IS3440 CHAP 12 BUILDING AND MAINTAINING A SECURITY BASELINE Flashcards
COMMAND ___ is a log priority that specifies problems that require immediate attention.
alert
COMMAND ___ is the lowest log priority; also provides the greatest detail.
debug
COMMAND ___ is a log priority that specifies very important messages; may also be shown as COMMAND panic or crit.
emerg
COMMAND ___ is a log priority that adds error messages; may also be shown as COMMAND error.
err
COMMAND ___ is a log priority that adds logging notes at the information level.
info
COMMAND ___ is a log priority that includes messages that might require attention.
notice
COMMAND ___ is a log priority that provides warning messages; may also be shown as COMMAND warning.
warn
___ is an intrusion detection system; available in both Red Hat and Ubuntu repositories.
(AIDE) Advanced Intrusion Detection Environment
___ is the Red Hat installation program.
Anaconda
___ is the latest system for system and kernel logs; also supports secure transmission of log information to a central logging server.
RSyslog
___ is an intrusion detection system; open source and commercial versions are available.
Tripwire
- Which of the following options support remote updates from a Web-based interface?
- Minimal installation
- No automatic updates
- Install security updates automatically
- Manage system with Landscape
Manage system with Landscape
- Which of the following package groups are included in a default RHEL 5 installation?
- Automatic updates
- KDE
- GNOME
- Secure Shell server
GNOME
- What is the mount option that disables executable binaries in an /etc/fstab configuration file?
noexec
- which of the following directories is normally NOT appropriate as a read-only filesystem?
- /boot/
- /home/
- /root/
- /sbin/
/home/
- Which of the following directories is a standard location for packages downloaded from an Ubuntu repository?
- /var/cache/apt/
- /var/cache/yum/
- /tmp/
- /root/
/var/cache/apt/
- Which of the following is NOT a reason to test updates before installing them on a gold baseline?
- Potential effects on compiled software
- Support issues with third-party software
- Source code is unverified
- Potential interactions with other software
Source code is unverified
- Which of the following log priorities provides the most important messages?
- debug
- err
- info
- notice
err
- In a Samba log file, which of the following is associated with the %m variable?
- Username
- Hostname
- Service version
- User profile
Hostname
- What option in the /etc/syslog.conf configuration file includes MAIL messages of only the INFO priority? Use the facility.priority format.
mail.=info
- which of the following modules is associated with system logging in an Syslog configuration file?
- imuxsock
- imklog
- imudp
- imtcp
imuxsock
- Which of the following symbols in an Syslog configuration file is associated with UDP connections?
- !
- @
- @@
- =
@
- What is the simplest command that includes all packages on an Ubuntu system?
dpkg -1
- Which of the following commands can best collect information on the activity on a system?
- top
- sar
- vmstat
- free
sar
- Which of the following configuration files includes Tripwires configuration policies in a human-readable format?
- twcfg.txt
- tw.cfg
- twpol.txt
- twpol.enc
twpol.txt
- What command switch inspects the current configuration, comparing it with a previously derived baseline configuration? This switch works with both the TRIPWIRE and AIDE commands.
- –inspect
- –check
- –compare
- –review
–check
