Exam Collection LPIC2 202-450
Which are predefined targets for netfilter rules? (Choose TWO correct answers.)
ACCEPT RETURN
The mailserver is currently called fred, while the primary MX record points to mailhost.example.org. What must be done to direct example.org email toward fred?
Add or change the existing A record for mailhost to point to fred's IP address
If no ACL lines are included in slapd.conf, what is the default behavior of SLAPD?
Allow anyone to read an entry
Which Apache HTTPD configuration directive specifies the types of directives that are allowed in .htaccess files?
AllowOverride
What option in the sshd configuration file instructs sshd to prevent specific user names from logging into a system? (Specify ONLY the option name without any values.)
AllowUsers
How are PAM modules organized and stored?
As dynamically linked binaries in /usr/lib/pam/sbin
Which statement is true about BIND acting as recursive DNS server?
BIND can not handle recursive DNS queries for zones that is authoritative for.
Unlike many other services, OpenSSH cannot be configured to hide its version information without recompiling from source code. What is the primary reason for this disclosure of version information?
Being a security centric application, the OpenSSH developers do not rely on security through obsecurity.
Which statement is correct regarding the following commands, which are executed on a Linux router? (Choose two.) ip6tables -A FORWARD -s fe80::/64 -j DROP ip6tables -A FORWARD -d fe80::/64 -j DROP
Both ip6tables commands complete without an error message or warning The rules suppress any automatic configuration through router advertisements or DHCPv6
How can one SSL certificate be used for multiple virtual hosts with different names in Apache HTTPD?
By using a wildcard in the common name of the certificate By including Subject Alternative Name extensions in X.509v3
On a Linux router, packet forwarding for IPv4 has been enabled. After a reboot, the machine no longer forwards IP packets from other hosts. The command: echo 1 > /proc/sys/net/ipv4/ip_forward temporarily resolves this issue. Which option is the beat way to ensure this setting is saved across system restarts?
In /etc/sysctl.conf change net.ipv4.ip_forward = 1
How must Samba be configured such that it can check CIFS passwords against those found in /etc/passwd and /etc/ shadow?
It is not possible for Samba to use /etc/passwd and /etc/shadow directly
Which statement is true regarding the NFSv4 pseudo file system on the NFS server?
It usually contains bind mounts of the directory trees to be exported
In the BIND zone file, what does the @ character indicate?
It's the name of the zone as defined in the zone statement in named.conf
Which action is performed by the command nmap 192.168.122.1 when running it without any additional parameters? (Choose TWO correct answers.)
Nmap scans 1000 commonly used TCP ports.
In the main Postfix configuration file, which is the possible service type for a Postfix service? (Choose two correct answers.)
Not known yet
What is the name of the network security scanner project which, at the core, is a server with a set of network vulnerability tests?
OpenVAS
Which lines in the sshd configuration file should, if present, be changed in order to increase the security of the server? (Choose two.)
Protocol 2, 1 PermitRootLogin yes
Which statements about the Alias and Redirect directive in Apache HTTPD's configuration file are true? (Choose two.)
Redirect is handled on the client side Alias is handled on the server side
Which statement is true about IPv6 router advertisements? (Choose two correct answers.)
Router advertisements can provide the IPv6 address of a default gateway. Router advertisements can configure only addresses from one IPv6 prefix per advertisement.
What information can be found in the file specified by the status parameter in an OpenVPN server configuration file? (Choose two.)
Routing information A list of currently connected clients
Which Apache HTTPD directive enables HTTPS protocol support?
SSLEngine on
Which statements are true about sharing printers with Samba? (Choose two correct answers.)
Samba can deliver printer drivers to Windows clients for automatic installation. For each printer, a separate share has to be created in smb.conf
Which actions can an Open VPN server request to be performed on the client? (Choose TWO correct answers.)
Set routes to send packets addressed to specific IP networks through the VPN Configure a specific IP address on the virtual VPN device.
When the default policy for the netfilter INPUT chain is set to DROP, why should a rule allowing traffic to localhost exist?
Some applications use the localhost interface to communicate with other applications
In order to protect a directory on a Apache HTTPD web server with a password, this configuration was added to an .htaccess file in the respective directory: 'AuthType Basic AuthName "Protected Directory" AuthUserFile /var/www/dir/. htpasswd Require valid-user Furthermore, the file /var/www/dir/.htpasswd was created with the following content: usera:S3cr3t Even though these files were processed correctly by the Apache HTTP processes, access to the protected directory is not possible, even when specifying correct credentials. Which action resolves this issue?
