IS3440 CHAP 3 BASIC SECURITY: FACILITIES THROUGH THE BOOT PROCESS Flashcards Preview

IS3440 LINUX SECURITY > IS3440 CHAP 3 BASIC SECURITY: FACILITIES THROUGH THE BOOT PROCESS > Flashcards

Flashcards in IS3440 CHAP 3 BASIC SECURITY: FACILITIES THROUGH THE BOOT PROCESS Deck (49):
1

___ is the main configuration file for GUB version 1, AKA traditional GRUB.

COMMAND /boot/grub.conf

2

___ is the mount configuration file for Linux filesystems.

COMMAND /etc/fstab

3

___ is the main configuration file for the Linux Loader (LILO).

COMMAND /etc/lilo.conf

4

___ is the configuration file that associates Internet services with Transmission Control Protocol/Internet Protocol (TCP/IP) port numbers and protocols.

COMMAND /etc/services

5

___ is the Linux package with management tools for the (COMMAND) trousers package, associated with the Trusted Computing Software Stack and the TPM chip.

COMMAND tpm-tools

6

___ is the Linux package associated with the Trusted Computing Software Stack, in support of the TPM chip.

COMMAND/ trousers

7

___is an interface often embedded in the motherboard. In some cases, it may be configured to allow remote access to the system boot menus.

(BMC) Baseboard management controller

8

___ is the identification controls based on uniqued characteristics of authorized personnel. It may be used for authentication to access a secure location such as a server room.

Biometric controls

9

___ is a sequence of programs that may be verified by the TPM. Example of this is Trusted GRUB.

Chain of trust

10

___ is a self-described "donor-funded nonprofit" created to protect the digital rights of consumers.

(EFF) Electronic Frontier Foundation

11

___ is the organization behind the GNU project.

(FSF) Free Software Foundation

12

___ is a newer version of the Grand Unified Bootloader, not yet in use on many Linux distributions.

GRUB 2.0

13

___ is a one-way function that converts a large amount of data to a single (long) number in an irreversible manner.

Hash function

14

___ is a Linux security module developed by IBM to check the integrity of executable files before the are loaded during the boot process.

(IMA) Integrity Measurement Architecture

15

___ is a nonprofit organization that sponsors Linux certification exams.

(LPI) Linux Professional Institute

16

___ is a cryptographic hash function with a 128-bit value. It is also used to encrypt local Linux passwords in the (COMMAND FILE) /etc/shadow.

(MD5) Message Digest 5

17

___is a consortium of security professionals and organizations sponsored by the European Union. ISECOM is working through ___ to modify standards for the TPM chip.

(OPEN TC) Open Trusted Computing

18

___is a feature requested ty the EFF for inclusion in TPM chips that would enable fine-grained control over its use.

Owner override

19

___ is a feature of a network card and a BIOS/UEFI system that gives a system the ability to boot an operating system from a remote location.

(PXE) Pre-boot eXecution Environment

20

Colloquially known as a sniffer, a ___ can listen in on messages transmitted on a network. One Linux example is Wireshark.

Protocol analyzer

21

___ is part of a Trusted Computing concept, known as the roots of trust. The core may reside in the first boot program, the BIOS or UEFI.

(RTM) Root Trust for Measurement

22

___ is part of a Trusted Computing concept, known as the roots of trust. It reports on the integrity of a software component using SHA-1 keys.

(RTR) Root Trust for Reporting

23

___ is part of a Trusted Computing concept, known as the roots of trust. It uses an endorsement key created by the TPM to store data implicitly trusted by the operating system.

(RTS) Root Trust for Storage

24

___ is a set of cryptographic functions created by the US National Security Agency (NSA). Because of a weakness in it, the NIST has sponsored a competition for the development of this algorithm.

(SHA-1) Secure Hash Algorithm 1

25

___ is a set of cryptographic functions being developed through a competition sponsored by NIST.

(SHA-3) Secure Has Algorithm 3

26

___ is a Web-based software development site.

SourceForge

27

___ is the President of the Free Software Foundation (FSF), the organization behind the GNU project. It is the leading opponent of the TPM chip.

Stallman, Richard

28

___ is a key used to encrypt keys stored outside the TPM chip.

(SRK) Storage Root Key

29

___ is an open source software stack of programs designed to work with the TPM chip. It may be downloaded and installed as the (COMMAND package) trousers .

TCG Software Stack

30

___ is a chip that may be installed on hardware such as a motherboard. It may be used for password protection, software license protection, digital rights management, and disk encryption.

(TPM) Trusted Platform Module

31

___ is a specialized version of GRUB that can work with the TPM chip in a chain of trust.

TrustedGRUB

32

___ is a paravirtualized device in a hardware-virtualized machine, designed for faster virtual hard drives.

Virtio block device

33

___Is the operating system installed inside a host's virtual machine software.

Virtual guest

34

___ is the operating system that hosts virtual machine software.

Virtual host

35

___ is a protocol analyzer and previously know as Ethereal.

Wireshark

36

1. Which of the following hardware components is NOT used to boot a Linux system?

1. A PXE-enabled network card
2. A USB port
3. A CD drive
4. An Ethernet port

An Ethernet port

37

2. From the following answers, what is NOT addressed by a TPM chip?

1. DRM
2. Disk encryption
3. KVM virtual machines
4. Chain of trust

KVM virtual machines

38

3. Which of the following roots of trust is associated with the BIOS/UEFI?

1. The Root of Trust Reporting
2. The Root of Trust Storage
3. The Root of Trust Management
4.The Root of Trust Networking

.The Root of Trust Networking

39

4. Which of the following packages implements TPM support on Linux (Select two COMMANDS)

1. tpm-tools
2. tpm-drm
3. trousers
4. tcg

tpm-tools

trousers

40

5. Name the Linux service associated with virtual application support.

1. KVM
2. WINE
3. VMware Player
4. Xen

WINE

41

6. Which of the following directives in a LILO configuration file specifies the time before the default operating system is booted?

1. delay
2. timeout
3. default
4. period

delay

42

7. The COMMAND that can be used to set up an encrypted password for a traditional GRUB configuration file is ___.

(COMMAND)
grub-md5-crypt

43

8. From the following COMMANDS, which one updates the GRUB 2.0 configuration file read by the boot loader?

1. grub-setup
2. grub-mkconfig
3. grub-install
4. grub-set-default

grub-mkconfig

44

9. In a TrustedGRUB configuration file, which of the following directives refers to the first partition on the second hard drive?

1. root (hd1.2)
2. root (hd2,1)
3. root (hd1,1)
4. root (hd0,2)

root (hd1.2)

45

10. Which of the following kernel types is most likely to address the most RAM?

1. Desktop
2. Server
3. Virtual machine
4. Generic

Server

46

11. Which of the following kernel types is most likely to work with the smallest amount of RAM?

1. Desktop
2. Server
3. Virtual machine
4. Generic

Virtual machine

47

12. The GRUB 2.0 menu is hidden during the boot process. Which of the following keys, when pressed at the appropriate time, reveals the menu?

1. Alt
2. Shift
3. Del
4. Ctrl

Shift

48

13. Which of the following options can be substituted for a partition device in the (COMMAND) /etc /fstab configuration file? (Select two COMMANDS).

1. sysfs
2. LABEL
3. /proc
4. UUID

LABEL

UUID

49

14. Which of the following concepts is NOT one of the five OSSTMM process controls?

1. Privacy
2. Alarm
3. Authenticity
4. Integrity

Authenticity