Why should you periodically update the kernel and package versions?
To enhance the security of system you should ensure that you are using the latest versions kernel and software packages that contain the most recent security updates.
During a recent strikes at office, several archive tapes of the system were damaged and ruined. What can you do to prevent the physical damage in future?
You should store them at offsite.
Why should you avoid the Telnet to administer a Linux system remotely?
Telnet use most insecure method for communication. It send data across the network in plain text format. Someone easily find out the password using the network tool.
A file is unable to be restored from tape due to several device and media errors. What is most likely the cause?
Media errors usually indicate that the tape media is damaged, or that the tape drive heads need cleaning.
Your FTP Server recently hacked. Due to the amount of damage, the entire server needs to be restored. How should you restore the original kernel system files?
You cannot restore the entire operating system from tap back up device. So you should reinstall the core operating system, and then restore system configuration files and user data from tape backup device.
Your company hire a contract employee for two months. What should the Linux administrator do to enhance security on the employee’s account?
While creating new user account for this user, administrator should set the expiration date for his account, so that if the employee leaves or does not have their contract renewed, the account will be automatically disabled.
Which backup strategy only backs up files that have changed since the last full backup?
Differential backup will backup files that have changed since the last full backup.
Name a service which should you disable on a Linux Server which is acting as both a Web and FTP Server.
The finger service should be disabled because a remote user can get important information about the system by using that command.
Why it is recommended to store backup tapes to an offsite storage facility?
Because this will prevent the backup taps from being destroyed during a natural disaster at the server site. It also prevents the tapes from being stolen.
A newbie enabled the root session for FTP server. is it ok?
No, he has put the security of entire server on risk. You should disable to root session as soon as possible.
A user complains you that he is unable to set ‘123’ as his password. Why would not the system allow this password?
There would be a minimum length rule for password, which is blocking user to use this password. Default minimum length rule for password is six characters. It means a user cannot have password less than six characters.
Your company is running Web Server. One dedicate account holder customer complains that his visitors are able to scan the directory tree. Which directive would you configure to stop web server from listing the directory?
You should remove / comment the “Options Indexes” directive from the main configuration file ‘ httpd.conf’ of the web server. This is a security measure so that remote users can’t scan the directory tree of the server looking for security holes. Server won’t show directory listings if requested by a user.
What type of backup strategy can you use to fully back up a system every night?
You can use full backup strategy that will always perform a full backup of all files. This takes much more time and space than other methods, but is it the most complete method and allows for easy file restoration.
How can you enhance the security of password file?
Linux keep user account information in a text file called /etc/passwd. This file also store one way encrypted password. This file is accessed by several tools to get user information, so file need to world readable. This is a security risk. To minimize the security risk you can use shadow password format. This method save account information in regular file /etc/passwd. However, the password is stored as a single “x” character (not actually stored in this file). A second file, called “/etc/shadow”, contains encrypted password as well as other information such as account or password expiration values, etc. The /etc/shadow file is readable only by the root account and is therefore less of a security risk
What command should be used to make a tar archive to a disk file system located in /mnt/backup?
The correct command is tar -cvf /mnt/backup. The /mnt/backup directory should be on another machine to be fully effective as a backup strategy.
You have just finished the installation of sever. This server is going to be use as file server. Default installation have send mail service running, while this server will never send any e-mails. How should you deal with send mail service?
You should disable the send mail service if server is not being used for mail purpose. Leaving them running can increase the chance of a security vulnerability being exploited, and unauthorized use of sendmail relay.
What command can you use to back up an entire file system most efficiently?
The easiest command to use to back up an entire file system is the dump command. Files can be restored from a dump operation by using the restore command.
Which necessary steps should you take to enhance the security of server just after the initial installation?
- Kernel and packages should be upgraded to the latest versions.
- Unnecessary services and daemons should be disable.
- Enable and configure firewall
- Set a complex password policy.
While auditing user accounts, an administrator notices that one of the users has a blank password. What should he do to the account?
To prevent further use of the account, which is an immediate security risk, disable it and set a temporary password for the user for the next time they login.
Which backup strategy backs up all files that have changed since the last backup?
An incremental backup will only back up files that have changed since the last backup.
Your company has terminated a server administrator. What is first thing as an administrator should you do to enhance the security?
Because the server administrator knows the root password for the server, it should be changed immediately to prevent them from tampering with the system.
You are setting up an FTP server. Only company employees are allowed to use the FTP services. What should you configure on the FTP server to enhance security?
You should disable the anonymous FTP account, so that only users with a username and password can access the system.
What is the location of system configuration files that should be backed up on a regular basis?
The /etc directory contains most of the Linux system configuration files.
Which permission allows a user to run an executable with the permissions of the owner of that file?
The Set-User-ID is a special permission that allows a user to run an executable with the permissions of the owner of that file.
What command can you use to make a tape archive file of a /home directory, and send it to the /dev/tape device?
The correct command is tar -cvf /dev/tape /home.
The -xvf option is used to extract files from an archive.
Employees at your company are lazy in changing the password. As a system administrator what can you do to minimize the security risk?
You can setup a password policy which enforce user to change his password after a specific time periods.
Which program should you use to connect a system remotely?
You should always use SSH to connect a system remotely. SSH is a secure method that encrypts the entire session.
To save disk space, an administrator wants to backup files, and then remove them from the server permanently. What kind of backup operation is this?
An archive operation will take the files, back them up to a device, and then remove the files from the original server.