UNIX Question and Answer – Firewall Configuration
UNIX MCQ – Multiple Choice Questions for exam, interview, and Entrance Test
1. Which iptables command is used to append a rule to the end of a specific chain?
a) iptables-append
b) iptables-add
c) iptables -A <chain>
d) iptables -E <chain>
Answer: c) iptables -A <chain>
Explanation: The `iptables -A <chain>` command is used to append a rule to the end of a specific chain in iptables.
2. What is the purpose of the OUTPUT chain in iptables?
a) To filter packets destined for the local system
b) To filter packets originating from the local system
c) To filter packets forwarded through the local system
d) To filter packets based on their destination IP address
Answer: b) To filter packets originating from the local system
Explanation: The OUTPUT chain in iptables is used to filter packets that are generated by the local system.
3. Which iptables rule is used to specify the destination IP address?
a) –dest
b) –destination
c) –dst
d) –daddr
Answer: b) –destination
Explanation: The `–destination` option in iptables rules is used to specify the destination IP address.
4. What is the purpose of the FORWARD chain in iptables?
a) To filter packets destined for the local system
b) To filter packets originating from the local system
c) To filter packets forwarded through the local system
d) To filter packets based on their source IP address
Answer: c) To filter packets forwarded through the local system
Explanation: The FORWARD chain in iptables is used to filter packets that are forwarded through the local system.
5. Which iptables rule is used to specify the destination port?
a) –destination-port
b) –dst-port
c) –dport
d) –dstport
Answer: c) –dport
Explanation: The `–dport` option in iptables rules is used to specify the destination port.
6. What is the purpose of the POSTROUTING chain in iptables?
a) To filter packets before routing decisions are made
b) To filter packets after routing decisions are made
c) To filter packets before they are forwarded
d) To filter packets after they are forwarded
Answer: d) To filter packets after they are forwarded
Explanation: The POSTROUTING chain in iptables is used to filter packets after they are forwarded.
7. Which iptables rule is used to specify the source IP address?
a) –src
b) –source
c) –saddr
d) –src-address
Answer: c) –saddr
Explanation: The `–saddr` option in iptables rules is used to specify the source IP address.
8. What is the purpose of the MASQUERADE target in iptables?
a) To perform Network Address Translation
b) To silently discard packets
c) To reject packets with an ICMP error message
d) To log packets and then drop them
Answer: a) To perform Network Address Translation
Explanation: The MASQUERADE target in iptables is used to perform source address translation for outgoing packets.
9. Which iptables command is used to delete all rules in a specific chain?
a) iptables-flush
b) iptables-delete-chain
c) iptables-clear
d) iptables -F <chain>
Answer: d) iptables -F <chain>
Explanation: The `iptables -F <chain>` command is used to delete all rules in a specific chain in iptables.
10. What is the purpose of the LOG target in iptables?
a) To silently discard packets
b) To reject packets with an ICMP error message
c) To log packets
d) To log packets and then drop them
Answer: c) To log packets
Explanation: The LOG target in iptables is used to log matching packets to the system log.
11. Which command is used to enable IPv4 forwarding in UNIX?
a) sysctl -w net.ipv4.ip_forward=1
b) echo 1 > /proc/sys/net/ipv4/ip_forward
c) ip_forwarding=1
d) enable_ipv4_forwarding
Answer: a) sysctl -w net.ipv4.ip_forward=1
Explanation: The `sysctl -w net.ipv4.ip_forward=1` command is used to enable IPv4 forwarding in UNIX.
12. What is the purpose of the SNAT target in iptables?
a) To perform Network Address Translation
b) To silently discard packets
c) To reject packets with an ICMP error message
d) To log packets and then drop them
Answer: a) To perform Network Address Translation
Explanation: The SNAT (Source NAT) target in iptables is used to perform source address translation for outgoing packets.
13. Which iptables rule is used to specify the source IP address?
a) –source
b) –src
c) –saddr
d) –src-address
Answer: c) –saddr
Explanation: The `–saddr` option in iptables rules is used to specify the source IP address.
