THE FOLLOWING EXAM OBJECTIVES ARE COVERED IN THIS CHAPTER:
You need to temporarily prevent users from logging in to the system using ssh or another means. Which of the following describes one method for accomplishing this task? Which of the following commands searches the entire filesystem for files with the setuid bit set? Which of the following commands displays the currently open ports and the process that is using the port? You are attempting to unmount a filesystem using the umount command. However, when you do so you receive a message indicating that the filesystem is in use. Which of the following commands can be used determine which process is keeping a filesystem open? Which of the following commands displays account information such as expiration date, last password change, and other related details? Which of the following commands scans the IP address 192.168.1.154 for open ports? Which command is used to create a public/private key pair for use with ssh? Which of the following configuration options sets a hard limit of 25 processes for a user called suehring in /etc/security/limits.conf? Within which file should you place public keys for servers from which you will accept key-based ssh authentication? The system on which you are working does not have the lsof command installed, and you are not allowed to install software without going through four levels of approval and scheduling the installation weeks in advance. However, the netstat command is available. Which option to netstat will show the process ID to which a given network port is connected? You need to look at information on logins beyond that which is captured by the current log file for the last command. Which option to the last command can be used to load information from an alternate file? You need to examine who is currently logged in to the system. Which of the following commands will display this information? You need to execute a command as a specific user. Which of the following commands enables this to occur? Which option in /etc/sudoers will cause the specified command to not prompt for a password? Which of the following commands will display the CPU time, memory, and other limits for the currently logged-in user? Which line in the /etc/hosts.deny file will prevent any host within the 192.168.1.0/24 network from accessing services that operate from xinetd? When expiring a user account with usermod -e, which of the following represents the correct date format? Which of the following directives in a configuration file found within /etc/xinetd.d will prevent the service from starting? You are using an RSA-based key pair for SSH. By default, what is the name of the private key file in ~/.ssh? Which option to the su command will execute a single command with a noninteractive session? Which file is used to enable the setting of limits for things like logins, processes, memory, and the like for users? Which of the following best describes the method to use with ssh in order to execute a single command on a remote server? When you’re using ssh-agent, which command and option lists the currently loaded keys? Which of the following commands should be used to edit the /etc/sudoers file? Which of the following commands can be used to stop a given service, such as httpd.service, from starting on boot with a systemd-based system? Which of the following commands will set an account to expire based on the number of days elapsed since January 1, 1970? You need to specify a list of known hosts for SSH for certain hosts within your organization rather than each user needing to accept those keys individually. Which option within a server-wide SSH client configuration file enables this scenario? Which option within /etc/security/limits.conf is used to control the number of times that a given account can log in simultaneously? Which file can be used to store a server-wide cache of hosts whose keys are known for ssh? Within the following entry in /etc/shadow, to what does the number 15853 refer?
Which of the following commands sets up a local port-forwarding session on local port 5150 to remote port 80 of www.example.com? Which option must be enabled in /etc/sshd_config on the destination server in order for X11 forwarding to work? Which of the following commands generates a GnuPG key pair? Signatures with gpg can be generated by using which option on the gpg command line? Which option to ssh is used to set the port for the remote host? Which option to nmap sets the scan to use TCP SYN packets for finding open ports? Which of the following logs is used by the last command for detailing recent logins? Which option to ssh enables the use of a key for authentication? In a scripting scenario, you need to prevent sudo from prompting for credentials or for any other reason. Which option to sudo is used to indicate this? Which of the following commands generates an RSA key for use with ssh? You need to disable a service found in /etc/inetd.conf. Which of the following is used as a comment character in that file? Which of the following commands can be used to lock an account? Which file is used as the default storage for public keyrings for gpg? Which file in ~/.gnupg/, if present, indicates that files have been migrated to gpg version 2.1 or later? Which of the following commands searches a server for files with the setgid bit enabled? Which of the following commands creates links within /etc/rc.d/* for starting and stopping services on a Debian system? Which runlevel is typically used for single-user mode, as indicated in /etc/inittab? Which option to the su command is used to obtain the normal login environment? Which of the following commands shows network services or sockets that are currently listening along with sockets that are not listening? Which of the following commands lists open files belonging to all processes except those owned by the user bind? Which option to nmap will cause it to always perform name resolution? Which wildcard can be used in /etc/hosts.allow to specify a match for a host whose name does not match its IP address? Which of the following options within an OpenSSH server configuration is used to determine whether the root user can log in directly with an SSH client? Which of the following commands executes a port scan using TCP connect to the host 192.168.2.3? Which option to the ssh command is used for X11 application forwarding? Which option to gpg should be used in order to specify the destination for the encrypted file? Which command is used to add keys to the SSH agent? Which option to the passwd command sets the maximum password age until the password needs to be changed? Which option to the ulimit command enables setting of a limit on memory that can be locked? Which of the following commands prints a list of existing users from the password file? You are defining a service in /etc/xinetd.conf. Which option is used to configure the times that access to the service is allowed? What file extension is used for interprocess communication service units that are controlled by systemd? You are generating a host key for the SSH server with ssh-keygen and want to ensure that the key does not require a password when the SSH server starts. Which command-line option accomplishes this task? When working with the /etc/shadow password file, you see passwords beginning with $1$. What algorithm does $1$ indicate has been used for password storage? Which option to gpg creates a detached signature? Which of the following best describes the role of server host keys for SSH? When using a custom client configuration for SSH, which option specifies the key that will be used to connect to the host? Which of the following commands is used as a daemon process to manage private keys for GnuPG? You need to enable editing of certain files with root privileges but do not want to grant sudo access to an editor such as vim due to the possibility of a shell escaping. Which command can be used in place of vim to provide privileged editing of files? Which option to the ssh command enables changing the login name for a given host? Which option to the usermod command changes a username? After specifying the key server, which option to gpg is used to specify the key to send to the key server? Which of the following represents a group called admins within /etc/sudoers? Which limits-related option is used to control the maximum file size that a user can create? You are using an SSH server over a poor network connection but would like to maintain the connection in the event of keepalive messages being lost. Which client option can be set to set the number of keepalive messages that can be lost before the client will terminate the connection? If the /etc/nologin file exists and is in use preventing users from logging in, which file can be used to provide a message to those users who are refused a login? Which option to ssh-add specifies the lifetime that a key is held in the agent? Which option for an SSH connection sets up a remote forwarding scenario? Which option to chage sets the number of days that a user will be warned before they need to change their password? Another administrator made a change on the system that resulted in the /etc/shadow file becoming corrupted. Which of the following can be used to recover quickly? When examining the documentation for a service, you notice that it can use libwrap. What functionality does libwrap enable? Which option within /etc/sudoers enables the use of an alias for a group of users? You are using nmap to scan a host for open ports. However, the server is blocking ICMP echo requests. Which option to nmap can you set in order to continue the scan? Which option within a server-wide SSH client configuration specifies the name and location of the known hosts file to use? You need to generate a host key for SSH using ssh-keygen that has been generated with DSA rather than RSA. Which option and argument to that option will create a DSA key? The total number of users logged in can be found with which argument to the who command? Which option to the passwd command unlocks an account? Which option for user limits sets the maximum number of logins that a user can have on the system?