IS3440 CHAP 4 USER PRIVILEGES AND PERMISSIONS Flashcards Preview

IS3440 LINUX SECURITY > IS3440 CHAP 4 USER PRIVILEGES AND PERMISSIONS > Flashcards

Flashcards in IS3440 CHAP 4 USER PRIVILEGES AND PERMISSIONS Deck (46)
Loading flashcards...
1
Q

(COMMAND) ____ is a PAM module that can verify account validity based on expiration dates, time limits, or configuration files with restricted users.

A

(COMMAND) account

2
Q

(COMMAND) ____ is a PAM module that can verify passwords, group memberships, and even Kerberos tickets.

A

(COMMAND) auth

3
Q

(COMMAND) ____ is a command that can modify password related information for a user, such as the password’s expiration date.

A

(COMMAND) chage

4
Q

(COMMAND) ___ is a message bus system for interprocess communication between a variety of applications and devices.

A

(COMMAND) dbus

5
Q

(COMMAND) ____ This is a useful option that lists users by the frequency of their recent logins. Found under the ck -history command it can provide extended information about recent users.

A

(COMMAND) –frequent

6
Q

(COMMAND) ____ is a command that can add a group.

A

(COMMAND) groupadd

7
Q

(COMMAND) ____ is a command that can delete a group.

A

(COMMAND) groupdel

8
Q

(COMMAND) ____ is a command that can modify the settings of a group in the files of the shadow password suite.

A

(COMMAND) groupmod

9
Q

(COMMAND) ____This is a useful option that lists last-logged-in users, by user, sessions, seat, and time. Found under the ck -history command it can provide extended information about recent users.

A

(COMMAND) –last

10
Q

(COMMAND) ____ is a PAM flag that labels a configuration line that is normally ignored unless there are no other PAM flags in the file.

A

(COMMAND) optional

11
Q

(COMMAND) ____ is a PAM module that can control changes to user passwords and limit the number of login attempts.

A

(COMMAND) password

12
Q

(COMMAND) ____ is a PAM flag that labels a configuration line that must work for the authentication attempt to succeed. However, if the line fails, PAM continues to check the other lines in the file.

A

(COMMAND) required

13
Q

(COMMAND) ____is a PAM flag that labels a configuration line that must work for the authentication attempt to succeed. However, if the line fails, PAM immediately returns a failure in the authentication attempt.

A

(COMMAND) requisite

14
Q

(COMMAND) ____ is a PAM module that can control mounting and logging.

A

(COMMAND) session

15
Q

(COMMAND) ____ is a command that can connect with the privileges of another group. It requires a group password in
/etc/gshadow

A

(COMMAND) sg

16
Q

(COMMAND) ____is a command that can connect with the privileges of another user. Requires the password of the target user. When no target user is specified, the root administrative user is assumed.

A

(COMMAND) su

17
Q

(COMMAND) ____ is a command that can connect as the administrative user if authorization is configured in
/etc/sudoers

A

(COMMAND) sudo

18
Q

(COMMAND) ____ is a PAM flag that labels a configuration line. If the line works, PAM immediately returns a success message in the authentication attempt.

A

(COMMAND) sufficient

19
Q

(COMMAND) ____ a command that can add a user.

A

(COMMAND) useradd

20
Q

(COMMAND) ____ a command that can delete a user.

A

(COMMAND) userdel

21
Q

(COMMAND) ____ a command that can modify the settings of a user in the files of the shadow password suite.

A

(COMMAND) usermod

22
Q

___ is the number associated with a group name in Linux,as defined in
/etc/group and
/etc/gshadow

A

(GID) Group ID

23
Q

___ is a directory service for network-baseed authentication. Its communication can be encrypted.

A

(LDAP) Lightweight Directory Access Protocol

24
Q

___ is a directory service for network-based authentication. Its database can be created from the files of the shadow password suite.

A

(NIS) Network Information Service

25
Q

___ is a condition where a system sends a flood of ICMP packets to a server. It may be created with the (COMMAND) ping -f

A

Ping storm

26
Q

___ is a special permission commonly applied to a directory. With this, users who are members of the group that owns the directory have permissions to read and write to all files in that directory. It assigns the group owner of the directory as the group owner of all files copied to that directory.