The .htpasswd file has to be recreated using the htpasswd command
In order to protect a directory on an Apache HTTPD web server with a password, this configuration was added to an .htaccess file in the respective directory: Question 110 Given that all these files were correctly processed by the web server processes, which statement is true about requests to the directory?
The user usera can access the site using the password s3cr3t
Performing a DNS lookup with dig results in the answer in question 74.
There is no .after linuserv.example.net in the PTR record in the reserve lookup zone file
Which of the following statements is true regarding SSH keys?
Using the paramter -i, a different private key file can be specified to be used by ssh when authenticating to a remote server.
When are Sieve filters usually applied to an email?
When the email is delivered to a mailbox
Which requirements must be met in order to use DANE? (Choose THREE correct answers.)
When using BIND to host the zone containing the name of the protected server, dane-signzone must be run to add DANE records to the zone. The zone containing the name of the protected server must be DNSSEC signed The name server hosting the zone containing the name of the ptotected server must support DANE extensions.
A user requests a "hidden" Samba share, named confidential, similar to the Windows Administration Share. How can this be configured?
[confidential$] comment = hidden share path = /srv/smb/hidden write list = user create mask = 0700 directory mask = 0700
If there is no access directive, what is the default setting for OpenLDAP?
access to * by anonymous none by * read
What word is missing from the following excerpt of a named.conf file? ___________ friends { 10.10.0.0/24; 192.168.1.0/24; }; options { allow-query { friends; }; };
acl
Fill in the blank In order to specify alterations to an LDAP entry, what keyword is missing from the following LDIF file excerpt? dn: cn=Some Person, dc=example, dc=com changetype: _________________ ...
add
Which are Samba security modes? (Choose two correct answers.)
ads share
Which statement in the named configuration file can be used to allow access to a BIND DNS server from only specified network/hosts?
allow-query { ..... ; } ;
Which BIND option should be used to limit the IP addresses from which slave name servers may connect?
allow-transfer
Which values to the -s option of ldapsearch can be used to specify the scope of the search? (Choose two correct answers.)
base sub
Which tool, without any options, provides the most information when performing DNS queries?
dig
Which authentication mechanisms are supported by Dovecot? (Choose three.)
digest-md5 cram-md5 plain Reference: https://wiki2.dovecot.org/Authentication/Mechanisms
Which command terminates all sessions the user usera has with Dovecot?
dovadm kick usera
Which statements are available in Sieve filters? (Choose TWO correct answers.)
els if if
Which command is used to configure which file systems an NFS server makes available to clients?
exportfs
Which daemon will monitor log files for inappropriate activity, such as login attempts, from remote IP addresses and will add netfilter rules to block the offending address?
fail2ban
Which Sieve statements move a message to the folder Lists within the recipient's inbox?
fileinto "var/mail/%{user}/Lists" folder fileinto "Lists"
Which option has to be added to the NFSv4 pseudo file system export options?
fsid=0
Which subcommands to the openssl command are used in the process of generating a private key and a Certificate Signing Request (CSR)? (Choose TWO correct answers.)
genrsa req
Which subcommand of apachectl and apache2ctl starts or restarts the Apache HTTP.D web server without aborting open connections in case of a reatart? (Specify ONLY the subcommand without any path or parameters.)
graceful
A host, called lpi, with the MAC address 08:00:2b:4c:59:23 should always be given the IP address of 192.168.1.2 by a DHCP server running ISC DHCPD. Which configuration will achive this?
host lpi { hardware ethernet 08:00:2b:4c:59:23; fixed-address 192.168.1.2; }
Given the following excerpt from an Nginx configuration: server { listen 80; server name www.example.com; root /var/www; location /public { proxy_pass http://files.example.com/public/; } } to which URL is a request to http://www.example.com/public/icon.png proxied?
http://files.example.com/public/icon.png
Which http_access directive for Squid allows users in the ACL named sales_net to only access the Internet at times specified in the time_acl named sales_time?
http_access allow sales_net sales_time
Which global option in squid.conf sets the port number or numbers that Squid will use to listen for client requests?
http_port
Which command is used to change user passwords in a OpenLDAP directory? (Choose two correct answers.)
ldapmodify ldappasswd
Fill in the blank. Which OpenLDAP client command can be used to change the password for an LDAP entry? (Specify ONLY the command without any path or paramters.)
ldappasswd
Fill in the blank. Which directive in an Nginx server configuration block defines the TCP ports on which the virtual host will be available, and which protocols will it use? (Specify ONLY the option name without any values.)
listen
What Postfix configuration file uses the chroot flag in order to chroot Postfix daemon processes? (Specify the file name ONLY without any path.)
