Skip to main content

LPI E C1 - sec procs test

Practice Exam Questions

LPI E C1 - system accounts

Test Text: https://www.certificationmethods.com/2023/05/lpi-e-c-secure-procs.html

Multiple Choice Questions
(Answers at end)

1. Which files contain information about the default system accounts on a Linux system?

A. /etc/passwd, /etc/group, and /etc/shadow
B. /var/log/auth.log, /var/log/syslog, and /var/log/kern.log
C. /etc/hosts, /etc/hostname, and /etc/network/interfaces
D. /etc/fstab, /etc/crontab, and /etc/profile
  
2. What information do the files containing system accounts hold?

A. Password (encrypted), username, group membership, and home directory
B. IP address, hostname, MAC address, and subnet mask
C. Port numbers, protocol, and packet header information
D. Network interface card driver, firmware version, and chipset

3. Why are system accounts used on a Linux system?

A. To run various system processes and services
B. To restrict user access to system resources
C. To allow users to customize their own environment
D. To provide additional security measures


4. How does the Linux kernel manage system accounts?

A. By providing process isolation, resource allocation, and memory protection
B. By using network protocols to manage user accounts
C. By providing a graphical user interface for managing user accounts
D. By using virtualization technologies to create isolated environments


5. What do access control lists (ACLs) do in Linux?

A. They manage access to files and directories on the Linux system.
B. They manage access to network resources on the Linux system.
C. They manage access to CPU resources on the Linux system.
D. They manage access to storage resources on the Linux system.

6. How do ACLs provide granular permissions for users and groups in Linux?

A. By allowing administrators to control who can read, write, and execute files
B. By allowing users to specify which files and directories they have access to
C. By using a complex system of encryption and decryption
D. By restricting access to files and directories based on their size and type

7. What system allows administrators to set and modify ACLs for files and directories in Linux?

A. The Extended File Attributes (Xattrs) system
B. The Network File System (NFS)
C. The Lightweight Directory Access Protocol (LDAP)
D. The Simple Network Management Protocol (SNMP)

8. What is the Pluggable Authentication Modules (PAM) framework?

A. A file that stores encrypted password information for user accounts.
B. A standardized way to manage user authentication across different Linux distributions and applications.
C. A system file used to manage user groups, such as the group name and group ID.
D. A mechanism that manages the memory resources of the Linux system and allocates them to different processes and applications.

9. What is the Name Service Switch (NSS) system?

A. A system file used to manage user groups, such as the group name and group ID.
B. A mechanism that manages the memory resources of the Linux system and allocates them to different processes and applications.
C. A way for Linux systems to access user and group information from various sources, such as LDAP directories, NIS servers, and other systems on the network.
D. A file that stores encrypted password information for user accounts.

10. What are SELinux and AppArmor?

A. Standardized ways to manage user authentication across different Linux distributions and applications.
B. Mechanisms that manage the memory resources of the Linux system and allocate them to different processes and applications.
C. System files used to manage user accounts and group membership.
D. Security features that provide additional access control policies and help to prevent unauthorized access to system processes and resources.

11. What is the core component that enforces access control policies on a Linux system?

A. The Pluggable Authentication Modules (PAM) framework
B. The Name Service Switch (NSS) system
C. SELinux and AppArmor
D. The Linux kernel

12. What is the purpose of IPC limits in the Linux kernel?

a. To limit inter-process communication between processes
b. To limit access to system processes and resources
c. To provide a way to partition system resources such as network interfaces, file systems, and process IDs
d. To add additional security policies to the Linux kernel

13. What is the purpose of namespaces in the Linux kernel?

a. To limit access to system processes and resources
b. To limit inter-process communication between processes
c. To provide a way to partition system resources such as network interfaces, file systems, and process IDs
d. To add additional security policies to the Linux kernel

14. What is the purpose of Linux Security Modules (LSM) in the Linux kernel?

a. To limit access to system processes and resources
b. To limit inter-process communication between processes
c. To add additional security policies to the Linux kernel
d. To provide a way to partition system resources such as network interfaces, file systems, and process IDs

15. What is the purpose of Access Control Lists (ACLs) in the Linux kernel?

a. To limit access to system processes and resources
b. To limit inter-process communication between processes
c. To provide a way to partition system resources such as network interfaces, file systems, and process IDs
d. To control access to system processes and resources

16. What is the purpose of auditing in the Linux kernel?

a. To limit access to system processes and resources
b. To limit inter-process communication between processes
c. To provide a way to partition system resources such as network interfaces, file systems, and process IDs
d. To track and log system activity for security and compliance purposes

17. Which of the following mechanisms allows for the creation of independent environments for different service accounts or applications?

