IS3440 CHAP 1 SECURITY THREATS TO LINUX Flashcards
____ a web server service used primarily on Linux.
APACHE
____ is a Parkerian hexad concept related to the CIA triad concept of integrity. It can help users and administrators verify that important communications, are genuine.
AUTHENTICITY
___ a CIA triad concept in which users have access to their data when they want it.
AVAILABILTIY
___ is the first thing that is run when you power up an older computer. It identifies and tests connected hardware to a point where an operating system can be loaded from media such as a hard drive.
BASIC INPUT/OUTPUT SYSTEM (BIOS)
___ is a user who wants to break into computer systems and networks with malicious purposes in mind.
BLACK-HAT HACKER
___ is the private company that is the corporate backer of the Ubuntu distribution.
CANONICAL
___ is a vendor-neutral certification for information security created by (ISC) that requires professional experience in multiple security domains.
CERTIFIED INFORMATION SYSTEMS SECURITY PROFESSIONS (CISSP)
___ this specifies three goals of information security: confidentiality integrity, and availability.
CIA TRIAD
___ is one of the ISECOM channels for security audits.
COMMUNICATIONS SECURITY (COMSEC)
___ in the open source community, this is a malicious user who wants to break into a computer system.
CRACKER
___ is one of several open source licenses used to share the source code for software.
GNU GENERAL PUBLIC LICENSE (GPL)
___ is the open source implementation of PGP, developed by the GNU Foundation.
GNU PRIVACY GUARD (GPG)
___ is a recursive acronym for the work of the GNU Foundation, including the clones of UNIX tools and libraries found in current Linux distributions.
GNU’S NOT UNIX (GNU)
____ is a US law that specifies confidentiality requirements for personal financial data.
GRAMM-LEACH-BLILEY ACT (GLBA)
____ is the organization associated with open source security certification and testing. It qualifies security professionals with four professionals with four certificates.
OSPA; OSPE; SOPT, AND OWPE.
(ISECOM) INSTITUTE FOR SECURITY AND OPEN METHODOLOGIES
___ is a CIA triad concept of trust, verified by means such as GPG key.
INTEGRITY
___ is an organization for security professionals. It qualifies professionals through the SSCP and CISSP certifications.
(ISC)2 INTERNATIONAL INFORMATION SYSTEMS SECURITY CERTIFICATION CONSORTIUM
____ is part of the Transmission Control Protocol/Internet Protocol suite of protocols. It is normally used to send error and network status messages.
(ICMP) INTERNET CONTROL MESSAGE PROTOCOL
____ is a version of the Internet Protocol still in common use today that the addresses use 32 bits.
(IPv4) INTERNET PROTOCOL VERSION 4
___ is a more recent version of the Internet Protocol in common use that the addresses use 128 bits.
(IPv6) INTERNET PROTOCOL VERSION 6
____ is a security control system that limits access to objects such as files and directories to specified users and groups.
MANDATORY ACCESS CONTROL
This is a reference to network address translation where private Internet Protocol (IP) addresses on a network ______ with a public IP address, normally the gateway address to the network.
MASQUERADING
___ is a file-sharing system connected to a network, normally using file-sharing protocols such as Samba.
(NFS) NETWORK FILE SYSTEM
___ is a manual for security audits, testing, and analysis, created through ISECOM.
(OSSTMM) OPEN SOURCE SECUIRTY TESTING METHODOLOGY MANUAL
___ is a certification sponsored by ISECOM for professionals who can assess legal requirements, design security tests, and measure controls in the context of the scientific method.
(OSPA) OSSTMM PROFESSIONAL SECURITY ANALYST
___ is a certification sponsored by ISECOM for Linux professionals qualified to use various security programs.
(OSPE) OSSTMM PROFESSIONAL SECURITY EXPERT
___is a certification sponsored by ISECOM for Linus professionals qualified to use various security programs.
(OSPT) OSSTMM PROFESSIONAL SECURITY TESTER
___ is a certification sponsored by ISECOM for professionals who can audit a wireless network infrastructure.
(OWSE) OSSTMM PROFESSIONAL WIRELESS SECURITY EXPERT
___ are supplements the CIA triad goals of confidentiality, integrity, and availability with three more goals:
POSSESSION OR CONTROL, AUTHENTICITY, AND UTILITY.
