT appropriate as a read-only filesystem?

1. /boot/
2. /home/
3. /root/
4. /sbin/

/home/

16

5. Which of the following directories is a standard location for packages downloaded from an Ubuntu repository?

1. /var/cache/apt/
2. /var/cache/yum/
3. /tmp/
4. /root/

/var/cache/apt/

17

6. Which of the following is NOT a reason to test updates before installing them on a gold baseline?

1. Potential effects on compiled software
2. Support issues with third-party software
3. Source code is unverified
4. Potential interactions with other software

Source code is unverified

18

7. Which of the following log priorities provides the most important messages?

1. debug
2. err
3. info
4. notice

err

19

8. In a Samba log file, which of the following is associated with the %m variable?

1. Username
2. Hostname
3. Service version
4. User profile

Hostname

20

9. What option in the /etc/syslog.conf configuration file includes MAIL messages of only the INFO priority? Use the facility.priority format.

mail.=info


21

10. which of the following modules is associated with system logging in an Syslog configuration file?

1. imuxsock
2. imklog
3. imudp
4. imtcp

imuxsock

22

11. Which of the following symbols in an Syslog configuration file is associated with UDP connections?

1. !
2. @
3. @@
4. =

@

23

12. What is the simplest command that includes all packages on an Ubuntu system?

dpkg -1

24

13. Which of the following commands can best collect information on the activity on a system?

1. top
2. sar
3. vmstat
4. free

sar

25

14. Which of the following configuration files includes Tripwires configuration policies in a human-readable format?

1. twcfg.txt
2. tw.cfg
3. twpol.txt
4. twpol.enc

twpol.txt

26

15. What command switch inspects the current configuration, comparing it with a previously derived baseline configuration? This switch works with both the TRIPWIRE and AIDE commands.

1. --inspect
2. --check
3. --compare
4. --review

--check