14. What is the purpose of the REDIRECT target in iptables?
a) To perform port redirection
b) To silently discard packets
c) To reject packets with an ICMP error message
d) To log packets and then drop them
Answer: a) To perform port redirection
Explanation: The REDIRECT target in iptables is used to redirect packets to a different port on the local system.
15. Which iptables command is used to delete all user-defined chains?
a) iptables-delete-chains
b) iptables -X
c) iptables -Z
d) iptables-clear-chains
Answer: b) iptables -X
Explanation: The `iptables -X` command is used to delete all user-defined chains in iptables.
16. What is the purpose of the –limit option in iptables rules?
a) To limit the number of packets matched per second
b) To limit the number of packets matched per minute
c) To limit the number of packets matched per hour
d) To limit the number of packets matched per day
Answer: a) To limit the number of packets matched per second
Explanation: The `–limit` option in iptables rules is used to limit the rate at which packets are matched.
17. Which command is used to display the current status of IPv4 packet forwarding in UNIX?
a) sysctl net.ipv4.ip_forward
b) cat /proc/sys/net/ipv4/ip_forward
c) ip_forward_status
d) show_ipv4_forwarding
Answer: b) cat /proc/sys/net/ipv4/ip_forward
Explanation: The `cat /proc/sys/net/ipv4/ip_forward` command is used to display the current status of IPv4 packet forwarding in UNIX.
18. What is the purpose of the state module in iptables?
a) To match packets based on their state
b) To match packets based on their source IP address
c) To match packets based on their destination IP address
d) To match packets based on their port numbers
Answer: a) To match packets based on their state
Explanation: The state module in iptables is used to match packets based on their connection state, such as NEW, ESTABLISHED, RELATED, or INVALID.
19. Which iptables command is used to save the current iptables rules to a file in UNIX?
a) iptables-save
b) iptables-export
c) iptables-backup
d) iptables -S
Answer: a) iptables-save
Explanation: The `iptables-save` command is used to save the current iptables rules to a file in UNIX.
20. What is the purpose of the DNAT target in iptables?
a) To perform Network Address Translation
b) To silently discard packets
c) To reject packets with an ICMP error message
d) To log packets and then drop them
Answer: a) To perform Network Address Translation
Explanation: The DNAT (Destination NAT) target in iptables is used to perform destination address translation for incoming packets.
21. Which iptables command is used to block all incoming HTTP (port 80) traffic?
a) iptables -A INPUT -p tcp –dport 80 -j REJECT
b) iptables -A INPUT -p tcp –dport 80 -j DROP
c) iptables -A INPUT -p http -j REJECT
d) iptables -A INPUT -p http -j DROP
Answer: b) iptables -A INPUT -p tcp –dport 80 -j DROP
Explanation: This rule blocks all incoming HTTP traffic by dropping packets.
22. What is the purpose of the PREROUTING chain in iptables?
a) To filter packets before routing decisions are made
b) To filter packets after routing decisions are made
c) To filter packets before they are forwarded
d) To filter packets before they reach the local system
Answer: a) To filter packets before routing decisions are made
Explanation: The PREROUTING chain in iptables is used to filter packets before routing decisions are made, typically for NAT or port forwarding.
23. Which iptables rule is used to specify the source port?
a) –source-port
b) –src-port
c) –sport
d) –srcport
Answer: c) –sport
Explanation: The `–sport` option in iptables rules is used to specify the source port.
24. What is the purpose of the INPUT chain in iptables?
a) To filter packets destined for the local system
b) To filter packets originating from the local system
c) To filter packets forwarded through the local system
d) To filter packets based on their source IP address
Answer: a) To filter packets destined for the local system
Explanation: The INPUT chain in iptables is used to filter packets that are destined for the local system.
