1
Q
What is the purpose of having individual accounts for Linux technicians instead of using root?
A
Accountability
Individual accounts allow tracking of actions performed by each technician.
2
Q
In Linux, does the file extension hold the same relevance as it does in Windows?
A
No
The key aspect is generating a hash value to verify file system contents.
3
Q
To access the contents of the USB drive, which command is used to mount the partition?
A
mount /dev/sdd1 /ext_drive
This command mounts the first partition of the USB drive to the specified directory.
4
Q
What must be created prior to mounting a Linux file system?
A
Mount point directory
5
Q
In Linux, what is a mount point?
A
Mount point a subdirectory used to access file systems
Unlike Windows, Linux does not use drive letters.
6
Q
What command is used to mount the USB drive to a directory?
A
mount /dev/sdd1 /ext_drive/
This command mounts the first partition of the USB drive to the specified directory.
7
Q
What command would you use to list mass storage devices in Linux?
A
ls /dev/sd
This command shows references to mass storage devices like sda, sdb, etc.
8
Q
What command is used to list the files in the mounted directory?
A
ls /extdrive
This command displays the files and directories within the mounted USB drive.
9
Q
What command is used to list the contents of the mounted USB drive?
A
ls /ext_drive/
This command displays the files and directories within the mounted directory.
10
Q
What command shows the IP addressing and network interfaces in Linux?
A
ip a
This command displays the hardware address (MAC) and IP addresses of network interfaces.
11
Q
What is the purpose of the /dev directory in Linux?
A
/dev directory = contains device files for hardware communication
The Linux kernel interacts with hardware through these device files.
12
Q
What does the /proc directory represent in Linux?
A
The /proc directory contains details about running processes and system hardware
13
Q
What file in the /proc directory contains information about the CPU?
A
cpuinfo
This file includes details such as processor number, model, speed, and cache.
14
Q
What command would you use to view details about a specific process in Linux?
A
ps -aux | grep [PID]
Replace [PID] with the process ID to get information about that process.
15
Q
What command is used to view the contents of the file containing the original hash value?
A
cat /sdb1_orig_hash
This command displays the original hash for comparison.
16
Q
What command provides details about input devices on a Linux machine?
A
cat /proc/input/devices
This command lists the input devices recognized by the system.
17
Q
What command would you use to list PCI devices in Linux?
A
lspci -v
This command provides verbose information about PCI devices.
18
Q
What command lists USB devices in Linux?
A
lsusb -v
This command shows detailed information about USB devices connected to the system.
19
Q
What command is used to list block devices in Linux?
A
lsblk –scsi
This command shows the devices known by the Linux host.
20
Q
What does the sudo command do in Linux?
A
sudo allows a user to run commands with elevated privileges
Users in the sudoers file can execute commands that require higher permissions.
21
Q
What command requires elevated privileges to list all partitions on a device?
A
sudo fdisk -l
This command lists the partitioning for all devices.
22
Q
What command retrieves BIOS Information in Linux?
A
sudo dmidecode | more
This command requires elevated privileges to access BIOS details.
23
Q
The command dmidecode is used to retrieve information about _______.
A
BIOS and hardware
It provides details about the system’s BIOS and hardware components.
24
Q
What does the sda device represent in the context of Linux file systems?
A
sda a small device, approximately 4 GB, with no partitions
If there were partitions, they would be numbered such as sda1, sda2, etc.
25
What command is used to **create a new partition** on a specific device?
sudo fdisk /dev/sda
## Footnote
This command points to a particular device for partitioning.
26
What does pressing **p** in the fdisk command do?
Pressing **p** prints out the current partition layout
## Footnote
This is useful to see how the disk is currently carved out.
27
What command is used to **write the new partition to the partition table**?
***w***
## Footnote
This command finalizes the changes made to the partition table.
28
What command can be used to **check the partitioning without interactive input**?
sudo fdisk /dev/sda -l
## Footnote
This command lists the partitioning at a non-interactive level.
29
What command is used to **format a partition** in Linux?
sudo mkfs -t ext4 /dev/sda1
## Footnote
This command creates a file system on the specified partition.