PARKERIAN HEXAD
___ is a sequence of characters used to control access, frequently used to verify connections to encrypted services such as SSH. This can use spaces.
PASSPHRASE
___ is one of the ISECOM channels for security.
(PHYSSEC) PHYSICAL SECURITY
___ is a malicious packet of ICMP data to a system that may be used to crash a target computer system.
PING OF DEATH
____ is a Parkerian hexad concept for control of confidential information.
POSSESSION OR CONTROL
___ is a program that encrypts messages and more with digital signatures based on private and public encryption keys. (First, the sender can use a private ___ key to encrypt a message, then the recipient can use a public ___ key to decrypt that message.)
(PGP) PRETTY GOOD PRIVACY
___ is a file and printer sharing service compatible with Microsoft’s Common Internet File System.
SAMBA
___ is a US law that specifies financial-disclosure requirements for public companies.
(SOX) SARBANES-OXLEY ACT
___ is one of the ISECOM channels for security audits, related to non-physical communications over the electromagnetic spectrum.
(SPECSEC) SPECTRUM SECURITY
___ is an attack where a malicious user assumes the identity of another user or organization.
SPOOFING
___ is a service that caches internet data to speed response times that can also track the sites browsed by users.
SQUID
___ is a vendor-neutral certification for information security created by (ISC)2. It is suited to candidates working toward becoming security professionals.
(SSCP) SYSTEMS SECURITY CERTIFIED PRACTITIONER
___ is a protocol and service that uses clear-text authentication.
TELNET
___ is a member of the protocol suite that supports reliable connections.
(TCP) TRANSMISSION CONTROL PROTOCOL
___ is the first thing that is run when you power up a relatively new computer. It identifies and tests connected hardware to a point where an operating system can be loaded from media such as a hard drive.
(UEFI) UNIFIED EXTENSIBLE FIRMWARE INTERFACE
___ is a member of the (TCP/IP) protocol suite that supports congenialness “best-efforts” communications.
(UDP) USER DATAGRAM PROTOCOL (UDP
___ in the Linux community, this is a user who wants to create better software. In the non-Linux community, it is an authorized user who runs security diagnostic tools to test the security features of a system or network.
WHITE HAT HACKER
- Which of the following terms is associated with malicious users in the open source community?
- Hacker
- Crackers
- Techies
- Nerds
Crackers
- Which of the following concepts is NOT part of the CIA triad?
- Authority
- Access
- Authenticity
- Availability
Authenticity
- Which of the following security certifications is associated with open source software?
- SSCP
- CISSP
- RHCE
- OSPA
OSPA
- Which of the following OSSTMM channels is associated with wireless security?
- COMSEC
- SPECSEC
- PHYSSEC
- WIRESEC
SPECSEC
- Which of the following is NOT an OSSTMM audit phase?
- Licensing
- Regulatory
- Definitions
- Information
Licensing
- Which of the following components makes up the core of the Linux operating system?
- Cloned software from UNIX
- The kernel
- Linux libraries
- Linux services
The kernel
- Which of the following is na open source license?
- Freeware
- Public domain
- GNU GPL
- Any Microsoft license
GNU GPL
- From the following options, name the component that is NOT part of a Linux User Domain.
- Regular users
- Regular groups
- Service users
- Computer users
Computer users
- From the following options, select a security advantage of open source software.
- The efforts of the open source community
- Secrecy in the source code
- No information is released before a solution is available
- None of the above
The efforts of the open source community
- Which of the following methods can be used to recover from an unbeatable situation in Linux, minimizing any risk of lost data? (Select two).
- Recovery mode
- Live CD
- Reinstalling Linux
- UEFI modification
Recovery mode
Live CD
- From the following list, which is a system management tool for Linux?
- Red Hat Zenworks
- The Ubuntu
- Landscape
- Systems management server
Landscape
- Which of the following is a positive effect of virtualization on security?
- Many virtual machines will confuse malicious users
- Virtual machines can be configured with many services
- Virtual machines can be configured as firewalls
- Additional virtual machines make it possible to configure more bastion hosts.
Additional virtual machines make it possible to configure more bastion hosts.
- A developer who just wants to create better software in the open source world ins known as a ___.
Hacker
- The open source license associated with the GNU project is ___.
General Public License
also acceptable:
GPL, GNU, GPL, GNU General Public License
