1.Which command will find files that have the SUID bit set?
 
A: sudo locate -s
B: sudo locate -perm suid
C: sudo find / -perm suid -print
D: sudo find / -perm +4000 -print
Correct Answers:  D
 
2.What does Stealth Mode on the Mac OS X Firewall do?
 
A: It disables the sending of denials to blocked packets.
B: It disables responses to all incoming connection attempts
C: It creates a NAT gateway to hide the true IP address of the computer.
D: It enables responses only to connection attempts from computers that are in the allowed computer list.
Correct Answers:  A
 
3.Identify the three (3) levels of access control you can assign to a new keychain item.
 
(Choose THREE.)
 
A:Confirm before allowing access
B:Allow selected UIDs to access this item
C:Allow all applications to access this item
D:Allow only admin users to access this item
E:Ask for keychain password and UID before allowing access
F:Confirm before allowing access, and ask for keychain password
Correct Answers:  A, C, F
 
4.According to Password Assistant's policy rules, a "memorable" password consists of ________.
 
A: a phrase from a syntactically correct sentence
B: a difficult-to-spell word from the local dictionary
C: a one- to three-digit number, followed by a punctuation mark, followed by a word from the local dictionary
D: a word from the local dictionary, followed by a one- to three-digit number, followed by a punctuation mark, followed
by another word from the local dictionary
Correct Answers:  D
 
5.Consider the following folder listing:
drwxrwxrwt 5 root staff 170 May 20 16:39 /Users/Public/Shared/
 
Inside the folder is the file Report.rtf:
-rw-r--r-- 1 kim staff 0 Oct 11 15:51 Report.rtf
 
Who can delete Report.rtf?
 
A: only the root user
B: Kim and the root user
C: any member of the staff group
D: any user who can access the Shared folder
Correct Answers:  B
 
6.Which statement about SSH tunneling is FALSE?
 
A: SSH tunnels can support the PPP protocol.
B: SSH tunnels secure all IP traffic, including UDP and TCP.
C: SSH tunnels secure otherwise non-secure traffic, such as POP and AFP.
D: Forwarding port 1023 and below requires root privileges for the initial receiving port.
Correct Answers:  B
 
7.A shadow password is stored ________.
 
A: in the local LDAP database
B: in the local NetInfo database
C: in a file in /var/db/shadow/hash/
D: when you use the crypt() command
Correct Answers:  C
 
8.Which action will result in a secure connection to a server?
 
A: Enable Secure Remote Apple Events in Sharing preferences on the server.
B: Press and hold the Option key while double-clicking the server discovered via Bonjour.
C: In Finder, choose "Connect to Server" from the Go menu, and enter afp-s:// in the Server Address field,
then select Connect.
D: In Terminal, choose "Connect to Server" from the File menu, then select Secure Shell (ssh) from the Service column,
and the server from the Server column.
Correct Answers:  D
 
9.Which two (2) features are provided by SSH, but not by Telnet?
 
(Choose TWO.)
 
A:MD6 encryption
B:PGP file encryption
C:asynchronous transfers
D:encrypted authentication
E:encrypted communication sessions
Correct Answers:  D, E
 
10.Which statement describes a practical approach to enforcing security for a computer that has programs owned by root which have the SUID bit set?
 
A: Disable root with the nicl command.
B: Delete any program that has the SUID bit set.
C: Change all SUID bits to SGID bits, and run a daily script to delete any programs that have the SUID bit set.
D: Create a list of all your essential programs that have the SUID bit set, then check your computers frequently for programs
not on the list, and remove them.
Correct Answers:  D