LPI_Prepking_117-202_v2011-06-01_229q_By-Dekin

Number: 117-202 Passing Score: 800 Time Limit : 120 min File Version: 2011-06-01

Exam - LPI_Prepking_117-202 Version - 2011-06-01 Questions - 229 All the questions and answers are verry important updated with easy material and easy examples Good Luck By-Dekin

Exam A QUESTION 1 Given this excerpt from an Apache configuration file, which of the numbered lines has INCORRECT syntax? 1: <VirtualHost *:80> 2: ServerAdmin admin9@server.example.org 3: DocumentRoot /home/http/admin 4: ServerName admin.server.example.org 5: DirectoryIndex index.php default.php 6: ErrorLog logs/admin.server.example.org-error_log 7: CustomLog logs/admin.server.example.org-access_log common 8: </VirtualHost> A. B. C. D. E. 1 1 and 4 1, 4 and 7 1 and 5 None. The configuration is valid

Answer: E Section: (none) Explanation/Reference:

QUESTION 2 Select the TWO correct statements about the following excerpt from httpd.conf: <Directory /var/web/dir1> <Files private.html> Order allow, deny Deny from all </Files> </Directory> A. The configuration will deny access to /var/web/dir1/private.html, /var/web/dirl/subdir2/private.html, /var/ web/dirl/subdir3/private.html and any other instance of private.html found under the /var/web/dir1/ directory. B. The configuration will deny access to /var/web/dir1/private.html, but it will allow access to /var/web/dirl/ subdir2/private.htm1, for example. C. The configuration will allow access to any file named private.html under /var/web/dir1, but it will deny access to any other files D. The configuration will allow access just to the file named private.html under /var/web/dir1 E. The configuration will allow access to /var/web/private.html, if it exists Answer: AE Section: (none) Explanation/Reference:

QUESTION 3 Considering the following excerpt from the httpd.conf file, select the correct answer below: <Location> AllowOverride AuthConfig Indexes </Location> A. The Indexes directive in the excerpt allows the use of other index-related directives such as DirectoryIndex B. Both directives AuthConfig and Indexes found in the server's .htaccess file will be overridden by the same directives found in the httpd.conf file C. The AuthConfig used in the excerpt allows the use of other authentication-related directives such as AuthType D. The excerpt is incorrect, as the AllowOverride cannot be used with Indexes, since the latter cannot be overridden E. The excerpt is incorrect, because AllowOverride cannot be used inside a Location section Answer: E Section: (none) Explanation/Reference:

QUESTION 4 Which of the following lines in the Apache configuration file would allow only clients with a valid certificate to access the website? A. B. C. D. E. SSLCA conf/ca.crt AuthType ssl IfModule libexec/ssl.c SSLRequire SSLVerifyClient require

Answer: E Section: (none) Explanation/Reference:

QUESTION 5 Which TWO of the following options are valid, in the /etc/exports file? A. B. C. D. E. rw ro rootsquash norootsquash uid

Rin winbind --sync. nfsstat C. to synchronize the passwords. rpcinfo .conf. to synchronize the Unix password with the SMB password. B.Answer: AB Section: (none) Explanation/Reference: QUESTION 6 Which of the following is needed.conf. [data] comment = data share path = /srv/smb/data write list = @foo+all force group = all create mask = 0550 directory mask = 0770 Answer: BC Section: (none) Explanation/Reference: QUESTION 8 Which command can be used to list all exported file systems from a remote NFS server: A. [data] path = /srv/smb/data write list = @foo+all force group = @foo+all create mask = 0770 directory mask = 0770 D. when the encrypted SMB password in the smbpasswd file is changed? A. Add smb unix password = sync to smb. D. to convert the passwords. exportfs B. because this is not possible. Add unix password sync = yes to smb. Nothing. write and execute files in "/srv/smb/data"? A. Answer: D Section: (none) Explanation/Reference: QUESTION 7 The new file server is a member of the Windows domain "foo". E. Which TWO of the following configuration sections will allow members of the domain group "all" to read. C. [data] comment = data share path = /srv/smb/data write list = @foo+all force group = @foo+all create mask = 0550 directory mask = 0770 B. [data] comment = data share path = /srv/smb/data write list = @foo+all force group = @foo+all create mask = 0770 directory mask = 0770 C. [data] comment = data share path = /srv/smb/data write list = @foo+all force group = @foo+all directory mask = 0770 E. Run netvamp regularly.

C.D. D. B. showmount E. BIOS settings: hda:DMA. B. importfs Answer: D Section: (none) Explanation/Reference: QUESTION 9 During which stage of the boot process would this message be seen? Ide0: BM-DMA at 0xff00-0xff07. In the master boot record In the boot sector In the /boot directory At the start of the kernel Answer: A Section: (none) Explanation/Reference: QUESTION 11 During which stage of the boot process would this message be seen? ide_setup:hdc=ide-scsi A. hdb:DMA A. D. Boot loader start and hand off to kernel Kernel loading Hardware initialization and setup Daemon initialization and setup . C. on a system with only one installation of Linux and no other operating systems? A. B. Boot loader start and hand off to kernel Kernel loading Hardware initialization and setup Daemon initialization and setup Answer: C Section: (none) Explanation/Reference: QUESTION 10 Where should the LILO code reside. D. C.

bash_profile.Answer: B Section: (none) Explanation/Reference: QUESTION 12 What happens when the Linux kernel can't mount the root filesystem when booting? A.bashrc It first reads and executes commands in /etc/profile and then does same for ~/. C. An error message is shown. E. LANG I18N MESSAGES MSGS LC_MSGS Answer: A Section: (none) Explanation/Reference: QUESTION 14 When bash is invoked as an interactive login shell. B. An error message is shown and the administrator is asked to specify a valid root filesystem to continue the boot process. stating that the corresponding kernel module couldn't be loaded.bash_profile and ~/. Answer: A Section: (none) Explanation/Reference: QUESTION 13 Messages from programs are not appearing in the user's native language. It first reads and executes commands in /etc/profile and then does same for ~/.profile Answer: C . D. D. An error message is shown and the system reboots after a keypress. C. What environment variable must be set for this to happen? A. D. showing which device couldn't be mounted or informing that init couldn't be found. It ignores /etc/profile and only reads and executes commands in ~/.bashrc only if /etc/profile or another initialization script calls it.bash_login and ~/. B. B. E. ~/. E. An error message is shown. C. which of the following sentences is true? A. An error message is shown and the system boots in maintenance mode.bashrc It first reads and executes commands in /etc/bashrc and then does same for /etc/profile It reads and executes commands in ~/.

Use dd to restore a previous backup of the MBR Install LILO since there is no easy way to recover GRUB Running mformat will create a new MBR and fix GRUB using info from grub. Answer: D Section: (none) Explanation/Reference: QUESTION 17 Where should the LILO code reside. how can the lost GRUB first stage loader be recovered? A. In the master boot record In the boot sector In the /boot directory At the start of the kernel Answer: A Section: (none) . To avoid writing to the disk. Because this way crackers cannot collect information about root with boot sniffers C. B. D. on a system with only one installation of Linux and no other operating systems? A. To avoid other operating systems overwriting the Linux root partition E. Answer: A Section: (none) Explanation/Reference: QUESTION 16 A GRUB boot loader installed in the MBR was accidentally overwritten. E.conf is correct. without risk of damage. B. fsck can be run.Section: (none) Explanation/Reference: QUESTION 15 Why is the root file system mounted read-only during boot and remounted with write permission later on? A. C. Run fdisk --mbr /dev/had assuming that the boot harddisk is /dev/hda. unless the root password is known. D. After booting with a rescue CD-ROM.conf Run grub-install after verifying that grub. B. Because the disk has its own write protection that cannot change by the operating system. C. D. Because if problems with the root file system are detected during the boot.

D. The system was not shut down cleanly. C. What could be causing the problem? A. D. mbox mail_location user_dir maildir user_mail_dir Answer: B Section: (none) Explanation/Reference: QUESTION 20 What is the missing keyword in the following configuration sample for dovecot which defines which authentication types to support? (Specify only the keywork) auth default { ______ = plain login cram-md5 } A. Answer: B Section: (none) Explanation/Reference: QUESTION 19 What is the name of the dovecot configuration variable that specifies the location of user mail? A. When booting. C. auth_order mechanisms methods supported . The file-system is specified as ext2 in/etc/fstab. D. B.Explanation/Reference: QUESTION 18 Journalling doesn't appear to be working on an ext3 file-system. The kernel does not contain ext3 support. An old version of e2fsprogs is installed. C. B. B. E. the following line appears: VFS: Mounted root (ext2 filesystem) readonly.

Answer: B Section: (none) Explanation/Reference: QUESTION 21 What does the following procmail configuration section do? :0fw * < 256000 | /usr/bin/foo A.0.0. Install TCP wrappers.mc file .0. procmail will process the email with the program foo C. If an email contains a value less than 256000 anywhere within it. What could help you find out where the mail is originating? A. D. procmail sends mail containing less than 256000 words to program foo D.0.0.cf file C. ADDRESS=127. A dd the command 'FR-strlog' to the sendmail.1 LOCALHOST_ONLY=1 Answer: A Section: (none) Explanation/Reference: QUESTION 23 You suspect that you are receiving messages with a forged From: address. procmail sends all email older than 256000 seconds to the external program foo B.0. B. procmail will process it with the program foo Answer: E Section: (none) Explanation/Reference: QUESTION 22 Which setting in the Courier IMAP configuration file will tell the IMAP daemon to only listen on the localhost interface? A. The program foo is used instead of procmail for all emails larger than 256000 Bytes E.1 INTERFACE=127. If the email smaller than 256000 Bytes. C. and log all connections on port 25 B. Add the command 'define ('LOG_REAL_FROM') dnl' to the sendmail.1 Listen 127.