A

(SGID) Set Group ID bit

27
Q

___ is a special permission that allows others to execute the given file with the rights of the user owner of the file.

A

(SUID) Set User ID bit

28
Q
\_\_\_is the files that make up the local Linux password authentication database.  The files are:
/etc/passwd
/etc/shadow
/etc/group
/etc/gshadow
login. su
passwd
A

Shadow password suite

29
Q

___ is a special permission commonly applied to a directory. With this and full permissions, all users can write to the associated directory. However, ownership is retained rousers won’t be able to overwrite files copied by other users.

A

Sticky bit

30
Q

___ is the number associated with a user name in Linux as defined in:
/etc/passwd

A

(UID) User ID

31
Q

___ is the standard in Linux where a special group is created for every user. By default, the user and group names (along with the UID and GID numbers) are identical. The user is the only standard member of that group.

A

User private group scheme

32
Q
  1. Which of the following files is NOT normally readable by all users? (Written in COMMAND style)
  2. /etc/passwd
  3. /etc/shadow
  4. /etc/group
  5. /etc/login/defs
A

/etc/shadow

33
Q
  1. Which of the following files contains information about time limits on a password?
  2. /etc/passwd
  3. /etc/shadow
  4. /etc/group
  5. /etc/gshadow
A

/etc/shadow

34
Q
  1. Which of the following commands can be used to revise expiration information on a user password? (Written in COMMAND style)
  2. useradd
  3. passwd
  4. groupmod
  5. chage
A

chage

35
Q
  1. The ___ command searches for all files owned by the group named audio. Assume you’re logged into the root administrative account.
A

find / -group audio

Written in COMMAND style

36
Q
  1. which of the following statements is true with the user private group scheme?
  2. There are no private groups in Linux
  3. User information in the group is private
  4. The primary UID for the user is the same as the primary GID for the user.
  5. Users are members of the same private group
A

The primary UID for the user is the same as the primary GID for the user.

37
Q
  1. Members of which of the following groups are frequently set up as printer administrators. (Select two)(Written in COMMAND style)
  2. admin
  3. adm
  4. lpadmin
  5. sys
A

lpadmin

sys

38
Q
7. Which of the following commands only requires the password of a configured standard user?
(Written in COMMAND style)
1. sudoers
2. sudo
3. su
4. sg
A

sudo

39
Q
  1. enter the ___ command to open and edit the

/etc/sudoers file in a command-line console.

A

visudo

Written in COMMAND style

40
Q
  1. Which of the following special permissions is associated with a shared directory? That directory is NOT accessible to others who are NOT members of the group owner of that directory.
  2. SUID
  3. SGID
  4. Sticky bit
  5. Executable bit
A

SGID

41
Q
  1. Which of the following options in a log configuration file collects information on login attempts and failures?(Written in COMMAND style)
  2. auth
  3. sys
  4. log
  5. user
A

auth

42
Q
  1. Which of the following PAM modules is least related to login information? (Written in COMMAND style)
  2. auth
  3. account
  4. passwd
  5. session
A

session

43
Q
  1. Enter the ___ directory for PAM modules.
A

/lib/security/

44
Q
  1. Which of the following PolicyKit concepts is associated with configuring access rules to special desktop tools by user?
  2. Implicit authorizations
  3. Explicit authorizations
  4. Administrative authorizations
  5. PolicyKit authorizations
A

Explicit authorizations

45
Q
  1. which of the following PolicyKit commands can be used to identify user logins by session?
    (Written in COMMAND style)
  2. ck-history
  3. ck-list
  4. ck-launch-session
  5. ck -logins
A

ck-history

ck-list

46
Q
  1. Which of following commands can help identify network ports used by NIS through the portmapper?(Written in COMMAND style)
  2. nismap -p
  3. ypbind -p
  4. rpcinfo -p
  5. portmap -p
A

rpcinfo -p