You need to temporarily prevent users from logging in to the system using ssh or another means. Which of the following describes one method for accomplishing this task?

1. touch /etc/nologin
2. Disable sshd.
3. Remove /etc/login.
4. Add a shadow file.

Which of the following commands searches the entire filesystem for files with the setuid bit set?

1. find ./ -perm suid
2. find / -perm 4000
3. find / -type suid
4. find / -type f -perm setuid

Which of the following commands displays the currently open ports and the process that is using the port?

1. netstat -a
2. lsof -i
3. ps auwx
4. netlist

You are attempting to unmount a filesystem using the umount command. However, when you do so you receive a message indicating that the filesystem is in use. Which of the following commands can be used determine which process is keeping a filesystem open?

1. fuser
2. ls
3. find
4. ps

Which of the following commands displays account information such as expiration date, last password change, and other related details?

1. usermod -l
2. userinfo -a
3. chageuser -l
4. chage -l

Which of the following commands scans the IP address 192.168.1.154 for open ports?

1. nmap 192.168.1.154
2. lsof 192.168.1.154
3. netstat 192.168.1.154
4. netmap 192.168.1.154

Which command is used to create a public/private key pair for use with ssh?

1. ssh -k
2. ssh-keygen
3. ssh-genkey
4. ssh -key

Which of the following configuration options sets a hard limit of 25 processes for a user called suehring in /etc/security/limits.conf?

1. suehring hard proc 25
2. suehring hard nproc 25
3. suehring proc 25 hard-limit
4. proc 25 suehring hard

Within which file should you place public keys for servers from which you will accept key-based ssh authentication?

1. ~/.ssh/authorized_keys
2. ~/.ssh/keys
3. ~/.ssh/keyauth
4. ~/.sshd/authkeys

The system on which you are working does not have the lsof command installed, and you are not allowed to install software without going through four levels of approval and scheduling the installation weeks in advance. However, the netstat command is available. Which option to netstat will show the process ID to which a given network port is connected?

1. -a
2. -n
3. -p
4. -l

You need to look at information on logins beyond that which is captured by the current log file for the last command. Which option to the last command can be used to load information from an alternate file?

1. -a
2. -t
3. -e
4. -f

You need to examine who is currently logged in to the system. Which of the following commands will display this information?

1. listuser
2. fuser
3. ls -u
4. w

You need to execute a command as a specific user. Which of the following commands enables this to occur?

1. sudo -u
2. sudo -U
3. sudo -s
4. sudo -H

Which option in /etc/sudoers will cause the specified command to not prompt for a password?

1. PASSWORD=NO
2. NOPASSWD
3. NOPASSWORD
4. NOPROMPT

Which of the following commands will display the CPU time, memory, and other limits for the currently logged-in user?

1. reslimit
2. limitres -a
3. ulimit -a
4. proclimit -n

Which line in the /etc/hosts.deny file will prevent any host within the 192.168.1.0/24 network from accessing services that operate from xinetd?

1. BLOCK: 192.168.1.0/24
2. REJECT: 192.168.1.0
3. ALL: 192.168.1.0/255.255.255.0
4. NONE: 192.168.1/255.255.255.0

When expiring a user account with usermod -e, which of the following represents the correct date format?

1. YYYY-MM-DD
2. MM/DD/YYYY
3. DD/MM/YY
4. MM/DD/YY HH:MM:SS

Which of the following directives in a configuration file found within /etc/xinetd.d will prevent the service from starting?

1. enable no
2. start no
3. disable yes
4. boot no

You are using an RSA-based key pair for SSH. By default, what is the name of the private key file in ~/.ssh?

1. id_rsa
2. id_rsa.priv
3. id_rsa.key
4. rsa_key.priv

Which option to the su command will execute a single command with a noninteractive session?

1. -s
2. -u
3. -c
4. -e

Which file is used to enable the setting of limits for things like logins, processes, memory, and the like for users?

1. /etc/security/limits.conf
2. /etc/userlimits.conf
3. /etc/security/userlimits.conf
4. /etc/security/procmem.conf

Which of the following best describes the method to use with ssh in order to execute a single command on a remote server?

1. Use the -e option followed by the command.
2. Send the command after the other options as part of the command line.
3. Use the --execute option followed by the command.
4. Use the -s option followed by the command.

When you’re using ssh-agent, which command and option lists the currently loaded keys?

1. ssh-agent -l
2. ssh -l
3. ssh-list-keys
4. ssh-add -l

Which of the following commands should be used to edit the /etc/sudoers file?

1. Any text editor such as vi or emacs
2. editsudo
3. visudo
4. visudoers

Which of the following commands can be used to stop a given service, such as httpd.service, from starting on boot with a systemd-based system?

1. systemctl disable httpdservice
2. systemctl stop httpd.service
3. systemd disable httpd.service
4. systemd enable httpd.service boot=no

Which of the following commands will set an account to expire based on the number of days elapsed since January 1, 1970?

1. passwd -e
2. chage -E
3. usermod -l
4. chguser

You need to specify a list of known hosts for SSH for certain hosts within your organization rather than each user needing to accept those keys individually. Which option within a server-wide SSH client configuration file enables this scenario?

