Systems & Network Administration

Exam Review Questions

Be Sure to do the Quick Quizzes! Those topics are on the exam, but are not all covered
here.

General:

Be able to describe two key characteristics (e.g., ISO layer, purpose, key packet
information, etc.) of each of these protocols
TCP UDP
IP ICMP ARP

Be able to describe the purpose and basic operation of these protocols

DNS DHCP

Be able to describe the purpose and basic operation of these protocols

IMAP HTTP LDAP

Be able to describe the purpose having these two ports for SMTP
(no other port numbers are necessary)
25 (Transport) 587 (Submission)

Be familiar with the purpose (not the syntax) of these

commands mount / umount
ifconfig
netstat
ping
dig / nslookup

1. Identify and briefly describe each of the essential steps for preparing a new boot
disk for use on a system. Which steps have to be done for every disk?
First, partition the disk. Second, create a filesystem. These two steps must be done for
every disk, regardless of the operating system being installed. Then, copy/install boot
files and device drivers. Finally, activate the bootloader.
2. In the Unix/Linux operating system, what do we expect to find in /etc? What
is the most important thing we expect to find in /var?
/etc is for system configuration and startup scripts, /var/log is a standard location
3. Explain the similarities and differences between /etc/passwd and /etc/shadow.
/etc/passwd is the primary file that stores information about user accounts and can be
read by all users. /etc/shadow is used by the operating system and is restricted to
privileged users. Both have the user name, but /etc/passwd has a placeholder where
/etc/shadow has the actual encrypted password for the account.
4. Where are the system-wide rules for logging specified? What is the difference
between a log level and facility?
The system-wide rules for logging are specified in /etc/syslog.conf
A facility code is used to classify the type of program that is logging the message, and in
practice determines which file the message will be written to. The level reflects the
severity of an event, from emergency (system is unstable) up to info (normal operation
messages that require no action) and debug (only of interest to developers).

5. Explain the general scheme for file permissions in the Unix/Linux operating
system, including how they are expressed as numbers.
d---rwx--- dir-owner-group-world // read-write-execute // r=4 w=2 x=1 add together
up to 7. // x on a directory allows viewing files inside.
6. Normally /tmp has special permissions drwxrwxrwt . What does this allow?
What other directory commonly has these permissions? Why?
Sticky bit on the directory ( t ) allows world write, but files can only be deleted by the
owner. /var/run also should have these permissions, because many startup scripts and
processes like to write their PID there. Dovecot also requires these permissions for
mailbox folders.
7. In bash shell scripts, what do > and >> do? What does | do?
> is used to redirect output to a new file (or overwrite an existing file), >> appends
output to a new file, | (pipe) sends output to another program, like date +%A | figlet
8. In bash shell scripts, what happens when I end a command with >/dev/null 2>&1

Redirect output (stdout) to the null device rather than the terminal, then redirect
stderr (2) to the same place as stdout (1). The effect is that nothing will be shown on
the screen when the script runs (bonus: often used in startup scripts).

1
Exam Question 2: (35%)
9. What is the purpose of having a user account like "nobody" or "postfix" with no
password?
System accounts like these are useful for processes that need access to privileged ports
and processes that create files (some do both). The process can start with root privileges
to gain access to a privileged port, then change its ownership to the system user. Files
created by the process will be owned by the system user, and access will be restricted
like any other normal user. Since there is no password, no one will be able to log in as
the system user. If the process is somehow hijacked or runs amok, it will not be running
with root privileges.

10. Can a network administrator choose just any port number for a service? Why or
why not?
In principle, yes, because a port is just a number to identify a service. In practice, no,
because standards define standard ports for some services. Well-known ports are 0 to
1023, and are also known as restricted ports because they require root (administrator)
permissions. Applications will sometimes pick random ports from the dynamic ports
range (49152 to 65535), so if we need a non-standard port it should be an unassigned
number in the registered ports range (1024 to 49151). Well-known and registered port
assignments are listed in /etc/services

11. DHCP uses a four-phase process to grant a lease for IP connection settings to a
DHCP client. The first phase involves sending out a DHCPDISCOVER message.
Using two or three sentences, state the reason for sending this message out as a
broadcast message, rather than a normal unicast message.
It is impossible to send a unicast message without a source and destination IP
address. A client coming up on the network only knows its MAC address, so the
DHCPDISCOVER message has to be broadcast.
12. What common parameters can a DHCP server set for a client?
Commonly used dhcp options include subnet mask, broadcast address, router
addresses, and the DNS servers the client should use.
13. Why is a "rogue" (unauthorised. unofficial) DHCP server on a subnet
problematic? What steps can be taken to resolve the problem?
Since most will send a REQUEST for the first OFFER they receive by default, a
rogue server may cause clients to ignore OFFERs from the enterprise DHCP servers.
This can cause big problems with subnet masks, default gateways, nameservers, and
other (vendor-specific) options.
Solution: use a packet sniffer in promiscuous mode and filter port 67 and/or 68. Then
go talk to the person responsible and/or tune firewall rules.
14. Describe the purpose of DNS, and the protocols it uses.
DNS maps of human-friendly domain names to IP addresses, using a hierarchy of DNS
servers that each have their own “zone of authority”. A client will always send an
initial DNS query using UDP Protocol over Port 53, and if it does not get a response
within a certain time it will retransmit the query using TCP.
15. Which standard configuration files can be used instead of the DNS to map a
hostname and aliases to an IP address when we are using static IP address
assignment?
/etc/HOSTNAME has the “proper” (canonical) hostname, and /etc/hosts has a
list of IP addresses and aliases.
16. What is a DNS CNAME record?
DNS CNAME record defines an “alias” or alternative name for a host which means one
IP address can be associated with more than one name.
17. What can Dovecot and Squirrelmail use LDAP for?
Dovecot can use LDAP for username and password to access email; Squirrelmail can
use LDAP to show a corporate address book.

