Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

Linux+ XKO-005 > Study Guide Chap16- Looking at Access and Authentication Methods > Flashcards

Study Guide Chap16- Looking at Access and Authentication Methods Flashcards

(12 cards)

Start Studying
1
Q

1- For an application to use PAM, it needs to be compiled with which PAM library?

  • ldd
  • pam_nologin.so
  • pam_unix.so
  • libpam
  • pam_cracklib
A

libpam

For an application to use PAM, it must be compiled with the libpam (also called libpam.so) library. Thus, option D is the correct answer. Option A lists the ldd command, which allows you to view modules compiled with various applications. Therefore, option A is a wrong answer. Options B, C, and E are all PAM modules, but none are the PAM library module needed to make an application PAM‐aware. Therefore, options B, C, and E are incorrect choices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

2- Which of the following are PAM control flags? (Choose all that apply.)

  • requisite
  • required
  • allowed
  • sufficient
  • optional
A
  • requisite
  • required
  • sufficient
  • optional

requisite, required, sufficient, and optional are all PAM control flags you may find in a PAM /etc/pam.d/ configuration file. Therefore, options A, B, D, and E are correct. Option C, allowed, is made up and thus an incorrect choice.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are PAM control flags?

A
  • keywords in PAM configuration files that determine how the success or failure of a PAM module affects the overall authentication process.
  • Common control flags include “required” (module must succeed but processing continues), “requisite” (failure immediately terminates), “sufficient” (success immediately grants access), and “optional” (result doesn’t affect outcome unless it’s the only module).
  • Function controls the authentication flow by defining whether to continue processing additional modules or immediately succeed/fail based on each module’s result.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

3- Which of the following will display failed login attempts? (Choose all that apply.)

  • tally2
  • pam_tally2
  • pam_tally2.so
  • pam_faillock
  • faillock
A
  • pam_tally2
  • faillock

The pam_tally2 and faillock commands display failed login attempts, and therefore options B and E are correct answers. The tally2 command does not exist, and thus option A is a wrong answer. The pam_tally2.so module is involved with locking out accounts due to failed login attempts, but it does not display failed logins. Therefore, option C is a wrong choice. The pam_faillock is made up, and thus, option D is also an incorrect choice.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

4- Leigh encrypts a message with Luke’s public key and then sends the message to Luke. After receiving the message, Luke decrypts the message with his private key. What does this describe? (Choose all that apply.)

  • Symmetric key encryption
  • Asymmetric key encryption
  • Public/private key encryption
  • Secret key encryption
  • Private key encryption
A
  • Asymmetric key encryption
  • Public/private key encryption

Asymmetric, or public/private, key encryption involves a message sender encrypting a message with the receiver’s public key. When the receiver obtains the encrypted message, it is then decrypted using the receiver’s private key. Therefore, options B and C are correct answers. Symmetric key encryption is also called secret or private key encryption. It involves the sender and receiver using the same secret key to encrypt and decrypt a message. Therefore, options A, D, and E are incorrect choices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

5- Which of the following best describes a digital signature?

  • Plaintext that has been turned into ciphertext
  • Ciphertext that has been turned into plaintext
  • A framework that proves authenticity and validation of keys as well as the people or devices that use them
  • A digital certificate that is not signed by a CA but by an end user
  • An original plaintext hash, which is encrypted with a private key and sent along with the ciphertext
A

An original plaintext hash, which is encrypted with a private key and sent along with the ciphertext

Option E best describes a digital signature and is therefore the correct answer. Option A describes encryption and is thus a wrong answer. Option B describes decryption and is also an incorrect choice. PKI is described in option C, and thus option C is a wrong answer. Option D describes a self‐signed digital certificate, and therefore it is an incorrect choice as well.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

6- The OpenSSH application keeps track of any previously connected hosts and their public keys in what file?