1. KnownHosts
2. PerMachineKnownHosts
3. GlobalKnownHostsFile
4. ServerKnownHostsFile

Which option within /etc/security/limits.conf is used to control the number of times that a given account can log in simultaneously?

1. nlogins
2. loginmax
3. maxlogins
4. loginlimit

Which file can be used to store a server-wide cache of hosts whose keys are known for ssh?

1. /etc/sshd_known_hosts
2. /etc/ssh_known_hosts
3. ~/.ssh/known_hosts
4. /root/ssh_known_hosts

Within the following entry in /etc/shadow, to what does the number 15853 refer?

• mail:*:15853:0:99999:7:::

1. The UID of the mail user
2. The number of files owned by mail
3. The date of the last password change (since 1/1/1970)
4. The number of days until the account expires

Which of the following commands sets up a local port-forwarding session on local port 5150 to remote port 80 of www.example.com?

1. ssh -L 5150:www.example.com:80
2. ssh 5150:www.example.com
3. ssh -p 5150 www.example.com
4. ssh -e 5150 www.example.com:80

Which option must be enabled in /etc/sshd_config on the destination server in order for X11 forwarding to work?

1. XForward yes
2. Xenable yes
3. X11Forwarding yes
4. Xconnection yes

Which of the following commands generates a GnuPG key pair?

1. gpg --gen-key
2. gpg --key
3. gpg --send-key
4. gpg --create-key

Signatures with gpg can be generated by using which option on the gpg command line?

1. --sign
2. --signature
3. --si
4. --dsign

Which option to ssh is used to set the port for the remote host?

1. -p
2. -P
3. -l
4. @

Which option to nmap sets the scan to use TCP SYN packets for finding open ports?

1. -sS
2. -sT
3. -sY
4. -type SYN

Which of the following logs is used by the last command for detailing recent logins?

1. /var/log/last
2. /var/log/all.log
3. /var/log/wtmp
4. /var/log/logins

Which option to ssh enables the use of a key for authentication?

1. -i
2. -k
3. -f
4. --key

In a scripting scenario, you need to prevent sudo from prompting for credentials or for any other reason. Which option to sudo is used to indicate this?

1. -n
2. --noprompt
3. -i
4. -q

Which of the following commands generates an RSA key for use with ssh?

1. ssh -key rsa
2. ssh --gen-key rsa
3. ssh-keygen -t rsa
4. ssh-keygen rsa

You need to disable a service found in /etc/inetd.conf. Which of the following is used as a comment character in that file?

1. -
2. #
3. /
4. %

Which of the following commands can be used to lock an account?

1. usermod -L
2. usermod -l
3. passwdlock
4. lockacct

Which file is used as the default storage for public keyrings for gpg?

1. publickeys.gpg
2. pubring.gpg
3. public.gpg
4. pubkeys.gpg

Which file in ~/.gnupg/, if present, indicates that files have been migrated to gpg version 2.1 or later?

1. .gpg-v21
2. .gpg-updated
3. .gpg-v21-migrated
4. .gpg-files-v21

Which of the following commands searches a server for files with the setgid bit enabled?

1. find / -perm 4000
2. find ./ -perm setgid
3. grep setgid *
4. find / -perm 2000

Which of the following commands creates links within /etc/rc.d/* for starting and stopping services on a Debian system?

1. createsym
2. startstop-service
3. update-rc.d
4. createconfig

Which runlevel is typically used for single-user mode, as indicated in /etc/inittab?

1. 1
2. 2
3. 5
4. 6

Which option to the su command is used to obtain the normal login environment?

1. -u
2. -U
3. -
4. -login

Which of the following commands shows network services or sockets that are currently listening along with sockets that are not listening?

1. netstat -a
2. netlink -a
3. sockets -f
4. opensock -l

Which of the following commands lists open files belonging to all processes except those owned by the user bind?

1. lsof -i
2. lsof -u bind
3. lsof -u ^bind
4. lsof | grep bind

Which option to nmap will cause it to always perform name resolution?

1. -n
2. -R
3. -b
4. -a

Which wildcard can be used in /etc/hosts.allow to specify a match for a host whose name does not match its IP address?

1. *
2. ALL
3. PARANOID
4. NAMEMATCH

Which of the following options within an OpenSSH server configuration is used to determine whether the root user can log in directly with an SSH client?

1. PermitRootLogin
2. AllowRoot
3. RootLogin
4. PermitDirectRootLogin

Which of the following commands executes a port scan using TCP connect to the host 192.168.2.3?

1. portscan 192.168.2.3
2. nmap -sT 192.168.2.3
3. maphost 192.168.2.3
4. tcpscan -C 192.168.2.3

Which option to the ssh command is used for X11 application forwarding?

1. -X11
2. -A
3. -X
4. -F

Which option to gpg should be used in order to specify the destination for the encrypted file?

1. --dest
2. --output
3. --destination
4. --out

Which command is used to add keys to the SSH agent?

1. ssh-keyadd
2. ssh-add
3. ssh-ed
4. ssh-cat

Which option to the passwd command sets the maximum password age until the password needs to be changed?