E. D. Which of the following mount commands should you use? A. Look in the Received: and Message-ID: parts of the mail header Answer: E Section: (none) Explanation/Reference: QUESTION 24 You have to mount the /data filesystem from an NFS server(srvl) that does not support locking. Bugtraq CERT CSIS Freshmeat . passive active impassive safe inactive Answer: A Section: (none) Explanation/Reference: QUESTION 26 Which of the following organisations track and report on security related flaws in computer technology? (Please select TWO answers) A. C. E. C.D. B. B. Run a filter in the aliases file that checks the originating address when mail arrives E. mount -a -t nfs mount -o locking=off srvl:/data /mnt/data mount -o nolocking srvl:/data /mnt/data mount -o nolock srvl:/data /mnt/data mount -o nolock /data@srvl /mn/data Answer: D Section: (none) Explanation/Reference: QUESTION 25 In what mode is your FTP session when the client side makes the connections to both the data and command ports of the FTP server? A. D. C. B. D.

protocol action source IP address packet byte offset source port Answer: D Section: (none) Explanation/Reference: QUESTION 29 Which environment variables are used by ssh-agent? (Please select TWO variables) A. B. D. C. B. C. B. D.E. D. E. C. gated ipchains netfilter routed zebra Answer: D Section: (none) Explanation/Reference: QUESTION 28 Which of the following is NOT included in a Snort rule header? A.org Answer: AC Section: (none) Explanation/Reference: QUESTION 27 Which of the following Linux services has support for only the Routing Information Protocol (RIP) routing protocol? A. Kernel. SSH_AGENT_KEY SSH_AGENT_SOCK SSH_AGENT_PID SSH_AUTH_SOCK SSH_AUTH_PID Answer: BC Section: (none) . E. E.

/proc/dma /proc/filesystems /proc/interrupts /proc/ioports /proc/swaps Answer: ACD Section: (none) Explanation/Reference: . C.Explanation/Reference: QUESTION 30 What tool scans log files for unsuccessful login attempts and blocks the offending IP addresses with firewall rules? A. E. B. C. D. D. E. nessus nmap nc watchlogs fail2ban Answer: E Section: (none) Explanation/Reference: QUESTION 31 Running sysctl has the same effect as: A. Changing the kernel compilation parameters Writing to files inside /proc Changing process limits using ulimit Editing files inside /etc/sysconfig There is no equivalent to this utility Answer: B Section: (none) Explanation/Reference: QUESTION 32 Which files are read by the lsdev command? (Please specify THREE answers) A. B. C. D. B. E.

0xb7f614e0) =32 fwrite ("19". resulting in the source code of the program Debug programs by monitoring system calls and reporting them Answer: E Section: (none) Explanation/Reference: QUESTION 34 The following data is some of the output produced by a program. 3. The descriptor table is bad LILO failed to load the second stage loader LILO failed to load the primary stage loader LILO failed to locate the kernel image Answer: A Section: (none) . B. E. D. B. B. Which program produced this output? strftime (" Thu". lsof ltrace nm strace time Answer: B Section: (none) Explanation/Reference: QUESTION 35 On bootup. LILO prints out LIL and stops. 0xb7f614e0) =1 A. 3. " %b". E. D.QUESTION 33 Which of the following describes the main purpose of strace? A. 1. 1024. 2. 1. C. 0xb7f614e0) =32 strftime (" Feb". Show the TCP/IP stack data. D. What is the cause of this? A. 1. 0xb7f64380) =4 fwrite ("Feb". 0xb7f614e0) =1 fputc (' '. to help to solve network problems Help to follow the traces of intruders of the internal network Debug programs by displaying the original code of the program. C. 0xb7f64380) =4 fwrite ("Thu". Itis a kind of "disassembler" Reverse engineer applications. 0xb7f614e0) =1 fputc (' '. C. 1024. "%a".

B.d.d have been executed. however it is not being executed when the system boots into runlevel 2.local Create a script in ~/. What is the most likely cause of this? A. The kernel won't boot.d/ and place the command in it Answer: A Section: (none) Explanation/Reference: QUESTION 38 An administrator has placed an executable in the directory /etc/init.d/ and place a link to it in /etc/rc2. C.Explanation/Reference: QUESTION 36 A server was rebuilt using a full system backup but with a different disk setup. B.log once all of the scripts in / etc/rc2. C.kde/Autostart/ and place the command in it Create a script in /etc/init. What is the best way to accomplish this? A. Add the command to /etc/rc. B. D.d/ Create a script in /etc/rc2. E. mkbootdisk tune2fs rdev grub-install fdisk Answer: C Section: (none) Explanation/Reference: QUESTION 37 An administrator wants to issue the command echo 1 >/var/ log/boater. C. D. D. Which of the following commands will fix this error by pointing the kernel image to the new root partition? A. complaining it cannot find the root filesystem. The script has not been declared in /etc/services runleve1 2 is not declared in /etc/inittab The script has the permissions 700 and is owned by root A corresponding link was not created in /etc/rc2.d Answer: D Section: (none) Explanation/Reference: .

C.conf and add "BASE dc=linuxfoo.deny Answer: A Section: (none) Explanation/Reference: QUESTION 41 Which answer best describes the meaning of the following LDAP search command: ldapseareh -x" (& (cn=marie)(telephoneNumber=9*))" A. export LDAPBASE=dc=linuxfoo.QUESTION 39 For an LDAP client configuration. B. the LDAP base needs to be set. E. It is searching for all entries that have the cn attribute equal to marie AND the telephoneNumber attribute ending with number 9 D.dc=com Edit ldapbase. It is searching for all entries that have the cn attribute equal to marie AND the telephoneNumber attribute starting with number 9 C.conf and add "BASE dc=linuxfoo. It is searching for all entries that don't have the cn attribute equal to marie AND the telephoneNumber attribute starting with number 9 E. Which TWO of the following actions would achieve that? A. The NIS domain name The resolving order in /etc/resolv. It is searching for all entries that don't have the cn attribute equal to marie OR the telephoneNumber attribute starting with number 9 B.dc=com".conf The priority order in nsswitch.conf and add "BASE dc=linuxfoo. Edit cldap. It is searching for all entries that have the cn attribute different than marie OR the telephoneNumber attribute starting with number 9 Answer: B Section: (none) . E.allow and hosts.dc=com export BASE=dc=linuxfoo. D.dc=com". D. B.conf The filter rules for iptables The contents of hosts.dc=com". Edit ldap. Answer: AE Section: (none) Explanation/Reference: QUESTION 40 Which of the following options can be passed to a DHCP client machine using configuration options on the DHCP server? A. C.

is a server with a set of .html file because it was not moved into the chroot environment A LoadModule line for mod_chroot needs to be added to httpd. regardless of other controls After waiting if all other controls return success Immediately. a sufficient control allows access: A. Immediately on success. httpd no longer starts. if no previous required or requisite control failed Immediately on success. D. at the core. C. B. D. What is the primary cause of the problem? A. E. port = 3128 http-listen-port=3128 http_port 3128 squid_port 3128 Answer: C Section: (none) Explanation/Reference: QUESTION 45 What is the name of the network security scanner project which. C.conf Apache requires a VirtualHost directive when running from a chroot environment The mod_chroot configuration needs the absolute path to the chroot environment Answer: A Section: (none) Explanation/Reference: QUESTION 44 Which is a valid Squid option to define a listening port? A. Apache needs to start as root to bind to port 80 Apache cannot read the main index. C. but only if the user is root Answer: A Section: (none) Explanation/Reference: QUESTION 43 After setting up Apache to run inside a chroot jail as a non-root user. B.Explanation/Reference: QUESTION 42 In a PAM configuration file. D. B.

nmap OpenVAS Snort wireshark Answer: B Section: (none) Explanation/Reference: QUESTION 46 How must Samba be configured.network vulnerability tests (NVTs)? A. B. D.0/24? . Set the parameters "encrypt passwords = yes". C. D. It is not possible for Samba to use/etc/passwd and /etc/shadow E.1.10. B. E. "password file = /etc/passwd" and "password algorithm = crypt" C. Delete the smbpasswd file and create a symbolic link to the passwd and shadow file D. Run smbpasswd to convert /etc/passwd and /etc/shadow to a Samba pass word file Answer: D Section: (none) Explanation/Reference: QUESTION 47 What is the standard port number for the unencrypted IMAP service? A. so that it can check passwords against the ones in /etc/passwd and / etc/shadow? A. B. 25 143 443 993 1066 Answer: B Section: (none) Explanation/Reference: QUESTION 48 Considering the following kernel IP routing table below. Set the parameters "encrypt passwords = yes" and "password file = /etc/passwd". which of the following commands must be used to remove the route to the network 10. C.

E.net 10. route del 10. D. A.1.0/24? Kernel IP routing table . C.10. remote hosts are still unable to mount the exported directories.1.10.1.246.11 route del -net 10.10. What should be the next action? Please select TWO correct answers.1. Restart the NFS daemon Run exportfs -a on the server Run exportfs -f on the server Run showmount -a on the server Restart the remote hosts Answer: BC Section: (none) Explanation/Reference: QUESTION 50 Considering the following kernel IP routing table now. B.0 route del 10. D.0/24 route del . C.10. E.10.A. B.1.168. which of the following commands must be emove the route to the network 10.0 Answer: C Section: (none) Explanation/Reference: QUESTION 49 After changing /etc/exports on a server.0/24 route del 10.10.1.0/24 gw 192.

C. Given that the hosts are reachable by their IP addresses. C.246. E. Restart the NFS daemon Run exportfs -a on the server Run exportfs -f on the server Run showmount -a on the server Restart the remote hosts Answer: BC Section: (none) Explanation/Reference: QUESTION 52 Some users are unable to connect to specific local hosts by name.A. /var/named/log /var/lib/named/dev/log /var/log/bind_errors /var/log/bind/errors /var/log/messages .1.168. while accessing hosts in other zones works as expected.0 Answer: C Section: (none) Explanation/Reference: QUESTION 51 After changing /etc/exports on a server. routedel 10. D.10.0/24 gw 192. which is the default log file that could provide hints about the problem? A. A. D. B.10.1.11 routedel -net 10. What should be the next action? Please select TWO correct answers.10.0/24 routedel 10.0/24 routedel -net 10.1. B. E.10. remote hosts are still unable to mount the exported directories. E. B.1.10. D.0 routedel 10.1. C.

procmailrc file will send a copy of an email to another mail address? A. D. B.1 PermitEmptyPasswords no Port 22 PermitRootLogin yes IgnoreRhosts yes Answer: AD Section: (none) Explanation/Reference: . E. C. E. :0 c :0 copy :c :copy :s Answer: A Section: (none) Explanation/Reference: QUESTION 55 A security-conscious administrator would change which TWO of the following lines found in an SSH configuration file? A. Protocol 2.Answer: E Section: (none) Explanation/Reference: QUESTION 53 Which Squid configuration directive defines the authentication method to use? A. C. C. auth_param auth_method auth_program auth_mechanism proxy_auth Answer: A Section: (none) Explanation/Reference: QUESTION 54 Which entry in the . E. B. B. D. D.

