Lpic 202

100問 • 2年前

問題一覧

On a Linux router, packet forwarding for IPv4 has been enabled. After a reboot, the machine no longer forwards IP packets from other hosts. The command: echo 1 > /proc/sys/net/ipv4/ip_forward temporarily resolves this issue. Which one of the following options is the best way to ensure this setting is saved across system restarts?

In /etc/sysct1.conf change net.ipv4.24ip_forward to 1

What information can be found in the file specified by the status parameter in an OpenVPN server configuration file? (Choose two.)

Routing information, A list of currently connected clients

Which of the following lines in the sshd configuration file should, if present, be changed in order to increase the security of the server? (Choose two.)

Protocol 2, 1, PermitRootLogin yes

Which of the following nmap parameters scans a target for open TCP ports? (Choose two.)

-sT, -sS

Which of the statements below are correct regarding the following commands, which are executed on a Linux router? (Choose two.)

Both ip6tables commands complete without an error message or warning, The rules suppress any automatic configuration through router advertisements or DHCPv6

What option in the client configuration file would tell OpenVPN to use a dynamic source port when making a connection to a peer?

nobind

Which Linux user is used by vsftpd to perform file system operations for anonymous FTP users?

The Linux user specified in the configuration option ftp_username

Which of the following sshd configuration should be set to no in order to fully disable password based logins? (Choose two.)

ChallengegeResponseAuthentication, PasswordAuthentication

When the default policy for the netfilter INPUT chain is set to DROP, why should a rule allowing traffic to localhost exist?

Some applications use the localhost interface to communicate with other applications

What command creates a SSH key pair? (Specify ONLY the command without any path or parameters)

ssh-keygen

The content of which local file has to be transmitted to a remote SSH server in order to be able to log into the remote server using SSH keys?

~/.ssh/id_rsa.pub

What is the name of the network security scanner project which, at the core, is a server with a set of network vulnerability tests?

OpenVAS

With fail2ban, what is a `jail'?

A filter definition and a set of one or more actions to take when the filter is matched

The program vsftpd, running in a chroot jail, gives the following error: Which of the following actions would fix the error?

Copy the required library to the appropriate lib directory in the chroot jail

Which of the following Samba configuration parameters is functionally identical to the parameter read ? only=yes

writeable=no

How must Samba be configured such that it can check CIFS passwords against those found in /etc/ and /etc/shadow? passwd

It is not possible for Samba to use /etc/passwd and /etc/shadow directly

In which CIFS share must printer drivers be placed to allow Point'n'Print driver deployment on Windows?

print$

Which of the following Samba services handles the membership of a file server in an Active Directory domain?

samba

Which of the following statements is true regarding the NFSv4 pseudo file system on the NFS server?

It usually contains bind mounts of the directory trees to be exported

Which of the following options are valid in /etc/exports? (Choose two.)

rw, ro

Which command is used to configure which file systems a NFS server makes available to clients?

exportfs

Which of these tools, without any options, provides the most information when performing DNS queries?

dig

Performing a DNS lookup with dig results in this

There is no . after linuserv.example.net in the PTR record in the reverse lookup zone file

What option for BIND is required in the global options to disable recursive queries on the DNS server by default?

recursion no;

Which of the following DNS records could be a glue record?

ns1.lab A 198.51.100.53

What is DNSSEC used for?

Cryptographic authentication of DNS zones

What word is missing from the following excerpt of a named.conf file?

acl

In a BIND zone file, what does the @ character indicate?

It's the name of the zone as defined in the zone statement in named.conf

Which BIND option should be used to limit the IP addresses from which slave name servers may connect?

allow-transfer

In order to protect a directory on an Apache HTTPD web server with a password, this configuration was added to an .htaccess file in the respective directory: Furthermore, a file /var/www/dir/ .htpasswd was created with the following content: usera:S3cr3t Given that all these files were correctly processed by the web server processes, which of the following statements is true about requests to the directory?

The user usera can access the site using the password s3cr3t

Which Apache HTTPD directive enables HTTPS protocol support?

SSLEngine on

What configuration directive of the Apache HTTPD server defines where log files are stored? (Specify ONE of the directives without any other options.)

ErrorLog

Which statements about the Alias and Redirect directives in Apache HTTPD's configuration file are true? (Choose two.)

