1. Trang chủ >
  2. Công Nghệ Thông Tin >
  3. Kỹ thuật lập trình >

Chapter 43. Exam 202 Practice Test

Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (10.57 MB, 1,207 trang )


This document was created by an unregistered ChmMagic, please go to http://www.bisenter.com to register

.

it. Thanks



43.1. Questions



1.



What is the standard MTU for Ethernet interfaces?

a.



1500



b. 1300

c.



500



d. 300

2.



Which of the following files would you edit to rewrite the headers of outgoing email messages so that the messages appear to

originate from a completely different domain?

a.



virtusertable



b. genericstable

c.



aliases



d. sendmail.cf

3.



What two programs can be destructive if run against a mounted volume?

a.



badblocks and lsof



b. fsck and lsof

c.



mkraid and badblocks



d. fsck and badblocks

4.



You wish to mount a Samba share named docs on a system namedfilesrv.company.com. The username to access the share

is davis and the password is access1. Which of the following commands will allow you to do this? (Choose two.)

a.



smbmount //filesrv.company.com/docs /mnt/smb \ -o username=davis,password=access1



b. smbclient -U davis%access1 //filesrv.company.com/docs

c.



smbclient //filesrv.company.com/docs -U davis%access1



d. smbmount /mnt/smb //filesrv.company.com/docs \ -o username=davis,password=access1

5.



You have a directory named /mnt/nfs on your system that you use for NFS mounts. Write in the command that mounts an

NFS volume named /home/james located on a system namedbentley.



6.



You suspect that several routers on a particular WAN connection are too slow. Which of the following commands allows you

to make traceroute wait 20 seconds for a response to a packet?

a.



traceroute -w 20 router23.company.com



b. traceroute -c 20 router23.company.com

c.



traceroute -i 20 router23.company.com



This document was created by an unregistered ChmMagic, please go to http://www.bisenter.com to register

.

it. Thanks

d. traceroute -t 20 router23.company.com

7.



Your DNS server is named dns.company.com. Which of the following commands allows you to query another server named

dns.isp.com for the A record information of the hostwww.company.com? (Choose two.)

a.



dig -t A www.company.com @dns.isp.com



b. host www.company.com dns.isp.com

c.



dig @dns.isp.com www.company.com



d. host dns.isp.com www.company.com

8.



You wish to add a second IP address to your third Ethernet card. Which of the following commands does this?

a.



ifconfig eth3:2 202.168.85.3 netmask 255.255.255.0



b. ifconfig eth0:3 202.168.85.3 netmask 255.255.255.0

c.



ifconfig eth1 -a 2 202.168.85.3 netmask 255.255.255.0



d. ifconfig eth2:1 202.168.85.3 netmask 255.255.255.0

9.



The route command hangs when used without any arguments. This systexgm is on a Gigabit Ethernet network. Which of the

following explanations are plausible? (Choose two.)

a.



The route command requires the -g argument when querying a Gigabit Ethernet network.



b. Name resolution has failed on the network.

c.



A kernel panic has caused the NIC to be kicked off the network.



d. The default gateway is no longer available.

10. Which of the following commands helps you begin the process of testing an SMTP server named smtp.newcompany.com to

see whether it is an open relay?

a.



telnet smtp.newcompany.com



b. nc telnet smtp.newcompany.com

c.



telnet smtp.newcompany.com 25



d. ssh smtp.newcompany.com 25

11. You have been asked to run a manual integrity scan on a system using Tripwire. Which of the following commands would

accomplish this?

a.



tripwire --verify



b. tripwire -s /dev/hda

c.



tripwire --check



d. scan -now /dev/hda

12. Which of the following organizations issue reports concerning the latest verified vulnerabilities and attacks? (Choose two.)

a.



ISO



b. CERT

c.



Bugtraq



d. IDS

13. Which of the following should be run each time you log out from a Kerberos session?



This document was created by an unregistered ChmMagic, please go to http://www.bisenter.com to register

.

it. Thanks

a.



kdestroy



b. klogout

c.



kinit -l user, where user is the username of the person logging out



d. kadmin logout user, where user is the username of the person logging out.