QUESTION 56 Which Samba-related command will show all options that were not modified using smb.conf and thus are set to their default values? Please enter the command and its parameter(s): Answer: testparm -v Section: (none) Explanation/Reference: .

1.168.168. ip= 192. host Certkiller { hardware ethernet 08:00:2b:4c:59:23. with the MAC address "08:00:2b:4c:59:23". It can't be configured to assign addresses to BOOTP clients. host Certkiller { mac=08:00:2b:4c:59:23.2 D. fixed-address 192.4c:59:23. host Certkiller { hardware-address 08:00:2b.168.1.1.Exam B QUESTION 1 Which of the following sentences is true about ISC DHCP? A. Answer: D Section: (none) Explanation/Reference: QUESTION 2 The host. E. } C. domain-name-servers C. None of the above. host Certkiller { hardware-ethernet 08:00:2b:4c:59:23. C.168.2.2. B. should always be given the IP address of 192. It can be configured to only assign addresses to known clients. } Answer: D Section: (none) Explanation/Reference: QUESTION 3 Which dhcpd. D.2.terminals. Which of the following configurations will achieve this? A. fixed-ip 192.1.2.1. Its default behavior is to send DHCPNAK to clients that request inappropriate addresses. fixed-address 192.168. called " Certkiller ".2 by the DHCP server.168. It can't be used to assign addresses to X .conf option defines the DNS server address(es) to be sent to the DHCP clients? A. host Certkiller = 08:00:2b:4c:59:23 192.1. domain-nameserver . } B. domainname B. } E.

D. domain-name-server Answer: B Section: (none) Explanation/Reference:

QUESTION 4 What is a significant difference between host and zone keys generated by dnssec-keygen? A. B. C. D. E. There is no difference. Both zone key files ( .key/.private ) contain a public and private key. Both host keys files ( .key/. private) contain a public and private key. Host Keys must always be generated if DNSSEC is used; zone keys are optional Zone Keys must always be generated if is used; host keys are optional

Answer: B Section: (none) Explanation/Reference:

QUESTION 5 Which of these would be the simplest way to configure BIND to return a different version number to queries? A. B. C. D. E. Compile BIND with the option -blur-version=my version. Set version-string "my version" in BIND's configuration file. Set version "my version" in BIND's configuration file. Set version=my version in BIND's configuration file. Ser version-bind "my version" in BIND's configuration file.

Answer: C Section: (none) Explanation/Reference:

QUESTION 6

A. B. C. D. E.

Any host, from any network, may use this server as its main DNS server. If the server doesn't know the answer to a query, it sends a recursive query to 192.168.0.4. If the server doesn't know the answer to a query, it sends a query to a root DNS server. Hosts in the network 10.0.0.0/24 will be able to ask for zone transfers. If the server doesn't know the answer to a query, it sends a recursive query to 192.168.0.4 and, if this fails, it returns a failure.

Answer: B Section: (none) Explanation/Reference:

QUESTION 7 A BIND server should be upgraded to use TSIG. Which configuration parameters should be added, if the server should use the algorithm hmac-md5 and the key skrKc4DoTzi/tAkllPi7JZA== ? A. TSIG server.example.com. algorithm hmac-md5; secret "skrKc4DoTzi/tAkllPi7JZA=="; }; B. key server.example.com. { algorithm hmac-md5; secret skrKc4DoTzi/tAkllPi7JZA==; }; C. key server.example.com. { algorithm hmac-md5; secret "skrKc4DoTzi/tAkllPi7JZA=="; }; D. key server.example.com. { algorithm=hmac-md5; secret="skrKc4DoTzi/tAkllPi7JZA=="; }; E. key server.example.com. { algorithm hmac-md5 secret "skrKc4DoTzi/tAkI1Pi7JZA==" };

Answer: C Section: (none) Explanation/Reference:

QUESTION 8 DNSSEC is used for? A. B. C. D. E. Encrypted DNS queries between nameservers. Cryptographic authentication of DNS zones. Secondary DNS queries for local zones. Defining a secure DNS section. Querying a secure DNS section.

Answer: B Section: (none) Explanation/Reference:

QUESTION 9 Some users are unable to connect to specific local hosts by name, while accessing hosts in other zones works as expected. Given that the hosts are reachable by their IP addresses, which is the default log file that could provide hints about the problem? A. B. C. D. E. /var/named/log /var/lib/named/dev/log /var/log/bind_errors /var/log/bind/errors /var/log/messages

Answer: E Section: (none) Explanation/Reference:

QUESTION 10 A BIND server should never answer queries from certain networks or hosts. Which configuration directive could be used for this purpose? A. B. C. D. E. deny-query { ...; }; no-answer { ...; }; deny-answer { ...; }; deny-access { ...; }; blackhole { ...; };

Answer: E

There's no ". To provide additional host information." in the NS definition in reverse lookup zone has to be removed. B. To direct email to a specific host. Nothing. Answer: B Section: (none) Explanation/Reference: QUESTION 12 Performing a DNS lookup with dig results in this answer: What might be wrong in the zone definition? A.net in the PTR record in the reverse lookup zone file. B. To provide name to IP resolution. To direct clients to another nameserver.0/24 network? A. }." after linuserv.168.Section: (none) Explanation/Reference: QUESTION 11 What is the purpose of a PTR record? A. E." after linuserv in the PTR record in the forward lookup zone file.1. All seems to be good. There's no ".conf to restrict zone transfers to the 192.net in the PTR record in the forward lookup zone file.example.168." after linuserv. The ". Answer: D Section: (none) Explanation/Reference: QUESTION 13 What directive can be used in named. C. E.1.example. . D.0/24. allow-transfer { 192. There's no ". D. C. To provide IP to name resolution.

C. D.168. ms-dns nameserver usepeerdns dns None of the above Answer: E Section: (none) Explanation/Reference: QUESTION 16 A DNS server has the IP address 192.1 .0/24.0. E.0. allow-xfer { 192. }.0/24.1.168.1.0/24 }. TSIG is used for zone data encryption TSIG is a signal to start a zone update TSIG is used in zone files TSIG is used only in server configuration Servers using TSIG must be in sync (time zone!) Answer: DE Section: (none) Explanation/Reference: QUESTION 15 Which option is used to configure pppd to use up to two DNS server addresses provided by the remote server? A. D. Which TWO statements about TSIG are true? A.B. Which TWO of the following need to be done on a client machine to use this DNS server? A.0/24 }. D.168. Answer: A Section: (none) Explanation/Reference: QUESTION 14 To securely use dynamic DNS updates.168.1 to /etc/resolv. Add nameserver 192. allow-transfer { 192. C. allow-axfr { 192.168.0. B. E.1.168.1. allow-axfr { 192. B. E. C. }. the use of TSIG is recommended.conf B.1.168. Run route add nameserver 192.

Run ifconfig eth0 nameserver 192. D.statement in the named configuration file. while the primary MX record points to mailhost. Add a PTR record from mailhost to fred. A. Using the query access{. D.. htpasswd -c /srv/www/security/site passwd user B.1 Answer: AD Section: (none) Explanation/Reference: QUESTION 17 The mailserver is currently called fred. Add an A record for mailhost to fred's IP address. Using the answer only{.statement in the named configuration file.1.}.1 D..}.conf E. B.. What must be done to direct example. when Basic authentication is being used.168. C. Using the answer{..statement in the named configuration file. E. Run echo "nameserver 192.1..org.}..statement in the named configuration file. Answer: A Section: (none) Explanation/Reference: QUESTION 18 Which of these ways can be used to only allow access to a DNS server from specified networks/ hosts? A.C. which requires users to authenticate against the file /srv/ www/security/site-passwd.example.. Add a CNAME record from mailhost to fred Add another MX record pointing to fred's IP address..168. Answer: B Section: (none) Explanation/Reference: QUESTION 19 There is a restricted area in an Apache site..0.1" >> /etc/resolv. htpasswd /srv/www/security/site-passwd user .statement in the named configuration file. C. B..org email towards fred? A. Run bind nameserver 192.}.}.. Which command is used to CHANGE the password of existing users.168... without losing data.. Using the limit{.. Using the allow-query{.

1. htpasswd -n /srv/www/security/site-passwd user D. StartServers. MinSpareServers. None of the above. Answer: B Section: (none) Explanation/Reference: QUESTION 20 Consider the following / srv/www/ default/html/ restricted/. MinServers.C.0/24 network B.2. htpasswd -D /srv/www/security/site-passwd user E.htaccess AuthType Basic AuthUserFile / srv/www/ security/ site-passwd AuthName Restricted Require valid-user Order deny. B.2. C. which TWO of the following sentences are true? A.1. This setup will only work if the directory /srv/www/default/html/restricted/ is configured with AllowOverride AuthConfig Limit C. D.0/24 network won't need to authenticate themselves to access http://server/restricted/ E. StartServers & MaxClients. Which directives in httpd.conf need to be adjusted? A. Apache will only grant access to http://server/restricted/to authenticated users connecting from clients in the 10.0/24 Satisfy any Considering that DocumentRoot is set to /srv/www/default/html. Users connecting from clients in the 10. MaxClients & KeepAlive. The Satisfy directive could be removed without changing Apache behaviour for this directory Answer: BD Section: (none) Explanation/Reference: QUESTION 21 A web server is expected to handle approximately 200 simultaneous requests during normal use with an occasional spike in activity and is performing slowly. Apache will require authentication for every client requesting connections to http://server/restricted/ D.allow Deny from all Allow from 10.1. Answer: B Section: (none) . MinSpareServers & MaxSpareServers.2. MaxSpareServers. MaxSpareServers. MinSpareServers. MaxServers & MaxClients.