Redirect is handled on the client side, Alias is handled on the server side

Which http_access directive for Squid allows users in the ACL named sales_net to only access the Internet at times specified in the time_acl named sales_time?

http_access allow sales_net sales_time

Which global option in squid.conf sets the port number or numbers that Squid will use to listen for client requests?

http_port

When using mod_authz_core, which of the following strings can be used as an argument to Require in an Apache HTTPD configuration file to specify the authentication provider? (Choose three.)

method, all, expr

Which tool creates a Certificate Signing Request (CSR) for serving HTTPS with Apache HTTPD?

openssl

In response to a certificate signing request, a certification authority sent a web server certificate along with the certificate of an intermediate certification authority that signed the web server certificate. What should be done with the intermediate certificate in order to use the web server certificate with Apache HTTPD?

The intermediate certificate should be merged with the web server's certificate into one filethat is specified in SSLCertificateFile

Which directive in a Nginx server configuration block defines the TCP ports on which the virtual host will be available, and which protocols it will use? (Specify ONLY the option name without any values.)

listen

When trying to reverse proxy a web server through Nginx, what keyword is missing from the following configuration sample?

proxy_pass

How is the LDAP administrator account configured when the rootdn and rootpw directives are not present in the slapd.conf file?

The account is defined by an ACL in slapd.conf

Which of the following PAM modules allows the system administrator to use an arbitrary file containing a list of user and group names with restrictions on the system resources available to them?

pam_limits

According to this LDIF excerpt, which organizational unit is Robert Smith part of? (Specify only the organizational unit.)

people

In a PAM configuration file, which of the following is true about the required control flag?

The success of the module is needed for the module-type facility to succeed. However, allremaining modules of the same type will be invoked

What is the name of the root element of the LDAP tree holding the configuration of an OpenLDAP server that is using directory based configuration? (Specify ONLY the element's name without any additional information.)

slapd

How are PAM modules organized and stored?

As dynamically linked binaries in /usr/lib/pam/sbin/

Which of the following statements in the ISC DHCPD configuration is used to specify whether or not an address pool can be used by nodes which have a corresponding host section in the configuration?

unknown-clients

In order to specify alterations to an LDAP entry, what keyword is missing from the following LDIF file excerpt? Specify the keyword only and no other information.

add

Which OpenLDAP client command can be used to change the password for an LDAP entry? (Specify ONLY the command without any path or parameters.)

ldappasswd

A company is transitioning to a new DNS domain name and wants to accept e-mail for both domains for all of its users on a Postfix server. Which configuration option should be updated to accomplish this?

mydestination

What is the path to the global Postfix configuration file? (Specify the full name of the file, including path.)

/etc/postfix/main.cf

When are Sieve filters usually applied to an email?

When the email is delivered to a mailbox

It has been discovered that the company mail server is configured as an open relay. Which of the following actions would help prevent the mail server from being used as an open relay while maintaining the possibility to receive company mails? (Choose two.)

Configure netfilter to not permit port 25 traffic on the public network, Restrict Postfix to only relay outbound SMTP from the internal network

After the installation of Dovecot, it is observed that the dovecot processes are shown in ps ax like this: In order to associate the processes with users and peers, the username, IP address of the peer and the connection status, which of the following options must be set?

verbose_proctitle = yes in the Dovecot configuration

Which Postfix command can be used to rebuild all of the alias database files with a single invocation and without the need for any command line arguments?

newaliases

Which action in a Sieve filter forwards a message to another email address without changing the message? (Specify ONLY the action's name without any parameters.)

redirect

Which of the following authentication mechanisms are supported by Dovecot? (Choose three.)

digest-md5, cram-md5, plain

Which of the following services belongs to NFSv4 and does not exist in NFSv3?

rpc.idmapd

Which of the following actions synchronizes UNIX passwords with the Samba passwords when the encrypted Samba password is changed using smbpasswd?

Add unix password sync = yes to smb.conf

In order to join a file server to the Active Directory domain intra.example.com, the following smb.conf has been created: The command net ads join raises an error and the server is not joined to the domain. What should be done to successfully join the domain?

Remove all idmap configuration stanzas since the id mapping is defined globally in anActive Directory domain and cannot be changed on a member server.

