FinalExam

Question 1

The Structure of iptables is: Tables -> Chains
->Policies -> Rules.

Answer 1

False

Question 2

Which of the following sets the default policy for the INPUT chain as silently discarding the incoming packets

Answer 2

iptables -P INPUT DROP

Question 3

Which of the following iptables commands flushes all rules in the OUTPUT chain only

Answer 3

iptables -F OUTPUT

Question 4

Which of the following commands append a rule that blocks outgoing traffic to facebook.com on TCP port 443 from the subnet of 10.11.22.33/24

Answer 4

iptables -A OUTPUT -p tcp –dport https -d facebook.com -s 10.11.22.33/24 -j DROP

iptables -A OUTPUT -s 10.11.22.33/24 -d facebook.com -p tcp –dport 443 -j DROP

Question 5

Which of the following commands append a rule that allow traffic to TCP ports from 10 to 20 from any source IP addresses.

Answer 5

iptables -A INPUT -p tcp -m multiport –dports 10:20 -j ACCEPT

Question 6

Both “iptables -L -n OUTPUT” and “iptables-save” show the current iptables rules, while the latter shows the commands that were used to configure the rules

Answer 6

False

Question 7

Which of the following deletes the third rule in the INPUT chain

Answer 7

iptables -D INPUT 3

Question 8

Which of the following allows incoming SSH traffic from the subnet of 16.17.18.0./8 whose connection status are new or established

Answer 8

iptables -A INPUT -p tcp -s 16.17.18.0/8 –dport 22 -m conntrack –ctstate NEW,ESTABLISHED -j ACCEPT

iptables -A INPUT -s 16.17.18.0/8 -p tcp –dport ssh -m state –ctstates ESTABLISHED,NEW -j ACCEPT

Question 9

Which of the following is NOT a characteristic of a Bastion host?

Answer 9

cannnot be a virtual machine

Question 10

SSH’s dynamic port forwarding feature(the -D option when issuing ssh command) can create a SOCKS proxy

Answer 10

true

Question 11

Given the following iptables rule:

iptables -A INPUT -p tcp –syn -m limit –limit 1/s –limit-burst 3 -j drop

Any syn traffic exceeding 3 packets with in a second will be dropped.

Answer 11

False

Question 12

The following is legitimate iptables command:
iptables -A INPUT -s 192.168.1.0/24 -p udp –syn –dport http -j DROP

Answer 12

False

Question 13

The followings 3 rules are designed for blocking ICMP (ping) flooding attacks.

iptables -F
iptables -A INPUT -p icmp -m limit –limit 1/min –limit-burst 3 -j ACCEPT
iptables -A INPUT -p icmp -j DROP

If “iptables -A INPUT -p icmp -j DROP” (i.e., the third rule) is replaced by “iptables -P INPUT DROP’’, it could achieve the same effects.

Answer 13

True

Question 14

Which of the following commands can be used to save current rules in the memory?

Answer 14

iptables-save

Question 15

Which of the following is a common feature of a device placed in a DMZ?

Answer 15

It has limited connectivity to the internal network, but can be accessed from the Internet.

Question 16

Which of the following files contains the mount (e.g., folders) and their access information of NFS?

Answer 16

/etc/exports

Question 17

Which of the following commands can restart the NFS service?

Answer 17

systemctl restart nfs-server

Question 18

Which of the following can show the folders currently shared by NFS?

Answer 18

exportfs -v

showmount -e

Question 19

Which of the following commands reload NFS configurations?

Answer 19

exportfs -arv

Question 20

If a file has the suid flag set, it should NOT be allowed to run on a NFS shared folder by default

Answer 20

TRUE

Question 21

There is no difference between /home bob.example.com(rw) and /home bob.example.com (rw) in /etc/exports. Note that there is a space between bob.examples.com and (rw) in the latter one.

Answer 21

False

Question 22

The automatic mount/ unmount feature of a NFS folder needs to be set on the server side using the autofs utility.

Answer 22

FALSE

Question 23

On a NFS server, how would you allow readonly access to /opt for any host in the 192.169.100.0/24 subnet, and read-write access from any hosts in tcu.edu?(choose all that apply)

Answer 23

/opt 192.168.100.0/24(ro)

/opt *.tcu.edu(rw)

/opt 192.168.100.0/24(ro) *.tcu.edu(rw)

Question 24

What configuration file do you edit to add NFS entries to be mounted on an NFS client machine on boot?

Answer 24

/etc/fstab

Question 25

The root_squash option will squash the root user, while the all_sqaush option will squash all regular users except the root user.

Answer 25

False

Question 26

Which of the following commands mounts the /home directory hierarchy that resides on a NFS file server whose DNS name is plum.edu on your local system? Assume that the mounted directory hierarchy will appear as /plum.home on the local system.

Answer 26

mount -t nfs plum.edu:/home /plum.home

Question 27

After mounting an NSF folder, John found that he could not create files on the mounted folder (got permission denied error). What are the possible causes?

Answer 27

The sharing option on the NFS server was ro for the John’s computer
The squashed user ID does not have write permission on the folder

Question 28

What is a critical consideration when configuring NFS in terms of security?

Answer 28

Implementing proper access controls and permissions.

Question 29

Someone proposed to purchase diskless workstations that will use NFS to store user data and function as the SWAP space for their operating system (OS). Is this solution possible?

Answer 29

TRUE

Question 30

What is the primary function of autofs?

Answer 30

To automatically mount and unmount file systems on demand.

Question 31

Which of the following is the main Apache configuration file in Fedora?

Answer 31

httpd.conf

Question 32

Which of the following folders contains additional Apache configuration files on Fedora

Answer 32

/etc/httpd/conf.d

Question 33

What is the purpose of DocumentRoot in httpd configuration?

Answer 33

The top-level directory in the document tree visible from the web

Question 34

Which of the following specifies the location where the apache web server looks for its configuration files?

Answer 34

ServerRoot

Question 35

If you failed to start Apache (i.e., httpd for web services) with the systemctl command, which log should you check for possible causes?

Answer 35

journalctl –unit httpd -b

Question 36

Virtual hosting can be based on which of the following? (Choose all that apply)

Answer 36

Name-based
IP-based

Question 37

HTTPS configuration related entries can be placed in a separate file such as ssl.conf or inside the main configuration file of Apache/Nginx

Answer 37

TRUE

Question 38

After successfully starting the Apache server, you opened a browser and found out that one page does not load. Which log files should you check? (Choose all that apply)

Answer 38

tail /var/log/httpd/error_log
tail /var/log/httpd/access_log

Question 39

What is Virtual Hosting? (Choose the best answer)

Answer 39

Host multiple websites on a single instance

Question 40

We can run two different Apache servers at one time on a Linux machine, but the condition for that is they should listen on different ports and we can change the ports with Listen directive of Apache.

Answer 40

True

Question 41

How to ensure Apache listens to a specific IP address and a specific port on a server?

Answer 41

In the httpd configuration file, use the Listen option as follows

Listen IP-Address:port

Question 42

The ServerAdmin directive in the httpd configuration file specifies

Answer 42

The server’s administrator’s email address.

Question 43

What does the Options directive do in an Apache configuration context?

Answer 43

Sets the various behaviors available in particular directory scopes, like allowing or disallowing file listings

Question 44

When setup password protected access on Apache, which command and option should be used to create the first authenticated user.

Answer 44

htpasswd -c

Question 45

The Include directive is used in the httpd configuration for what purpose?

Answer 45

To include other configuration files.