Explanation/Reference: QUESTION 22 Which statements about the Alias and Redirect directives in Apache's configuration file are true? A. C. D. E. D. it starts multiple daemons (one for each virtual host). Answer: D Section: (none) Explanation/Reference: QUESTION 24 Which Apache directive is used to configure the main directory for the site. E. Alias can only reference files under DocumentRoot Redirect works with regular expressions Redirect is handled on the client side Alias is handled on the server side Alias is not a valid configuration directive Answer: CD Section: (none) Explanation/Reference: QUESTION 23 When Apache is configured to use name-based virtual hosts: A. B. B. the Listen directive is ignored by the server. C. ServerRoot UserDir DirectoryIndex Location DocumentRoot Answer: E Section: (none) Explanation/Reference: . out of which it will serve documents? A. C. E. only the directives ServerName and DocumentRoot may be used inside a block. it's also necessary to configure a different IP address for each virtual host. B. D. it's also necessary to create a VirtualHost block for the main host.

Reduce the number of child processes to be started in the configuration file. Answer: B Section: (none) Explanation/Reference: QUESTION 27 Which ACL type in Squid's configuration file is used for authentication purposes? A. Rotate log files regularly. C. Reduce the size of cache_dir in the configuration file. C. AllowExternalConfig AllowAccessFile AllowConfig IncludeAccessFile AllowOverride Answer: E Section: (none) Explanation/Reference: QUESTION 26 Which of the following is recommended to reduce Squid's consumption of disk resources? A. B. Disable logging of fully qualified domain names. D. Disable the use of access lists. B. E.QUESTION 25 Which Apache directive allows the use of external configuration files defined by the directive AccessFileName? A. D. D. E. E. C. proxyAuth proxy_auth proxy_passwd auth auth_required Answer: B Section: (none) Explanation/Reference: QUESTION 28 The listing below is an excerpt from a Squid configuration file: . B.

This proxy can't be used to access FTP servers listening on the default port.A. It's necessary to include a http_access rule denying access to all. Users connecting from localhost will be able to access web sites through this proxy. at the end of the rules. Answer: D Section: (none) Explanation/Reference: QUESTION 29 In the file /var/squid/url_blacklist is a list of URLs that users should not be allowed to access. C. It's possible to use this proxy to access SSL enabled web sites listening on any port. This proxy is misconfigured and no user will be able to access web sites through it. B. What is the correct entry in Squid's configuration file to create an acl named blacklist based on this file? A. acl blacklist urlpath_regex /var/squid/url_blacklist acl blacklist file /var/squid/url_blacklist acl blacklist "/var/squid/url_blacklist" acl blacklist urlpath_regex "/var/squid/url_blacklist" acl urlpath_regex blacklist /var/squid/url_blacklist Answer: D Section: (none) Explanation/Reference: QUESTION 30 Users in the acl named 'sales_net' must only be allowed to access to the Internet at times specified in . C. B. E. D. E. D.

Only the clients from the network 192. http_access deny sales_time sales_net http_access allow sales_net sales_time http_access allow sales_net and sales_time allow http_access sales_net sales_time http_access sales_net sales_time Answer: B Section: (none) Explanation/Reference: QUESTION 31 What of the following is NOT a valid ACL type. Which is the correct http_access directive.0/24 should be able to use the proxy. D. C. auth_param auth_method auth_program auth_mechanism proxy_auth Answer: A Section: (none) Explanation/Reference: QUESTION 33 The Internet gateway connects the clients with the Internet by using a Squid proxy. when configuring squid? A. C. D. D. to configure this? A. B.168.1. src source dstdomain url_regex time Answer: B Section: (none) Explanation/Reference: QUESTION 32 Which Squid configuration directive defines the authentication method to use? A. B. C. Which of the following configuration sections is correct? . E. E. E. B.the time_acl named 'sales_time'.

168. acl local src 192.168.0/24 http access allow local D.*root rootmails C. :0[flags][:[lockfile]]:[* condition]:action Answer: A Section: (none) Explanation/Reference: QUESTION 35 Which of the following recipes will append emails from "root" to the "rootmails" mailbox? A.0/24 httpd local allow Answer: B Section: (none) Explanation/Reference: QUESTION 34 The syntax of the procmail configuration file is? A. :0[flags][:[lockfile]] [* condition] action D.168. :0c: * ^From. :0[flags][:[lockfile]]:[* condition] action E.1. [* condition] action :0[flags][:[lockfile]] C.1.1. acl local src 192.1.0/24 http_allow local B.0/24 http_access allow local C. :0[flags][:[lockfile]] [* condition] action B.168. :0c: * ^From=root rootmails . :0c: rootmails * ^From. acl local src 192. acl local src 192.1.A. acl local src 192.168.*root B.0/24 http_access_allow=local E.

1 OK Answer: B Section: (none) Explanation/Reference: QUESTION 37 The following is an excerpt from a procmail configuration file: :0 c * ! ^To: backup ! backup Which of the following is correct? A.0-192. C.168.1 RELAY 192. A copy of all mails will be stored in file backup.168.D. A copy of all mails will be send to the local email address backup.1. :0c: * ^From=*root rootmails E. 192.168.168. :0c: $From=$root rootmails Answer: B Section: (none) Explanation/Reference: QUESTION 36 The internal network (192. Mails not addressed to backup are passed through a filter program named backup.168. B. What line must be added to /etc/mail/access to allow this? A. All mails to the local email address backup will be stored in the directory backup. B. C. E.1.1.1. D. D. All mails will be backed up to the path defined by $MAILDIR .0/24 OK 192.255) needs to be able to relay email through the site's sendmail server. Answer: D Section: (none) Explanation/Reference: QUESTION 38 Which network service or protocol is used by sendmail for RBLs (Realtime Blackhole Lists)? .168.0/24 RELAY 192.

C.10.net> D.10. How can the configuration be tested.org> C.example.10.net> Answer: D Section: (none) Explanation/Reference: QUESTION 40 Which entry in the .org> RCPT TO:<someone@example.1 25 MAIL FROM<admin@example.10. E.org> RCPT TO:<someone@example.10.1 25 RCPT FROM:admin@example.com MAIL TO:<someone@example.example.10.com> RECEIPT TO:<someone@example.1. telnet 10.example.net> E. RBLP SMTP FTP HTTP DNS Answer: E Section: (none) Explanation/Reference: QUESTION 39 On a newly-installed mail server with the IP address 10.com MAIL FROM:<anyone@example. from outside the local network? A. D.10. B.10. telnet 10.com RCPT FROM:<anyone@example. D. E.A. C.org> B. telnet 10. B.org> MAIL TO:<someone@example.10.1 25 HELO: bogus.procmailrc file will send a copy of an email to another mail address? A.10.1 25 HELO bogus.1 25 HELLO bogus.10. :0 c :0 copy :c :copy :s . using telnet. telnet 10. telnet 10.10.com MAIL FROM:<anyone@example. ONLY local networks should be able to send email.

| /usr/bin/vacation nobody E. E.bashrc /etc/procmailrc /etc/aliases Answer: B Section: (none) Explanation/Reference: QUESTION 42 A user is on holiday for two weeks. D. .forward ${HOME}/. ${HOME}/. :0c: | /usr/bin/vacation nobody B.Answer: A Section: (none) Explanation/Reference: QUESTION 41 Which file can be used to make sure that procmail is used to filter a user's incoming email? A.procmail ${HOME}/. The directory must not have the write permission set. D. B. The directory must not contain other directories. :w | /usr/bin/vacation nobody C. :0fc: |/usr/bin/vacation nobody D. B. E. C. The directory must not have the read permission set. The directory must not have the read or execute permission set. :> |/usr/bin/vacation nobody Answer: A Section: (none) Explanation/Reference: QUESTION 43 What security precautions must be taken when creating a directory into which files can be uploaded anonymously using FTP? A. so that all incoming emails are processed by vacation? A. C. Which of the following procmail rules should be used. The directory must not have the execute permission set. Anyone sending an email to that account should receive an autoresponse.

Add ALLOW after each username. B. B. example. B. com ssh -L 5432:destination.1 PermitEmptyPasswords no Port 22 PermitRootLogin yes IgnoreRhosts yes Answer: AD Section: (none) Explanation/Reference: QUESTION 46 A system monitoring service checks the availability of a database server on port 5432 of destination. Use only one username on each line.com:5432 ssh -R 5432:127.com.example.example.example. Add a semicolon after each username.0.0.0.0.0.example. C.1:5432 destination. E. E. Add DENY after each username. E. The problem with this is that the password will be sent in clear text. Add a colon after each username.1 ssh -L 5432:127. D. C.0.example. D. Answer: A Section: (none) Explanation/Reference: QUESTION 45 A security-conscious administrator would change which TWO of the following lines found in an SSH configuration file? A.0. which command should be used? A. D. Protocol 2.com Answer: C .com:5432 127.Answer: B Section: (none) Explanation/Reference: QUESTION 44 What is the correct format for an ftpusers file entry? A.1:5432 destination.1:5432 destination.com ssh -x destination. ssh -1 5432:127. C. When using an SSH tunnel to solve the problem.0.

Which TWO of the following are correct? A. D.com/ into the browser's address bar and the connection will be encrypted B. The client can connect to the web server by typing http://www. B. C. The client can connect to www.com:80 user@www. C. ssh/config Run ssh-agent on that host Add their public key to ~/. Add their private key to ~/. limitartsize artsizelimit maxartlimit maxartsize setartlimit . B.com by typing http://localhost/ into the browser's address bar and the connection will be encrypted C.example. This is only possible using http://localhost/ D.example.com/ into the browser's address bar. E. It is only possible to port-forward connections to insecure services that provide an interactive shell (like telnet) E.example.example.com.example.Section: (none) Explanation/Reference: QUESTION 47 What must be done on a host to allow a user to log in to that host using an SSH key? A. ssh/config Answer: D Section: (none) Explanation/Reference: QUESTION 48 An SSH port-forwarded connection to the web server www.example. E. ssh/authorized_keys Reference their public key in ~/. The client can connect to the web server by typing http://www.com was invoked using the command ssh -TL 80 :www.com/ into the browser's address bar and the connection will not be encrypted Answer: BE Section: (none) Explanation/Reference: QUESTION 49 Which of the following defines the maximum allowed article size in the configuration file for INN? A.example. The client can't connect to the web server by typing http://www. D. ssh/authorized_keys Reference their private key in ~/.

