4.4.6 Section Quiz

pdf

School

St. Petersburg College *

*We aren’t endorsed by this school

Course

1358

Subject

Information Systems

Date

Feb 20, 2024

Type

pdf

Pages

9

Uploaded by MasterRain12063

Report
4.4.6 Section Quiz Candidate: Anthony Patrizzi (apatrizzi324@gmail.com) Date: 2/2/2024, 10:05:32 PM • Time Spent: 05:59 Score: 100% Passing Score: 80% Question 1. Correct Which command should you use to display both listening and non-listening sockets on your Linux system? (Tip: enter the command as if in Command Prompt.) netstat -a Explanation Use netstat -a to identify listening and non-listening sockets on a Linux system. A socket is an endpoint of a bidirectional communication flow across a computer network. Be aware of the other common netstat options: -l lists listening sockets. -s displays statistics for each protocol. -i displays a table of all network interfaces. References 4.4.3 Linux Host Security Facts q_linux_host_sec_netstat_secp7.question.fex Question 2. Correct Which command should you use to scan for open TCP ports on your Linux system? (Tip: enter the command as if in Command Prompt.) nmap -sT Explanation Individual Response about:srcdoc 1 of 9 2/17/2024, 3:46 PM
Question 3. Correct You need to increase the security of your Linux system by finding and closing open ports. Which of the following commands should you use to locate open ports? netstat traceroute nmap nslookup Explanation Use nmap to locate open ports. Open ports can provide information about which operating system a computer uses and might provide entry points or information about ways to formulate an attack. Use one of the following commands to scan for open ports: nmap -sT scans for TCP ports. nmap -sU scan for UDP ports. The netstat command shows the status of listening and non-listening sockets. A socket is an endpoint of a bidirectional communication flow across a computer network. The nslookup command is used for name resolution requests. The traceroute command tests and displays connectivity between devices. Individual Response about:srcdoc 2 of 9 2/17/2024, 3:46 PM
References 2.4.1 Vulnerability Concerns 2.4.2 Vulnerability Concerns Facts 2.4.3 Impact of Vulnerabilities 2.4.4 Impact of Vulnerabilities Facts 4.4.1 Linux Host Security 4.4.2 Removing Unnecessary Services 4.4.3 Linux Host Security Facts 4.4.4 Configure iptables 4.4.5 Configure iptables Facts 11.4.4 SIEM and SOAR Facts q_linux_host_sec_open_secp7.question.fex Question 4. Correct What does the netstat -a command show? All listening and non-listening sockets All connected hosts All network users All listening sockets Explanation The netstat -a command shows the status of all listening and non-listening sockets. References 2.4.1 Vulnerability Concerns 2.4.2 Vulnerability Concerns Facts 2.4.3 Impact of Vulnerabilities 2.4.4 Impact of Vulnerabilities Facts Individual Response about:srcdoc 3 of 9 2/17/2024, 3:46 PM
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
4.4.1 Linux Host Security 4.4.2 Removing Unnecessary Services 4.4.3 Linux Host Security Facts 4.4.4 Configure iptables 4.4.5 Configure iptables Facts 11.4.4 SIEM and SOAR Facts q_linux_host_sec_service_secp7.question.fex Question 5. Correct You want to make sure no unneeded software packages are running on your Linux server. Select the command from the drop-down list that you can use to see all installed RPM packages. Explanation Unneeded software takes disk space and could introduce security flaws. To see all the RPM packages installed on your Linux server, run the following command: yum list installed After running this command, complete the following: Research the function of any unrecognized RPM package to determine whether it is necessary. Use yum or rpm to uninstall unneeded packages. References 4.4.3 Linux Host Security Facts q_linux_host_sec_yum_secp7.question.fex yum list installed Individual Response about:srcdoc 4 of 9 2/17/2024, 3:46 PM
Question 6. Correct Which action would you use in a rule to disallow a connection silently? Accept Drop Forward Reject Explanation The Drop action is used to silently disallow a connection; the sending system receives no notice. The Reject action also disallows a connection but sends a TCP RST packet or an ICMP port unreachable packet back to the system that sent the original packet. Accept would allow the packet. Forward is a chain, not an action in iptables. References 4.2.1 Operating System Hardening 4.2.2 Hardening Facts 4.2.3 Hardening an Operating System 4.2.4 Managing Automatic Updates 4.2.6 Configuring Microsoft Defender Firewall 4.2.8 Configuring Windows Defender with Firewall Advanced Security 4.4.5 Configure iptables Facts 5.3.2 Firewall Facts q_conf_iptables_drop_secp7.question.fex Question 7. Correct Individual Response about:srcdoc 5 of 9 2/17/2024, 3:46 PM
