Mastering Linux Security and Hardening
上QQ阅读APP看书,第一时间看更新
上一章目录下一章

Questions

  1. What is the best way to grant administrative privilege to users?
    A. Give every administrative user the root user password.
    B. Add each administrative user to either the sudo group or the wheel group.
    C. Create sudo rules that only allow administrative users to do the tasks that are directly related to their jobs.
    D. Add each administrative user to the sudoers file and grant them full administrative privileges.
  2. Which of the following is true?
    A. When users log in as the root user, all the actions that they perform will be recorded in the auth.log or the secure log file.
    B. When users use sudo, all the actions that they perform will be recorded in the messages or the syslog file.
    C. When users log in as the root user, all the actions that they perform will be recorded in the messages or the syslog file.
    D. When users use sudo, all the actions that they perform will be recorded in the auth.log or the secure log file.
  3. In which file would you configure complex password criteria?
  1. When using the useradd utility, what should the UMASK setting be in the /etc/login.defs file?
  2. When using the adduser utility, how would you configure the /etc/adduser.conf file so that new users' home directories will prevent other users from accessing them?
  3. What change did the National Institute for Standards and Technology recently make to their recommended password policy?
  4. Which of the following methods would you use to create sudo rules for other users?
    A. Open the /etc/sudoers file in your favorite text editor.
    B. Open the /etc/sudoers file with visudo.
    C. Add a sudoers file to each user's home directory.
    D. Open the /var/spool/sudoers file with visudo.
  5. Which three of the following utilities can you use to set user account expiry data?
    A. useradd
    B. adduser
    C. usermod
    D. chage
  6. Why might you want to lock out the user account of a former employee, rather than to delete it?
    A. It's easier to lock an account than it is to delete it.
    B. It takes too long to delete an account.
    C. It's not possible to delete a user account.
    D. Deleting a user account, along with the users' files and mail spool, might get you into trouble with the law.
  7. You've just created a user account for Samson, and you now want to force him to change his password the first time that he logs in. Which two of the following commands will do that?
    A. sudo chage -d 0 samson
    B. sudo passwd -d 0 samson
    C. sudo chage -e samson
    D. sudo passwd -e samson
  1. Which one of the following represents best security practice?
    A. Always give the root user password to all users who need to perform administrative tasks.
    B. Always give full sudo privileges to all users who need to perform administrative tasks.
    C. Always just give specific, limited sudo privileges to all users who need to perform administrative tasks.
    D. Always edit the sudoers file in a normal text editor, such as nano, vim, or emacs.
  2. Which of the following statements is true?
    A. sudo can only be used on Linux.
    B. sudo can be used on Linux, Unix, and BSD operating systems.
    C. When a user performs a task using sudo, the task does not get recorded in a security log.
    D. When using sudo, users must enter the root user password.
  3. You want specific users to edit a specific system configuration file, but you don't want them to use a shell escape that would allow them to perform other administrative tasks. Which of the following would you do?
    A. In the sudoers file, specify that the users can only use vim to open a specific configuration file.
    B. In the sudoers file, specify that the users can use sudoedit to edit a specific configuration file.
    C. In the sudoers file, specify the no shell escape option for these users.
    D. In the sudoers file, place these users into a group that does not have shell escape privileges.
  4. Which one of the following is an advantage that the adduser utility has over the traditional useradd utility?
    A. adduser can be used in shell scripts.
    B. adduser is available for all Linux distributions.
    C. adduser has an option that allows you to encrypt a user's home directory as you create the user account.
    D. adduser is also available for Unix and BSD.
  5. In the newest Linux distributions, what is the name of the PAM that you would use to enforce strong passwords?
    A. cracklib
    B. passwords
    C. secure
    D. pwquality

上一章目录下一章