A) Namespaces
B) IPC limits
C) Access Control Lists (ACLs)
D) Linux Security Modules (LSM)

18. What is the purpose of the Linux Security Modules (LSM) framework?

A) To provide a way to add additional security policies to the Linux kernel.
B) To set specific limits on the ability of a process to interact with other processes.
C) To control access to system processes and resources.
D) To provide a way to isolate service accounts from each other or from starting other system accounts.

19. Which of the following mechanisms can be used to prevent unauthorized access to critical system processes and resources?

A) Access Control Lists (ACLs)
B) Namespaces
C) Capabilities
D) IPC limits

20. Which of the following mechanisms can be used to set specific limits on the ability of a process to interact with other processes?

A) IPC limits
B) Access Control Lists (ACLs)
C) Namespaces
D) Capabilities

21. Which mechanism provides a way to control access to system processes and resources?
   
A) Namespaces
B) Linux Security Modules (LSM)
C) Access Control Lists (ACLs)
D) IPC limits

22. What is the role of file permissions and access control lists (ACLs) in Linux?

a. To manage inter-process communication between processes
b. To ensure the security of the system
c. To provide a standardized way to manage user authentication
d. To limit access to network resources

23. What is the purpose of capabilities in Linux?

a. To provide a way to partition system resources
b. To limit access to sensitive user account information
c. To grant specific privileges to individual processes or programs
d. To track changes to critical system files

24. What is the role of the auditd daemon and the tripwire utility in Linux?

a. To manage inter-process communication between processes
b. To track system activity and file accesses
c. To provide a standardized way to manage user authentication
d. To limit access to network resources

25. What is the purpose of memory segmentation in Linux?

A. To divide the virtual memory space of each process into multiple segments, each with its own set of access permissions.
B. To map a portion of a file or shared memory segment into a process's virtual memory space.
C. To provide hardware-level memory protection features.
D. To ensure that each process has its own virtual memory space that is separate from the virtual memory spaces of other processes.

26. What is the purpose of Memory Protection Keys (MPKs) on x86 processors?

A. To divide the virtual memory space of each process into multiple segments, each with its own set of access permissions.
B. To map a portion of a file or shared memory segment into a process's virtual memory space.
C. To provide hardware-level memory protection features.
D. To ensure that each process has its own virtual memory space that is separate from the virtual memory spaces of other processes.

27. How does Linux ensure that shared memory segments and memory-mapped files are accessed only by authorized users and service accounts?

A. By using access control mechanisms such as file permissions and ACLs.
B. By dividing the virtual memory space of each process into multiple segments, each with its own set of access permissions.
C. By providing hardware-level memory protection features such as MPKs.
D. By using hardware-level memory protection mechanisms such as shared memory segmentation.

28. What is the purpose of memory mapping in Linux?

A. To divide the virtual memory space of each process into multiple segments, each with its own set of access permissions.
B. To map a portion of a file or shared memory segment into a process's virtual memory space.
C. To provide hardware-level memory protection features.
D. To ensure that each process has its own virtual memory space that is separate from the virtual memory spaces of other processes.

29. How does Linux protect the memory of each process from other processes that allow processes to share memory in a controlled manner?

A. By using access control mechanisms such as file permissions and ACLs.
B. By dividing the virtual memory space of each process into multiple segments, each with its own set of access permissions.
C. By providing hardware-level memory protection features such as MPKs.
D. By using hardware-level memory protection mechanisms such as shared memory segmentation and memory mapping.

30. What is the purpose of Memory Protection Keys (MPKs) on x86 processors?

a. To specify the base address and size of each memory segment
b. To enforce access permissions by checking them against the segment registers
c. To allow processes to set up memory regions that can only be accessed by specific code paths
d. All of the above

31. What is the purpose of the shmget and shmat system calls?

a. To create a shared memory segment and map it into a process's virtual memory space
b. To specify the base address and size of each memory segment
c. To enforce access permissions by checking them against the segment registers
d. None of the above

32. What are Access Control Lists (ACLs)?

a. A feature of the Linux kernel that allows for more fine-grained control over file and directory permissions beyond the standard UNIX permissions.
b. A set of tools for managing user and group permissions on Linux systems.
c. A file system type that allows for additional metadata to be associated with files and directories.
d. A kernel mechanism that ensures each process is isolated from other processes in terms of its memory space.

33. What are the commands used to create and manage ACLs?
   
a. chmod and chown
b. setfacl and getfacl
c. touch and rm
d. ls and cd

34. How are ACLs enforced by the Linux kernel?

a. By checking the permissions specified in the ACL for the user and group that is accessing the file or directory.
b. By using Memory Protection Keys (MPKs) on x86 processors.
c. By mapping a portion of a file or shared memory segment into a process's virtual memory space.
d. By dividing the virtual memory space of each process into multiple segments.