14. What two services are vital to the proper functioning of a Kerberos implementation?

a.



A fully functioning Network Time Protocol (NTP) server



b. A fully functioning LDAP server

c.



A fully functioning Domain Name System (DNS) server



d. A fully functioning Samba server

15. Which of the following commands creates a Kerberos database that you can then populate with principals?

a.



kdb5_util initialize -s



b. kdb5_util create -s

c.



kdb5_create initialize -s



d. kdb5_create -s

16. You wish to conduct a ping scan of systems on your network. Which of the following commands does this?

a.



nmap -ping 192.168.2.1-254



b. nmap -P 192.168.2.1-254

c.



nmap -sP 192.168.2.2-254



d. nmap -Ps 192.168.2.1-254

17. What term describes a situation in which an intrusion detection system (IDS) identifies legitimate traffic as an attack?

a.



An event anomaly



b. An event horizon

c.



A false signature



d. A false positive

18. What is the result of the following entry in the hosts.deny file of your Linux system?

ALL: .company.com: DENY



a.



No incoming or outgoing connections will be possible to the company.com domain.



b. Users on the Linux system will not be able to access resources on the company.comdomain.

c.



All hosts from the company.com domain will be prohibited from using all services on the Linux system.



d. All hosts from the company.com domain will be prohibited from using services protected by TCP wrappers.

19. Consider the following entry in hosts.deny:

ALL:ALL



This document was created by an unregistered ChmMagic, please go to http://www.bisenter.com to register

.

it. Thanks

Imagine also the following entry in hosts.allow:

ALL: .mycompany.com



What is the result of this combination?

a.



All attempted connections to resources protected by TCP wrappers will fail, because the hosts.deny file takes

precedence.



b. Only members of the mycompany.com domain will be able to connect to resources protected by TCP wrappers.

c.



Because the entries coxgnflict, all people will be allowed to access all resources on the server.



d. TCP wrappers will fail due to the conflict, and no one will be allowed to access the protected resources.

20. What does the ~/.ssh/authorized_keys file contain?

a.



The private keys of users who wish to access your system



b. The host keys of SSH servers that have connected to your system

c.



The public keys of users who wish to access your system



d. The certificate of each SSH server that has connected to your system

21. You wish to use an SSH client to connect to a remote system with public key authentication. What command would you issue

to create a key pair that uses Version 2 of the RSA algorithm?

a.



ssh-keygen -a rsa



b. ssh-keygen -rsa

c.



ssh-keygen -s rsa



d. ssh-keygen -t rsa

22. What file would you edit to change the facility or priority that SSH uses to log events?

a.



/etc/ssh/sshd_config



b. /var/ssh/ssh.config

c.



~/.ssh/ssh.config



d. /usr/lib/sshd/ssh_config

23. What entry in the SSH configuration file would you add to temporarily disable non-root logins to an SSH server during

maintenance?

a.



Users_Deny



b. DisableUsers

c.



DenyUsers



d. Users:Deny

24. You have enabled X11 forwarding in the SSH configuration file. You wish to tunnel X11 traffic inside of SSH to access a

system named blake.romantics.org. Which of the following commands allows you to tunnel X11 sessions to a remote system

so that they are encrypted?

a.



ssh -t blake.romantics.org



b. ssh -x 1.blake.romantics.org



This document was created by an unregistered ChmMagic, please go to http://www.bisenter.com to register

.

it. Thanks

c.



ssh -r blake.romantics.org



d. ssh -f blake.romantics.org

25. What command would you issue to remove an identity from ssh-agent?

a.



ssh-remove



b. ssh-add -r

c.



ssh-del



d. ssh-add -d

26. You wish to authenticate via public keys with a remote user. You and the remote user have just created key pairs. What must

you do next?

a.



Exchange private keys and place the remote user's private key into the ~/.ssh/identity file.



b. Each user must use the ssh-add and ssh-agent applications to place each other's public key into memory.

c.



