IS3440 CHAP 7 NETWORKS, FIREWALLS, AND MORE Flashcards
(COMMAND) ___ lists the configured profiles of various commands and services.
(COMMAND) apparmor_status
(COMMAND) ___ is a service for running administrative jobs on a one-time basis; protected by the /etc/at.allow and /etc/at.deny files.
(COMMAND) at
(COMMAND) ___ is a SELinux command that can be used to change the AVC contexts associated with a file.
(COMMAND) chcon
(COMMAND) ___ is a service for running administrative jobs on a regular basis; protected by the /etc/cron.allow and /etc/cron.deny files.
(COMMAND) cron
(COMMAND) ___ is a SELinux command that returns the context settings of a specified file or directory.
(COMMAND) secon
(COMMAND) ___ Is a SELinux command that returns the overall status of SELinux on the local system.
(COMMAND) sestatus
___ in security, is an access permission represented by a bitmap; commonly stored for SELinux security in an ___ ___ cache.
Access vector
___ is an access permission associated with SELinux.
(AVC) Access vector cache
___ is a mandatory access control system used to create security profiles for different programs. Uses Linux security modules in the kernel. Not compatible with SELinux.
(AppArmor) Application Armor
___ is a protocol for validating users before allowing access, which includes a challenge to verify the identity of a user.
(CHAP) Challenge-Handshake Authentication Protocol
___ Is an attack based on overloading a network service, denying access to regular users. Not all are malicious, as they can be accidental results of certain types of connection attempts. Nevertheless, they should be blocked or slowed down as if they were attacks.
(DoS) Denial of service attack
___ is a professional organization; it is also the group behind standards such as 802.11 for wireless communication.
(IEEE) Institute of Electrical and Electronics Engineers
___ is a group of standards for digital transmission of voice and data over the public switched telephone network.
(ISDN) Integrated Services digital Network
___ is the organization responsible for domain names, IP addresses, and Transmission Control Protocol/Internet Protocol (TCP/IP) protocols on the internet.
(IANA) Internet Assigned Numbers Authority
___ supports atuomated Internet Protocol (IP) addressing without a Dynamic Host Configuration Protocol (DHCP) server. Related to Microsoft’s automatic private IP addressing and Apple’s Bonjour protocols. Communicates using both TCP and UDP over port 5353.
(mDNS) Multicast Domain Name Service protocol
___ is a protocol for validating users before allowing access.
(PAP) Password Authentication Protocol
____ is a reference to the current digital telephone network.
(PSDN) Public switched data network
___ is a reference to the regular telephone for voice communications.
(PSTN) Public switched telephone network
___ is a system for remote user authentication, frequently used to authenticate connections over telephone modems.
(RADIUS) Remote Authentication Dial in User Service
___ is a mandatory access control system that uses Linux security modules in the kernel. Developed by the US National Security Agency. Not compatible with AppArmor.
(SELinux) Security Enhanced Linux
___ is an access control list system for services associated with the internet super servers. It also can protect services linked to the
libwrap.so.0 library.
TCP Wrappers
___ is a modulator-demodulator for translating data bits into the sine waves associated with the PSTN. Cable ___ and DSL modems are not true modems, as they do not modulate or demodulate data.
Telephone modem
___ is a method for interpreting the emissions from computer displays to recover the associated image.
Van Eck phreaking
___ is software that can help detect unauthorized attacks on a wireless network; one example is available from the aircrack-ng package.
(WIDS) Wireless intrusion detection system
- Well known TCP/IP ports range from ___ to ___.
0 to 1023
- The (command) nmap checks for open ports on a remote system.
TRUE OR FALSE
TRUE
- Which of the following configuration files is considered first with respect to TCP Wrapper security?
- /etc/inetd.conf
- /etc/xinetd.conf
- /etc/hosts.allow
- /etc/hosts.deny
/etc/hosts.allow
- Which of the following library files is associated with TCP Wrappers?
- /etc/libwrap/so/0
- /lib/libwrap.so.0
- /usr/lib/libwrap.so/0
- /var/lib/libwrap.so.0
/lib/libwrap.so.0
- Which of the following iptables command switches adds a rule to the middle of a chain?
- -A
- -I
- -L
- -C
-I
- Which of the following actions is NOT used with the -j switch for the iptables command?
- DROP
- REJECT
- LOG
- FORWARD
FORWARD
- The iptables command switch associated with a destination port is ___.
–dport
- The PSDN network is associated with regular telephone modems.
TRUE OR FALSE
FALSE
- Which of these files must exist for regular users to access the a t daemon?
- /etc/a t
- /etc/a t.deny
- /etc/a t.conf
- /etc/a t.a t.deny
/etc/a t.deny
- which of the following IEEE protocols is most closely associated with wireless networking?
- 802.3
- 802.5
- 802.11
- 802.15
802.11
- Which of the following commands lists the SELinux characteristics of a file?
- ls filename
- ls -SE filename
- ls -l filename
- ls -Z filename
s -Z filename
- Which of the following commands can be used to customize the SELinux characteristics of a file?
- fixfiles
- chcon
- restorecon
- secon
chcon
- To start the SELinux Troubleshooter in a GUI, run the following command: _____.
sealert -b
- Which of the following directories include active AppArmor profiles?
- /etc/apparmor/
- /etc/apparmor.d/
- /use/share/doc/apparmor-profiles/extras/
- /usr/share/doc/apparmor-profiles/
/etc/apparmor.d/