1. -a
2. -x
3. -l
4. -r

Which option to the ulimit command enables setting of a limit on memory that can be locked?

1. -l
2. -x
3. -b
4. -t

Which of the following commands prints a list of existing users from the password file?

1. passwd --list
2. cat /etc/passwd | cut -d':' -f1
3. grep "USERS" /etc/passwd
4. lookup --user

You are defining a service in /etc/xinetd.conf. Which option is used to configure the times that access to the service is allowed?

1. time_allowed
2. access_times
3. timed_access
4. access_when

What file extension is used for interprocess communication service units that are controlled by systemd?

1. .socket
2. .ipc
3. .comm
4. .intercom

You are generating a host key for the SSH server with ssh-keygen and want to ensure that the key does not require a password when the SSH server starts. Which command-line option accomplishes this task?

1. -p
2. -P
3. -N
4. -d

When working with the /etc/shadow password file, you see passwords beginning with $1$. What algorithm does $1$ indicate has been used for password storage?

1. MD5
2. Blowfish
3. RIN
4. PIK

Which option to gpg creates a detached signature?

1. --sig
2. --detach-sig
3. --det-sig
4. --sgn-det

Which of the following best describes the role of server host keys for SSH?

1. The server host key is used to connect to remote servers.
2. The server host key is used for encrypting SSL communications.
3. The server host key is used for client connections and provides a means by which the client can verify that the server has not changed.
4. The server host key provides secure DNS resolution.

When using a custom client configuration for SSH, which option specifies the key that will be used to connect to the host?

1. KeyFile
2. IdentityFile
3. Key
4. HostKey

Which of the following commands is used as a daemon process to manage private keys for GnuPG?

1. gpgpkd
2. gpg_pkd
3. gpg-agent
4. gpg-pkagent

You need to enable editing of certain files with root privileges but do not want to grant sudo access to an editor such as vim due to the possibility of a shell escaping. Which command can be used in place of vim to provide privileged editing of files?

1. suvim
2. nano
3. sudon
4. sudoedit

Which option to the ssh command enables changing the login name for a given host?

1. -l
2. -u
3. -a
4. -m

Which option to the usermod command changes a username?

1. -l
2. -u
3. -a
4. -m

After specifying the key server, which option to gpg is used to specify the key to send to the key server?

1. key-name
2. keyname
3. send-keys
4. sendkey

Which of the following represents a group called admins within /etc/sudoers?

1. @admins
2. admins
3. -admins
4. %admins

Which limits-related option is used to control the maximum file size that a user can create?

1. filesize
2. maxfile
3. fsmax
4. fsize

You are using an SSH server over a poor network connection but would like to maintain the connection in the event of keepalive messages being lost. Which client option can be set to set the number of keepalive messages that can be lost before the client will terminate the connection?

1. ServerTerminateCount
2. ServerAliveCountMax
3. ServerKeepAliveCount
4. ServerClientKeepAliveCount

If the /etc/nologin file exists and is in use preventing users from logging in, which file can be used to provide a message to those users who are refused a login?

1. /etc/login.mesg
2. /etc/login.disabled
3. /etc/nologin
4. /etc/nologin.message

Which option to ssh-add specifies the lifetime that a key is held in the agent?

1. -t
2. -a
3. -l
4. -c

Which option for an SSH connection sets up a remote forwarding scenario?

1. -R
2. -r
3. -e
4. -d

Which option to chage sets the number of days that a user will be warned before they need to change their password?

1. -w
2. -W
3. -t
4. -a

Another administrator made a change on the system that resulted in the /etc/shadow file becoming corrupted. Which of the following can be used to recover quickly?

1. The /etc/shadow.bak file
2. The /etc/shadow- file
3. The latest backup in /var/backups/
4. Single-user mode

When examining the documentation for a service, you notice that it can use libwrap. What functionality does libwrap enable?

1. Start/stop from remote
2. TCP wrappers
3. DNS resolution
4. Shadow passwords

Which option within /etc/sudoers enables the use of an alias for a group of users?

1. User_Alias
2. User_Group
3. User_List
4. User_Spec

You are using nmap to scan a host for open ports. However, the server is blocking ICMP echo requests. Which option to nmap can you set in order to continue the scan?

1. -P0
2. -no-ping
3. -s0
4. -ping-0

Which option within a server-wide SSH client configuration specifies the name and location of the known hosts file to use?

1. KnownHosts
2. UserKnownHosts
3. UserKnownHostsFile
4. UserKnownHostsFilePath

You need to generate a host key for SSH using ssh-keygen that has been generated with DSA rather than RSA. Which option and argument to that option will create a DSA key?

1. -k dsa
2. -a DSA
3. -t dsa
4. -h dsa

The total number of users logged in can be found with which argument to the who command?

1. -t
2. -e
3. -q
4. -l

Which option to the passwd command unlocks an account?

1. -t
2. -u
3. -r
4. -l

Which option for user limits sets the maximum number of logins that a user can have on the system?

1. maxsyslogins
2. maxuserlogins
3. maxlogins
4. kennyloggins