In order to export /usr and /bin via NFSv4, /exports was created and contains working bind mounts to /usr and /bin. The following lines are added to /etc/exports on the NFC server: After running mount -t nfsv4 server:/ /mnt of an NFC-Client, it is observed that /mnt contains the content of the server's /usr directory instead of the content of the NFSv4 foot folder. Which option in /etc/exports has to be changed or removed in order to make the NFSv4 root folder appear when mounting the highest level of the server? (Specify ONLY the option name without any values or parameters.)

mount

What does the samba-tool testparm command confirm regarding the Samba configuration?

The configuration loads successfully.

Select the Samba option below that should be used if the main intention is to setup a guest printer service?

security = share

The Samba configuration file contains the following lines: A workstation is on the wired network with an IP address of 192.168.1.177 but is unable to access the Samba server. A wireless laptop with an IP address 192.168.2.93 can access the Samba server. Additional trouble shooting shows that almost every machine on the wired network is unable to access the Samba server. Which alternate host allow declaration will permit wired workstations to connect to the Samba server without denying access to anyone else?

host deny = 192.168.2.200/255.255.255.0 192.168.2.31 localhost, host allow = 192.168.1.0/255.255.255.0 192.168.2.0/255.255.255.0 localhost

What command displays NFC kernel statistics? (Specify ONLY the command without any path or parameters.)

nfsstat

Which keyword is used in the Squid configuration to define networks and times used to limit access to the service?

acl

The following Apache HTTPD configuration has been set up to create a virtual host available at www.example.com and www2.example.com: Even though Apache HTTPD correctly processed the configuration file, requests to both names are not handled correctly. What should be changed in order to ensure correct operations?

Both virtual host names have to be placed as comma separated values in oneServerName declaration.

Given the following Squid configuration excerpt: cache_dir ufs /var/spool/squid3/ 1024 16 256 Which of the following directories will exist directly within the directory: ? (Choose two.) /var/spool/squid3/

0F, 00

Which of the following statements are true regarding Server Name Indication (SNI)? (Choose two.)

It allows multiple SSL/TLS secured virtual HTTP hosts to coexist on the same IP address., It submits the host name of the requested URL during the TLS handshake.

Which Apache HTTPD configuration directive specifies the RSA private key that was used in the generation of the SSL certificate for the server?

SSLCertificateKeyFile

There is a restricted area in a site hosted by Apache HTTPD, which requires users to authenticate against the file /srv/www/security/sitepasswd. Which command is used to CHANGE the password of existing users, without losing data, when Basic authentication is being used?

htpasswd /srv/www/security/sitepasswd user

Which Apache HTTPD configuration directive is used to specify the method of authentication, e.g. None or ? Basic

AuthType

Which of the following are logging directives in Apache HTTPD? (Choose two.)

TransferLog, CustomLog

Which option within a Nginx server configuration section defines the file system path from which the content of the server is retrieved?

root

With Nginx, which of the following directives is used to proxy requests to a FastCGI application?

fastcgi_pass

Which of the following information has to be submitted to a certification authority in order to request a web server certificate?

The certificate signing request.

For what purpose is TCP/IP stack fingerprinting used by nmap?

A. It is used to determine the remote operating system.

To allow X connections to be forwarded from or through an SSH server, what configuration keyword must be set to yes in the sshd configuration file?

XllForwarding

What is the standard port used by OpenVPN?

1194

What option in the sshd configuration file instructs sshd to permit only specific user names to log in to a system? (Specify ONLY the option name without any values.)

AllowUsers

Using its standard configuration, how does fail2ban block offending SSH clients?

By creating and maintaining netfilter rules.

Which FTP names are recognized as anonymous users in vsftp when the option anonymous_enable is set to yes in the configuration files? (Choose two.)

anonymous, ftp

Which of the following commands can be used to connect and interact with remote TCP network services? (Choose two.)

nc, telnet

To which destination will a route appear in the Linux routing table after activating IPv6 on a router's network interface, even when no global IPv6 addresses have been assigned to the interface?

fe80::/10

In order to prevent all anonymous FTP users from listing uploaded file names, what security precaution can be taken when creating an upload directory?

The directory must not have the read permission set.