30
What command is used to **create a subdirectory for mounting**?
sudo mkdir /data1
## Footnote
This command creates a directory on the root of the file system.
31
What command **mounts a partition to a mount point**?
sudo mount /dev/sda1 /data1
## Footnote
This allows access to the contents of the partition through the mount point.
32
What command is used to **unmount** a mounted file system?
sudo umount /data1
## Footnote
This command makes the file system unavailable at the mount point.
33
True or false: You can unmount a file system without **sudo** privileges.
FALSE
## Footnote
Unmounting is a privileged operation and requires elevated permissions.
34
What command is used to **check the contents of a mounted directory**?
ls /data1
## Footnote
This command lists files in the specified directory.
35
Why is **managing processes and daemons** important for a cybersecurity analyst?
* Explore the OS for suspicious processes
* Turn off unnecessary daemons to harden the machine
* Reduce the attack surface
## Footnote
Understanding processes and daemons helps in incident response and identifying potential threats.
36
What command **returns the previous and current runlevel** in Linux?
runlevel
## Footnote
This command is useful for understanding the state of the system and the services running.
37
What does a capital **N** in the runlevel output indicate?
No previous runlevel
## Footnote
This means the system has just started.
38
What does **runlevel 5** support?
* Network support
* Multiple users signing in
* Graphical user interface
## Footnote
Runlevels define the state of the machine and the services that are started.
39
What command is used to **switch to a different runlevel**?
sudo init [runlevel]
## Footnote
This command allows changing the operational state of the system.
40
What are the two types of scripts found in **/etc/rc3.d**?
* Kill scripts (capital K)
* Start scripts (capital S)
## Footnote
These scripts manage the starting and stopping of daemons in a specific runlevel.
41
What command **checks the status of the rsync** daemon?
sudo service rsync status
## Footnote
This command provides information about the current state of the rsync service.
42
What command **disables the rsync service**?
sudo systemctl disable rsync
## Footnote
Disabling a service prevents it from starting automatically in the specified runlevel.
43
What does the **ps** command do?
**ps** lists running processes
## Footnote
It provides information about the currently active processes in the system.
44
What command **provides a detailed view of all running processes**?
ps -aux
## Footnote
This command shows processes for all users, including their resource usage.
45
What will be the output of the **ps command without parameters**?
**ps command without parameters** shows minimal information unless additional parameters are specified
46
What can *abnormal spikes* in **%CPU** and **memory utilization** indicate?
* DDoS attack
* Bitcoin mining
* Data exfiltration
* Compromise of the machine
## Footnote
Monitoring resource utilization is crucial for identifying potential security issues.
47
What is a **reverse shell**?
**Reverse shell** a shell that allows an attacker to issue commands on an infected or target victim host
## Footnote
The connection is initiated from the target victim machine, appearing as outbound traffic.
48
True or false: A **reverse shell** connection is initiated from the attacker's machine.
FALSE
## Footnote
The connection is initiated from the target victim machine.
49
What type of firewall may not effectively control a **reverse shell** problem?
Layer 4 firewalls
## Footnote
Since the connection is initiated from the inside, it may bypass certain firewall rules.
50
What tool is needed to establish a **reverse shell** in Linux?
netcat
## Footnote
It must be installed on both ends of the connection.
51
Fill in the blank: The **reverse shell** connection appears as __________ traffic.
outbound traffic
## Footnote
This makes it look like legitimate traffic from the client machine.
52
What command **displays the top resource-consuming processes**?
***top***
## Footnote
This command updates automatically and shows real-time resource usage.
53
What does the **pstree -p** command display?
Hierarchy of processes
## Footnote
This command helps visualize parent-child relationships between processes.
54
What is the purpose of the **kill command**?
**kill command** = terminate a running process
## Footnote
The command can be used with options like -9 to force termination.
55
Fill in the blank: The command to check the status of a service is **________**.
sudo service [service_name]
## Footnote
This command is used to manage services in Linux.