  • ~/.ssh/known_hosts
  • ~/.ssh/authorized_keys
  • /etc/ssh/known_hosts
  • /etc/ssh/authorized_keys
  • /etc/ssh/ssh_host_rsa_key.pub
A

~/.ssh/known_hosts

The OpenSSH application keeps track of any previously connected hosts and their public keys in each user’s ~/.ssh/known_hosts file. Therefore, option A is the correct answer. The ~/.ssh/authorized_keys file is used on an SSH server to keep track of authorized public keys used for password‐less authentication. Therefore, option B is a wrong answer. Options C and D are made up and therefore incorrect choices. Option E is an RSA public key that could be created by the ssh-keygen utility, so it is a wrong choice as well.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

7- Which of the following are OpenSSH configuration files? (Choose all that apply.)

  • ~./ssh/config
  • /etc/ssh/ssh_config
  • /etc/ssh/sshd_config
  • /etc/sshd/ssh_config
  • /etc/sshd/sshd_config
A
  • ~./ssh/config
  • /etc/ssh/ssh_config
  • /etc/ssh/sshd_config

The ~./ssh/config, /etc/ssh/ssh_config, and /etc/ssh/sshd_config files are all OpenSSH configuration files. Therefore, options A, B, and C are correct choices. The files listed in options D and E are made up and therefore incorrect answers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

8- Which of the following files may be involved in authenticating with SSH keys?

  • /etc/ssh/ssh_host_rsa_key
  • /etc/ssh/ssh_host_rsa_key.pub
  • ~/.ssh/id_rsa_key
  • ~/.ssh/id_rsa_key.pub
  • ~/.ssh/id_rsa
A

~/.ssh/id_rsa

The only correct answer is option E. These identity keys are created with the filenames of id_ type for the private key and id_ type .pub for the public key. The key in option E is a private key using the RSA algorithm. Option A’s key is an RSA private key used in establishing a password authenticated SSH connection, so it is a wrong answer. The key listed in option B is a public version of option A’s key, so it too is a wrong choice. The keys listed in options C and D are made up, and thus they are wrong choices as well.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

9- Which of the following is true concerning TCP wrappers? (Choose all that apply.)

  • The /etc/hosts.allow file is consulted first.
  • The /etc/hosts.allow file should contain ALL: ALL to provide the best security.
  • If an application is compiled with the libwrap library, it can employ TCP Wrappers.
  • IP addresses of remote systems can be listed individually or as entire subnets.
  • TCP Wrappers are considered to be deprecated by many distributions, and firewalls should be used instead.
A
  • The /etc/hosts.allow file is consulted first.
  • If an application is compiled with the libwrap library, it can employ TCP Wrappers.
  • IP addresses of remote systems can be listed individually or as entire subnets.
  • TCP Wrappers are considered to be deprecated by many distributions, and firewalls should be used instead.

Options A, C, D, and E are all true statements concerning TCP wrappers and therefore are correct choices. You would never want to place ALL: ALL in the /etc/hosts.allow file because it would block everyone from accessing the service. Instead, you would want to place this record in the /etc/hosts.deny file to provide the best security because it is checked last. Therefore, option B is a wrong choice.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

10- Which of the following protocols or frameworks might be involved in using VPN software as a client? (Choose all that apply.)

  • Tunnel
  • SSL/TLS
  • Transport
  • IPSec
  • DTLS
A
  • SSL/TLS
  • IPSec
  • DTLS

Options B and E are protocols that may be involved in using VPN software as a client, and therefore they are correct choices. IPSec is a framework, which may be involved at the Network layer when using VPN software as a client, and thus option D is also a correct answer. Tunnel and transport are modes of IPSec, but not frameworks or protocols, so options A and C are incorrect choices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

DTLS

A

Datagram Transport Layer Security is a security protocol that provides encryption, authentication, and integrity protection for UDP-based communications, essentially TLS adapted for datagram protocols.
Primary purpose is to secure unreliable datagram connections like UDP, VPN protocols, and real-time applications where the connection-oriented nature of TLS isn’t suitable.
Key features include protection against replay attacks, packet loss handling, and maintaining the datagram semantics while providing the same security guarantees as TLS.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Linux+ XKO-005 (31 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions