FinalExam Flashcards

1
Q

The Structure of iptables is: Tables -> Chains
->Policies -> Rules.

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which of the following sets the default policy for the INPUT chain as silently discarding the incoming packets

A

iptables -P INPUT DROP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which of the following iptables commands flushes all rules in the OUTPUT chain only

A

iptables -F OUTPUT

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which of the following commands append a rule that blocks outgoing traffic to facebook.com on TCP port 443 from the subnet of 10.11.22.33/24

A

iptables -A OUTPUT -p tcp –dport https -d facebook.com -s 10.11.22.33/24 -j DROP

iptables -A OUTPUT -s 10.11.22.33/24 -d facebook.com -p tcp –dport 443 -j DROP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which of the following commands append a rule that allow traffic to TCP ports from 10 to 20 from any source IP addresses.

A

iptables -A INPUT -p tcp -m multiport –dports 10:20 -j ACCEPT

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Both “iptables -L -n OUTPUT” and “iptables-save” show the current iptables rules, while the latter shows the commands that were used to configure the rules

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which of the following deletes the third rule in the INPUT chain

A

iptables -D INPUT 3

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which of the following allows incoming SSH traffic from the subnet of 16.17.18.0./8 whose connection status are new or established

A

iptables -A INPUT -p tcp -s 16.17.18.0/8 –dport 22 -m conntrack –ctstate NEW,ESTABLISHED -j ACCEPT

iptables -A INPUT -s 16.17.18.0/8 -p tcp –dport ssh -m state –ctstates ESTABLISHED,NEW -j ACCEPT

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which of the following is NOT a characteristic of a Bastion host?

A

cannnot be a virtual machine

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

SSH’s dynamic port forwarding feature(the -D option when issuing ssh command) can create a SOCKS proxy

A

true

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Given the following iptables rule:

iptables -A INPUT -p tcp –syn -m limit –limit 1/s –limit-burst 3 -j drop

Any syn traffic exceeding 3 packets with in a second will be dropped.

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

The following is legitimate iptables command:
iptables -A INPUT -s 192.168.1.0/24 -p udp –syn –dport http -j DROP

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

The followings 3 rules are designed for blocking ICMP (ping) flooding attacks.

iptables -F
iptables -A INPUT -p icmp -m limit –limit 1/min –limit-burst 3 -j ACCEPT
iptables -A INPUT -p icmp -j DROP

If “iptables -A INPUT -p icmp -j DROP” (i.e., the third rule) is replaced by “iptables -P INPUT DROP’’, it could achieve the same effects.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which of the following commands can be used to save current rules in the memory?

A

iptables-save

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which of the following is a common feature of a device placed in a DMZ?

A

It has limited connectivity to the internal network, but can be accessed from the Internet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which of the following files contains the mount (e.g., folders) and their access information of NFS?

A

/etc/exports

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Which of the following commands can restart the NFS service?

A

systemctl restart nfs-server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Which of the following can show the folders currently shared by NFS?

A

exportfs -v

showmount -e

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Which of the following commands reload NFS configurations?

A

exportfs -arv

20
Q

If a file has the suid flag set, it should NOT be allowed to run on a NFS shared folder by default

21
Q

There is no difference between /home bob.example.com(rw) and /home bob.example.com (rw) in /etc/exports. Note that there is a space between bob.examples.com and (rw) in the latter one.

22
Q

The automatic mount/ unmount feature of a NFS folder needs to be set on the server side using the autofs utility.

23
Q

On a NFS server, how would you allow readonly access to /opt for any host in the 192.169.100.0/24 subnet, and read-write access from any hosts in tcu.edu?(choose all that apply)

A

/opt 192.168.100.0/24(ro)

/opt *.tcu.edu(rw)

/opt 192.168.100.0/24(ro) *.tcu.edu(rw)

24
Q

What configuration file do you edit to add NFS entries to be mounted on an NFS client machine on boot?

A

/etc/fstab

25
The root_squash option will squash the root user, while the all_sqaush option will squash all regular users except the root user.
False
26
Which of the following commands mounts the /home directory hierarchy that resides on a NFS file server whose DNS name is plum.edu on your local system? Assume that the mounted directory hierarchy will appear as /plum.home on the local system.
mount -t nfs plum.edu:/home /plum.home
27
After mounting an NSF folder, John found that he could not create files on the mounted folder (got permission denied error). What are the possible causes?
The sharing option on the NFS server was ro for the John's computer The squashed user ID does not have write permission on the folder
28
What is a critical consideration when configuring NFS in terms of security?
Implementing proper access controls and permissions.
29
Someone proposed to purchase diskless workstations that will use NFS to store user data and function as the SWAP space for their operating system (OS). Is this solution possible?
TRUE
30
What is the primary function of autofs?
To automatically mount and unmount file systems on demand.
31
Which of the following is the main Apache configuration file in Fedora?
httpd.conf
32
Which of the following folders contains additional Apache configuration files on Fedora
/etc/httpd/conf.d
33
What is the purpose of DocumentRoot in httpd configuration?
The top-level directory in the document tree visible from the web
34
Which of the following specifies the location where the apache web server looks for its configuration files?
ServerRoot
35
If you failed to start Apache (i.e., httpd for web services) with the systemctl command, which log should you check for possible causes?
journalctl --unit httpd -b
36
Virtual hosting can be based on which of the following? (Choose all that apply)
Name-based IP-based
37
HTTPS configuration related entries can be placed in a separate file such as ssl.conf or inside the main configuration file of Apache/Nginx
TRUE
38
After successfully starting the Apache server, you opened a browser and found out that one page does not load. Which log files should you check? (Choose all that apply)
tail /var/log/httpd/error_log tail /var/log/httpd/access_log
39
What is Virtual Hosting? (Choose the best answer)
Host multiple websites on a single instance
40
We can run two different Apache servers at one time on a Linux machine, but the condition for that is they should listen on different ports and we can change the ports with Listen directive of Apache.
True
41
How to ensure Apache listens to a specific IP address and a specific port on a server?
In the httpd configuration file, use the Listen option as follows Listen IP-Address:port
42
The ServerAdmin directive in the httpd configuration file specifies
The server's administrator's email address.
43
What does the Options directive do in an Apache configuration context?
Sets the various behaviors available in particular directory scopes, like allowing or disallowing file listings
44
When setup password protected access on Apache, which command and option should be used to create the first authenticated user.
htpasswd -c
45
The Include directive is used in the httpd configuration for what purpose?
To include other configuration files.