B. /usr/local/share nfsclient(rw) written nfsclient: /usr/local/share/:rw.sync /usr/local/share nfsclient:rw:sync /usr/local/share nfsclient(rw.php 6: ErrorLog logs/admin.example. C. C. D.org 3: DocumentRoot /home/http/admin 4: ServerName admin. ctlinnd kill hup kill . B.org 5: DirectoryIndex index.example.server.server. ensuring that all changes are straight to the disk? A.org-error_log 7: CustomLog logs/admin.server.sync) nfsclient(rw.HUP process id ctlinnd xexec innd ctlinnd reload innd /usr/sbin/innd reload Answer: C Section: (none) Explanation/Reference: QUESTION 51 Which of the following configuration lines will export /usr/local/share/ to nfsclient with read-write access.example. E. E.php default.Answer: D Section: (none) Explanation/Reference: QUESTION 50 The innd configuration file has been changed and it should be used as soon as possible. which of the numbered lines has INCORRECT syntax? 1: <VirtualHost *:80> 2: ServerAdmin admin9@server. D.org-access_log common 8: </VirtualHost> .example.sync) /usr/local/share Answer: D Section: (none) Explanation/Reference: QUESTION 52 Given this excerpt from an Apache configuration file. What is the fastest way to accomplish that? A.

D. E. The configuration is valid Answer: E Section: (none) Explanation/Reference: QUESTION 53 You suspect that you are receiving messages with a forged From: address. 4 and 7 1 and 5 None. 1 1 and 4 1. and log all connections on port 25 A dd the command 'FR-strlog' to the sendmail.mc file Run a filter in the aliases file that checks the originating address when mail arrives Look in the Received: and Message-ID: parts of the mail header Answer: E Section: (none) Explanation/Reference: QUESTION 54 Which is a valid Squid option to define a listening port? A.A. Install TCP wrappers.html> Order allow. What could help you find out where the mail is originating? A. E. B.conf: <Directory /var/web/dir1> <Files private. C.cf file Add the command 'define ('LOG_REAL_FROM') dnl' to the sendmail. B. D. C. B. deny . C. D. port = 3128 http-listen-port=3128 http_port 3128 squid_port 3128 Answer: C Section: (none) Explanation/Reference: QUESTION 55 Select the TWO correct statements about the following excerpt from httpd.

html. on a system with only one installation of Linux and no other operating systems? A. The configuration will deny access to /var/web/dir1/private.html under /var/web/dir1. B.Deny from all </Files> </Directory> A.html. The configuration will deny access to /var/web/dir1/private. /var/ web/dirl/subdir3/private. The configuration will allow access to any file named private. but it will deny access to any other files D.html. C.html found under the /var/web/dir1/ directory. for example. In the master boot record In the boot sector In the /boot directory At the start of the kernel Answer: A Section: (none) Explanation/Reference: . B. The configuration will allow access just to the file named private. but it will allow access to /var/web/dirl/ subdir2/private. D.htm1.html and any other instance of private. The configuration will allow access to /var/web/private. if it exists Answer: AE Section: (none) Explanation/Reference: QUESTION 56 Where should the LILO code reside. C.html under /var/web/dir1 E. /var/web/dirl/subdir2/private.html.

E. C.10 ifconfig eth0 +192.add ip 192.10 ifconfig eth0 1 192. D. B. which file will be read by default? A.10 ifconfig eth0:sub1 192.123. ifconfig eth0 . C. B.168.123.10 ifconfig eth0:1 192. B. D. E.123.Exam C QUESTION 1 What command can be used to add a new newsgroup called Certkiller that allows posting? A.168. ctlinnd newgroup Certkiller n news ctlinnd newgroup Certkiller y news ctlinnd addgroup Certkiller y news ctlinnd newgroup Certkiller +rw news ctlinnd addgroup Certkiller +rw news Answer: B Section: (none) Explanation/Reference: QUESTION 2 Which TWO of the following commands could be used to add a second IP address to eth0? A.123. /etc/hosts /etc/ethers /etc/arp. D. E.123.conf /etc/networks /var/cache/arp Answer: B Section: (none) Explanation/Reference: QUESTION 4 What command must be used to print the kernel's routing table? . C.10 Answer: BE Section: (none) Explanation/Reference: QUESTION 3 If the command arp -f is run.168.168.168.

2 B. B.0 up Answer: C Section: (none) Explanation/Reference: QUESTION 6 Which option must be used with ifconfig.10. C.3. D.255.0? A. ifconfig eth1:1 10. E.255.168. to also see interfaces that are down? A. D.3.255.4 netmask 255.10.3.10.1.4/255. -d -a --all --down None.0 eth1:1 up ifconfig eth1:1 10.A.34 and the netmask 255. D.255.4 netmask 255.255.10. C. E.255.255.1.4/255.255. C.255.3.255. B.0 up ifconfig 10. ifconfig eth0 192.168. route print route enumerate route show route list route Answer: E Section: (none) Explanation/Reference: QUESTION 5 What command would be used to configure the interface eth1:1 with the IP address 10 10.255.255.10.2 .3. ifconfig eth0:1 192.0 start ifconfig 10. B. E.4 netmask 255.0 eth1:1 up ifconfig eth1:1 10. Answer: A Section: (none) Explanation/Reference: QUESTION 7 What is the command to add another IP address to an interface that already has (at least) one IP address? A.

with the IP address 192. C. Run ifconfig eth0 defaultroute 192.168.1. Answer: A Section: (none) Explanation/Reference: .123. The host route 194.1.0. What needs to be done on the client to enable it to use the router as its default gateway? A. D.123. Answer: C Section: (none) Explanation/Reference: QUESTION 9 A network client has an ethernet interface configured with an IP address in the subnet 192.5 is rejected by the kernel. that connects this subnet to the Internet.168.168. Add "defaultroute 192. E.2 Answer: A Section: (none) Explanation/Reference: QUESTION 8 The command route shows the following output: Which of the following statements is correct? A. B.1 if=eth0. B.168. ipconfig eth0 192.168. Run route add gw 192.168.168.conf.2 D.168. Run route add defaultgw=192.0. The host 194. E.5 is temporarily down. This subnet has a router. The "!H " signals that traffic to the host 194.0.168.0.1.1 eth1. Run route add default gw 192.0.5 is dropped.5 is not available. ipconfig eth0:1 192. The network 169.0/24.168.0.C.0.0. D.123.0 is not a valid route.1 eth1.1. C.168. The network path to the host 194.254.168.168.123.1" to /etc/resolv.

network 192.0.255.0.2 route add .net 192.so session sufficient /lib/security/pam_unix.so password required /lib/security/pam_cracklib.so use_first_pass account sufficient /lib/security/pam_unix.168. Which TWO of the following need to be done? A.so password sufficient /lib/security/pam_unix.so auth required /lib/security/pam_nologin.0.168.0.0.1 in the subnet 10.4. All users will be authenticated against the LDAP directory .168.net 192.so auth sufficient /lib/security/pam_unix.168.0 netmask 255.1 in the subnet 192.0 gw 192.255.d/login file? #%PAM-l. eth0 has the IP address 192.0. Enable IP forwarding with echo "1" > /proc/sys/net/ipv4/ip_forward Add new firewall chains to handle inbound & outbound traffic on both interfaces.so account required /lib/security/pam_ldap. C.168.255.0.2 route add .so use_first_pass session optional /lib/security/pam_console.4. The server needs to be restarted.168.0. Answer: AC Section: (none) Explanation/Reference: QUESTION 11 What command is used to add a route to the 192.168.so shadow nullok md5 use_authtok auth required /lib/security/pam_ldap.0 netmask 255.0 netmask 255.0/16. The routing table looks fine.0/24 gw 192.0.255.2 route add .168.4.2 route add .net 192. D.network 192.168. route add .0/24 network via 192. for the changes to take effect. E. The routing table needs to be restarted.2? A.168.so A. but no data is traversing the networks.0.2 Answer: E Section: (none) Explanation/Reference: QUESTION 12 Which of the following sentences is true. C.QUESTION 10 A server with 2 network interfaces.168.168.255.so nullok use_authtok md5 shadow password required /lib/security/pam_ldap.0/24 192. E.0 gw 192.4.4. B.1/24 and eth1 has the IP address 10.0.168.0. Reconfigure the firewall rules to allow traffic to traverse the networks. when using the following /etc/pam.255.4. D. B.so session required /lib/security/pam_ldap. should act as a router.0 auth required /lib/security/pam_securetty. eth0 and eth1. for the changes to take effect.168.0 192.

so use_first_pass account sufficient /lib/security/pam_ldap. C. Which of them is NOT correct? A. control is returned to the calling application . D. which of the following is true about the required control flag? A. E. B. E. B.so Answer: E Section: (none) Explanation/Reference: QUESTION 14 What is the advantage of using SASL authentication with OpenLDAP? A.so password required /lib/security/pam_pwdb. This is the only file needed to configure LDAP authentication on Linux Only local users will be able to log in.d/login includes the following configuration parameters. D. The success of the module is needed for the module-type facility to succeed. C. If the module returns success. local users wouldn't be able to log in Answer: D Section: (none) Explanation/Reference: QUESTION 13 LDAP-based authentication against a newly-installed LDAP server does not work as expected. password required /lib/security/pam_ldap. C. Answer: A Section: (none) Explanation/Reference: QUESTION 15 In a PAM configuration file.B. It enables the use of Access Control Lists. D. no more modules of the same type will be invoked B.so auth sufficient /lib/security/pam_ldap. when the file/etc/nologin exists Ordinary users will be able to change their password to be blank If the control flags for auth were changed to required. If it returns a failure. E. It can prevent the transmission of plain text passwords over the network. It allows the use of LDAP to authenticate system users over the network. It disables anonymous access to the LDAP server. All of the above. The file /etc/pam.so auth required /lib/security/pam_ldap.