Exchange public keys and then place the remote user's public key into the ~/.ssh/identity file.



d. Each user must use the ssh-add and ssh-agent applications to place each other's private key into memory.

27. Each time you authenticate using public keys in SSH, you are asked for the password of your private key. What can you do

to keep your private key secure but avoid having to constantly enter the password each time you use SSH?

a.



Use the ssh-keygen -P command to store the password in a restricted text file.



b. Use ssh-agent and ssh-add commands to store the private key in memory.

c.



Use ssh-askpass and ssh-keyscan to store the private key password in memory.



d. Use the ssh-copy-id command to store the private key in memory.

28. You are configuring a server that allows anonymous FTP access. Write in the entry that would go in the ftpaccess file that

forbids anonymous users from uploading files.

29. You wish to forbid the root account from logging in to your FTP server. What steps would you take?

a.



Edit the ftpusers file and add the root account name.



b. Edit the ftpaccess file and add the root account name.

c.



Edit the ftpgroups file and add the root account name.



d. Edit the /etc/passwd file and place an asterisk in front of theftp account.

30. What are the names of the classes of users recognized by the WU-FTPD daemon?

a.



anonymous, limited, and standard



b. privileged, anonymous, and real

c.



restricted, privileged, and standard



d. real, anonymous, and guest

31. You've decided to create a chroot environment for your FTP server. Accordingly, you copied the ls, rm, cp, and gzip

commands to the /chroot/ftp/bin directory that you created. You have verified that they are executable. After starting the FTP

server, you notice that you cannot use these commands during the FTP session. Which of the following steps will most likely

get these commands to work?

a.



Make all of the applications SUID root.



This document was created by an unregistered ChmMagic, please go to http://www.bisenter.com to register

.

it. Thanks

b. List all files you wish to have executable permissions in the ftpaccess file, then make sure that each file is placed

into the /chroot/ftp/bin directory.

c.



Use the ldd command to discover the libraries the applications require, and copy the libraries to the/chroot/ftp/bin

directory.



d. Create a bash script that precedes each of the commands you wish to make executable, and place the script in

the /chroot/ftp/bin directory.

32. You wish to enable Network Address Translation (NAT) on a Linux system. What table in iptables would you specify to

masquerade a connection?

33. What command do you have to execute to make sure changes to the /etc/syctl.conf file are recognized?

a.



sysctl, without any arguments



b. sysctl -c /etc/sysctl.conf

c.



sysctl /etc/sysctl.conf



d. sysctl -p /etc/sysctl.conf

34. Which of the following commands can help a Linux system withstand a SYN flood?

a.



echo 1 > /proc/sys/net/ipv4/tcp_abort_on_overflow



b. echo 1 > /proc/sys/net/ipv4/tcp_nosyn

c.



echo 1 > /proc/sys/net/ipv4/tcp_syncookies



d. echo 1 > /proc/sys/net/ipv4/tcp_nores

35. How can you enable IP forwarding in a Linux system? (Choose two.)

a.



Issue echo 1 > /proc/sys/net/ipv4/ip_forward.



b. Edit the /etc/network/options file and enter the following line:

ip_forward=yes



c.



Issue echo 1 > /proc/sys/net/ipv4/ip_enable_fw.



d. Edit the /etc/sysctl file and enter the following line:

ip_forward=yes



36. Users have called complaining that they can no longer access resources necessary to do their jobs. You have determined

that entries automatically added to the /etc/hosts.deny file by an application are responsible. You have removed these entries

manually. Which of the following applications is capable of updating the /etc/hosts.deny file?

a.



TCP wrappers



b. iptables

c.



ipchains



d. Portsentry

37. Which of the following commands would you use to update an LDIF file?

a.



moddif



b. ldapadd



This document was created by an unregistered ChmMagic, please go to http://www.bisenter.com to register

.

it. Thanks

c.



ldifmod



d. slapd

38. You are adding individuals to an LDIF file. What does ou= indicate?

a.



The online utilization value for the LDIF file



b. The object URL of the user in the LDAP scheme

c.