Which command is used to administer IPv6 netfilter rules?

ip6tables

Which netfilter table contains built-in chains called INPUT, OUTPUT and FORWARD?

filter

After running ssh-keygen and accepting the default values, which of the following files are changed or created? (Choose two.)

~/.ssh/id_rsa.pub, ~/.ssh/id_rsa

Which of the following OpenVPN configuration options makes OpenVPN forward network packets between VPN clients itself instead of passing the packets on to the Linux host which runs the OpenVPN server for further processing?

client-to-client

Which of these tools provides DNS information in the following format?

host

Which rdnc sub command can be used in conjunction with the name of a zone in order to make BIND reread the content of the specific zone file without reloading other zones as well?

lookup, fileupdate

A zone file contains the following lines: and is included in the BIND configuration using this configuration stanza: Which problem is contained in this configuration?

The $ORIGIN declaration cannot be used in zone files that are included for a specific zonename in the BIND configuration.

Which of the following DNS record types is used for reverse DNS queries?

PTR

According to the configuration below, what is the full e-mail address of the administrator for this domain?

admin@mars.example.com

What is the purpose of DANE?

Provide a way to verify the association of X 509 certificates to DNS host names.

Which option in named.conf specifies which host are permitted to ask for domain name information from the server?

allow-query

Which doveadm sub-command displays a list of connections of Dovecot in the following format? (Specify ONLY the command without any parameters.)

who

Which of the following actions are available in Sieve core filters? (Choose three.)

fileinto, relay, reject

Which of the following statements allow the logical combinations of conditions in Sieve filters? (Choose two.)

allof, or

100

Which configuration parameter on a Postfix server modifies only the sender address and not the recipient address?

sender_canonical_maps

LPIC 2 1.2

LPIC 2 1.2

Penguin 201

Penguin 201

lpic 202 2

lpic 202 2

問題一覧

In /etc/sysct1.conf change net.ipv4.24ip_forward to 1

What information can be found in the file specified by the status parameter in an OpenVPN server configuration file? (Choose two.)

Routing information, A list of currently connected clients

Which of the following lines in the sshd configuration file should, if present, be changed in order to increase the security of the server? (Choose two.)

Protocol 2, 1, PermitRootLogin yes

Which of the following nmap parameters scans a target for open TCP ports? (Choose two.)

-sT, -sS

Which of the statements below are correct regarding the following commands, which are executed on a Linux router? (Choose two.)

Both ip6tables commands complete without an error message or warning, The rules suppress any automatic configuration through router advertisements or DHCPv6

What option in the client configuration file would tell OpenVPN to use a dynamic source port when making a connection to a peer?

nobind

Which Linux user is used by vsftpd to perform file system operations for anonymous FTP users?

The Linux user specified in the configuration option ftp_username

Which of the following sshd configuration should be set to no in order to fully disable password based logins? (Choose two.)

ChallengegeResponseAuthentication, PasswordAuthentication

When the default policy for the netfilter INPUT chain is set to DROP, why should a rule allowing traffic to localhost exist?

Some applications use the localhost interface to communicate with other applications

What command creates a SSH key pair? (Specify ONLY the command without any path or parameters)

ssh-keygen

The content of which local file has to be transmitted to a remote SSH server in order to be able to log into the remote server using SSH keys?

~/.ssh/id_rsa.pub

What is the name of the network security scanner project which, at the core, is a server with a set of network vulnerability tests?

OpenVAS

With fail2ban, what is a `jail'?

A filter definition and a set of one or more actions to take when the filter is matched

The program vsftpd, running in a chroot jail, gives the following error: Which of the following actions would fix the error?

Copy the required library to the appropriate lib directory in the chroot jail

Which of the following Samba configuration parameters is functionally identical to the parameter read ? only=yes

writeable=no

How must Samba be configured such that it can check CIFS passwords against those found in /etc/ and /etc/shadow? passwd

It is not possible for Samba to use /etc/passwd and /etc/shadow directly

In which CIFS share must printer drivers be placed to allow Point'n'Print driver deployment on Windows?

print$

Which of the following Samba services handles the membership of a file server in an Active Directory domain?

samba

Which of the following statements is true regarding the NFSv4 pseudo file system on the NFS server?

