XK0-005 Security • Complete Question Bank
Complete XK0-005 Security question bank — all 0 questions with answers and detailed explanations.
Refer to the exhibit. # auditctl -l -w /etc/passwd -p wa -k passwd_changes -w /etc/shadow -p wa -k shadow_changes -w /etc/group -p wa -k group_changes
Refer to the exhibit. $ getfacl file.txt # file: file.txt # owner: alice # group: staff user::rw- user:bob:r-- group::r-- mask::rw- other::---
Refer to the exhibit. # auditctl -l LIST_RULES: syscall=openat,open,creat,truncate,ftruncate key=file_monitor -a always,exclude -F msgtype=CRED_DISP -w /etc/passwd -p wa -k passwd_changes -w /etc/shadow -p wa -k shadow_changes -w /etc/group -p wa -k group_changes -w /var/log/auth.log -p wa -k auth_log # ausearch -k auth_log -ts today <no matches>
You are a systems administrator for a small company. The company uses a Linux server running Ubuntu 22.04 LTS that hosts a web application and a PostgreSQL database. The server has two network interfaces: eth0 (public IP) and eth1 (private IP). The web application listens on port 443 (HTTPS) on eth0, and the PostgreSQL database listens on port 5432 on eth1. The company security policy requires that only the web application should be accessible from the internet; all other ports must be blocked on the public interface. Additionally, SSH access should be allowed only from the internal network (192.168.1.0/24). The current iptables rules are as follows:
-P INPUT ACCEPT -P FORWARD ACCEPT -P OUTPUT ACCEPT
There are no other rules. You need to implement the security policy using iptables. Which of the following sets of commands will achieve the required security policy?
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag a concept onto its matching description — or click a concept then click the description.
poweroff.target
rescue.target
multi-user.target
graphical.target
reboot.target
Drag a concept onto its matching description — or click a concept then click the description.
Show/manipulate routing, devices, tunnels
Investigate sockets
Manage NetworkManager
Capture network packets
Network exploration/security scanning
Drag a concept onto its matching description — or click a concept then click the description.
Bootloader
Initial RAM disk
Init system and service manager
Compressed Linux kernel
Tool to create initramfs
Refer to the exhibit. # auditctl -l LIST_RULES: exit,always auid>=1000 auid!=4294967295 (0xffffffff) syscall=open key=user-open # ausearch -k user-open ---- time->Thu Jan 1 12:00:00 2025 type=SYSCALL msg=audit(1735689600.123:456): arch=c000003e syscall=2 success=yes exit=3 a0=7ffe... a1=0 a2=1c a3=7f... items=1 ppid=1234 pid=5678 auid=1001 uid=1001 gid=1001 euid=1001 suid=1001 fsuid=1001 egid=1001 sgid=1001 fsgid=1001 tty=pts0 ses=1 comm="cat" exe="/usr/bin/cat" key="user-open"
Refer to the exhibit. $ cat /etc/shadow root:$6$xyz...:18000:0:99999:7::: $ sudo passwd -S root root P 08/15/2024 0 99999 7 -1 $ sudo chage -l root Last password change : Aug 15, 2024 Password expires : never Password inactive : never Account expires : never Minimum number of days between password change : 0 Maximum number of days between password change : 99999 Number of days of warning before password expires : 7
Refer to the exhibit. $ sudo iptables -L -n -v Chain INPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 10 540 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
Refer to the exhibit. ls -la /usr/bin/passwd -rwsr-xr-x 1 root root 68208 Apr 1 2024 /usr/bin/passwd
Refer to the exhibit. /etc/pam.d/sshd: auth required pam_sepermit.so auth substack password-auth auth include postlogin account required pam_nologin.so account include password-auth password include password-auth session required pam_selinux.so close session required pam_loginuid.so session required pam_selinux.so open session required pam_namespace.so session optional pam_keyinit.so force revoke session include password-auth session include postlogin
Refer to the exhibit.
```
type=AVC msg=audit(1234567890.123:45): avc: denied { write } for pid=1234 comm="httpd" name="app.log" dev=sda1 ino=56789 scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:var_log_t:s0 tclass=file
```