LPI Linux Essentials
Knowledge Domain Topic 5:
Security and File Permissions
Practice Test Questions #3:
1. Which command is used to escalate privileges to root?
a) sudo
b) su
c) ssh
d) scp
--------------------------
1 Answer Below:
--------------------------
/* --------------------- */
Explanation:
The su command is used to escalate privileges to root in most Linux systems.
1. Answer: b) su
2. What is the recommended way to switch to another user?
a) Using su command
b) Logging in from another system
c) Logging in over the network
d) All of the above
--------------------------
2 Answer Below:
--------------------------
/* --------------------- */
Explanation:
While the su command can be used to switch to another user, it is not the recommended way. It is recommended to login from another system, over the network, or physical console or terminal on the system.
2. Answer: d) All of the above
3. What is the biggest issue with using su to switch to the superuser (root)?
a) The user's session may get compromised.
b) The system may crash.
c) The user may forget the password.
d) None of the above.
--------------------------
3 Answer Below:
--------------------------
/* --------------------- */
Explanation:
If a regular user's session has been compromised, the superuser (root) password could be captured when using su to switch to root.
3. Answer: a) The user's session may get compromised.
4. Which symbol terminates the command line prompt for a non-privileged user shell?
a) $
b) #
c) @
d) &
--------------------------
4 Answer Below:
--------------------------
/* --------------------- */
Explanation:
The dollar symbol ($) terminates the command line prompt for a non-privileged user shell.
4. Answer: a) $
5. What command is used to run a command with privilege?
a) su
b) sudo
c) ssh
d) scp
--------------------------
5 Answer Below:
--------------------------
/* --------------------- */
Explanation:
The sudo command is used to run a command with privilege.
5. Answer: b) sudo
6. As a system administrator, you notice that some users are using the su command to switch to root. What is the best course of action?
7. As a system administrator, you have authorized a user to run a specific command with privilege using sudo. The user reports that they are still unable to run the command with privilege. What could be the issue?
8. As a system administrator, you are reviewing the system's logs and notice that a regular user's session has been compromised. What is the best course of action to prevent the superuser (root) password from being captured?
--------------------------
6, 7, 8 Answer Below:
--------------------------
/* --------------------- */
6 Answer:
- The user is not invoking sudo correctly: The user may be using the wrong syntax for sudo, such as not including the sudo command before the authorized command or using the wrong password. The solution is to verify the correct syntax and ensure that the user is entering their own password correctly.
- The user is not in the sudoers file: The user may not be listed in the sudoers configuration file or may have been removed accidentally. The solution is to check the sudoers file and ensure that the user is listed with the correct permissions.
- The user's permissions are restricted: The user may have a restricted shell or limited permissions that prevent them from running the authorized command with privilege. The solution is to verify the user's permissions and ensure that they have the necessary access to run the command.
- The command is not listed in the sudoers file: The authorized command may not be listed in the sudoers configuration file or may have been removed accidentally. The solution is to check the sudoers file and ensure that the command is listed with the correct permissions.
- The user's session has expired: If the user's session has expired, they may need to re-authenticate with sudo before running the authorized command. The solution is to instruct the user to run sudo again and enter their password when prompted.
7. Answer:
- Incorrect syntax:
- The user may not be invoking sudo correctly, such as by not including the sudo command before the authorized command or by using the wrong password. The solution is to verify the correct syntax and ensure that the user is entering their own password correctly.
- Not in the sudoers file:
- The user may not be listed in the sudoers configuration file or may have been removed accidentally. The solution is to check the sudoers file and ensure that the user is listed with the correct permissions.
- Restricted permissions:
- The user may have a restricted shell or limited permissions that prevent them from running the authorized command with privilege. The solution is to verify the user's permissions and ensure that they have the necessary access to run the command.
- Command not listed in sudoers file:
- The authorized command may not be listed in the sudoers configuration file or may have been removed accidentally. The solution is to check the sudoers file and ensure that the command is listed with the correct permissions.
- Expired session:
- If the user's session has expired, they may need to re-authenticate with sudo before running the authorized command. The solution is to instruct the user to run sudo again and enter their password when prompted.
8. Answer:
- Terminate the compromised session:
- As soon as possible, terminate the user's compromised session by using the appropriate command or by killing the associated process. This will prevent the attacker from using the user's session to escalate privileges or perform other malicious activities.
- Change the user's password:
- After terminating the compromised session, change the user's password to prevent the attacker from using the same credentials to gain access again. Make sure to use a strong password that is not easily guessed or brute-forced.
- Monitor for suspicious activity:
- Keep an eye on the system logs and other monitoring tools for any suspicious activity that may indicate that the attacker is attempting to gain further access or escalate privileges. Be prepared to take additional action if necessary, such as disabling or locking the compromised user account.
- Review and update security measures:
- After the incident, review the system's security measures and policies to identify any weaknesses or vulnerabilities that may have contributed to the compromise. Consider implementing additional security measures, such as two-factor authentication, intrusion detection and prevention systems, and regular security audits.