It usually contains bind mounts of the directory trees to be exported

Which of the following options are valid in /etc/exports? (Choose two.)

rw, ro

Which command is used to configure which file systems a NFS server makes available to clients?

exportfs

Which of these tools, without any options, provides the most information when performing DNS queries?

dig

Performing a DNS lookup with dig results in this

There is no . after linuserv.example.net in the PTR record in the reverse lookup zone file

What option for BIND is required in the global options to disable recursive queries on the DNS server by default?

recursion no;

Which of the following DNS records could be a glue record?

ns1.lab A 198.51.100.53

What is DNSSEC used for?

Cryptographic authentication of DNS zones

What word is missing from the following excerpt of a named.conf file?

acl

In a BIND zone file, what does the @ character indicate?

It's the name of the zone as defined in the zone statement in named.conf

Which BIND option should be used to limit the IP addresses from which slave name servers may connect?

allow-transfer

The user usera can access the site using the password s3cr3t

Which Apache HTTPD directive enables HTTPS protocol support?

SSLEngine on

What configuration directive of the Apache HTTPD server defines where log files are stored? (Specify ONE of the directives without any other options.)

ErrorLog

Which statements about the Alias and Redirect directives in Apache HTTPD's configuration file are true? (Choose two.)

Redirect is handled on the client side, Alias is handled on the server side

Which http_access directive for Squid allows users in the ACL named sales_net to only access the Internet at times specified in the time_acl named sales_time?

http_access allow sales_net sales_time

Which global option in squid.conf sets the port number or numbers that Squid will use to listen for client requests?

http_port

When using mod_authz_core, which of the following strings can be used as an argument to Require in an Apache HTTPD configuration file to specify the authentication provider? (Choose three.)

method, all, expr

Which tool creates a Certificate Signing Request (CSR) for serving HTTPS with Apache HTTPD?

openssl

The intermediate certificate should be merged with the web server's certificate into one filethat is specified in SSLCertificateFile

listen

When trying to reverse proxy a web server through Nginx, what keyword is missing from the following configuration sample?

proxy_pass

How is the LDAP administrator account configured when the rootdn and rootpw directives are not present in the slapd.conf file?

The account is defined by an ACL in slapd.conf

Which of the following PAM modules allows the system administrator to use an arbitrary file containing a list of user and group names with restrictions on the system resources available to them?

pam_limits

According to this LDIF excerpt, which organizational unit is Robert Smith part of? (Specify only the organizational unit.)

people

In a PAM configuration file, which of the following is true about the required control flag?

The success of the module is needed for the module-type facility to succeed. However, allremaining modules of the same type will be invoked

slapd

How are PAM modules organized and stored?

As dynamically linked binaries in /usr/lib/pam/sbin/

Which of the following statements in the ISC DHCPD configuration is used to specify whether or not an address pool can be used by nodes which have a corresponding host section in the configuration?

unknown-clients

In order to specify alterations to an LDAP entry, what keyword is missing from the following LDIF file excerpt? Specify the keyword only and no other information.

add

Which OpenLDAP client command can be used to change the password for an LDAP entry? (Specify ONLY the command without any path or parameters.)

ldappasswd

mydestination

What is the path to the global Postfix configuration file? (Specify the full name of the file, including path.)

/etc/postfix/main.cf

When are Sieve filters usually applied to an email?

When the email is delivered to a mailbox

Configure netfilter to not permit port 25 traffic on the public network, Restrict Postfix to only relay outbound SMTP from the internal network

verbose_proctitle = yes in the Dovecot configuration

Which Postfix command can be used to rebuild all of the alias database files with a single invocation and without the need for any command line arguments?

newaliases

Which action in a Sieve filter forwards a message to another email address without changing the message? (Specify ONLY the action's name without any parameters.)

redirect

Which of the following authentication mechanisms are supported by Dovecot? (Choose three.)

digest-md5, cram-md5, plain

Which of the following services belongs to NFSv4 and does not exist in NFSv3?

rpc.idmapd

Which of the following actions synchronizes UNIX passwords with the Samba passwords when the encrypted Samba password is changed using smbpasswd?

Add unix password sync = yes to smb.conf

Remove all idmap configuration stanzas since the id mapping is defined globally in anActive Directory domain and cannot be changed on a member server.

mount

What does the samba-tool testparm command confirm regarding the Samba configuration?