35. Where are ACLs stored?
   
a. In the inode of the file or directory.
b. In the block allocation table of the file system.
c. In the extended attribute namespace of the file system.
d. In the kernel's memory space.

36. What is the command used to view the ACL entries for a specified file or directory?

a. chmod
b. getfacl
c. chown
d. setfacl

37. What is the syntax for creating an ACL using setfacl?

a. setfacl -m user:username:permissions file
b. setfacl -g group:groupname:permissions file
c. setfacl -o other:permissions file
d. setfacl -u user:username:permissions file

38. Where are ACLs stored in the Linux file system?

a. In the standard UNIX metadata
b. In the user data namespace
c. In the extended attribute namespace
d. In the file and directory names




1. Answer: A.
The default system accounts on a Linux system are stored in files such as /etc/passwd, /etc/group, and /etc/shadow.

2. Answer: A.
The files containing system accounts hold information such as password (encrypted), username, group membership, and home directory.

3. Answer: A.
System accounts are used on a Linux system to run various system processes and services.

4. Answer: A.
The Linux kernel manages system accounts by providing process isolation, resource allocation, and memory protection.

5. Answer: A.
ACLs are used to manage access to files and directories on the Linux system.

6. Answer: A.
ACLs provide granular permissions for users and groups in Linux by allowing administrators to control who can read, write, and execute files.

7. Answer: A.
The Extended File Attributes (Xattrs) system allows administrators to set and modify ACLs for files and directories in Linux.

8. Answer: B.
The Pluggable Authentication Modules (PAM) framework provides a standardized way to manage user authentication across different Linux distributions and applications.

9. Answer: C.
The Name Service Switch (NSS) system provides a way for Linux systems to access user and group information from various sources, such as LDAP directories, NIS servers, and other systems on the network.

10. Answer: D.
SELinux and AppArmor are security features that provide additional access control policies and help to prevent unauthorized access to system processes and resources.

11. Answer: D.
The Linux kernel is the core component that enforces access control policies on a Linux system.

12. Answer: a.
To limit inter-process communication between processes

Explanation: IPC limits are used to limit or control inter-process communication (IPC) between processes. The prctl() system call can be used to set specific limits on the ability of a process to interact with other processes, such as limiting the types of IPC mechanisms that can be used or setting restrictions on the use of shared memory.

13. Answer: c.
To provide a way to partition system resources such as network interfaces, file systems, and process IDs

Explanation: Namespaces provide a way to partition system resources such as network interfaces, file systems, and process IDs, allowing for the creation of independent environments for different service accounts or applications.

14. Answer: c.
To add additional security policies to the Linux kernel

Explanation: The Linux Security Modules (LSM) framework provides a way to add additional security policies to the Linux kernel, such as SELinux or AppArmor, which can be used to limit the access of service accounts to each other or to system resources.

15. Answer: d.
To control access to system processes and resources

Explanation: Access Control Lists (ACLs) are used to control access to system processes and resources. They can be used to set specific permissions for different users or groups, allowing or denying access to specific files or directories.

16. Answer: d.
To track and log system activity for security and compliance purposes

Explanation: Auditing is used to track and log system activity for security and compliance purposes. The auditd daemon and the tripwire utility are commonly used in Linux systems to perform auditing.

17. Answer: A) Namespaces.
Namespaces provide a way to partition system resources such as network interfaces, file systems, and process IDs, allowing for the creation of independent environments for different service accounts or applications.

18. Answer: A)
To provide a way to add additional security policies to the Linux kernel. The Linux Security Modules (LSM) framework allows for the addition of additional security policies to the Linux kernel, such as SELinux or AppArmor, which can be used to limit access to system resources.

19. Answer: C) Capabilities.
Capabilities can be used to isolate service accounts and prevent unauthorized access to critical system processes and resources.

20. Answer: A) IPC limits.
The prctl() system call can be used to set specific limits on the ability of a process to interact with other processes, such as limiting the types of IPC mechanisms that can be used or setting restrictions on the use of shared memory.

21. Answer: B) Linux Security Modules (LSM).
The Linux Security Modules (LSM) framework provides a way to add additional security policies to the Linux kernel, such as SELinux or AppArmor, which can be used to control access to system processes and resources.

22. Answer: b.
To ensure the security of the system.

Explanation: File permissions and ACLs in Linux are used to control access to system processes and resources, and ensure the security of the system. Each file in Linux has a set of permissions that determine who can read, write, or execute the file, and these permissions are enforced by the kernel, and they apply to both regular users and service accounts.