25. Which iptables command is used to append a rule to the end of a specific chain?
a) iptables-append
b) iptables-add
c) iptables -A <chain>
d) iptables -E <chain>
Answer: c) iptables -A <chain>
Explanation: The `iptables -A <chain>` command is used to append a rule to the end of a specific chain in iptables.
26. What is the purpose of the OUTPUT chain in iptables?
a) To filter packets destined for the local system
b) To filter packets originating from the local system
c) To filter packets forwarded through the local system
d) To filter packets based on their destination IP address
Answer: b) To filter packets originating from the local system
Explanation: The OUTPUT chain in iptables is used to filter packets that are generated by the local system.
27. Which iptables rule is used to specify the destination IP address?
a) –dest
b) –destination
c) –dst
d) –daddr
Answer: b) –destination
Explanation: The `–destination` option in iptables rules is used to specify the destination IP address.
28. What is the purpose of the FORWARD chain in iptables?
a) To filter packets destined for the local system
b) To filter packets originating from the local system
c) To filter packets forwarded through the local system
d) To filter packets based on their source IP address
Answer: c) To filter packets forwarded through the local system
Explanation: The FORWARD chain in iptables is used to filter packets that are forwarded through the local system.
29. Which iptables rule is used to specify the destination port?
a) –destination-port
b) –dst-port
c) –dport
d) –dstport
Answer: c) –dport
Explanation: The `–dport` option in iptables rules is used to specify the destination port.
30. What is the purpose of the POSTROUTING chain in iptables?
a) To filter packets before routing decisions are made
b) To filter packets after routing decisions are made
c) To filter packets before they are forwarded
d) To filter packets after they are forwarded
Answer: d) To filter packets after they are forwarded
Explanation: The POSTROUTING chain in iptables is used to filter packets after they are forwarded.
31. Which iptables rule is used to specify the source IP address?
a) –src
b) –source
c) –saddr
d) –src-address
Answer: c) –saddr
Explanation: The `–saddr` option in iptables rules is used to specify the source IP address.
32. What is the purpose of the MASQUERADE target in iptables?
a) To perform Network Address Translation
b) To silently discard packets
c) To reject packets with an ICMP error message
d) To log packets and then drop them
Answer: a) To perform Network Address Translation
Explanation: The MASQUERADE target in iptables is used to perform source address translation for outgoing packets.
33. Which iptables command is used to delete all rules in a specific chain?
a) iptables-flush
b) iptables-delete-chain
c) iptables-clear
d) iptables -F <chain>
Answer: d) iptables -F <chain>
Explanation: The `iptables -F <chain>` command is used to delete all rules in a specific chain in iptables.
34. What is the purpose of the LOG target in iptables?
a) To silently discard packets
b) To reject packets with an ICMP error message
c) To log packets
d) To log packets and then drop them
Answer: c) To log packets
Explanation: The LOG target in iptables is used to log matching packets to the system log.
35. Which command is used to enable IPv4 forwarding in UNIX?
a) sysctl -w net.ipv4.ip_forward=1
b) echo 1 > /proc/sys/net/ipv4/ip_forward
c) ip_forwarding=1
d) enable_ipv4_forwarding
Answer: a) sysctl -w net.ipv4.ip_forward=1
Explanation: The `sysctl -w net.ipv4.ip_forward=1` command is used to enable IPv4 forwarding in UNIX.
36. What is the purpose of the SNAT target in iptables?
a) To perform Network Address Translation
b) To silently discard packets
c) To reject packets with an ICMP error message
d) To log packets and then drop them
Answer: a) To perform Network Address Translation
Explanation: The SNAT (Source NAT) target in iptables is used to perform source address translation for outgoing packets.
37. Which iptables rule is used to specify the source IP address?
a) –source
b) –src
c) –saddr
d) –src-address
Answer: c) –saddr
Explanation: The `–saddr` option in iptables rules is used to specify the source IP address.
38. What is the purpose of the REDIRECT target in iptables?
a) To perform port redirection
b) To silently discard packets
c) To reject packets with an ICMP error message
d) To log packets and then drop them
Answer: a) To perform port redirection
Explanation: The REDIRECT target in iptables is used to redirect packets to a different port on the local system.