d/ will be ignored. Answer: B Section: (none) Explanation/Reference: QUESTION 17 Which of the following tools. when a server uses PAM authentication and both /etc/pam. but /etc/pam. C. D.d/ has a higher priority.conf has a higher priority.C. C. but /etc/pam. which option is used (in the pppd configuration file) to enable user authentication against the system password database? A. login B. E.conf & /etc/ pam.d/ exist? A. If the module returns failure. B. B. can provide dial-in access to a server? A. D. auth C. The module is not critical and whether it returns success or failure is not important. The success of the module is needed for the module-type facility to succeed However. local .conf will be ignored. D. /etc /pam. Both are used. It causes error messages. all remaining modules of the same type will be invoked. Both are used. no more modules of the same type will be invoked Answer: C Section: (none) Explanation/Reference: QUESTION 16 Which of the following is true. /etc / pam. on its own. E. mingetty pppd dip chat mgetty Answer: E Section: (none) Explanation/Reference: QUESTION 18 When configuring a PPP dial-in server. E.

because (x) inetd is not secure Running vsftpd in standalone mode is only possible as root. which could be a security risk vsftpd cannot be started in standalone mode (x) inetd has more access control capabilities .conf. in the Database Directives section. ypserv group getent group rpcinfo group ypbind group yppoll group Answer: B Section: (none) Explanation/Reference: QUESTION 21 What could be a reason for invoking vsftpd from (x) inetd? A. C. B. D. C. rootdn cn=Manager dc= Certkiller dc=com rootdn "cn=Manager. password E.dc=com. E.dc=Manager rootdn "cn= Certkiller . D.dc=com. to set the rootdn so that the common name is Manager and the company's domain is Certkiller . B. C.dc=com" rootdn cn= Certkiller . which of the following entries should be added to slapd. It's not a good idea. E. user Answer: A Section: (none) Explanation/Reference: QUESTION 19 To configure an LDAP service in the company " Certkiller Ltd".dc=Manager" rootdn "cn=Manager dc= Certkiller dc=com" Answer: B Section: (none) Explanation/Reference: QUESTION 20 Which of the following commands can gather entries from the specified administrative NIS database group? A.D. D.com ? A.dc= Certkiller . B.

0/255. There is a conflicting entry in /etc/hosts.168. xinetd is faster than xinetd and should be preferred for this reason.0/255.168.255. E. B. E. The machine needs to be restarted.0 : ALLOW 192. D. D. C.1.allow? A.255.1.255.168.0 should be allowed to access it. The service needs to be restarted. xinetd includes support for X connections.255.1. (x) inetd is needed to run vsftpd in a chroot jail Answer: D Section: (none) Explanation/Reference: QUESTION 22 An SSH server is configured to use tcp_wrappers and only hosts from the class C network 192. xinetd and inetd are used to reduce the number of listening daemons.168.168.0/255. but this is having no effect.0 Answer: B Section: (none) Explanation/Reference: QUESTION 23 Which TWO of the following statements about xinetd and inetd are correct? A.0/255. D. Which of the following lines would achieve this. tcpd needs to be sent the HUP signal. xinetd only supports TCP connections. xinetd supports access control by time.0/255.255.255.168. C.255.0 : ALLOW: sshd tcpd: sshd : 192. Answer: AE Section: (none) Explanation/Reference: QUESTION 24 A correctly-formatted entry has been added to /etc/hosts.255. when entered in/etc/ hosts. B.0 : sshd sshd : 192. C.255. B.E. The service does not support tcpwrappers .255. ALLOW: 192. What would be the cause of this? A.1. E.1.0 : ALLOW sshd : ALLOW: 192.1.allow to allow certain clients to connect to a service.deny .

255. E. ssh stream tcp nowait root /usr/sbin/tcpd sshd ssh stream tcp nowait root /usr/sbin/tcpd tcpd ssh stream tcpd nowait root /usr/sbin/tcpd sshd ssh data tcpd nowait root /usr/sbin/tcpd sshd ssh data tcp nowait root /usr/sbin/tcpd sshd Answer: A Section: (none) Explanation/Reference: .168.168. Both files must be edited. B.allow entries will allow access to sshd from the class C network 192.0? A.0/255.0 sshd : 192.168.1.168.0 Answer: AD Section: (none) Explanation/Reference: QUESTION 26 Which TWO of the following statements about the tcp_wrappers configuration files are correct? A. E.1 sshd : 192.255.255.1. B.1.1.0 sshd : 192.0 netmask 255.Answer: E Section: (none) Explanation/Reference: QUESTION 25 Which TWO /etc/hosts. D.168. D. sshd : 192. to get tcp_wrappers to work properly It is possible to configure tcp_wrappers using just one file (x) inetd requires these files All programs that provide network services use these files to control access tcpd uses these files to control access to network services Answer: BE Section: (none) Explanation/Reference: QUESTION 27 What is the appropriate configuration file entry to allow SSH to run from inetd ? A. C. C. B.168. sshd : 192.255.1. C. E. D.

6: cannot open shared object file: No such file or directory.e. D. Which TWO of the following are possible solutions? A. is giving the following error: /bin/vsftpd: error while loading shared libraries: libc. Get the vsftp source code and compile it statically. Run the program using the command chroot and the option --static_libs Answer: AD Section: (none) Explanation/Reference: . B. E.conf must contain the path to the appropriate lib directory in the chroot jail Create a symbolic link that points to the required library outside the chroot jail Copy the required library to the appropriate lib directory in the chroot jail.4. FreeS/WAN doesn't require any Linux kernel 2. FreeS/WAN only enables the use of strong encryption between Linux hosts E. C.so. B.tools FreeS/WAN iproute2 Answer: D Section: (none) Explanation/Reference: QUESTION 30 A program. The file /etc/ld. running in a chroot jail. called vsftpd. FreeS/WAN needs a patch to support NAT traversal for users behind a NAT gateway C.so. FreeS/WAN doesn't support remote users (i.QUESTION 28 Which of the following sentences is TRUE about FreeS/WAN? A. notebook users with dynamic IP addresses) connecting to the LAN B. IPSec SSH net . which software is used to configure a VPN? A.4 modules to work properly D. C. D. E. FreeS/WAN can't be used to establish a VPN between a Linux host and a Microsoft Windows 2000 Server host Answer: B Section: (none) Explanation/Reference: QUESTION 29 As of Linux kernel 2.

C. D.168. whereby it is responding to ICMP Echo-Request packets sent to its broadcast address. D.168. ifconfig eth0 nobroadcast echo "0" > /proc/sys/net/ipv4/icmp_echo_accept_broadcasts iptables -A INPUT -p icmp -j REJECT echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts echo "1" > /proc/sys/net/ipv4/icmp_echo_nosmurf Answer: D Section: (none) Explanation/Reference: .215.QUESTION 31 Which of the following can the program tripwire NOT check? A. Boot sectors.123. which command needs to be run? A. B.5. To disable this.5. C.112.53 > 192. E. File existence.org. E. File size. (25) 13:03:17. Answer: E Section: (none) Explanation/Reference: QUESTION 32 The following is an excerpt from the output of tcpdump -nli eth1 'udp': 13:03:17.5.7.1065: 43653 1/0/0 A 24.277327 IP 192.112.5. File signature.123.1065 > 192. B. B.53: 43653+ A? lpi. C.168. Permissions.598624 IP 192. E. FTP HTTP SSH DNS DHCP Answer: D Section: (none) Explanation/Reference: QUESTION 33 A server is being used as a smurf amplifier. D.168.109 (41) Which network service or protocol was used? A.

12 .12 -d 10.12. B.168. C.43.QUESTION 34 When the default policy for the iptables INPUT chain is set to DROP.43.34.12. iptables . C. iptables .12.A FORWARD -p tcp -s 0/0 -d 10.34.12.A FORWARD -p tcp -s 0/0 -d 10.A FORWARD -p tcp -s 192.56 --dport 443 -j ACCEPT.168. which of the following commands is correct? A.56 --dport 80 -j ACCEPT iptables . B.43.56:443 -j ACCEPT. iptables never affects packets addressed to localhost Sendmail delivers emails to localhost Some applications use the localhost interface to communicate with other applications.12 d 10.43.168. D. Given that the client host's IP address is 192. C. syslogd receives messages on localhost Answer: D Section: (none) Explanation/Reference: QUESTION 35 To be able to access the server with the IP address 10. Answer: C Section: (none) Explanation/Reference: QUESTION 36 Which THREE of the following actions should be considered when a FTP chroot jail is created? A.12.A FORWARD -p tcp -s 192.34.56 using HTTPS.12. E.34.56:80 -j ACCEPT. B. It doesn't matter.168. iptables .34. Create /dev/ and /etc/ in the chroot enviroment Create /etc/passwd in the chroot enviroment Create /var/cache/ftp in the chroot enviroment Create the user ftp in the chroot enviroment Create /usr/sbin/ in the chroot enviroment Answer: ABD Section: (none) Explanation/Reference: . why should a rule allowing traffic to localhost exist? A.d 10. E. E.34. iptables .12. D. a rule for iptables has to be written. D. All traffic to localhost must always be allowed.56 --dport 443 -j ACCEPT.A INPUT -p tcp -s 192.

