Security

Question 1

Define the Zero-Day Problem.

Answer 1

The Zero-Day Problem refers to vulnerabilities that are known to attackers but not yet known or patched by software vendors.

Question 2

Define a patch cycle.

Answer 2

A patch cycle involves discovering a vulnerability, creating and publishing a patch, and users installing the patch.

Question 3

Define zero-day vulnerability.

Answer 3

A zero-day vulnerability is a security flaw that is exploited before the vendor releases a patch.

Question 4

Define the Principle of Least Privilege (PoLP).

Answer 4

PoLP states that users, applications, and systems should only have the minimum access necessary to perform required tasks.

Question 5

Define sandboxing.

Answer 5

running programs in isolated environments to limit their capabilities and potential damage.

Question 6

Define SELinux.

Answer 6

a mandatory access control system in the Linux kernel developed by the NSA and Red Hat.

Question 7

Define DAC.

Answer 7

allows users to control access permissions to their own files.

Question 8

Define MAC.

Answer 8

Mandatory Access Control (MAC) restricts access based on policies set by an administrator, not the user.

Question 9

Define root user in Linux.

Answer 9

is the administrative user with unrestricted access to all commands and files in Linux.

Question 10

Define a non-root user.

Answer 10

A non-root user is a standard user with limited permissions in the Linux operating system.

Question 11

Define chmod command.

Answer 11

chmod changes the permissions of a file or directory in Linux.

Question 12

Define sudo command.

Answer 12

sudo allows a permitted user to execute a command as another user, typically the superuser.

Question 13

Define file permissions in Linux.

Answer 13

File permissions control who can read, write, or execute a file.

Question 14

Define rwxr-xr-x.

Answer 14

Owner has read, write, execute; group and others have read, execute only.

Question 15

Define the numeric representation of file permissions.

Answer 15

File permissions can be represented in numbers, e.g., 755 = rwxr-xr-x.

Question 16

Define SELinux enforcing mode.

Answer 16

Policies are enforced and violations are logged.

Question 17

Define SELinux permissive mode.

Answer 17

Policies are not enforced, but violations are logged.

Question 18

Define SELinux disabled mode.

Answer 18

SELinux is off, and violations are not logged.

Question 19

Define SELinux labeling.

Answer 19

Every process and file has a label, and access rules are based on these labels.

Question 20

Define SELinux policy.

Answer 20

A set of rules determining what labeled processes can access which labeled objects.

Question 21

Define type enforcement.

Answer 21

A model in SELinux where access is granted based on the types assigned to processes and objects.

Question 22

Define MCS (Multi-Category Security).

Answer 22

A SELinux feature that allows the same type to be reused with unique categories to separate access.

Question 23

Define MLS (Multi-Level Security).

Answer 23

An SELinux model where access is based on hierarchical security levels (e.g., secret, top-secret).

Question 24

Define a process label.

Answer 24

A security context assigned to a process used to determine access rights.

Question 25

Define an object label.

Answer 25

A label assigned to a file or directory that specifies access permissions.

Question 26

Define dominance in MLS.

Answer 26

A higher-level label (e.g., Greyhound) can access objects with a lower label (e.g., Chihuahua), but not vice versa.

Question 27

Define the SELinux rule ‘allow cat cat_chow : food eat;’.

Answer 27

This rule allows the process type cat to access object type cat_chow for the class food and permission eat.

Question 28

Define what happens if a process violates SELinux policy

Answer 28

Answer: The action is denied, and in enforcing mode, the violation is logged.

Question 29

Define the benefit of PoLP in compromised accounts.

Answer 29

It limits the attacker’s access, reducing potential damage.

Question 30

Define the inherent insecurity of computers.

Answer 30

Modern computing systems are too complex to be completely secure due to flaws and human error.

Question 31

Define why prompt patching is important.

Answer 31

Answer: It protects systems from known vulnerabilities before they can be exploited.

Question 32

Define what happens during the patch delay window.

Answer 32

Answer: Systems are highly vulnerable as attackers and vendors race against each other.

Question 33

Define the ls -l command.

Answer 33

Answer: Displays file permissions and attributes in Linux.

Question 34

Define the read permission in Linux.

Answer 34

Answer: Allows the viewing of a file's contents.

Question 35

Define the write permission in Linux.

Answer 35

Answer: Allows editing or modifying the file.

Question 36

Define the execute permission in Linux.

Answer 36

Answer: Allows running the file as a program or script.

Question 37

Define the numeric value of read permission.

Answer 37

Answer: 4

Question 38

Define the numeric value of write permission.

Answer 38

2

Question 39

Define the numeric value of execute permission.

Answer 39

1

Question 40

Define what 755 means in file permissions.

Answer 40

Answer: Owner has full permissions, group and others have read and execute only.

Question 41

Define the concept of ‘everything is denied by default’ in SELinux.

Answer 41

Answer: SELinux blocks all actions unless explicitly allowed by policy.

Question 42

Define how MCS differs from type enforcement.

Answer 42

Answer: MCS uses categories to further restrict access among subjects with the same type.

Question 43

Define an example of MLS policy application.

Answer 43

Answer: A Greyhound process can access both Greyhound and Chihuahua data, but not vice versa.

Question 44

Define why creating separate types for each subject is not scalable.

Answer 44

Answer: It leads to policy explosion and becomes hard to manage.