39. Which iptables command is used to delete all user-defined chains?
a) iptables-delete-chains
b) iptables -X
c) iptables -Z
d) iptables-clear-chains
Answer: b) iptables -X
Explanation: The `iptables -X` command is used to delete all user-defined chains in iptables.
40. What is the purpose of the –limit option in iptables rules?
a) To limit the number of packets matched per second
b) To limit the number of packets matched per minute
c) To limit the number of packets matched per hour
d) To limit the number of packets matched per day
Answer: a) To limit the number of packets matched per second
Explanation: The `–limit` option in iptables rules is used to limit the rate at which packets are matched.
41. Which command is used to display the current status of IPv4 packet forwarding in UNIX?
a) sysctl net.ipv4.ip_forward
b) cat /proc/sys/net/ipv4/ip_forward
c) ip_forward_status
d) show_ipv4_forwarding
Answer: b) cat /proc/sys/net/ipv4/ip_forward
Explanation: The `cat /proc/sys/net/ipv4/ip_forward` command is used to display the current status of IPv4 packet forwarding in UNIX.
42. What is the purpose of the state module in iptables?
a) To match packets based on their state
b) To match packets based on their source IP address
c) To match packets based on their destination IP address
d) To match packets based on their port numbers
Answer: a) To match packets based on their state
Explanation: The state module in iptables is used to match packets based on their connection state, such as NEW, ESTABLISHED, RELATED, or INVALID.
43. Which iptables command is used to save the current iptables rules to a file in UNIX?
a) iptables-save
b) iptables-export
c) iptables-backup
d) iptables -S
Answer: a) iptables-save
Explanation: The `iptables-save` command is used to save the current iptables rules to a file in UNIX.
44. What is the purpose of the DNAT target in iptables?
a) To perform Network Address Translation
b) To silently discard packets
c) To reject packets with an ICMP error message
d) To log packets and then drop them
Answer: a) To perform Network Address Translation
Explanation: The DNAT (Destination NAT) target in iptables is used to perform destination address translation for incoming packets.
45. Which iptables rule is used to specify the destination IP address?
a) –dest
b) –destination
c) –dst
d) –daddr
Answer: b) –destination
Explanation: The `–destination` option in iptables rules is used to specify the destination IP address.
46. Which command is used to delete a specific iptables rule by its line number?
a) iptables -D <chain> <line_number>
b) iptables-remove <chain> <line_number>
c) iptables-delete <chain> <line_number>
d) iptables -R <chain> <line_number>
Answer: a) iptables -D <chain> <line_number>
Explanation: The `iptables -D <chain> <line_number>` command is used to delete a specific iptables rule by its line number.
47. What is the purpose of the ICMP protocol in networking?
a) To transfer files between systems
b) To manage network routing tables
c) To diagnose network connectivity issues
d) To encrypt network traffic
Answer: c) To diagnose network connectivity issues
Explanation: The ICMP (Internet Control Message Protocol) is primarily used for diagnostic functions and reporting errors.
48. Which iptables command is used to list all rules in a specific chain?
a) iptables-list <chain>
b) iptables -L <chain>
c) iptables-show <chain>
d) iptables -A <chain>
Answer: b) iptables -L <chain>
Explanation: The `iptables -L <chain>` command is used to list all rules in a specific chain.
49. What is the purpose of the DROP target in iptables?
a) To perform Network Address Translation
b) To silently discard packets
c) To reject packets with an ICMP error message
d) To log packets and then drop them
Answer: b) To silently discard packets
Explanation: The DROP target in iptables is used to silently discard packets without sending any response.
50. Which command is used to view the contents of the iptables ruleset in real-time?
a) iptables-watch
b) iptables-view
c) iptables -W
d) iptables -L -v
Answer: d) iptables -L -v
Explanation: The `iptables -L -v` command is used to view the contents of the iptables ruleset along with packet and byte counters.