56
What command is used to **listen for connections on port 80 using netcat**?
nc -l -v -p 80
## Footnote
The **l** means listen, **v** means verbose, and **p** specifies the port.
57
What must be done on the victim machine before executing **netcat**?
Before executing netcat, possibly disable Real-Time Virus & Threat protection
## Footnote
This is to prevent detection of netcat as a threat.
58
What is the purpose of disabling **Real-time Virus & Threat protection** on the victim machine?
Its purpose is to prevent **detection of netcat as a threat**
## Footnote
This allows the execution of netcat for the reverse shell example.
59
What command is used to install **netcat** in Kali Linux?
sudo apt install netcat
## Footnote
This command checks for available versions of netcat.
60
What happens if **netcat** is already the newest version in Kali Linux?
It indicates that no new installation is needed
## Footnote
The output will show that netcat is already installed.
61
Which **command** can be used to create a script on a Linux device?
***vim***
## Footnote
The vim command is used open a new file on a Linux system and opens the vim text editor | **The** sudo su command elevates the user to root user privileges | **The** *ls -l* command list the attributes of a file, and the dnf command can be used to update or install the application on a Linux device
62
In Linux file permissions, what do the letters **r**, **w**, and **x** stand for?
* r: read
* w: write
* x: execute
## Footnote
These permissions determine the actions that can be performed on files and directories.
63
Which command in Linux can be used to **make a file executable**?
***chmod***
## Footnote
chmod with the **+x parameter** can be used to make a file executable on a Linux system
64
What is the **file extension** for a script file on a Linux device?
***.sh***
## Footnote
The *.sh file extension* is used to create script files on a Linux system | **The** *.bat file extension* is used to create batch files on a Windows device, and the *.exe file extension* is an executable file | **The** *.txt file extension* indicates that the file is a text file
65
Which Linux command can be used to **display** *network interface*s and *associated IP addresses*?
***ip a***
66
What is the **first step** to manage Linux IP addressing in the cloud?
The first step is to **access the VMs view** in the Azure portal
## Footnote
This allows you to view and configure the network settings of your virtual machines.
67
What is the **public IP** of a virtual machine in Azure?
**Public IP** an external resource associated with the VM's network interface
## Footnote
It is important to manage public IPs carefully to avoid exposing virtual machines unnecessarily.
68
What is the significance of the **subnets** in Azure for virtual machines?
VMs in a subnet will acquire an IP address within that range **automatically**
## Footnote
DHCP is implied for VMs deployed in a specific subnet.
69
True or false: The **public IP address** of a virtual machine is visible within the Linux OS.
FALSE
## Footnote
The public IP is an external entity and does not show up in the OS.
70
What *directory* contains the **network configuration file** in Ubuntu Linux?
/etc/netplan
## Footnote
This directory holds YAML files for configuring networking settings.
71
In the **netplan configuration**, what does DHCP4 set to true indicate?
DHCP4 set to true indicates the **VM is using DHCP** for IPv4 addressing
## Footnote
This means the VM will automatically acquire an IP address.
72
What is the **private IP** address prefix typically used in Azure?
10.0.0
## Footnote
This prefix indicates that the IP address is internal to the virtual network.
73
What happens if threat indicators point to the **public IP** of a virtual machine?
If threat indicators point to the public IP of a VM, there may be no record of that within the OS
## Footnote
This highlights the need to understand the separation between internal and external IP addresses.
74
Which command is used to **set a password for an LDAP user**?
***Idappasswd***
75
Where are **Linux user password hashes stored**?
***/etc/shadow***
76
What command is used to view the contents of the **/etc/shadow** file?
***sudo tail /etc/shadow***
## Footnote
Access to this file requires elevated privileges.
77
What information is stored in the **/etc/shadow** file?
* User password hash
* Password expiration information
## Footnote
This file is crucial for user authentication.
78
What is the purpose of the **/etc/passwd** file in Linux?
Stores details about **local user accounts**
## Footnote
It includes user ID, primary group ID, home directory, and default shell.
79
You need to verify that the OpenLDAP server daemon is running. What should you type?
sudo service slapd status
80
What are **rainbow tables** used for?