The organizational unit the user belongs to



d. The owner UML, which describes users as computer-based objects

39. Which of the following applications is responsible for maintaining binding information for an NIS server?

a.



yppoll



b. yppush

c.



ypbind



d. ypmatch

40. You are having problems with your NIS server and suspect a problem with the portmapper. You can see that the portmapper

daemon has a process ID, but you are not sure that the daemon is working properly. Which of the following applications can

help you determine more information about how the portmapper daemon is functioning?

a.



rpcinfo



b. pmreport

c.



yppoll



d. netgroup

41. You wish to have your DHCP server provide a default gateway and DNS server to each client. The IP address of the default

gateway is 192.168.2.1. The IP address of the DNS server is 10.45.45.3. Write in the option entries you would make in a

subnet section of your DHCP configuration file.

42. Which of the following do you specify when configuring a dhcrelay? (Choose two.)

a.



The IP address of the DHCP server



b. The MAC address of the DHCP server

c.



The interfaces that dhcrelay will listen on



d. The MAC addresses of all local network interface cards

43. Which of the following applications help a news server avoid filling up a hard disk and overtaxing the CPU?

a.



control.ctl



b. sysctl

c.



expire.ctl



d. innwatch

44. Davis (username davis) wishes to create a new newsgroup namedscuba. The password for the newsgroup isregulator1.

Write in the command that he would issue to create the group.

45. What three parts is a Procmail recipe comprised of?

a.



Beginning, condition, action



This document was created by an unregistered ChmMagic, please go to http://www.bisenter.com to register

.

it. Thanks

b. Header, instructions, condition

c.



Stipulation, condition, action



d. Header, descriptor, options

46. What is the name of the file used to store a user's private key?

a.



/etc/ssh/users/identity



b. ~/.ssh/authorized_keys

c.



~/.ssh/identity



d. ~/.ssh/.shosts

47. What command would you issue to enter interactive mode in Sendmail and test changes you have made to the virtusertable

and genericstable files?

a.



procmail -t



b. sendmail -bt

c.



sendmail -rv



d. mail -s test

48. Which of the following steps allows you to deny Sendmail access to users from the haxors1.com DNS domain?

a.



Enter the following in the sendmail.cf file: TDISCARD haxors1.com.



b. Enter the following into the /etc/mail/access file: haxors1.comDISCARD.

c.



Enter the following into the /etc/mail/generic file: FROM: haxors1.com REJECT.



d. Enter the following into the /etc/mail/virtusertable file: haxors1.com REJECT.

49. Which of the following commands captures all traffic except SSH packets between the hosts named lewis and clark?

a.



tcpdump host lewis and clark and not -p ssh



b. tcpdump host lewis and clark and not '(port ssh)'

c.



tcpdump host lewis and clark and not -p 22



d. tcpdump host lewis and clark not '(ssh)'

50. You are editing the main Apache configuration file. You wish to control how many servers are started at one time. Which of

the following values would you change?

a.



StartServers



b. MaxRequests

c.



MaxServers



d. StartProcess

51. You are using .htaccess files to enable password protection for a web site directory. You are confident that the

.htaccess file

you are using is valid. However, the file does not seem to be recognized by the server. Which of the following changes will

most likely enable the use of .htaccess files?

a.



Change the Override None directive to Override All.



b. Change the HtAccess None directive to HtAccessAll.



This document was created by an unregistered ChmMagic, please go to http://www.bisenter.com to register it. Thanks.

c.



Change the AllowOverride AuthConfig directive to AllowOverride HtAccess.



d. Change the AllowOverride None directive to AllowOverride AuthConfig.

52. You have been asked to increase the size of the cache directory for Squid from 1 GB to 3 GB. Which of the following would

be the correct entry in squid.conf?

a.



cache_dir /usr/local/squid/cache/ 3000000 160 800



b. cache_dir /usr/local/squid/cache/ 160 800 3GB

c.



cache_dir /usr/local/squid/cache/ 3000 160 800



d. cache_dir /usr/local/squid/cache/ 3GB 160 800

53. Why is a DHCP server relay agent necessary in a routed network?

a.



