CCNA Cybersecurity Operations (Version 1.1) – CyberOps Chapter 3 Exam Answers 2019 Full 100%
Why would a network administrator choose Linux as an operating system in the Security Operations Center (SOC)?
- It is easier to use than other operating systems.
- It is more secure than other server operating systems.
- More network applications are created for this environment.
- The administrator has more control over the operating system.
There are several reasons why Linux is a good choice for the SOC.Linux is open source.
The command line interface is a very powerful environment.
The user has more control over the operating system.
Linux allows for better network communication control.
Which type of tool allows administrators to observe and understand every detail of a network transaction?
- log manager
- ticketing system
- packet capture software
- malware analysis tool
Network packet capture software is an important tool because it makes it possible to observe and understand the details of a network transaction.
A Linux system boots into the GUI by default, so which application can a network administrator use in order to access the CLI environment?
- file viewer
- system viewer
- terminal emulator
- package management tool
A terminal emulator is an application program a user of Linux can use in order to access the CLI environment.
Which Linux command can be used to display the name of the current working directory?
One of the most important commands in Linux is the pwd command, which stands for print working directory. It shows users the physical path for the directory they are working in.
How is a server different from a workstation computer?
- The server works as a standalone computer.
- The server is designed to provide services to clients.
- The workstation has fewer applications installed.
- The workstation has more users who attach to it.
Servers provide services such as file management, email, web pages, log management, financial transactions, databases, and more.
Refer to the exhibit. Which well-known port number is used by the server?
SSH is a protocol that is used to securely access a remote network device. The well-known port number used by SSH is 22.
What is the well-known port address number used by DNS to serve requests?
Port numbers are used in TCP and UDP communications to differentiate between the various services running on a device. The well-known port number used by DNS is port 53.
Which two methods can be used to harden a computing device? (Choose two.)
- Allow USB auto-detection.
- Ensure physical security.
- Enforce the password history mechanism.
- Allow default services to remain enabled.
- Update patches on a strict annual basis irrespective of release date.
The basic best practices for device hardening are as follows:
Ensure physical security.
Minimize installed packages.
Disable unused services.
Use SSH and disable the root account login over SSH.
Keep the system updated.
Disable USB auto-detection.
Enforce strong passwords.
Force periodic password changes.
Keep users from reusing old passwords.
Review logs regularly.
Which command can be utilized to view log entries of NGINX system events in real time?
- sudo journalctl –u nginx.service -f
- sudo journalctl –f
- sudo journalctl –u nginx.services
- sudo journalctl –until “1 hour ago”
The journalctl command supports mixing options to achieve a desired filter set. The –u option allows filtering on the desired unit, whereas the –f option follows the specific log, thus monitoring the event in real time.
Consider the result of the ls -l command in the Linux output below. What are the file permissions assigned to the sales user for the analyst.txt file?
ls –l analyst.txt
-rwxrw-r– sales staff 1028 May 28 15:50 analyst.txt
- read, write, execute
- read only
- read, write
- write only
The file permissions are always displayed in the User, Group and Other order. In the example displayed, the file has the following permissions:
The dash (-) means that this is a file. For directories, the first dash would replaced with a “d”.
The first set of characters is for user permission (rwx). The user, sales, who owns the file can read, write and execute the file.
The second set of characters is for group permissions (rw-). The group, staff, who owns the file can read and write to the file.
The third set of characters is for any other user or group permissions (r–). Any other user or group on the computer can only read the file.
Which user can override file permissions on a Linux computer?
- any user that has ‘group’ permission to the file
- root user
- any user that has ‘other’ permission to the file
- only the creator of the file
A user has as much rights to a file as the file permissions allow. The only user that can override file permission on a Linux computer is the root user. Because the root user has the power to override file permissions, the root user can write to any file.
Which Linux file system introduced the journaled file system, which can be used to minimize the risk of file system corruption in the event of a sudden power loss?
The ext3 file system is considered a journaled file system that was designed to improve the existing ext2 file system. A journal, the main feature added to ext3, is a technique used to minimize the risk of file system corruption in the event of sudden power loss.
Which file system is the primary file system used by Apple in current Macintosh computers?
The primary file system used by Apple in its lates Macintosh computers is APFS.
What is the main purpose of the X Window System?
- to provide a basic framework for a GUI
- to provide a customizable CLI environment
- to provide a basic set of penetration testing tools
- to provide remote access to a Linux-based system
The X Window System provides the basic framework for a GUI, but the GUI itself varies greatly between different distributions.
What is a purpose of apt-get commands?
- to update the operating system
- to configure and manage task (to-do) lists
- to configure an appointment for a specific date and time
- to apportion and configure a part of the hard disk for file storage
The Advanced Packaging Tool (apt) package manager is used to update the operating system. The apt-get update command is used to search and obtain the package list from a repository and update the local package database.
Which Linux command is used to manage processes?
The kill command is used to stop, restart, or pause a process. The chrootkit command is used to check the computer for rootkits, a set of software tools that can increase the privilege level of a user or grant access to portions of software normally not allowed. The grep command is used to look for a file or text within a file. The ls command is used to list files, directories, and file information.
Which two Linux commands might be used before using the kill command? (Choose two.)
The ps or top command might be used before using the kill command to discover the process ID (PID) for the specific process.
What is the purpose of a Linux package manager?
- It is used to install an application.
- It is used to compile code that creates an application.
- It provides access to settings and the shutdown function.
- It provides a short list of tasks a particular application can perform.
A package is a specific program and all of the files needed to run that application. A package manager is used to install a package and place all the associated files in the correct location within the operating system.
What term is used for operating system updates?
- new releases
- penetration testing
Operating system updates, also known as patches, are provided by companies that create the operating system. A user can check for operating system updates at any time. In a Linux GUI environment, the Dash Search Box can be used to search for the Software Updater icon.
Why is Linux considered to be better protected against malware than other operating systems?
- customizable penetration and protection tools
- fewer deployments
- file system structure, file permissions, and user account restrictions
- integrated firewall
The Linux operating design including how the file system is structured, standard file permissions, and user account restrictions make Linux a better protected operating system. However, Linux still has vulnerabilities and can have malware installed that affects the operating system.
What term describes a set of software tools designed to increase the privileges of a user or to grant access to the user to portions of the operating system that should not normally be allowed?
- package manager
- penetration testing
A rootkit is used by an attacker to secure a backdoor to a compromised computer, grant access to portions of the operating system normally not permitted, or increase the privileges of a user.
What is the method employed by a Linux kernel to create new processes for multitasking of a process?
- creating interdependent processes
- dynamic processes
Multitasking operating systems are required to execute several processes at the same time. Forking is a method that the kernel uses to allow a process to create a copy of itself.
Match typical Linux log files to the function.
Match the file system term used in Linux to the function.
The certification objectives list the words “swap file system” as a term to be defined as it relates to the Linux file system. Swap space, swap file, or swap partition are other words for describing hard drive space that is used when the system needs more memory than there is RAM.
Match the description to the Linux term. (Not all options are used.)