Which change to your iptables rules could alleviate the problem? A. D. B. The remote host allows access to both services. The remote user's ssh_config file disallows X11 forwarding The remote server's sshd_config file disallows X11 forwarding A different public key has to be used for X11 X11 cannot be forwarded if public-key authentication was used X11 though SSH needs a special X11 server application installed Answer: B Section: (none) Explanation/Reference: QUESTION 38 An iptables firewall was configured to use the target MASQUERADE to share a dedicated wireless connection to the Internet with a few hosts on the local network. while web browsing seems to be working fine. Which of the following can be the reason for that behaviour? A. Change the target MASQUERADE to SNAT Change the target MASQUERADE to DNAT Change the target MASQUERADE to BALANCE and provide a backup Internet connection Change the target MASQUERADE to REDIRECT and provide a backup Internet connection Change the target MASQUERADE to BNAT Answer: A Section: (none) Explanation/Reference: QUESTION 39 Which command line create an SSH tunnel for POP and SMTP protocols? A.QUESTION 37 Connecting to a remote host on the same LAN using ssh public-key authentication works but forwarding X11 doesn't. The Internet connection becomes very unstable in rainy days and users complain their connections drop when downloading e-mail or large files. E. D. C. D. B. C. B.L :110 -L :25 -1 user -N mailhost ssh -L 25:110 -1 user -N mailhost ssh -L mailhost:110 -L mailhost:25 -1 user -N mailhost ssh -L mailhost:25:110 -1 user ssh -L 110:mailhost:110 -L 25:mailhost:25 -1 user -N mailhost Answer: E Section: (none) Explanation/Reference: . ssh. E. E. C.

1.168.2.1.org.168. ipconfig /release ifconfig --release-all dhclient -r ifconfig --release pump --release Answer: C Section: (none) Explanation/Reference: QUESTION 43 . www.3 C.example.168.example. 60 IN A 192. www.example. www.2. dig nslookup host named-checkconf named-checkzone Answer: A Section: (none) Explanation/Reference: QUESTION 41 Which records must be entered in a zone file in order to use "Round Robin Load Distribution" for a web server? A. B.1.1.2 www. D.168.192.QUESTION 40 Which of these tools can provide the most information about DNS queries? A.168. 60 IN RR 192.1.168.168.3 Answer: A Section: (none) Explanation/Reference: QUESTION 42 Which command would release the current IP address leased by a DHCP server? A.example. C. C. E. www.example. 60 IN RR 192.168. 60 IN A 192.1.192.192.org.1-3 D. B.168. E.org. D. 60 IN A 192.1. www.192. 60 IN A 192.1.org.example.org.1.3 B.1.org.168.168. 60 IN A 192.1 www.1:3 E.example.1.org.

when creating the new user? A. B. it is possible to set users that will have the power of the root user.Remote access to a CD-RW device on a machine on a LAN must be restricted to a selected user group. including simultaneous access by many users C. Through the sudo configuration file. E. The pam_console module allows access configuration to these devices via console.d/su file. C. The remote access to these devices can be allowed to users by changing the display manager configuration and allowing sudo access for the user that will log in remotely B. Select the TWO correct alternatives that describe the possible solutions for this problem. If the pam_console module is used.conf configuration file The use of the pam_console module along with the /etc/security/console. B. C. The pam_console module can be used to control access to devices via console. it is important to configure the /etc/pam. Older users can log in.perms configuration file The use of the pam_nologin module along with the /etc/nologin configuration file Answer: E Section: (none) Explanation/Reference: QUESTION 45 A new user was created on a master NIS server using useradd but cannot log in from an NIS client. D. because it is essential for user authentication E. Which step was probably forgotten. allowing/denying access to these devices in the user's session D. The use of the pam_nologin module along with the /etc/login configuration file The use of the pam_deny module along with the /etc/deny configuration file The use of the pam_pwdb module along with the /etc/pwdb. D. E. Running yppush on the NIS server to propagate map changes to NIS clients Running make inside /var/yp on the NIS server to generate new maps Starting the yppasswdd daemon on the NIS server to receive login re quests from NIS clients Starting the ypxfr daemon on the NIS client to fetch map changes from the NIS server Restarting ypxfr daemons on the NIS client and server to fetch map changes Answer: A Section: (none) Explanation/Reference: . so the PAM modules can secure the service Answer: CE Section: (none) Explanation/Reference: QUESTION 44 Select the alternative that shows the correct way to disable a user login (except for root) A. it must be checked as required. so they can access the devices. Besides that. A.

D. by querying an NIS server? A. C. dhcp dhcpcd bootpd ethd dhcpd Answer: B Section: (none) Explanation/Reference: QUESTION 49 .com user +shell Answer: D Section: (none) Explanation/Reference: QUESTION 47 A network has many network printers connected and they should get their addresses using DHCP. What information from each printer is needed to always assign them the same IP address when dhcpd is used as the DHCP server? A. MAC address Host name Serial number Factory default IP address Built-in network card type Answer: A Section: (none) Explanation/Reference: QUESTION 48 Which daemon is required on the client if an ethernet device gets its IP address from a central server? A. D. E. E. C.com ypmatch -d example. B. B.QUESTION 46 How can a user's default shell be checked. ypquery user@example.com user ypq @example. B.com user passwd ypcat -d example. D. E. C.com ypgrep user example.

E. E. B.Which TWO of the following wireless tools can be used to check the wireless network link quality? A. B. C. /var/named/log /var/lib/named/dev/log /var/log/bind_errors /var/log/bind/errors /var/log/messages Answer: E Section: (none) Explanation/Reference: QUESTION 52 Which Squid configuration directive defines the authentication method to use? A. D. D. C. which is the default log file that could provide hints about the problem? A. iwconfig iwlink iwscan iwifi iwspy Answer: AE Section: (none) Explanation/Reference: QUESTION 50 What command can be used to check the Samba configuration file? A. C. D. E. while accessing hosts in other zones works as expected. Given that the hosts are reachable by their IP addresses. auth_param . testconfig testsmbconfig smbtestcfg smbtestparm testparm Answer: E Section: (none) Explanation/Reference: QUESTION 51 Some users are unable to connect to specific local hosts by name. B.

B. D.ssh/id_dsa C. C.procmailrc file will send a copy of an email to another mail address? A. B. E. B. C. which is located at: A. D. its fingerprint is received and stored in a file. D.ssh/fingerprints B. :0 c :0 copy :c :copy :s Answer: A Section: (none) Explanation/Reference: QUESTION 54 A security-conscious administrator would change which TWO of the following lines found in an SSH configuration file? A. ~/ . E. Protocol 2. ~/ . ~/ . E.1 PermitEmptyPasswords no Port 22 PermitRootLogin yes IgnoreRhosts yes Answer: AD Section: (none) Explanation/Reference: QUESTION 55 When connecting to an SSH server for the first time.ssh/known_hosts . C. auth_method auth_program auth_mechanism proxy_auth Answer: A Section: (none) Explanation/Reference: QUESTION 53 Which entry in the .

~/ . C. Protocol 2.ssh/gpg.txt Answer: C Section: (none) Explanation/Reference: QUESTION 56 A security-conscious administrator would change which TWO of the following lines found in an SSH configuration file? A. E.ssh/id_dsa. D.pub E. ~/ .D. B.1 PermitEmptyPasswords no Port 22 PermitRootLogin yes IgnoreRhosts yes Answer: AD Section: (none) Explanation/Reference: .

com QUESTION 2 According to the configuration below. to make named re-read its zone files? Answer: rndc reload Section: (none) . what is the command.conf file below.certkiller. which domain name will clients in the 172. what is the e-mail address of the administrator for this domain? Answer: hostmaster@certkiller.certkiller.com QUESTION 3 Using only commands included with named.87.com Section: (none) Explanation/Reference: hostmaster@certkiller. with options or parameters.0/24 network get? Answer: lab.com Section: (none) Explanation/Reference: lab.Exam D QUESTION 1 According to the dhcpd.16.

Explanation/Reference: QUESTION 4 Which type of DNS record defines which server(s) email for a domain should be sent to? Answer: MX Section: (none) Explanation/Reference: QUESTION 5 In which configuration file can a key-file be defined to enable secure DNS zone transfers? (Please enter the file name without the path) Answer: named. to allow a DNS server to receive queries? (Enter only the port number).conf Section: (none) Explanation/Reference: QUESTION 6 The users of the local network complain that name resolution is not fast enough. according to the BIND configuration below? (Type the fully-qualified domain name. Enter the command. without the path or any options.com. Answer: 53 Section: (none) Explanation/Reference: QUESTION 8 Which is the preferred mail server for the domain example. Answer: dig Section: (none) Explanation/Reference: QUESTION 7 Which port must be open on a firewall. that shows the time taken to resolve a DNS query.) .

to hundreds of Recipients. Answer: ErrorLog Section: (none) Explanation/Reference: QUESTION 11 A malicious user has sent a 35MB video clip. Complete the path below. as an attachment. Answer: /home/joe/site/html/index.html and the following directive is present in server's Apache configuration file? UserDir site/html Given that all users have their home directory in /home. in the local file-system. This mail can be removed with the command rm _______________ * .html Section: (none) Explanation/Reference: QUESTION 10 Enter one of the Apache configuration file directives that defines where log files are stored. is presented when the client requests http://server/~joe/index.com Section: (none) Explanation/Reference: QUESTION 9 Which file. Looking in the outbound queue reveals that this is the only mail there. Answer: /var/spool/mqueue/ Section: (none) Explanation/Reference: QUESTION 12 .Answer: mx-ny. please type in the FULL file name including the path.certkiller.

Answer: /home/foo/. will contain a list of all members' email addresses for the mailing list "linux-users"? (Enter only the file name). Answer: majordomo. if home directories are stored in /home? Please enter the complete path to the file. Answer: linux-users Section: (none) Explanation/Reference: QUESTION 16 What command must be used to create an SSH key-pair? Please enter the command without the path or any options or parameters. Please complete the recipe.cf Section: (none) Explanation/Reference: QUESTION 13 A procmail recipe is required to delete all emails marked as spam. :0: * X-Spam-Status: Yes Answer: /dev/null Section: (none) Explanation/Reference: QUESTION 14 Where is the user foo's procmail configuration stored.procmailrc Section: (none) Explanation/Reference: QUESTION 15 Which file. on a majordomo server.Please enter the name of the main majordomo configuration file without the path. Answer: ssh-keygen Section: (none) Explanation/Reference: QUESTION 17 .

conf Section: (none) Explanation/Reference: QUESTION 20 What file should be edited to make the route command show human-readable names for networks? (Please enter the full path) Answer: /etc/networks Section: (none) Explanation/Reference: QUESTION 21 In which directory are the PAM modules stored? Answer: /lib/security Section: (none) Explanation/Reference: QUESTION 22 Which command can be used to change the password for an LDAP entry? Answer: ldappasswd Section: (none) . can access to the news server be configured? (Enter only the file name).To allow X connections to be forwarded from or through an SSH server. Answer: readers. on an INN news server. what line must exist in the sshd configuration file? Answer: X11Forwarding yes Section: (none) Explanation/Reference: QUESTION 18 Which keys are stored in the authorized_keys file? Answer: public Section: (none) Explanation/Reference: QUESTION 19 In which file.

