Linux & Security Foundations

Question 1

What does ls -la do?

Answer 1

Lists all files including hidden ones, in long format showing permissions, owner, size, and date.

Question 2

What does the -l flag do in ls -la?

Answer 2

Shows the long format — permissions, owner, size, and modification date.

Question 3

What does the -a flag do in ls -la?

Answer 3

Shows hidden files — files whose names start with a dot (.).

Question 4

What is the /etc directory?

Answer 4

Stores system-wide configuration files. Example: /etc/passwd, /etc/hosts.

Question 5

What does chmod 755 file.sh mean?

Answer 5

Owner: read, write, execute. Group: read, execute. Others: read, execute.

Question 6

What do the three digits in chmod represent?

Answer 6

First digit = owner permissions. Second = group. Third = others.

Question 7

What number represents read, write, and execute in chmod?

Answer 7

7 (4+2+1 = read + write + execute).

Question 8

What is the difference between /dev/sda and /dev/sda1?

Answer 8

/dev/sda is the whole physical disk. /dev/sda1 is the first partition on that disk.

Question 9

What does df -h show?

Answer 9

Disk space usage for all mounted filesystems in human-readable format.

Question 10

What is a mount point?

Answer 10

A directory where a filesystem is attached so the OS can access it.

Question 11

What does grep -r ‘error’ /var/log/ do?

Answer 11

Searches recursively through all files in /var/log/ for lines containing the word ‘error’.

Question 12

What does the -r flag do in grep?

Answer 12

Makes the search recursive — it searches inside all subdirectories.

Question 13

What is ext4?

Answer 13

The default Linux filesystem.

Question 14

What is NTFS?

Answer 14

The default Windows filesystem.

Question 15

What does find / -name ‘*.log’ 2>/dev/null do?

Answer 15

Searches the entire filesystem for files ending in .log and silences permission errors.

Question 16

What does 2>/dev/null do in a command?

Answer 16

Redirects error messages to /dev/null, effectively silencing them.

Question 17

What is the /proc directory?

Answer 17

A virtual filesystem that exposes real-time kernel and process information. Not stored on disk.

Question 18

What does /etc/passwd store?

Answer 18

One entry per user: username, UID, GID, home directory, and shell.

Question 19

What does the x mean in /etc/passwd?

Answer 19

The password hash is stored in /etc/shadow, not here.

Question 20

What is UID 0?

Answer 20

The root user. Any account with UID 0 has full system privileges.

Question 21

What does /etc/shadow store?

Answer 21

Hashed passwords for all user accounts. Only readable by root.

Question 22

What does sudo -l do?

Answer 22

Lists the sudo privileges granted to the current user.

Question 23

What is /etc/sudoers?

Answer 23

The file that defines who can use sudo and what commands they can run with elevated privileges.

Question 24

What tool should you use to edit /etc/sudoers?

Answer 24

visudo — it validates the syntax before saving to prevent errors that could lock you out.

Question 25

What is the difference between useradd and adduser?

Answer 25

useradd is low-level with no prompts. adduser is interactive and sets up home directory and password.

Question 26

What does usermod -aG sudo fabio do?

Answer 26

Adds fabio to the sudo group without removing them from other groups.

Question 27

What does the -a flag do in usermod?

Answer 27

Appends the user to the group without removing them from existing groups.

Question 28

What is the principle of least privilege?

Answer 28

Users and processes should have only the minimum access needed to do their job.

Question 29

What does passwd -l username do?

Answer 29

Locks a user account, preventing login.

Question 30

Why is direct root login often disabled?

Answer 30

To force use of sudo, which creates an audit trail and reduces attack surface.

Question 31

What does the SUID bit do?

Answer 31

Makes a file run as the file owner (often root), regardless of who launches it.

Question 32

Give a real example of SUID in use.

Answer 32

The passwd command uses SUID so it can modify /etc/shadow even when run by a regular user.

Question 33

What is the CIA Triad?

Answer 33

Confidentiality, Integrity, and Availability — the three core principles of information security.

Question 34

What is Confidentiality in the CIA Triad?

Answer 34

Data is only accessible to authorised people.

Question 35

What is Integrity in the CIA Triad?

Answer 35

Data is accurate and has not been altered.

Question 36

What is Availability in the CIA Triad?

Answer 36

Systems and data are accessible when needed.

Question 37

What is authentication?

Answer 37

The process of proving who you are. Example: entering a password or fingerprint scan.

Question 38

What is authorisation?

Answer 38

What you are allowed to do after your identity has been verified.

Question 39

What is the difference between authentication and authorisation?

Answer 39

Authentication = proving who you are. Authorisation = what you are allowed to do.

Question 40

What is a brute-force attack?

Answer 40

Systematically trying every possible password combination until one works.

Question 41

Name two defences against brute-force attacks.

Answer 41

Account lockout after failed attempts and rate limiting.

Question 42

What is a phishing attack?

Answer 42

A social engineering attack using deceptive emails to trick users into revealing credentials or installing malware.

Question 43

What is MFA?

Answer 43

Multi-Factor Authentication — requiring two or more types of verification to log in.

Question 44

What are the three factors in MFA?

Answer 44

Something you know (password), something you have (phone/token), something you are (biometric).

Question 45

What is a man-in-the-middle attack?

Answer 45

An attacker secretly intercepts communication between two parties who believe they are talking directly.

Question 46

What is a SIEM?

Answer 46

Security Information and Event Management — a system that collects and analyses logs from across an environment to detect threats.

Question 47

Give an example of a SIEM tool.

Answer 47

Splunk or Microsoft Sentinel.

Question 48

What is defence in depth?

Answer 48

A security strategy that uses multiple layers of controls so that if one fails, others still protect the system.

Question 49

What is a CVE?

Answer 49

Common Vulnerabilities and Exposures — a standardised ID for publicly known security vulnerabilities. Example: CVE-2014-0160 is Heartbleed.

Question 50

What is a vulnerability?

Answer 50

A weakness in a system, such as unpatched software.

Question 51

What is a threat?

Answer 51

Something or someone that could exploit a vulnerability.

Question 52

What is risk in a security context?

Answer 52

The likelihood and impact of a threat exploiting a vulnerability.