**Rainbow tables** compare hashes to known passwords
## Footnote
Attackers use these tables to crack password hashes.
81
What is the purpose of using a **random salt value** in password hashing?
**Random salt value** *adds uniqueness to each password hash* making it more difficult to crack passwords
82
What *command* is used to **add a new user in Linux**?
***sudo useradd***
## Footnote
Additional options like -m for home directory can be specified.
83
What does the **-m** option do when adding a user?
**-m** creates a home directory for the user
## Footnote
The home directory is typically located under /home.
84
How can you view the existing groups in Linux?
***sudo tail /etc/group***
## Footnote
This command displays the group information.
85
What *command* is used to **create a new group in Linux**?
***sudo groupadd***
## Footnote
You can specify the group name as an argument.
86
What does the **!** in the **/etc/shadow** file indicate for a user?
The **!** indicates a *user does not have a password set*
## Footnote
This means the account is not secured with a password.
87
How do you **set a password for a new user** in Linux?
sudo passwd [username]
## Footnote
This command allows you to specify and confirm a new password.
88
What is ***Lightweight Directory Access Protocol*** (LDAP)?
**LDAP** a centralized network database containing user accounts
89
What is the purpose of an **LDAP server**?
Its purpose is to allow users to authenticate from other stations using a centralized database instead of local user accounts
## Footnote
LDAP is not limited to Linux; Microsoft Active Directory is based on LDAP
90
What command is used to **set the hostname** on Ubuntu?
sudo hostnamectl set-hostname [hostname]
## Footnote
Replace [hostname] with the desired name, e.g., ubuntu1.
91
What *two packages* are installed to set up an **LDAP server** on Ubuntu?
* slapd
* ldap-utils
## Footnote
The installation process involves confirming the installation and setting an admin password.
92
What command is used to **verify the installation** of LDAP?
sudo dpkg-reconfigure slapd
## Footnote
This command helps in setting up the initial configuration for the LDAP daemon.
93
What is specified as the **DNS domain name** during LDAP configuration?
quick24x7.local
## Footnote
This is part of the initial configuration for the LDAP server.
94
What command is used to **create an organizational unit** in LDAP?
sudo ldapadd -x -D cn=admin, dc=quick24x7, dc=local -W -f ou.ldif
## Footnote
The ***ou.ldif*** file contains the necessary entries for the organizational unit.
95
What is the **default port** used by LDAP?
Port **389**; port *636* is used if configured with a *PKI certificate*.
96
What command is used to **check the status** of the LDAP server?
sudo service slapd status
## Footnote
This command confirms if the LDAP server is active and running.
97
What is the **purpose of the user.ldif file**?
Its *purpose* is to specify user and group entries for adding to the LDAP directory
## Footnote
It includes details like distinguished name, common name, and group ID.
98
What command is used to **set the password** for an LDAP user?
sudo ldappasswd -H ldap://ubuntu1 -x -D 'cn=admin,dc=quick24x7,dc=local' -W -S 'uid=ldapuser1,ou=hq,dc=quick24x7,dc=local'
## Footnote
This command updates the password for the specified LDAP user.
99
What packages are installed on the **client** to enable LDAP authentication?
* ldap-utils
* libnss-ldapd
* libpam-ldapd
## Footnote
These packages allow the client to communicate with the LDAP server for authentication.
100
What entry is added to **/etc/pam.d/common-session** for LDAP login?
session optional pam_mkhomedir.so
## Footnote
This ensures a local home directory is created for LDAP users upon login.
101
What command is used to **restart client daemons after configuration**?
sudo systemctl restart [service]
## Footnote
Replace [service] with the appropriate service name to apply changes.
102
Which Linux command is used to **set file system permissions**?
***chmod***
103
Which Linux command can be used to grant regular users the ability to run privileged commands?
visudo
104
What command is used to **p***rint* the **w***orking* **d***irectory* in Linux?
**pwd**
## Footnote
This command displays the current directory path.
105
What command is used to **create a new directory** in Linux?
sudo mkdir
## Footnote
This command requires superuser privileges to create a directory.