23. Answer: c.
To grant specific privileges to individual processes or programs.

Explanation: Capabilities in Linux are a set of privileges that can be granted to individual processes or programs, allowing them to perform specific privileged operations that would normally require root-level access. This helps to isolate processes and prevent unauthorized access to critical system processes and resources.

24. Answer: b.
To track system activity and file accesses.

Explanation: The auditd daemon and the tripwire utility in Linux are used for auditing system activity and tracking changes to critical system files. The auditd daemon can be used to track system calls and file accesses, while the tripwire utility can be used to monitor changes to critical system files and alert system administrators when changes are detected.

25. Answer: A

Explanation: Memory segmentation is used in Linux to divide the virtual memory space of each process into multiple segments, each with its own set of access permissions. This helps protect the memory of each process from other processes.

26. Answer: C

Explanation: Memory Protection Keys (MPKs) on x86 processors provide hardware-level memory protection features that allow processes to set up memory regions that can only be accessed by specific code paths.

27. Answer: A

Explanation: Linux ensures that shared memory segments and memory-mapped files are accessed only by authorized users and service accounts by using access control mechanisms such as file permissions and ACLs.

28. Answer: B

Explanation: Memory mapping in Linux allows a process to map a portion of a file or shared memory segment into its virtual memory space, providing direct access to the mapped memory region while protecting the rest of the process's memory from other processes.

29. Answer: D

Explanation: Linux protects the memory of each process from other processes that allow processes to share memory in a controlled manner by using hardware-level memory protection mechanisms such as shared memory segmentation and memory mapping. These mechanisms allow processes to share memory in a controlled manner while protecting the rest of the process's memory from other processes.

30. Answer: c.
To allow processes to set up memory regions that can only be accessed by specific code paths

Explanation: Memory Protection Keys (MPKs) on x86 processors allow processes to set up memory regions that can only be accessed by specific code paths. This provides an additional level of memory protection that can be used to further secure sensitive data.

31. Answer: a.
To create a shared memory segment and map it into a process's virtual memory space

Explanation: The shmget and shmat system calls are used to create a shared memory segment and map it into a process's virtual memory space. The service account can create a shared memory segment using the shmget system call and then attach to the shared memory segment using the shmat system call, which maps the shared memory segment into the service account's virtual memory space. This allows the service account to read from or write to the shared memory segment as needed, while other system account processes are prevented from accessing the shared memory segment directly.

32. Answer: a.
ACLs are a feature of the Linux kernel that allows for more fine-grained control over file and directory permissions beyond the standard UNIX permissions.

Explanation: The first sentence of the given text states that "Access Control Lists (ACLs) are a feature of the Linux kernel that allow for more fine-grained control over file and directory permissions beyond the standard UNIX permissions."

33. Answer: b.
The commands used to create and manage ACLs are setfacl and getfacl.

Explanation: The second sentence of the given text states that "ACLs are created and managed using the setfacl and getfacl commands, which are part of the acl package."

34. Answer: a.
ACLs are enforced by the Linux kernel by checking the permissions specified in the ACL for the user and group that is accessing the file or directory.

Explanation: The last paragraph of the given text states that "The Linux kernel uses ACLs to enforce access control on files and directories. When a file or directory is accessed, the kernel checks the permissions specified in the ACL for the user and group that is accessing the file or directory. If the user or group has the necessary permissions specified in the ACL, then access is granted. If not, access is denied."

35. Answer: c.
ACLs are stored in the extended attribute namespace of the file system.

Explanation: The second-to-last paragraph of the given text states that "ACLs are stored in the extended attribute namespace of the file system, which allows for additional metadata to be associated with files and directories beyond the standard UNIX metadata."

36. Answer: b. getfacl

Explanation: The getfacl command is used to view the ACL entries for a specified file or directory in Linux. This command is part of the acl package and allows users and system accounts to view the ACLs of files and directories.

37. Answer: a. setfacl -m user:username:permissions file

Explanation: The syntax for creating an ACL using setfacl is as follows: setfacl -m user:username:permissions file. Here, user specifies the type of object that the ACL applies to (in this case, a user), username specifies the name of the user, permissions specifies the permissions to be granted to the user, and file specifies the file or directory that the ACL applies to.

38. Answer: c. In the extended attribute namespace

Explanation: ACLs are stored in the extended attribute namespace of the file system in Linux. This allows for additional metadata to be associated with files and directories beyond the standard UNIX metadata. The kernel uses this extended attribute namespace to store and manage the ACLs of files and directories.