Questions

  1. Which of the following is true about rootkits?

A. They only infect Windows operating systems.
B. The purpose of planting a rootkit is to gain root privileges to a system.
C. An intruder must have already gained root privileges in order to plant a rootkit.
D. A rootkit isn't very harmful.

  1. Which of the following methods would you use to keep maldet updated?

A. Manually create a cron job that runs every day.
B. Do nothing, because maldet automatically updates itself.
C. Once a day, run the normal update command for your operating system.
D. Run the maldet update utility from the command line.

  1. Which of the following is true about the auditd service?

A. On an Ubuntu system, you'll need to stop or restart it with the service command.
B. On a Red Hat-type system, you'll need to stop or restart it with the service command.
C. On an Ubuntu system, it comes already installed.
D. On a Red Hat-type system, you'll need to install it yourself.

  1. You need to create an auditing rule that will alert you every time a particular person reads or creates a file. Which of the following syscalls would you use in that rule?

A. openfile
B. fileread
C. openat
D. fileopen

  1. Which file does the auditd service use to log auditing events?

A. /var/log/messages
B. /var/log/syslog
C. /var/log/auditd/audit
D. /var/log/audit/audit.log

  1. You need to create custom auditing rules for auditd. Where would you place the new rules?

A. /usr/share/audit-version_number
B. /etc/audit
C. /etc/audit.d/rules
D. /etc/audit/rules.d

  1. You're setting up a web server for a bank's customer portal. Which of the following SCAP profiles might you apply?

A. STIG
B. NISPOM
C. PCI-DSS
D. Sarbanes-Oxley

  1. Which of the following is true about OpenSCAP?

A. It can't remediate everything, so you'll need to do advance planning with a checklist before setting up a server.
B. It can automatically remediate every problem on your system.
C. It's only available for Red Hat-type distros.
D. Ubuntu comes with a better selection of SCAP profiles.

  1. Which of the following commands would you use to generate a user authentication report?

A. sudo ausearch -au
B. sudo aureport -au
C. Define an audit rule, then do sudo ausearch -au.
D. Define an audit rule, then do sudo aureport -au.

  1. Which set of Rootkit Hunter options would you use to have a rootkit scan automatically run every night?

A. -c
B. -c --rwo
C. --rwo
D. -c --cronjob --rwo

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.133.111.85