master
When using mod_authz_core, which of the following strings can be used as an argument to Require in an Apache HTTPD configuration file to specify the authentication provider? (Choose THREE.)
method all expr Reference: https://httpd.apache.org/docs/2.4/mod/mod_authz_core.html
A company is transitioning to a new DNS domain and wants to accept e-mail for both domains for all of its users on a Postfix server. Which configuration option should be updated to accomplish this?
mydestination
Which command can be used when writing scripts which perform tests against remote TCP and UDP services?
nc
Which entry in /etc/sysctl.conf enables IPv6 packet forwarding?
net .ipv6.ip_forward=1
Which Postfix command can be used to rebuild all of the alias database files with a single invocation and without the need for any command line arguments?
newaliases
Which server program understands and replies to NetBIOS name service requests?
nmbd
What option in the client configuartion file would tell OpenVPN to use a dynamic source port when making a connection to a peer?
nobind
Which DNS record could be a glue record?
ns1.lab A 198.51.100.53
Which attribute is used in the directory based OpenLDAP configuration to specify a storage backend?
olcBackendConfig
Which tool creates a Certificate Signing Request (CSR) for serving HTTPS with Apache HTTPD?
openssl
Which PAM module allows the system administrator to use an arbitrary file containing a list of user and group names with restrictions on the system resources on the system resources available to them?
pam_limits
Fill in the blank. According to the LDIF excerpt of question 43, which organizational unit is Robert Smith part of? (Specify only the organizational unit.)
people
After configuring Postfix to support additional domains, including example.com, it is found that mail to [email protected] is not delivered correctly, even though a corresponding entry in /etc/postfix/virtual exists. Which of the following commands looks this entry up to debug its correct functionality?
postconf -c hash:/etc/postfix/virtual -q [email protected]
In which CIFS share must printer drivers be placed to allow Point'nPrint driver deployment on Windows?
print$
When trying to reserve a proxy web server through Nginx, what keyword is missing from the following configuration sample? location /{ ______________http://proxiedserver:8080; }
proxy_pass
When trying to reserve a proxy web server through Nginx, how are values for the HTTP request header Field prevented from being passed to the backend server?
proxy_set_header Field ""
What option for BIND is required in the global options to disable recursive queries on the DNS server by default?
recursion no;
Fill in the blank. Which action in the Sieve filter forwards a message to another email address without changing the message? (Specify ONLY the action's name without any parameters.)
redirect
What Postfix configuration parameter defines the domain for which Postfix will forward emails received by external sources?
relay_domains
Which subcommand of ndc and rndc makes named re-read its zone files without restarting the name server? (Specify only the subcommand.)
reload
Given the following section of an ISC DHCPD configuration file: subnet 192.168.1.0 netmask 255.255.255.0 { #Set the default gateway to be used by # the PC clients option --------192.168.1.254; What keyword is missing in order to provide a default gateway address to clients?
routers
Which option is valid in /etc/exports? (Choose two.)
rw ro
Which Samba service handles the membership of a file server in an Active Directory domain?
samba
Which command, when run on an NFS server, lists the set of clients who are mounting NFS exports from that host?
showmount
Fill in the blank. What is the name of the root element of the LDAP tree holding the configuration of an OpenLDAP server that is using directory based configuration? (Specify ONLY the element's name without any additional information.)
slapd
Which type of zone should be used to configure a DNS zone in Bind which receives its content, including content updates, from another DNS server?
slave
According to the LDIF excerpt of question 55, what is the value of the surname attribute for Robert Smith? (Specify only the attribute value.)
smith
Fill in the blank. What command creates an SSH key pair? (Specify ONLY the command without any path or parameters.)
ssh-keygen
What types of virtual network devices does OpenVPN use for connections? (Choose TWO correct answers.)
tap tun
Assuming smb.conf is at its default path, which command included in Samba shows the whole Samba configuration, including options that were modified in smb.conf as well as options that were not modified and thus are set to their default values? (Specify the command without any path but INCLUDING ALL REQUIRED PARAMETERS.)
testparm
Which statement in the ISC DHCPD configuration is used to specify wether or not the address pool can be used by nodes which have a corresponding host section in the configuration?
unknown-clients
After the installation of Devecot, it is observed that the devcot processes are shown in ps ax like this: 31248? S 0:00 devcot/imap 31253? S 0:00 devcot/imap-login In order to associate the processes with users and peers, the username, IP address of the peer and the connection status, which option must be set?
verbose_proctitle = yes in the Devcot configuartion
After vsftpd was installed and directory on the FTP server was made globally writeable, it is discovered that anonymous FTP users cannot upload files to the writeable directory on the server. Which configuration options should be set in order to provide these permissions to anonymous users? (Choose TWO correct answers.)
write enable = YES anon_upload_enable = YES
Which Samba configuration parameter is functionally identical to the parameter readonly=yes?
writeable=no
The content of which local file has to be transmitted to a remote SSH server in order to be able to log into the remote server using SSH keys?