5 > 194.168.Explanation/Reference: QUESTION 23 According to the tcpdump output below.5: icmp 64: echo reply seq 1 What command was used on the host 192.123. to generate this output? Answer: ping Section: (none) Explanation/Reference: QUESTION 25 Which Apache directive is used to configure the main directory for the site.123.11 Section: (none) Explanation/Reference: QUESTION 24 Running tcpdump -nli eth1 'icmp' shows the following output: 11:56:35.25.123.168.246.2.670910 IP 194. out of which it will serve documents? Answer: DocumentRoot Section: (none) Explanation/Reference: QUESTION 26 Which file on a Postfix server modifies the sender address for outgoing e-mails? Please enter only the file name without the path Answer: sender_canonical Section: (none) .2.129 > 192.168.599063 IP 192.129: icmp 64: echo request seq 1 11:56:35.168.5. what is the IP address of the client host? Answer: 192.25.

If the server accepts and delivers the email. Answer: krb5. Answer: open relay Section: (none) Explanation/Reference: QUESTION 29 Please enter the command used to remove Kerberos tickets from the cache below.conf Section: (none) Explanation/Reference: QUESTION 31 Please enter the complete command to create a new password file for HTTP basic authentication (/home/http/data/web _passwd) for user john. Answer: iptables-save Section: (none) Explanation/Reference: QUESTION 28 All machines outside the network are able to send emails through the server to addresses not served by that server. Please enter the English term. without any punctuation. Answer: htpasswd -c /home/http/data/web_passwd john Section: (none) Explanation/Reference: .Explanation/Reference: QUESTION 27 Which command can be used to save the current iptables rules into a file? Please enter only the command without path or parameters. Answer: kdestroy Section: (none) Explanation/Reference: QUESTION 30 Please enter the Kerberos 5 configuration file name without path below. then it is a(n) _____________.

0/24.so.0/24 network? Answer: allow-transfer { 192. }. What .168.QUESTION 32 What directive can be used in named.1. Section: (none) Explanation/Reference: QUESTION 33 With which parameter in the smb. What file should the path to the libraries be added to.conf Section: (none) Explanation/Reference: QUESTION 36 Please enter the command with all parameters and arguments. portmap and ________ daemons must be running on an NFS server.168. that could be used by root to list the cron jobs for the user john.conf file can a share be hidden? Answer: $ Section: (none) Explanation/Reference: QUESTION 34 nfsd. but these are not available to programs and are not listed by lconfig -p. before running ldconfig? Answer: ld.1. Answer: mountd Section: (none) Explanation/Reference: QUESTION 35 You have installed some new libraries.conf to restrict zone transfers to the 192. Answer: crontab -u john -l Section: (none) Explanation/Reference: QUESTION 37 You are not sure whether the kernel has detected a piece of hardware in your machine.

should be run to present the contents of the kernel ringbuffer? Answer: dmesg Section: (none) Explanation/Reference: QUESTION 38 Which program lists information about files opened by processes and produces output that can be parsed by other programs? Answer: lsof Section: (none) Explanation/Reference: QUESTION 39 Which site-specific configuration file for the shadow login suite must be modified to log login failures? Please enter the complete path to that file.command.cf Section: (none) Explanation/Reference: QUESTION 42 What postfix configuration setting defines the domains for which Postfix will deliver mail locally? (Please provide only the configuration setting name with no other information) .conf and thus are set to their default values? Please enter the command and its parameter(s): Answer: testparm -v Section: (none) Explanation/Reference: QUESTION 41 What is the path to the global postfix configuration file? (Please specify the complete directory path and file name) Answer: /etc/postfix/main.defs Section: (none) Explanation/Reference: QUESTION 40 Which Samba-related command will show all options that were not modified using smb. Answer: /etc/login. without options or parameters.

and is used to copy files into or out of archives.) Answer: cpio Section: (none) Explanation/Reference: QUESTION 45 In which directory can all parameters available to sysctl be found? (Provide the full path) Answer: /proc/sys Section: (none) Explanation/Reference: QUESTION 46 Instead of running the command echo 1 >/proc/sys/net/ipv4/ip_forward. with no arguments or path.conf. (Specify the command only.) Answer: smbpasswd Section: (none) Explanation/Reference: QUESTION 44 This program has 3 operating modes: copy-in mode. What is the missing value in the configuration line below? (Please specify only the missing value) Answer: net. copy-out mode. What program is this? (Please provide the command name only. the configuration setting is going to be added to /etc/sysctl.Answer: mydomain Section: (none) Explanation/Reference: QUESTION 43 The command ___________ -x foo will delete the user foo from the Samba database. no path information.ipv4. and copy-pass mode.ip_forward Section: (none) Explanation/Reference: QUESTION 47 What is the name of the module in Apache that provides the HTTP Basic Authentication functionality? (Please provide ONLY the module name) .

cf Section: (none) Explanation/Reference: QUESTION 51 All machines outside the network are able to send emails through the server to addresses not served by that server. (Supply only the filename. If the server accepts and delivers the email. then it is a(n) _______________.Answer: mod_auth Section: (none) Explanation/Reference: QUESTION 48 What command is used to print NFS kernel statistics? (Provide the command with or without complete path) Answer: nfsstat Section: (none) Explanation/Reference: QUESTION 49 What is the default location for sendmail configuration files? (Please provide the complete path to the directory) Answer: /etc/mail Section: (none) Explanation/Reference: QUESTION 50 Postfix daemons can be chroot'd by setting the chroot flag in _______. without a path) Answer: master. Answer: open email relay Section: (none) Explanation/Reference: QUESTION 52 To allow X connections to be forwarded from or through an SSH server. what line must exist in the sshd configuration file? Answer: X11Forwarding yes Section: (none) .

C. if home directories are stored in /home? Please enter the complete path to the file.html and the following directive is present in server's Apache configuration file? UserDir site/html Given that all users have their home directory in /home. please type in the FULL file name including the path. B. is presented when the client requests http://server/~joe/index.so .d/login includes the following configuration parameters. Which of them is NOT correct? A.conf /etc/networks /var/cache/arp Answer: B Section: (none) Explanation/Reference: QUESTION 56 LDAP-based authentication against a newly-installed LDAP server does not work as expected.Explanation/Reference: QUESTION 53 Which file. password required /lib/security/pam_ldap. Answer: /home/foo/. in the local file-system. D.so use_first_pass C. account sufficient /lib/security/pam_ldap. /etc/hosts /etc/ethers /etc/arp.html Section: (none) Explanation/Reference: QUESTION 54 Where is the user foo's procmail configuration stored. Answer: /home/joe/site/html/index. which file will be read by default? A. E. The file /etc/pam.procmailrc Section: (none) Explanation/Reference: QUESTION 55 If the command arp -f is run. auth sufficient /lib/security/pam_ldap.so B.

3 C. 60 IN A 192.so E. C. auth required /lib/security/pam_ldap.168. Running make inside /var/yp on the NIS server to generate new maps C.3 B. All traffic to localhost must always be allowed. It doesn't matter.2.example.168. syslogd receives messages on localhost Answer: D Section: (none) Explanation/Reference: QUESTION 58 Which records must be entered in a zone file in order to use "Round Robin Load Distribution" for a web server? A.example.1. Running yppush on the NIS server to propagate map changes to NIS clients B. 60 IN RR 192.192.192. www.1. Starting the yppasswdd daemon on the NIS server to receive login re quests from NIS clients .3 Answer: A Section: (none) Explanation/Reference: QUESTION 59 A new user was created on a master NIS server using useradd but cannot log in from an NIS client.1. www. when creating the new user? A.example. E.168.org.168.1-3 D. www. password required /lib/security/pam_pwdb.1:3 E. D.example. www.192.D.168.168.example. 60 IN RR 192.example. 60 IN A 192.org.2 www.168. 60 IN A 192. 60 IN A 192.1 www.1.168. Older users can log in.1. B.org.org.org. iptables never affects packets addressed to localhost Sendmail delivers emails to localhost Some applications use the localhost interface to communicate with other applications.org.1.1.168.example. Which step was probably forgotten.1. www.1.1.168.so Answer: E Section: (none) Explanation/Reference: QUESTION 57 When the default policy for the iptables INPUT chain is set to DROP.192.org.2.168.1. why should a rule allowing traffic to localhost exist? A. 60 IN A 192.

B. ~/ . Restarting ypxfr daemons on the NIS client and server to fetch map changes Answer: A Section: (none) Explanation/Reference: QUESTION 60 When connecting to an SSH server for the first time.txt Answer: C Section: (none) Explanation/Reference: QUESTION 61 Remote access to a CD-RW device on a machine on a LAN must be restricted to a selected user group. Starting the ypxfr daemon on the NIS client to fetch map changes from the NIS server E.ssh/known_hosts ~/ . because it is essential for user authentication E. its fingerprint is received and stored in a file.ssh/fingerprints ~/ . it is important to configure the /etc/pam. If the pam_console module is used.ssh/id_dsa. C. including simultaneous access by many users C.pub ~/ .D.d/su file. The pam_console module allows access configuration to these devices via console.ssh/id_dsa ~/ . The pam_console module can be used to control access to devices via console. allowing/denying access to these devices in the user's session D. which is located at: A. so the PAM modules can secure the service Answer: CE Section: (none) Explanation/Reference: . E. Select the TWO correct alternatives that describe the possible solutions for this problem.ssh/gpg. so they can access the devices. The remote access to these devices can be allowed to users by changing the display manager configuration and allowing sudo access for the user that will log in remotely B. Besides that. D. Through the sudo configuration file. it is possible to set users that will have the power of the root user. it must be checked as required. A.

Sign up to vote on this title
UsefulNot useful