Operating Systems Security Quiz and Answer
Operating Systems Security refers to the protection of an operating system (OS) from unauthorized access, use, disruption, modification, or destruction.
It involves implementing various security measures to safeguard both the OS itself and the data it manages. OS security is essential to maintain confidentiality, integrity, and availability of both the system and its data.
The following are quizzes and answers related to Operating Systems Security. They are listed in no particular order.
- The package-management system in Linux is used to restrict permissions on files and folders.
False.
- What is the best definition of a bastion?
A fortified place
- A Linux distribution typically does NOT include which of the following?
Virtual Platform
- Which of the following is an open-source license?
GNU General Public License (GPL)
- Which of the following is the development distribution for Red Hat?
Fedora
- Fedora and Ubuntu are examples of ______.
distributions
- You are a computer security consultant who has been hired by a company to break into its network and protected systems to test and assess their security. Which of the following describes your role?
White-hat hacker
- Most Linux distributions have pre-compiled packages, which determine all the dependencies.
True
- The following are true of system hardening EXCEPT:
A hardened system usually has more packages to update than an unhardened system.
- Who developed and released the first Linux operating system?
Linus Torvalds
- Because administrators can configure a system to display graphical user interface (GUI) clients on a remote terminal, malware on one Linux GUI application can spread across a network to other GUI systems.
False
- Which of the following files is NOT a part of the shadow password suite?
/etc/sudoers
- What defines the services to be run in Linux?
Runlevel
- GNOME and KDE are __________.
graphical desktop environments
- The Linux startup process begins automatically after the boot process loads the Linux kernel
True
- The default mandatory access control system used for Red Hat distributions is ______.
SELinux
- What is Canonical?
the company behind Ubuntu
- The iptables program is used to configure ___________.
a firewall
- A discretionary access control for a file is a control mechanism that is set by _______.
the user owner of the file
- Which of the following represents a type of mandatory access control?
the FTP service is allowed to interact with directories other than user’s home directories.
- What displays after running the service --status-all command?
all services and their status.
- Which of the following provides access control at the network level without using a super server?
TCP Wrapper
- The following are factors to consider when selecting a Linux distribution
package manager support, kernel features and hardware platform.
- Linux can operate as a hypervisor in and of itself, so it can also run as a guest operating system inside any other hypervisor.
True
- In Linux, software for network services, graphical user interfaces (GUIs), language compilers, and many other kinds of software typically come in bundles referred to as _______.
Packages
- _____ is the super server that launches applications based on connection attempts
xinetd
- An administrator typically stops and starts services using the init program
False
- You are a systems administrator. You are setting up new servers and workstations for your organization and plan to run Red Hat Enterprise Linux (RHEL) on all of the servers. Of the following, which distribution is the best choice for the workstations and most closely associated with RHEL?
Fedora
- Network service startup scripts are located in which directory in many Linux distributions?
/etc/init.d/
- Where is the LILO configuration file usually located?
/boot/
- Which of the following control flags used in pluggable authentication modules (PAM) approves user access assuming that there are no previous failures?
sufficient
- Cron is a service for running administrative jobs on a regular basis
True
- What user account information can be found in the /etc/passwd file?
The user's basic information, such as the default login shell
- Pluggable authentication modules (PAM) solves administrative permission problems by providing higher-level functions without having the whole program gain administrative access
False
- Which command do you use to apply administrative privileges to another command without logging in as root?
su -c
- What can a black-hat hacker use to decipher hashed passwords?
A rainbox table
- Why is it recommended that you avoid using Network Information Service (NIS)?
NIS transmits data, including password hashes, over the network without encryption.
- A polkit mechanism includes a subject, an object, and an action. Which of the following is the subject?
An administrative tool
- What is a salt?
A value added to a hash
- Which of the following is the best choice for network authentication? LDAP
- What is a valid reason for setting up the /home/ directory as a separate filesystem?
You can upgrade the distribution at a later date with little risk to user files.
- Which Linux filesystem format does not include any type of journaling?
ext2
- Linux unified key setup (LUKS) is a specification for ________.
disk encryption
- In Linux, three major services that network files and folders are the Network File System (NFS), Samba, and the File Transfer Protocol (FTP).
True
- The GRUB configuration file is generally located in the ______ directory
/boot/
- If a share on a Microsoft Windows host needs to mount on the Linux filesystem, which network service would typically be used?
Samba
- Which filesystem hierarchy standard (FHS) directory can be mounted separately from the root directory?
/home/
- The /usr/ directory contains programs that are generally accessible to all users. This directory can be secured by mounting it ______.
as read-only
- Which file is used to configure the various mounting options of a filesystem upon boot?
/etc/fstab
- The ls -p command displays file and folder permissions
False
- Which runlevel reboots a system?
6
- Which runlevel shuts down a system?
0
- Users can change mandatory access controls
False
- When a network starts up in Linux, it registers itself with the operating system through a process called binding
True
- Which of the following is NOT true of runlevels?
Collectively, runlevels are the master process that starts all services
- What is a deamon?
A specialized program that supports system functionality to users or other programs while running in the background
- Which of the following is NOT a hashing algorithm?