106
What command is used to **change the current directory** in Linux?
***cd***
## Footnote
This command allows navigation to different directories.
107
*After recovery*, which command is used to **change directory** to the output location?
**cd** /recovered_files
## Footnote
This command navigates to the folder where recovered files are stored.
108
What command is used to *edit a file* in Linux using **nano**?
sudo nano
## Footnote
This command opens the nano text editor with superuser privileges.
109
What does the command **ls -l** do in Linux?
**ls -l** displays a long listing of file system entries
## Footnote
It provides detailed information about files and directories.
110
What does the leftmost symbol ***d*** indicate in a long listing of **file permissions**?
It indicates a **directory**
## Footnote
A dash (-) indicates a regular file.
111
What does the command **sudo chmod 550 budget1.txt** do?
Sets permissions to read and execute for owner and group; no permissions for others
## Footnote
The numeric values represent the permissions assigned.
112
What does the command **sudo groupadd helpdesk1** do?
The command creates a *new group called helpdesk1*
## Footnote
This command requires superuser privileges.
113
What does the command **sudo chmod +t budgets** do?
Enables the **sticky bit** on the budgets directory
## Footnote
This restricts file deletion to the file's owner.
114
What does a capital **T** indicate in the permissions of a directory?
The **sticky bit** is *enabled*, but execute *permission* is **not set**
## Footnote
This indicates that users can only delete their own files.
115
What does the **sticky bit** allow users to do in a subdirectory?
**sticky bit** = delete only their own files
## Footnote
This permission is useful for shared directories.
116
What command is used to **change the owner** of a file in Linux?
sudo chown
## Footnote
This command allows the user to specify a new owner for a file.
117
What command is used to **change the group** of a file in Linux?
sudo chgrp
## Footnote
This command allows the user to specify a new group for a file.
118
What does the command **ll -d budgets** do?
**ll -d budgets** displays information about the budgets directory itself
## Footnote
The -d option prevents listing the contents.
119
What are some **threats** that *cybersecurity analysts* need to be aware of?
* **APTs**
* **Privilege escalation**
* **Creation of backdoors**
## Footnote
These threats can compromise system security and user data.
120
What command **shows the current user logged in** on a Linux system?
id
## Footnote
This command displays the user ID and group ID of the current user.
121
True or false: It is a good security practice to always log in as the **root super user**.
FALSE
## Footnote
Logging in as root can lead to accidental changes or deletions of important files.
122
What command is used to view the **sudo configuration file**?
sudo cat /etc/sudo.conf
## Footnote
This file contains comments and settings related to sudo.
123
What does the **sudoers file** specify?
**sudoers file** specifies who is allowed to run what commands
## Footnote
It lists user privileges and the commands they can execute.
124
In the sudoers file, what does the first **ALL** refer to?
the first **ALL** refers to *from which host the user can enter commands*
## Footnote
It can be specified with host names, IP addresses, or subnets.
125
What does the syntax **ALL=(ALL)** in the sudoers file indicate?
User can run commands as any user
## Footnote
This allows flexibility in executing commands with different user privileges.
126
What command should be used to **edit the sudoers file** safely?
sudo visudo
## Footnote
This command prevents syntax errors by checking the file before saving.
127
What are two common methods used to configure firewall rules on Linux hosts?
* ufw
* iptables
128
What command is used to **acquire an image of a disk partition for forensic analysis** in Linux?
***dd***
## Footnote
The **dd command** is used for *low-level copying of data*.
129
Which Linux **dd command** parameter is used to *specify a source disk or partition*?
***if***
130
What *command* is used to **check and list the the partitions and details** of disk devices/removable media in Linu*?
***fdisk -l***
131
What command is used to **list the partitions and details** of removable media in Linux?
***fdisk -l***
## Footnote
This command displays the partitions and file system types of connected devices.
132
What happens when a user tries to **run fdisk -l without sudo**?
User will get a ***permission denied*** prompt
## Footnote
This indicates that the user does not have the necessary permissions to access certain devices.