All routers are configured to drop UDP port 1964, which is used by DHCP.



b. DHCP servers rely on broadcasts to configure clients on the network.

c.



DHCP clients have not yet configured their default gateways.



d. All routers are configured to drop TCP port 1964, which is used by DHCP.

54. While reviewing a slapd.conf file, you notice the following entry:

database ldbm



What is the meaning of this entry?

a.



It identifies the database manager thatslapd consults when authenticating users.



b. It specifies the type of encryption used during LDAP sessions.

c.



It provides the community name (cn) for the LDAP database.



d. It gives the organizational unit (ou) name for the LDAP database.

55. What entries would you make in the /etc/hosts.allow and /etc/hosts.deny files so that TCP wrappers automatically denies all

services except FTP?

a.



Put ALL:ALL in /etc/hosts.allow, and put ALL:ALL, EXCEPT FTP in /etc/hosts.deny.



b. Put ALL:ALL in /etc/hosts.deny, and put in.ftpd: ALL:ALLOW in /etc/hosts.allow.

c.



Put ALL:ALL EXCEPT FTP in /etc/hosts.allow, and put nothing in/etc/hosts.deny.



d. Put nothing in /etc/hosts.allow, and put ALL: EXCEPT svc: in.ftpd in /etc/hosts.deny.



This document was created by an unregistered ChmMagic, please go to http://www.bisenter.com to register

.

it. Thanks



43.2. Answers

1.



a. Ethernet networks have a maximum MTU of 1500. It is possible that you would want to adjust the MTU if conditions

warranted. However, you will find that your Ethernet NIC's MTU will usually be 1500.



2.



b. In Sendmail, the genericstable file is responsible for rewriting headers of outgoing messages.



3.



d. Both the fsck and badblocks commands can be destructive if run against a mounted partition. You should unmount the

drive before using either one. You may need to go into single mode to do so.



4.



a and c. You can use smbmount and smbclient. To draw an analogy,smbclient is something like a command-line FTP client.

You can use smbclient to access a Samba share and navigate it just as you would an FTP session. Thesmbmount command,

on the other hand, is more like the standard mount command. You must specify a mount point, unlikesmbclient.



5.



mount -t nfs bentley:/home/james/mnt/nfs



6.



a. The -w option in traceroute allows you to specify the wait period.traceroute will wait five seconds by default, then move on

to the next hop.



7.



b and c. You can use the dig command with the @ option to specify a different DNS server. With thehost command, the

second hostname given in the command specifies the name server.



8.



d. When using the ifconfig command to specify a second IP address for a NIC, simply use a colon with no space after the

interface:

ifconfig eth2:1 202.168.85.3 netmask 255.255.255.0



9.



b and d. Two reasons exist for a route command to hang: DNS service has failed, or the default gateway is down. Use the-n

option to the route command to bypass name resolution issues.



10. c. The telnet command is very handy when it comes to troubleshooting servers. All you have to do is specify a port number

after the hostname, and the telnet command will use that instead of the default Telnet port (TCP 23). Oncetelnet connects to

the desired port, you may see messages and commands from the server. Even though you likely will not be able to control

the server or view data as you would with the proper client, you will still be able to see the operations of the service in a

helpful way.

11. c. The way to conduct a manual scan of the files and drives that Tripwire is configured to protect is by specifying the --check

option to the tripwire command.

12. b and c. CERT (http://www.cert.org) and Bugtraq (http://www.securityfocus.com/archive/1) are dedicated to discussing

vulnerabilities, attacks, and system bugs. Although attackers usually know about the bugs and exploits before CERT and

Bugtraq report them, it is nevertheless useful for you to receive warnings about the latest security-related issues.

13. a. The kdestroy command purges the system of any credentials that could be used illicitly. It is a good idea to place this

command in the logout script for your shell.

14. a and c. If you do not have an NTP server and a properly configured DNS server, your Kerberos implementation will likely fail,

no matter how well you have defined your Kerberos database and principals. NTP and DNS are foundational for Kerberos

because Kerberos relies heavily on both time-based calculations and hostname services.

