Lect99 - Example papers Flashcards

1
Q

The /proc directory is a location for

A

Virtual file system for process and kernel information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

The /etc directory is a location for

A

Configuration files

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

The passwd file can be found in

A

/etc

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

To transfer ownership of the file toto from dave to nicola type

A

chown nicola toto

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

The /etc/services file contains

A

a list of port mappings for the system (tcp and udp)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

To set the read, execute permission of the file toto for group and other type

A

chmod 755 toto

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

In an Ubuntu system, the command sudo apt-get dist-upgrade is used to

A

Upgrade an existing installation and add new packages if needed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

To identify which shell an user is using, (s)he looks in

A

/etc/passwd (shows default shell)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

The command ls -lh is used to show:

A

a long listing of a file or directory of files, including permissions mod time and size in human readable format.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

The /bin directory is a

A

directory for common executables

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

The /sbin directory is a location for

A

for system executables usually used by root

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

To view the boot message from the kernel type:

A

dmesg

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

To show the IP address of the current host, type:

A

ifconfig

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

The command ls [t][ne]* is used to list:

A

files that start with the letter t followed by either an n or e

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

The /usr directory is a

A

user binaries, libraries and other software (the majority of the system is in here)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

The command cat /etc/passwd | egrep /bin/bash is used to show:

A

entries in /etc/passwd that contain the string /bin/bash

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

To run a command vi as root, type:

A

sudo vi or su – vi

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

To extract the usernames of all users on your system from /etc/passwd type:

A

cat /etc/passwd | awk -F’:’ ‘{print $1}’ cat /etc/passwd | cut -d’:’ -f1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

To count the lines in a file toto, type:

A

cat toto | wc -l

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

To print the result of the command who to a file users.txt, type:

A

who > users.txt

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Change to home directory

A

cd /home cd ~

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Move a file

A

mv file /destination/file

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Delete lines 2 to 3 of a file called toto

A

sed -e ‘2,3d’ toto

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Create a directory tata

A

mkdir tata

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Extract characters 6 to 8 from each line of a file called data

A

cut -c 6-8 data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

To display the content of a text file

A

cat file less file

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

To display all lines in a file called toto that contains a number

A

grep [:digit:] toto

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Display all lines of the file data that contain a number from 0 to 9

A

grep [0-9] toto

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Calculate the SHA1 hashes of all files in a directory without showing filenames

A

sha1sum * | cut -d’ ‘ -f1 sha1sum * | awk ‘{print $1}’

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Display all lines except line 10 of file toto

A

sed -e ‘10d’ toto

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Search for the string “hacker” in ps.dd

A

grep -a hacker ps.dd

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Search for IP addresses in ps.dd and place the results in a file called IP.log

A

egrep -a –color=always ‘([0-9]{1,3}.){3}[0-9]{1,3}’ ps.dd > IP.log

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Search for Friday May 26, 2017 and “gmail” in the IP.log file above

A

egrep ‘Friday May 26, 2017.*gmail’ IP.log

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Extract lines that contain the userID=12345 from the file IP.log and place the results in a file called User.log

A

grep ‘userID=12345’ IP.log > User.log

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Extract lines that contain the email address from the file User.log above

A

grep “email address” User.log

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

List the first ten characters of the SHA1 sum of sp.e01

A

sha1sum sp.E01 | cut -c 1-10

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

Convert sp.E01 to a raw image

A

ewfexport sp.E01

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

List the partitions in the image, reporting in units of sectors

A

mmls sp.E01

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

List the file system of its bootable partition

A

fls -o 48195 sp.E01

40
Q

Mount its Windows NTFS partitions

A

mkdir /mnt/ewf mkdir /mnt/part2 mkdir /mnt/part4 ewfmount sp.E01 /mnt/ewf mount -o loop,offset=$(48195*512) /mnt/ewf/ewf mnt/part2 mount -o loop,offset=$( *512) /mnt/ewf/ewf /mnt/part4

41
Q

The /var directory is a location for

A

data which may be modified in real time by programs

42
Q

The /mnt directory is a location for

A

directory in which to mount devices

43
Q

To show the currently mounted partitions on a Linux system, type:

A

mount -l

44
Q

The command netstat -l is used to show:

A

only listening socket

45
Q

The command ls -lSr is used to show:

A

lists files in current directory with long listing, sorting the list by file size

46
Q

To substitute more than one occurrence per line of ‘one’ with ‘two’ in file called toto, type:

A

sed ‘s/one/two/g’ toto

47
Q

To find every occurrence of the word car in a file called engines, type:

A

grep car engines

48
Q

To see if user ryan is logged on, type:

A

who | grep ryan

49
Q

To display all lines in a file called engines that contain three characters long, starting with a capital letter and ending with a digit, type:

A

grep [[:upper:]].[[:digit:]] engines

50
Q

In Linux, to identify the type of a file, the file command is based on:

A

The header of a file

51
Q

In Linux, to list the content of an archive toto.tgz, type:

A

tar tzvf toto.tgz

52
Q

To print usernames from /etc/passwd, type:

A

awk –F: ‘{print $1}’ /etc/passwd

53
Q

To calculate the MD5 hashes of all files in a directory without keeping filenames, type:

A

md5sum * | cut –c1-32

54
Q

The output of the command grep -q $(md5sum toto | cut –c1-32) hashes.txt && echo Match is:

A

Match, if the MD5 hash of the file toto exists in hashes.txt

55
Q

The command dd if=/dev/hda of=~/hdadisk.img is used to:

A

create an image of hda device

56
Q

The command xxd -l 120 -c 20 toto prints:

A

hexdump the first 120 bytes with 20 bytes per line of the file toto

57
Q

The command sfdisk -l -uS able2.dd :

A

shows partition table of the disk image able2.dd

58
Q

To change directory to the last directory, type:

A

cd -

59
Q

To view the boot message from the kernel type:

A

dmesg

60
Q

To calculate the SHA1 hashes of all files in a directory, type:

A

sha1sum *

61
Q

In Ubuntu, to check who is running what, type:

A

top

62
Q

The command icat -o 10260 able2.dd 2139 > lrkn.tgz.2139:

A

recovers a deleted file from the image able2.dd and store to a report file

63
Q

The command dd if=/dev/hdx | gzip > ~/image.gz is used to:

A

create an image of hdx device

64
Q

The command fls -o 10260 –r able2.dd:

A

provides file system specific information about the file system of able2.dd

65
Q

To sum file sizes of all files stored in an archive toto.tgz, type:

A

tar tzvf toto.tgz | awk ‘{ sum += $3} END {print “Total size: ” sum “ bytes.”}’

66
Q

ls -lh

A

List directory contents in long format with human readable sizes.

67
Q

head -n13 file1.txt

A

Print first 13 lines.

68
Q

cp file1 file2

A

Copy file1 to file2

69
Q

mkdir /mnt/usb/evidence

A

Create directory called “evidence” under /mnt/usb

70
Q

wc -l filename

A

Count lines in file “filename”

71
Q

cat /etc/passwd | egrep /bin/bash

A

Print all lines of /etc/passwd that contains /bin/bash

72
Q

cut -d: -f1 /etc/passwd

A

Prints all usernames of /etc/passwd

  • d : delimiter
  • f1 : field number
73
Q

grep [[:upper:]] engines

A

Print all lines that contain at least one upper case letters.

74
Q

tail /etc/passwd > smallpass

A

Output the last 10 lines of file /etc/passwd to smallpass

75
Q

awk –F: ‘{print $1}’ /etc/passwd

A

Prints out username from /etc/passwd

76
Q

Rename a file:

A

mv file1 file2

77
Q

Delete a file:

A

rm file1

78
Q

Find differences between file1 and file2:

A

diff file1 file2

79
Q

Create a file:

A

touch file1

80
Q

Display a file:

A

cat file1

81
Q

To display lines in a file:

A

sed -n 2p file.txt

82
Q

Count the number of lines in a file:

A

wc -l filename

83
Q

Calculate the MD5 hashes of all files in a directory:

A

find . -type f -exec md5sum {} \;

84
Q

Extract files in a tarball:

A

tar xvf filename

85
Q

Extract a field from a file:

A

cut -d: -f1 filename

86
Q

List the first five characters of the MD5 sum of file.e01:

A

md5sum filename | cut -c1-5

87
Q

Convert suspect.E01 to a raw image:

A

ewfexport -t [NewFileName] -f raw -u suspect.E01

88
Q

List the partitions in the image suspect.e01:

A

mmls suspect.e01

89
Q

List the file system of a partition, which starts at sector 48:

A

fsstat -o 48 suspect.e01

90
Q

Mount a Linux partition, which starts at sector 102400:

A

mount -t ext4 -o ro,loop,offset=$((512*102400)) image.raw /mnt/hdd

91
Q

Check the file type of access_log:

A

file access_log

92
Q

Print the number of lines in this file of access_log:

A

wc -l access_log

93
Q

Display and sort the first column of access_log:

A

cat access_log | awk ‘{print $1}’ | sort

94
Q

Display and filter out duplicates in the first column of access_log:

A

cat access_log | awk ‘{print $1}’ | sort -u

95
Q

Count the number of different IP addresses (suppose that the first column contains the IP addresses) of access_log:

A

cat access_log | awk ‘{print $1}’ | sort -u | wc -l