133
What *command* is used to **generate a unique hash for a disk partition** in Linux?
**sha256sum**
## Footnote
This command **generates a SHA-256 hash of the specified file or partition**.
134
Fill in the blank: The command to create a hash file for **/dev/sdb1** is _______.
sha256sum /dev/sdb1 > /sdb1_orig_hash
## Footnote
This command **saves the hash value to a file**.
135
What command is used to **view the content of the hash file**?
cat /sdb1_orig_hash
## Footnote
This command **displays the hash value stored in the file**.
136
What does **a matching hash value** confirm about the copied data?
**a matching hash value** confirms nothing was corrupted during the copying process
## Footnote
This is crucial for forensic analysis.
137
What is the size of the device **/dev/sdb**?
8 GiB
## Footnote
This device has been partitioned into /dev/sdb1.
138
What does the file **/sdb1.img** represent in a Linux system?
**/sdb1.img** represents a disk image of the second disk device, sdb, and partition 1
## Footnote
It is likely created using the dd command.
139
What is the output file name created when using the dd command to copy **/dev/sdb1**?
sdb1.img
## Footnote
This file is created in the root of the file system.
140
What command is used to *generate a hash value* of the image file **/sdb1.img**?
sha256sum /sdb1.img
## Footnote
This command helps determine if the file is an exact copy of the original.
141
What command is used to *verify the hash* of the copied image file **/sdb1.img**?
sha256sum /sdb1.img
## Footnote
This command checks if the hash matches the original hash.
142
What command is used to **list files ending with *.img* in the root of the file system**?
ls /*.img
## Footnote
This command outputs files like /initrd.img, /sdb1.img, and /sdb.img.
143
What tool is *used in Kali Linux* to **recover deleted files** from removable media?
***foremost***
## Footnote
This tool is included automatically with Kali Linux and is used for file recovery.
144
Which command can be used to **recover deleted files and partitions** in Linux?
foremost -i/dev/sdd -v -o /recovered_files/
## Footnote
This command specifies:
* the input device
* enables verbose output
* sets the output directory for recovered files.
145
What command is used to **list the contents of the recovered files directory**?
***ls***
## Footnote
This command **displays the subdirectories for each file type in the recovered files folder**.
146
True or false: You **can recover** files from a USB drive even if it has been re-partitioned.
TRUE
## Footnote
The recovery tool can extract files even after the device has undergone partition changes.
147
What command is used to *change directory* **to the output location of recovered files**?
cd /recovered_files/
## Footnote
This command navigates to the directory where recovered files are stored.
148
To *view the details* of **recovered JPG file**s, which command is used?
ls -l
## Footnote
This command provides a long listing format of the files in the specified directory.
149
What command is used to *change directory* **to the jpg subdirectory**?
cd jpg
## Footnote
This command navigates to the directory containing recovered JPG files.
150
What command is used to *perform a long listing of files in* **the jpg directory**?
ls -l
## Footnote
This command provides detailed information about each file, including size and permissions.
151
What command is used to **create a new directory for analysis**?
mkdir /analyze
## Footnote
This command creates a directory where the image will be mounted.
152
What command is executed to check the contents of the **/analyze** directory after mounting?
ls /analyze
## Footnote
This command displays the files and directories within the mounted image.
CySA+
flashcards
Decks in class (19)
# Cards
-
Linux Material for CySA+152
-
Windows Material for CySA+92
-
Practice Test Notes23
-
Managing Risk, Cryptography & PKI40
-
OS Process Management13
-
Threat Actor Concepts & Active Threats50
-
Threat Intelligence Information31
-
Managing Network Settings26
-
Authentication & Authorization39
-
Security & Network Monitoring19
-
Data Security Standards & Data Privacy25
-
Compliance Requirements & Vulnerability Scanning21
-
Firewalls & Intrusion Detection26
-
Vulnerability & Penetration Testing42
-
Business Continuity Planning25
-
Digital Forensics35
-
Malware Threats32
-
Hardening Techniques47
-
Vulnerability Assessment Tools & Analyzing Web Vulnerabilities29