15. b. The kdb5_util command has many functions. In particular, thecreate -s option allows you to create the database that will

eventually hold the principals.

16. c. If you want to conduct a ping scan, use the -sP option, then specify a range using a hyphen.



This document was created by an unregistered ChmMagic, please go to http://www.bisenter.com to register

.

it. Thanks

17. d. The term false positive describes instances when intrusion detection or antivirus applications mistakenly label legitimate

activity as an attack. While careful configuration helps to avoid most false positives, it is very difficult to avoid all instances.

18. d. Even if you were to block off all services using /etc/hosts.deny, various services still might be accessible because they

simply do not consult these files.

19. b. It is possible to use both the /etc/hosts.allow and /etc/hosts.deny files to improve security. The /etc/hosts.allow file is

consulted first. The /etc/hosts.deny file does not negate statements in the/etc/hosts.allow file. Thus, it is often encouraged to

explicitly allow services, hosts, and networks in /etc/hosts.allow, then block off all other services in/etc/hosts.deny. It is also

important to understand that not all services use TCP wrappers.

20. c. The ~/.ssh/authorized_keys file (or the ~/.ssh/authorized_keys2 file, for newer versions of SSH) contains the public keys of

users that you wish to allow into your system without providing a standard password.

21. d. The ssh-keygen -t rsa command allows you to begin the process of creating a new key pair. This key pair will be stored in

the ~/.ssh directory by default. The files generated will be clearly marked (e.g.,id_rsa and id_rsa.pub). You can also specify

ssh-keygen -t dsa if you wish to use DSA keys instead of RSA keys. The filenames generated will be slightly different to

reflect your use of DSA.

22. a. The /etc/ssh/sshd_config file allows you to configure most aspects of SSH, including its logging. Using this file, you can

also disable non-root access, restrict support to SSH Version 2, and enable X11 port forwarding.

23. c. If you wish to disable non-root access for an SSH server, use theDenyUsers directive in the /etc/ssh/sshd_config file.

24. b. The -x option to ssh allows you to tunnel X11 through SSH, thereby encrypting all transmissions. You must first enable X11

tunneling by editing the /etc/ssh/sshd_config file.

25. d. To remove an identity from ssh-agent, use the ssh-agent -d command. If you are usingssh-agent and ssh-add, it is wise to

place ssh-agent -d in your shell's logout file.

26. c. You must first exchange public keys. The public keys of users you wish to allow without providing a standard password are

stored in the ~/.ssh/authorized_keys or ~/.ssh/authorized_keys2 files.

27. b. The ssh-agent and ssh-add commands store private keys in memory. You first runssh-agent, specifying a shell (e.g.,

ssh-agent /bin/bash). This shell runs until you exit it. After the shell is active, you then run

ssh-add from within this shell to add

the private key to ssh-agent. You will then never be asked for the private key's password until you exit the shell started under

ssh-agent.

28. The command is:

upload /home/ftp * no



This directive goes in the ftpaccess file and ensures that anonymous users cannot upload files.

29. a. Any account listed in the ftpusers file will be prohibited from logging in to the FTP server.

30. d. The three classes of users that are allowed to log in to an FTP server are real, anonymous, and guest.

31. c. It is not enough to simply copy the executables into the correct directories when creating a chroot environment for any

service. You must also copy the appropriate libraries and ensure that permissions are correct.

32. The nat table. When you wish to use iptables to masquerade connections (i.e., do Network Address Translation), you do not

use the three default tables listed by the iptables -L command (e.g., INPUT, FORWARD, and ACCEPT). You use the

somewhat hidden nat table, which you must specify using the-t option:

iptables -t nat -L



33. d. Whenever you make any changes to the /etc/sysctl.conf file, you must use thesysctl -p /etc/sysctl.conf command to make

sure the system recognizes the changes.

34. c. Changing the value of the /proc/sys/net/ipv4/tcp_syncookies file to 1 helps make the Linux system more capable of



Xem Thêm
Tải bản đầy đủ (.pdf) (1,207 trang)

×