[NTLUG:Discuss] I PASSED... I'm an LCA

Jeremy Blosser jblosser-ntlug at firinn.org
Thu May 31 23:50:32 CDT 2001 

Chris Cox [cjcox at acm.org] wrote:
> I'm looking at getting my LCI (Linux Certified Instructor).
> There are only 59 in the world today.  That was why I went
> through all of this to begin with.

Are the sample questions on their web site an accurate sample of the test
quality?  I just took a look at those, and was a bit underwhelmed.

Some examples, all from the 'security and ethics' test:

 "Select the least secure host from the list below.

 A.A multi-user system that is connected to the Internet directly but runs
 only a minimum number of services, all of which are started by TCP wrappers
 B.A multi-user system that is connected to the Internet through a firewall,
 which runs a minimum number of services.
 C.A single-user system that is used primarily as an NFS server, that is
 connected to the Internet directly, and that only runs NFS services
 D.A single-user system that is used primarily as a development server and
 that is connected to the Internet through a firewall, which runs a minimum
 number of services

 Explanation : Answer C is correct. With NFS, a client can log in and mount
 the server file systems, and then read or change files stored on the server
 without having to log in or enter a password. NFS also uses a weak form of
 authentication, and can be easily spoofed. Any system behind a firewall
 will be much more secure then a system directly connected to the Internet
 because the number of potential intruders is decreased exponentially. This
 eliminates answers B and D. TCP wrappers are a powerful tool for minimizing
 the number of hosts who have access to a system."

Er, huh?  This one just has to be a typo or something.  D is connected
through a firewall, for one thing, so the bit about not being behind a
firewall eliminating D makes no sense.  They say the NFS server is the
answer, then give all the reasons NFS is insecure.  Etc.

 "Of the following examples, which would be the best example of physical
 security? 

 1. Computer Locks
 2. BIOS Security
 3. Boot Loader Security (example - LILO)
 4. xlock and vlock

 A.1
 B.1 & 2
 C.2 & 3
 D.1,2 & 3
 E.1,2,3 & 4

 Explanation : Physical security of a machine is the protection of
 unauthorized persons from logging into the physical terminal. All four
 examples help in preventing unauthorized persons from logging into the
 machine."

All help, but that wasn't the question.  The question was 'which would be
the best'.

 "Which of the following is the most secure method for a system
 administrator to log in as root to a host? (This host may be accessed
 through the local area network if necessary.)

 A.Use the "rlogin" command.
 B.Use the "ssh" command.
 C.Use Telnet.
 D.Log in as root at the physical terminal.
 E.All of the above are equally suitable options.

 Explanation : Answer D is correct. Using rlogin, ssh, and telnet place the
 root password on the network, subjecting it to potential snooping. Further,
 rlogin relies on the "trust" of another host and can be easily fooled.
 Secure shell is probably the next best choice because it uses encryption to
 protect the data. It is still feasible, however, that someone could decrypt
 the message. Telnet transmits data in plain text which can easily be
 intercepted by a password sniffer. Physically logging onto the terminal is
 the only method that totally prevents network snooping of the root
 password."
 
Maybe this is just a poorly worded question, but saying the host may be
accessed through the network implies that that is relevant to the question,
ie. that we're talking about the most secure method that still allows
remote access.  Also, root should not be allowed to login directly even at
the console, which is the reasonable interpretation of "log in as root at
the physical terminal".

 "It is ethical for a network administrator to read other users' e-mail
 without permission on a server that he is administrating.

 A.True
 B.False

 Explanation : Answer A is correct. The Electronic Communications Privacy
 Act specifically grants this right to authorized personnel. Courts have
 generally ruled that there is no reasonable expectation to privacy and,
 further, states that employers have the right to read e-mail to protect
 their interests."

This is no doubt debatable, but the phrasing of the question certainly
implies that they're asking about a sysadmin doing this at their own whim,
and not just as part of their authorized duties (I guess we're supposed to
intuit that 'without permission' just means 'without the user's permission,
but with the permission associated with your job').  Trick question?  Even
if technically correct, if people are being quizzed on ethics, the standard
should be quite a bit higher than 'the bare minimum the law allows'.

 "While monitoring routine network traffic, a network administrator notices
 that a user is violating the company's appropriate use policy. As part of
 his job, the network administrator is expected to report any violations of
 the policy.  From an ethical standpoint, who should the network
 administrator inform about the violation?
 
 A.The person who has violated the policy
 B.The boss of the person who has violated the policy
 C.The owner of the company
 D.The network administrator's boss
 E.Both a and b
 F.All of the above

 Explanation : Everyone listed here can be notified of the of the violation,
 especially since an appropriate use policy (by convention, a statement of
 rights, privileges, and consequences) is in effect. However, notification
 does not mean that the inappropriate material can be shown to everybody in
 the list.  NOTE: This question does not address the issue of
 chain-of-command with respect to company policy.  Jumping the
 chain-of-command is a separate issue from the ethics of monitoring system
 activity and should be respected per company policy."

Also debatable I guess, but I don't think you can even attempt to really
answer this one without knowing what the company policy is.  If you work in
a company of a few thousand people, notifying the owner and everyone else
of one AUP violation makes no sense and is an unnecessary (and probably
unethical) embarassment to the offender.  It's also doubtful it would be
appropriate or ethical for the admin to take it up with the user directly
instead of referring it through those responsible for dealing with such
things.

Their explanation says "can be notified", and in that case "all of the
above" is correct, but again, the question didn't ask who can be, it asked
who should be.

-- 
Jeremy Blosser

More information about the Discuss mailing list