18. What is the difference between using the SMTP port vs. the Submission port for
mail?
Submission port (587) is intended to be from client to the initial server using SMTP;
Transfer port (25) is intended to be server to server (relay) using SMTP. This allows
administrators to run two distinct services configured optimally for each purpose, by
optimising Transfer for speed and Submission for safety. Submission port should be
used for spam detection, attachment (malware) scanning, and address rewriting (for
example changing [email protected] to Given.Family@domain). Encryption
(SSL/TLS) can be required for port 587 sessions; port 25 sessions can prefer but cannot
require encryption.

Exam Question 3: (35%)

19. Briefly define and relate: security policy, acceptable use policy, security
mechanisms, and
security procedures. In your description, include the associated organisational
roles: who is responsible for them, and how can we audit/verify their
effectiveness.
A security policy defines what information is to be protected and from whom.
Security mechanisms implement aspects of the security policy, and their effectiveness
must be monitored. Security policies apply to resources under control of the
enterprise; acceptable use policies apply to people and interfaces. Security procedures
implement aspects of the acceptable use policy, and compliance must be monitored.
Implementing the acceptable use policy is essentially a management issue;
implementing the security policy is more of a technical issue. Security policy
implementation mechanisms must provide information necessary for enforcement of
the acceptable use policy. Monitoring effectiveness of mechanisms and compliance
with policies (accountability) requires keeping track of activity (audit trails).

20. List and briefly define the five network management processes defined by ISO.
FCAPS: Fault management (fixing breakdowns and correcting mistakes);
Configuration management (licensing, version control, network architecture);
Accounting management (charging for services, auditing use); Performance
management (capacity planning, response times); Security management (policy
formulation, implementation, evaluation).

21. What is a likely effect of forcing users to change their password frequently?
How is this a tradeoff between security and user experience?
Changing passwords locks out someone who guessed, increasing security. However,
new passwords are hard to remember so users tend to write them down or change in a
predictable pattern. This effect is even worse when administrators force users to choose
strong passwords, composed of a mix of uppercase, lowercase, numeric and special
characters. Security features should be designed to be as intuitive and easy to use as
possible. Avoid security precautions that are too confusing, inappropriate for the
situation, or otherwise inhibit legitimate use.
22. Why do some distributions (like Ubuntu) insist that root access is available only
through sudo? Reflect on the two sides to this issue.
Root access means anything can be done, which magnifies the effect of mistakes. Some
feel that forcing us to type sudo is a way to consciously reinforce this, and we can be
better sysadmins by learning more about sudo configuration options if and when we get
tired of it. Others feel that sudo means there are a lot of root passwords: everyone in
the sudoers file has one and can change it as they like. Any password can be guessed or
inadvertently revealed. Having a single root password means it can be centrally
controlled, even though must be re-distributed to the right people when it is changed.

23. What are the four basic rules for troubleshooting configurations?
[1] Look for what you recognise (in the logfiles, starting at the end) [2] Always keep a
working configuration as backup [3] Do one thing at a time, and then test [4] Do the
simplest thing first

24. What are the three Ps that are most commonly the cause of problems
with service configuration?
Problems with services? Check Paths (these can be fixed with a symlink), Ports, and
Permissions. Syntax errors in shell scripts (Parsing) are also frequently the cause of
problems.

25. Alice tried to start a service but it gave her the message “Cannot run - Could
not write to /var/run: Access Denied”. What should she do?
Lots of services like to write their process ID to a file in /var/run so the best thing to do
is give it permissions like /tmp (see q.6)

26. Bob tried to start a service but it gives him the message “Exiting – could not load
shared library libres.so.0”. What three things should he do (in the proper order)?

First, use the command find / -name "libname*" using the library name from the
error message. If it exists, fix it with a symlink to the path specified in the error
message, or put the symlink in /usr/lib or /usr/local/lib if it is not already there. Lots of
times the library is called libxyz.so.2.0.0 when the program wants libxyz.so so this is
pretty easy. If it is not already there, check a compatible repository. Third, if these
don’t work, get the source code and compile it.