The configuration loads successfully.

Select the Samba option below that should be used if the main intention is to setup a guest printer service?

security = share

host deny = 192.168.2.200/255.255.255.0 192.168.2.31 localhost, host allow = 192.168.1.0/255.255.255.0 192.168.2.0/255.255.255.0 localhost

What command displays NFC kernel statistics? (Specify ONLY the command without any path or parameters.)

nfsstat

Which keyword is used in the Squid configuration to define networks and times used to limit access to the service?

acl

Both virtual host names have to be placed as comma separated values in oneServerName declaration.

0F, 00

Which of the following statements are true regarding Server Name Indication (SNI)? (Choose two.)

It allows multiple SSL/TLS secured virtual HTTP hosts to coexist on the same IP address., It submits the host name of the requested URL during the TLS handshake.

Which Apache HTTPD configuration directive specifies the RSA private key that was used in the generation of the SSL certificate for the server?

SSLCertificateKeyFile

htpasswd /srv/www/security/sitepasswd user

Which Apache HTTPD configuration directive is used to specify the method of authentication, e.g. None or ? Basic

AuthType

Which of the following are logging directives in Apache HTTPD? (Choose two.)

TransferLog, CustomLog

Which option within a Nginx server configuration section defines the file system path from which the content of the server is retrieved?

root

With Nginx, which of the following directives is used to proxy requests to a FastCGI application?

fastcgi_pass

Which of the following information has to be submitted to a certification authority in order to request a web server certificate?

The certificate signing request.

For what purpose is TCP/IP stack fingerprinting used by nmap?

A. It is used to determine the remote operating system.

To allow X connections to be forwarded from or through an SSH server, what configuration keyword must be set to yes in the sshd configuration file?

XllForwarding

What is the standard port used by OpenVPN?

1194

What option in the sshd configuration file instructs sshd to permit only specific user names to log in to a system? (Specify ONLY the option name without any values.)

AllowUsers

Using its standard configuration, how does fail2ban block offending SSH clients?

By creating and maintaining netfilter rules.

Which FTP names are recognized as anonymous users in vsftp when the option anonymous_enable is set to yes in the configuration files? (Choose two.)

anonymous, ftp

Which of the following commands can be used to connect and interact with remote TCP network services? (Choose two.)

nc, telnet

To which destination will a route appear in the Linux routing table after activating IPv6 on a router's network interface, even when no global IPv6 addresses have been assigned to the interface?

fe80::/10

In order to prevent all anonymous FTP users from listing uploaded file names, what security precaution can be taken when creating an upload directory?

The directory must not have the read permission set.

Which command is used to administer IPv6 netfilter rules?

ip6tables

Which netfilter table contains built-in chains called INPUT, OUTPUT and FORWARD?

filter

After running ssh-keygen and accepting the default values, which of the following files are changed or created? (Choose two.)

~/.ssh/id_rsa.pub, ~/.ssh/id_rsa

client-to-client

Which of these tools provides DNS information in the following format?

host

Which rdnc sub command can be used in conjunction with the name of a zone in order to make BIND reread the content of the specific zone file without reloading other zones as well?

lookup, fileupdate

A zone file contains the following lines: and is included in the BIND configuration using this configuration stanza: Which problem is contained in this configuration?

The $ORIGIN declaration cannot be used in zone files that are included for a specific zonename in the BIND configuration.

Which of the following DNS record types is used for reverse DNS queries?

PTR

According to the configuration below, what is the full e-mail address of the administrator for this domain?

admin@mars.example.com

What is the purpose of DANE?

Provide a way to verify the association of X 509 certificates to DNS host names.

Which option in named.conf specifies which host are permitted to ask for domain name information from the server?

allow-query

Which doveadm sub-command displays a list of connections of Dovecot in the following format? (Specify ONLY the command without any parameters.)

who

Which of the following actions are available in Sieve core filters? (Choose three.)

fileinto, relay, reject

Which of the following statements allow the logical combinations of conditions in Sieve filters? (Choose two.)

allof, or

100

Which configuration parameter on a Postfix server modifies only the sender address and not the recipient address?

sender_canonical_maps