In which of the iptables default chains would you configure a rule to allow an external device to access the HTTPS port on the Linux server? Output Accept Forward Input Explanation The Input chain would be where you would place the rule as it is used for inbound connections. The Output chain is for outbound connections. The Forward chain is for sending connections through the Linux server to another device. The Accept action can be used in a rule to allow a connection. However, it is not a chain. References 2.4.1 Vulnerability Concerns 2.4.2 Vulnerability Concerns Facts 2.4.3 Impact of Vulnerabilities 2.4.4 Impact of Vulnerabilities Facts 4.4.1 Linux Host Security 4.4.2 Removing Unnecessary Services 4.4.3 Linux Host Security Facts 4.4.4 Configure iptables 4.4.5 Configure iptables Facts 11.4.4 SIEM and SOAR Facts q_conf_iptables_input_secp7.question.fex Question 8. Correct Individual Response about:srcdoc 6 of 9 2/17/2024, 3:46 PM
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Which type of packet would the sender receive if they sent a connection request to TCP port 25 on a server with the following command applied? sudo iptables -A OUTPUT -p tcp --dport 25 -j REJECT ACK SYN RST ICMP Unreachable Port Explanation Because the packet is TCP and is blocked by the Reject action, the server would send a TCP RST packet back to the sender. ICMP Unreachable Port is sent by iptables if a UDP packet is blocked by the Reject action. A SYN packet would indicate that the server is proceeding with the connection, which would not happen with the Reject action. If it were allowed, the ACK would generally be sent with the SYN to acknowledge the initial connection while the SYN starts the next part of the TCP three-way handshake. References 4.2.1 Operating System Hardening 4.2.2 Hardening Facts 4.2.3 Hardening an Operating System 4.2.4 Managing Automatic Updates 4.2.6 Configuring Microsoft Defender Firewall 4.2.8 Configuring Windows Defender with Firewall Advanced Security 4.4.5 Configure iptables Facts 5.3.2 Firewall Facts q_conf_iptables_rst_secp7.question.fex Question 9. Correct Individual Response about:srcdoc 7 of 9 2/17/2024, 3:46 PM
You have configured the following rules. What is the effect? sudo iptables -A INPUT -p tcp --dport 25 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT sudo iptables -A OUTPUT -p tcp --sport 25 -m conntrack --ctstate ESTABLISHED -j ACCEPT Block SSH traffic Block SMTP traffic Allow SMTP traffic Allow SSH traffic Explanation These rules would allow inbound and outbound Simple Mail Transfer Protocol (SMTP) connections on TCP port 25, which is the default port for SMTP. These rules use the Accept action, so they would not block SMTP or Secure Shell (SSH). SSH is on TCP port 22, so these rules would not affect SSH. References 4.2.1 Operating System Hardening 4.2.2 Hardening Facts 4.2.3 Hardening an Operating System 4.2.4 Managing Automatic Updates 4.2.6 Configuring Microsoft Defender Firewall 4.2.8 Configuring Windows Defender with Firewall Advanced Security 4.4.5 Configure iptables Facts 5.3.2 Firewall Facts q_conf_iptables_smtp_secp7.question.fex Question 10. Correct Individual Response about:srcdoc 8 of 9 2/17/2024, 3:46 PM
Which command would you use to list all of the currently defined iptables rules? sudo iptables -F sudo iptables -A INPUT -j DROP sudo iptables -L sudo /sbin/iptables-save Explanation sudo iptables -L lists all of the currently defined rules. sudo iptables -A INPUT -j DROP would drop all incoming traffic. sudo /sbin/iptables-save saves changes to iptables on Ubuntu. sudo iptables -F would flush all current rules from iptables. References 4.4.5 Configure iptables Facts 5.13.3 Router Security Facts q_conf_iptables_sudo_secp7.question.fex Copyright © The Computing Technology Industry Association, Inc. All rights reserved. Individual Response about:srcdoc 9 of 9 2/17/2024, 3:46 PM
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help

Related Documents

Case 5.3 Air Canada Flying high with Information Technology C.docx
Farhan_Mohd_IST_110_Lab_Common_Tech_Vulnerabilities_rev3.docx
Topic 6 DQ 2.docx
4.2.9 Section Quiz.pdf
4.3.7 Section Quiz.pdf
Farhan_Mohd_ IST266_Lab2.2.docx
Farhan_Mohd_IST_110_Assign_CyberSec_Certs_rev4.docx
IT - Project 5-2.docx
Farhan_Mohd_IST_110_Lab_IoT_Vulnerabilities_rev4.docx
IT - Network Configuration Model (1).docx
IST_110_Lab_Common_Tech_Vulnerabilities_rev3.docx
6.10.9 Section Quiz.pdf