- Which of the following is true about rootkits?
A. They only infect Windows operating systems.
B. The purpose of planting a rootkit is to gain root privileges to a system.
C. An intruder must have already gained root privileges in order to plant a rootkit.
D. A rootkit isn't very harmful.
- Which of the following methods would you use to keep maldet updated?
A. Manually create a cron job that runs every day.
B. Do nothing, because maldet automatically updates itself.
C. Once a day, run the normal update command for your operating system.
D. Run the maldet update utility from the command line.
- Which of the following is true about the auditd service?
A. On an Ubuntu system, you'll need to stop or restart it with the service command.
B. On a Red Hat-type system, you'll need to stop or restart it with the service command.
C. On an Ubuntu system, it comes already installed.
D. On a Red Hat-type system, you'll need to install it yourself.
- You need to create an auditing rule that will alert you every time a particular person reads or creates a file. Which of the following syscalls would you use in that rule?
A. openfile
B. fileread
C. openat
D. fileopen
- Which file does the auditd service use to log auditing events?
A. /var/log/messages
B. /var/log/syslog
C. /var/log/auditd/audit
D. /var/log/audit/audit.log
- You need to create custom auditing rules for auditd. Where would you place the new rules?
A. /usr/share/audit-version_number
B. /etc/audit
C. /etc/audit.d/rules
D. /etc/audit/rules.d
- You're setting up a web server for a bank's customer portal. Which of the following SCAP profiles might you apply?
A. STIG
B. NISPOM
C. PCI-DSS
D. Sarbanes-Oxley
- Which of the following is true about OpenSCAP?
A. It can't remediate everything, so you'll need to do advance planning with a checklist before setting up a server.
B. It can automatically remediate every problem on your system.
C. It's only available for Red Hat-type distros.
D. Ubuntu comes with a better selection of SCAP profiles.
- Which of the following commands would you use to generate a user authentication report?
A. sudo ausearch -au
B. sudo aureport -au
C. Define an audit rule, then do sudo ausearch -au.
D. Define an audit rule, then do sudo aureport -au.
- Which set of Rootkit Hunter options would you use to have a rootkit scan automatically run every night?
A. -c
B. -c --rwo
C. --rwo
D. -c --cronjob --rwo