Linux Interview Questions For Experienced
This article provides Linux interview questions with answers for
experienced users.
Why
should you periodically update the kernel and package versions?
To enhance the security of
system you should ensure that you are using the latest versions kernel and software
packages that contain the most recent security updates.
During a recent strikes
at office, several archive tapes of the system were damaged and ruined. What
can you do to prevent the physical damage in future?
You should store them at
offsite.
Why should you avoid the
Telnet to administer a Linux system remotely?
Telnet use most insecure method
for communication. It send data across the network in plain text format.
Someone easily find out the password using the network tool.
A file is unable to be restored
from tape due to several device and media errors. What is most likely the
cause?
Media errors usually indicate
that the tape media is damaged, or that the tape drive heads need cleaning.
Your FTP Server recently
hacked. Due to the amount of damage, the entire server needs to be restored.
How should you restore the original kernel system files?
You cannot restore the entire
operating system from tap back up device. So you should reinstall the core
operating system, and then restore system configuration files and user data
from tape backup device.
Your company hire a
contract employee for two months. What should the Linux administrator do to
enhance security on the employee's account?
While creating new user account
for this user, administrator should set the expiration date for his account, so
that if the employee leaves or does not have their contract renewed, the
account will be automatically disabled.
Which backup strategy
only backs up files that have changed since the last full backup?
Differential backup will backup
files that have changed since the last full backup.
Name a service which
should you disable on a Linux Server which is acting as both a Web and FTP
Server.
The finger service should be
disabled because a remote user can get important information about the system
by using that command.
Why it
is recommended to store backup tapes to an offsite storage facility?
Because this will prevent the
backup taps from being destroyed during a natural disaster at the server site.
It also prevents the tapes from being stolen.
A newbie enabled the root
session for FTP server. is it ok?
No, he has put the security of
entire server on risk. You should disable to root session as soon as possible.
A user complains you that
he is unable to set '123' as his password. Why would not the system allow this
password?
There would be a minimum length
rule for password, which is blocking user to use this password. Default minimum
length rule for password is six characters. It means a user cannot have
password less than six characters.
Your company is running
Web Server. One dedicate account holder customer complains that his visitors
are able to scan the directory tree. Which directive would you configure to
stop web server from listing the directory?
You should remove / comment the
"Options Indexes" directive from the main configuration file '
httpd.conf' of the web server. This is a security measure so that remote users
can’t scan the directory tree of the server looking for security holes. Server
won’t show directory listings if requested by a user.
What type of backup strategy
can you use to fully back up a system every night?
You can use full backup
strategy that will always perform a full backup of all files. This takes much
more time and space than other methods, but is it the most complete method and
allows for easy file restoration.
How can you enhance the
security of password file?
Linux keep user account
information in a text file called /etc/passwd. This file also store one way
encrypted password. This file is accessed by several tools to get user
information, so file need to world readable. This is a security risk. To
minimize the security risk you can use shadow password format. This method save
account information in regular file /etc/passwd. However, the password is
stored as a single "x" character (not actually stored in this file).
A second file, called "/etc/shadow", contains encrypted password as
well as other information such as account or password expiration values, etc.
The /etc/shadow file is readable only by the root account and is therefore less
of a security risk
You have
just finished the installation of sever. This server is going to be use as file
server. Default installation have send mail service running, while this server
will never send any e-mails. How should you deal with send mail service?
You should disable the send
mail service if server is not being used for mail purpose. Leaving them running
can increase the chance of a security vulnerability being exploited, and
unauthorized use of sendmail relay.
What command can you use
to back up an entire file system most efficiently?
The easiest command to use to
back up an entire file system is the dump command. Files can be restored from a
dump operation by using the restore command.
Which necessary steps should you take to enhance the
security of server just after the initial installation?
·
Kernel and packages should be upgraded to the latest
versions.
·
Unnecessary services and daemons should be disable.
·
Enable and configure firewall
·
Set a complex password policy.
·
While auditing user accounts, an
administrator notices that one of the users has a blank password. What should
he do to the account?
·
To prevent further use of the account, which is an immediate
security risk, disable it and set a temporary password for the user for the
next time they login.
·
Which backup strategy backs up all files
that have changed since the last backup?
·
An incremental backup will only back up files that have changed
since the last backup.
·
Your company has terminated a server
administrator. What is first thing as an administrator should you do to enhance
the security?
·
Because the server administrator knows the root password for the
server, it should be changed immediately to prevent them from tampering with
the system.
·
You are setting up an FTP server. Only
company employees are allowed to use the FTP services. What should you
configure on the FTP server to enhance security?
·
You should disable the anonymous FTP account, so that only users
with a username and password can access the system.
·
What is the location of system configuration
files that should be backed up on a regular basis?
·
The /etc directory contains most of the Linux system configuration
files.
·
Which permission allows a user to run an
executable with the permissions of the owner of that file?
·
The Set-User-ID is a special permission that allows a user to run
an executable with the permissions of the owner of that file.
·
What command can you use to make a tape
archive file of a /home directory, and send it to the /dev/tape device?
·
The correct command is tar -cvf /dev/tape /home.
·
The -xvf option is used to extract files from an archive.
·
Employees at your company are lazy in
changing the password. As a system administrator what can you do to minimize
the security risk?
·
You can setup a password policy which enforce user to change his
password after a specific time periods.
·
Which program should you use to connect a
system remotely?
·
You should always use SSH to connect a system remotely. SSH is a
secure method that encrypts the entire session.
·
To save disk space, an administrator wants
to backup files, and then remove them from the server permanently. What kind of
backup operation is this?
·
An archive operation will take the files, back them up to a
device, and then remove the files from the original server.
·
What does firewall do?
·
Firewall is a device or service which can be used to protect the
network or system from other outside networks.
No comments:
Post a Comment