Which of the following is true?
A. /proc is just like any other directory in the Linux filesystem.
B. /proc is the only pseudo-filesystem in Linux.
C. /proc is one of several pseudo-filesystems in Linux.
D. You can set values for /proc parameters with the systemctl command.
Which of the following commands would you use to set a value for a /proc parameter?
A. sudo systemctl -w
B. sudo sysctl -w
C. sudo procctl -w
D. sudo sysctl -o
E. sudo systemctl -o
You need a program executable to run with one specific root privilege, without having to grant any root privileges to the person who will be running it. What would you do?
A. Add a namespace.
B. Create a SECCOMP profile.
C. Add the SUID permission.
D. Add a kernel capability.
Where would you find information about user processes?
A. In the numbered subdirectories of the /proc filesystem.
B. In the alphabetically named subdirectories of the /proc filesystem.
C. In the /dev directory.
D. In each user's home directory.
What is a syscall?
A. It tells the Linux kernel to perform a privileged action on behalf of a user.
B. It calls new system information into the kernel.
C. It keeps track of everything that the system kernel is doing.
D. It isolates calls to system resources from each other.
What is the best way to allow users to only see information about their own processes?
A. Add the hidepid=2 option to the kernel startup parameters in the GRUB configuration.
B. Add the nopid=1 option to the kernel startup parameters in the GRUB configuration.
C. Add the nopid=1 option to the /etc/fstab file.
D. Add the hidepid=1 option to the /etc/fstab file.
Which of the following commands would you use to see which kernel parameters need to be changed for the best security?
A. sudo audit system
B. sudo lynis audit system
C. sudo system audit
D. sudo lynis system audit
Which of the following commands would allow a non-privileged user to start a Python web server on Port 80 without using root privileges?
A. sudo setcap 'CAP_NET_SERVICE+ep' /usr/bin/python2.7
B. sudo setcap 'CAP_NET_BIND_SERVICE+ep' /usr/bin/python2.7
C. sudo getcap 'CAP_NET_BIND_SERVICE+ep' /usr/bin/python2.7
D. sudo setcap 'CAP_NET_SERVICE+ep' /usr/bin/python2.7
What is a major difference between the Snappy and Flatpak systems?
A. There are none.
B. Flatpak packages are completely self-contained, but Snappy packages have you install separate runtime packages.
C. Snappy packages are completely self-contained, but Flatpak packages have you install separate runtime packages.
D. Flatpak packages run in their own sandbox, but Snappy packages don't.
E. Snappy packages run in their own sandbox, but Flatpak packages don't.
You need to limit the number of syscalls that your Docker container can make. How would you do that?
A. Create the container in its own cgroup and configure the syscall limits for that cgroup.
B. Create the container in its own namespace and configure the syscall limits for that namespace.
C. Run the container under Firejail.
D. Create the container with a SECCOMP profile.
