Helping Hand Questions for 202-450

 OpenVAS is a network security scanner project that, at the core, is a server with a set of network vulnerability tests (NVTs) to detect security problems in remote systems and applications. It is an open-source tool that was forked from Nessus, a popular commercial scanner. OpenVAS can perform comprehensive scans of networks and hosts, as well as web application scanning and compliance testing. It also provides a graphical user interface (GUI) and a command-line interface (CLI) for managing scans and reports. References:

• Greenbone Vulnerability Management - Gentoo wiki
• The Best Network Vulnerability Scanners Tested in 2023 - Comparitech

According to the OpenLDAP Software 2.6 Administrator’s Guide1, the default access control policy is allow read by all clients. This means that if there is no access directive, any client can read any entry or attribute in the directory, but cannot modify or delete them. Therefore, option C is the correct answer, as it represents this policy. Option A is incorrect, as it grants write access to all clients, which is not the default. Option B is incorrect, as it denies access to all clients, which is also not the default. Option D is incorrect, as it grants read and write access only to the rootdn, which is the superuser of the directory, and denies access to all other clients.

References:

• OpenLDAP Software 2.6 Administrator’s Guide: Access Control: The official documentation of OpenLDAP on how to configure access control for the directory server.

 The host allow option in the smb.conf file specifies the hosts or networks that are allowed to access the Samba server. The hosts can be specified by name, IP address, or network address with a netmask. The host allow option can also include the special name localhost, which refers to the local machine. The host allow option can be overridden by the host deny option, which specifies the hosts or networks that are denied access to the Samba server. The host deny option has a higher priority than the host allow option.

In this question, the host allow option is set to 192.168.1.100 192.168.2.0/24 localhost, which means that only the host with the IP address 192.168.1.100, the hosts on the network 192.168.2.0/24 (from 192.168.2.1 to 192.168.2.254), and the local machine can access the Samba server. This explains why a wireless laptop with an IP address 192.168.2.93 can access the Samba server, but a workstation on the wired network with an IP address 192.168.1.177 cannot. Almost every machine on the wired network is unable to access the Samba server because they are not included in the host allow option.

To fix this problem, the host allow option should be changed to include the entire wired network, which is assumed to be 192.168.1.0/24 (from 192.168.1.1 to 192.168.1.254). This can be done by using the network address and the netmask, or by using a range of IP addresses. The host allow option should also keep the wireless network and the localhost in the list, so that the existing access is not denied. Therefore, the correct answer is E. host allow = 192.168.1.0/255.255.255.0 192.168.2.0/255.255.255.0 localhost. This will allow any host on either network, or the local machine, to access the Samba server, without denying access to anyone else.

The tool dig, which stands for domain information groper, is a command-line utility that provides the most information when performing DNS queries, without any options. Dig can query any type of DNS record and display the full response from the DNS server, including the header, question, answer, authority, and additional sections. Dig can also show the query time, server address, response code, flags, and statistics. Dig is a versatile and powerful tool that can be used for troubleshooting, testing, and debugging DNS issues123 References:

• dig(1) - Linux manual page
• How to Use the Dig Command on Linux
• How to use the dig command for DNS queries on Linux