LSB
- The following are true of system hardening EXCEPT
A best practice is to start with a complete installation and remove unnecessary packages
- What Is Bourne Again Shell (bash)?
A reference to a filename in the filesystem
- Which of the following is closely associated with the init process?
SysV
- Which of the following is NOT an SELinux mode?
Allow
- For which reason would an administrator set up an obscure port?
Security
- A server has the following TCP Wrappers configuration: /etc/hosts.deny ALL : ALL. What is the result of this configuration?
Denies access to all deamons from all clients
- The GNOME uncomplicated firewall (Gufw) configuration tool is available as a GUI-based tool in Ubuntu
True
- Assuming a demilitarized zone (DMZ) is configured, there is no need to set up a separate firewall between the DMZ network and the internal network
False
- _____ are the on/off settings in SELinux that allow or deny access for a service to interact with an object
Booleans
- The well-known TCP/IP port numbers range from 0 to ____
1023
- Which file lists standard ports for many services?
/etc/services
- Regarding SELinux, which of the following files includes lists of critical files and services to be watched for changes?
Sestatus.conf
- What technique can a black-hat hacker use to find any modem connection on your network with security weaknesses?
War dialing
- Which of the following uses Authentication Header (AH) and Encapsulating Security Payload (ESP)?
IPSec.
- A primary domain controller (PDC) is a type of e-mail server
False
- Any Linux system configured with _____ can be set up as a server on a Microsoft network
Samba
- Which ports does Internet Protocol Security (IPSec) use to tunnel information?
50,51
- You are setting up Samba as a standalone server. What should be the value of the security directive?
User
- What does Kerberos require?
NTP
- Network File System (NFS) is frequently used to share the /home/ directory from a central server
True
- Which of the following is an insecure method of remote access?
Telnet
- Which of the following ports is a secure alternative for Post Office Protocol version 3 (POP3)?
995
- From a security perspective, what is the advantage of Samba over Network File System (NFS) when installed with the standard configuration?
Samba has username and password authentication as part of its built-in functionality.
- Which Apache directive specifies an alternative port for Web pages?
Listen
- Common Unix Printing System (CUPS) uses which directive to allow remote access?
Listen
- When considering Asterisk, reliably speedy packet flow is important to keep conversations from becoming jumpy
True
- E-mail services that send mail to client applications are mail user agents (MDUs).
False
- When creating a self-signed certificate, which of the following information is NOT required?
The root password
- Which command do you use to create a self-signed certificate?
openssl
- A __________ is an entity that issues digital certificates
certificate authority
- In the following, what does the ending period represent? www.example.com.
the root domain
- When configuring an authoritative Domain Name Service (DNS) server for a public system, which of the following is a type of attack you should protect against?
cache poisoning
- You want to use certificates on your Web site. What is the primary difference between creating an official certificate through a certificate authority (CA) versus creating a self-signed certificate?
with an official CA certification, your Web site visitors won’t get an “invalid security certificte” error message.
- How can kernel parameters be changed without rebooting the computer system?
By modifying the value of files in the /proc filesystem
- Which of the following actions should you not take when implementing a new kernel?
Upgrade
- Kernels released for different architectures vary because different platforms have different ………
CPUs
- Tuning the kernel parameters, such as the networking functionality, can be accomplished by editing the …….. file.
/etc/sysctl.conf
- A security compliance team finds that a local file server has been mistakenly configured to forward packets and needs to be fixed immediately. How can a Linux system administrator verify that the Linux system is forwarding IPv4 packets?
verify the kernel by viewing the /proc/sys/net/ipv4/ip_forward file
- When compiling a kernel on a Red Hat system, you must be logged in as the root administrative account.
True
- Which of the following is the correct method to apply a new kernel built on a Linux system?
install it as a new kernel leaving the original kernel in place
- After installing a custom kernel, which of the following steps should you take?
ensure the custom kernel has a separate stanza in the boot loader
- Red Hat does not release its source code under open source licenses
False
- To customize a kernel, which command opens a kernel customization editing tool?
make menuconfig
- Which of the following commands can automatically detect dependencies during software installation?
yum
- You can configure Ubuntu to automatically update itself using an apt script and cron
True
- An enterprise running Red Hat Enterprise Linux (RHEL) that wishes to control its own repository locally for package updates may consider using ______.
Red Hat Satellite Server
- ClamAV can be described as:
an open-source anti-virus solution mainly used on Linux e-mail gateways
- Which Linux distribution is known as a rebuild of Red Hat Enterprise Linux?
CentOS
- Which organization maintains the Common Vulnerabilities and Exposure (CVE) list?
MITRE Corporation
- Why is it important to install antivirus software for a Samba file server in a Microsoft Windows environment?
because shared files on the Samba server can contain viruses that can infect Windows clients
- Which term describes a common malware targeted for Linux operating systems that allows a black-hat hacker to take over the computer system with administrative privileges?
Rootkit
- The apt-* commands are a series of commands developed for ______ Linux distribution.
Debian
- The Konqueror Web browser is the open source version of Google's Chrome browser
False