CompTIA Linux+ Practice Questions: Security Domain

Correct Answer: B

Explanation: The 'chage -E username' command is used to set the expiration date for a user's password. Option A 'passwd -e username' forces the user to change their password at the next login. Option C 'usermod -e username' sets an expiration date for the user account, not the password. Option D 'chpasswd -e username' is not a valid command for this purpose.

Correct Answer: B

Explanation: Fail2ban is a tool that monitors log files for failed login attempts and can block IP addresses that show malicious signs, such as too many password failures. Blocking all traffic (A) is impractical, disabling SSH (C) prevents legitimate access, and reducing session timeout (D) does not prevent brute-force attempts.

Correct Answer: B

Explanation: /var/log/auth.log contains authentication-related messages and is the first place to look for unauthorized access attempts. /var/log/syslog contains general system logs. /var/log/dmesg contains kernel ring buffer messages. /var/log/kern.log contains kernel-related logs.

Correct Answer: C

Explanation: Applying SELinux policies helps restrict container permissions and enhances security. Running containers as root and using privileged containers increase security risks. Disabling AppArmor reduces security by removing an additional layer of protection.

Correct Answer: A

Explanation: The 'getent group sudo' command retrieves group information from the /etc/group file, showing the members of the 'sudo' group. 'cat /etc/sudoers' shows the sudoers configuration, 'ls -l /etc/sudoers.d/' lists custom sudoers files, and 'sudo -l' shows the current user's sudo privileges.

Correct Answer: A

Explanation: Disabling password authentication and using key-based authentication provides a more secure method of accessing the server, as it eliminates the risk of brute-force attacks on passwords. Enabling root login (B) is insecure, using the default port (C) is less secure than using a non-standard port, and allowing password authentication (D) is less secure than key-based authentication.

Correct Answer: A

Explanation: '/etc/profile' is the file where you can set the default umask for all users. '/etc/passwd' and '/etc/shadow' are related to user information and passwords, while '/etc/bashrc' is used for bash shell configurations.

Correct Answer: D

Explanation: Limiting container capabilities is a security best practice to minimize the potential impact of a compromised container. Option A, running containers with root privileges, is insecure as it increases the risk of privilege escalation. Option B, using the latest version, is good for security but not as effective as limiting capabilities. Option C, keeping containers running indefinitely, does not directly enhance security.

Correct Answer: C

Explanation: The '/etc/login.defs' file contains settings for password expiration policies. '/etc/passwd' contains user account information but not password policies. '/etc/shadow' contains password hashes and expiration dates but is not used for setting global policies. '/etc/security/limits.conf' is for resource limits, not password policies.

Correct Answer: B

Explanation: The command 'iptables -L -n' lists all firewall rules and is useful for checking if a specific port is blocked. 'firewall-cmd --list-all' is used with firewalld, not iptables. 'ufw status' is used on systems with UFW, not SUSE. 'netstat -tuln' shows listening ports but does not show firewall rules.