~/.ssh/authorized_keys Reference: https://www.digitalocean.com/community/tutorials/ssh-essentials-working-with-ssh-servers-clients-and-keys
Which nmap parameter scans a target for open TCP ports? (Choose two.)
-sT -sS
Which paramter of squid initializes the cache directories according to the configuration file? (specify ONLY the parameter name without any values.)
-z
Which is true when a server uses PAM authentication and both the file /etc/pam.conf and the directory /etc/pam.d/ exist?
/etc/pam.conf will be ignored
Fill in the blank What is the path to the global Postfix configuration file? (Specify the full name of the file, including path.)
/etc/postfix/main.cf
Which file needs to be changed in order to enable anonymous FTP logins with vsftpd?
/etc/vsftpd.conf
Which configuration line exports /usr/local/share to nfsclient with read-write access and ensures that all changes are written straight to the disk?
/usr/local/share nfsclient(rw,sync)
If the Samba configuration of a CIFS share contains these statements: create mask=0644 force create mode=0111 Which permission is assigned to a file on the server when the client uploads it with all permission bits set (777)?
0644
Fill in the blank. What configuration directive of the Apache HTTPD server defines where log files are stored? (Specify ONE of the directives without any other options.)
ErrorLog
Given the file db.zone with the content and configuration stanza in named.conf in question 95, Which IPv4 address is subject to this reverse DNS configuration?
192.168.172.20
Which value is valid for the option Protocol in the OpenSSH server configuration?
2
What is the standard port number for the encrypted POP3 service (POP3S)?
995
Which directives can be used in an Apache HTTPD configuration to logically combine several access control statements? (Choose THREE correct answers.)
<RequireAll> <RequireAny> <RequireNone>
With fail2ban, what is a 'jail'?
A filter definition and a set of one or more actions to take when the filter is matched
Which statement best decribes an 010 with regards to LDAP?
A string of decimal numbers separated by periods
Which sshd configuration should be set to no in order to fully disable password based logins? (Choose two.)
ChallengegeResponseAuthentication PasswordAuthetication
It has been discovered that the company mail server is configured as an open relay. Which actions would help prevent the mail server from being used as an open relay while maintaining the possibility to recieve company mails? (Choose two.)
Configure netfilter to not permit port 25 traffic on the public network Restrict postfix to only relay outbound SMTP from the internal network
The program vsftpd, running in a chroot jail, gives the following error: /bin/vsftpd: error while loading shared libraries: libc.so.6: cannot open shared object file: No such file or directory. Which action should fix the error?
Copy the required library to the appropriate lib directory in the chroot jail
What is DNSSEC used for?
Cryptographic authentication of DNS zones
What is the intention of the PAM module pam_cracklib?
Enforce complex passwords
Which Linux user is used by vsftpd to perform file system operations for anonymous FTP users?
The Linux user specified in the configuration option ftp_username
How is the LDAP administrator account configured when the rootdn and rootpw directives are not present in the slapd.conf file?
The account is defined by an ACL in slapd.conf
What problem might occur when a DNS zone file containing the records in question 96 is served in the public internet?
The file contains a link-local IPv4 address which is not reachable from the public internet.
In response to a certificate signing request, a certification authority sent a web server certificate along with the certificate of an intermediate certification authority that signed the web server certificate. What should be done with the intermediate certificate in order to use the web server certificate with Apache HTTPD?
The intermediate certificate should be merged with the web server's certificate into one file that is specified in SSLCertificateFile
Which is true regarding the configuration option SSLCertificateFile in Apache HTIPD?
The option can be used only one time per virtual host
Which is true regarding the configuration option SSLCertificateFile in Apache HTIPD?
The option can be used only one time per virtual host.
In order to block forwarding ICMP for IPv6 on a router, the following packet filtering rule has been set up: ip6tables -A FORWARD -p icmp -j DROP Even though the rule is displayed correctly in ip6tables -L, IPv6 nodes can still ping each other through the router. Why is the rule not working as expected and what should be done in order to effectively block ICMP for IPv6?
The rule blocks icmp which stands for ICMPv4 and should use icmpv6 instead to block ICMPv6.
In a PAM configuration file, which of the following is true about the required control flag?
The success of the module is needed for the module-type facility to succeed. However all remaining modules of the same type will be invoked.