Free Dumps
Free LPIC-2_202-450 Dump
Lưu ý: Free LPIC-2_202-450 Dump chỉ dành cho mục đích học tập và làm quen với bài thi. Nội dung của Free LPIC-2_202-450 Dump không được cập nhật mới nhất nên không đảm bảo Pass Exam. Liên hệ ITexamViet để Pass Exam Nhanh Nhất.
Question 1: A company is transitioning to a new DNS domain name and wants to accept e-mail for both domains for all of its users on a Postfix server. Which configuration option should be updated to accomplish this?
A. mydomain
B. mylocations
C. mydestination
D. myhosts
E. mydomains
Answer: C
Question 2: When are Sieve filters usually applied to an email?
A. When the email is delivered to a mailbox
B. When the email is relayed by an SMTP server
C. When the email is received by an SMTP smarthost
D. When the email is sent to the first server by an MUA
E. When the email is retrieved by an MUA
Answer: A
Question 3: It has been discovered that the company mail server is configured as an open relay. Which of the following actions would help prevent the mail server from being used as an open relay while maintaining the possibility to receive company mails? (Choose two.)
A. Restrict Postfix to only accept e-mail for domains hosted on this server
B. Configure Dovecot to support IMAP connectivity
C. Configure netfilter to not permit port 25 traffic on the public network
D. Restrict Postfix to only relay outbound SMTP from the internal network E. Upgrade the mailbox format from mbox to maildir
Answer: A, D
Question 4: After the installation of Dovecot, it is observed that the dovecot processes are shown in ps ax like this: In order to associate the processes with users and peers, the username, IP address of the peer and the connection status, which of the following options must be set?
A. –with-linux-extprocnames for ./configure when building Dovecot
B. sys.ps.allow_descriptions = 1 in sysct1.conf or /proc
C. proc.all.show_status = 1 in sysctl.conf or /proc
D. verbose_proctitle = yes in the Dovecot configuration
E. process_format = “%u %I %s” in the Dovecot configuration
Answer : D
Question 5 Which Postfix command can be used to rebuild all of the alias database files with a single invocation and without the need for any command line arguments?
A. makealiases
B. newaliases
C. postalias
D. postmapbuild
Question 6: Which of the following actions synchronizes UNIX passwords with the Samba passwords when the encrypted Samba password is changed using smbpasswd?
A. There are no actions to accomplish this since is not possible.
B. Run netvamp regularly, to convert the passwords.
C. Run winbind –sync, to synchronize the passwords.
D. Add unix password sync = yes to smb.conf
E. Add smb unix password = sync to smb.conf
Answer: D
Question 7 In order to join a file server to the Active Directory domain intra.example.com, the following smb.conf has been created: The command net ads join raises an error and the server is not joined to the domain. What should be done to successfully join the domain?
A. Change server role to ad member server to join an Active Directory domain instead of an NT4 domain.
B. Add realm = intra.example.com to the smb.conf and change workgroup to the domain’s netbios workgroup name.
C. Manually create a machine account in the Active Directory domain and specify the machine account’s name with –U when starting net ads join.
D. Remove the winbind enum users and winbind enum groups since winbind is incompatible with Active Directory domains.
E. Remove all idmap configuration stanzas since the id mapping is defined globally in an Active Directory domain and cannot be changed on a member server.
Answer : E
Question 8: What does the samba-tool testparm command confirm regarding the Samba configuration?
A. The configuration loads successfully.
B. The service operates as expected.
C. The Samba services are started automatically when the system boots.
D. The netfilter configuration on the Samba server does not block any access to the services defined in the configuration.
E. All running Samba processes use the most recent configuration version.
Answer: A
Question 9: Select the Samba option below that should be used if the main intention is to setup a guest printer service?
A. security = cups
B. security = ldap C. security = pam
D. security = share
E. security = printing
Answer: D
Question 10 A workstation is on the wired network with an IP address of 192.168.1.177 but is unable to access the Samba server. A wireless laptop with an IP address 192.168.2.93 can access the Samba server. Additional trouble shooting shows that almost every machine on the wired network is unable to access the Samba server. Which alternate host allow declaration will permit wired workstations to connect to the Samba server without denying access to anyone else?
A. host allow = 192.168.1.1-255
B. host allow = 192.168.1.100192.168.2.200localhost
C. host deny = 192.168.1.100/255.255.255.0192.168.2.31localhost
D. host deny = 192.168.2.200/255.255.255.0192.168.2.31localhost
E. host allow = 192.168.1.0/255.255.255.0192.168.2.0/255.255.255.0 localhost
Question 11: Which of the following options are valid in /etc/exports? (Choose two.)
A. Rw
B. Ro
C. Rootquash
D. Norootquash
E. Uid
Answer : A, B
Question 12: Which command is used to configure which file systems a NFS server makes available to clients?
A. exportfs
B. mkfs.nfs
C. mount
D. nfsservct1
E. telinit
Answer: A
Question 13: Which of these tools, without any options, provides the most information when performing DNS queries?
A. Dig
B. Nslookup
C. Host
D. Named-checkconf
E. Named-checkzone
Answer: A
Question 14: Performing a DNS lookup with dig results in this
A. There is no . after linuserv.example.net in the PTR record in the forward lookup zone file
B. There is no . after linuserv in the PTR record in the forward lookup zone file
C. There is no . after linuserv.example.net in the PTR record in the reverse lookup zone file D. The . in the NS definition in the reverse lookup zone has to be removed
Answer : C
Question 15: What option for BIND is required in the global options to disable recursive queries on the DNS server by default?
A. allow-recursive-query ( none; );
B. allow-recursive-query off;
C. recursion { disabled; };
D. recursion { none; };
E. recursion no;
Answer : E
Question 16: Which of the following DNS records could be a glue record?
A. ns1.labA198.51.100.53
B. labNS198.51.100.53
C. ns1.labNS198.51.100.53
D. ns1.A198.51.100.53
E. ns1.labGLUE198.51.100.53
Answer: A
Question 17: What is DNSSEC used for?
A. Encrypted DNS queries between nameservers
B. Cryptographic authentication of DNS zones
C. Secondary DNS queries for local zones
D. Authentication of the user that initiated the DNS query
E. Encrypting DNS queries and answers
Anwer: B
Question 18: What word is missing from the following excerpt of a named.conf file?
A. networks
B. net C. list
D. acl
E. group
Answer : D
Question 19: In a BIND zone file, what does the @ character indicate?
A. It’s the fully qualified host name of the DNS server
B. It’s an alias for the e-mail address of the zone master
C. It’s the name of the zone as defined in the zone statement in named.conf
D. It’s used to create an alias between two CNAME entries
Answer: C
Question 20: Which BIND option should be used to limit the IP addresses from which slave name servers may connect?
A. allow-zone-transfer
B. allow-transfer
C. allow-secondary
D. allow-slave
E. allow-queries
Answer: B
Answer: B
Question 21: On a Linux router, packet forwarding for IPv4 has been enabled. After a reboot, the machine no longer forwards IP packets from other hosts. The command: echo 1 > /proc/sys/net/ipv4/ip_forward temporarily resolves this issue.
Which one of the following options is the best way to ensure this setting is saved across system restarts?
A. Add echo 1 > /proc/sys/net/ipv4/ip_forward to the root user login script
B. Add echo 1 > /proc/sys/net/ipv4/ip_forward to any user login script
C. In /etc/sysct1.conf change net.ipv4.ip_forward to 1
D. In /etc/rc.local add net.ipv4.ip_forward = 1
E. In /etc/sysconfig/iptables-config add ipv4.ip_forward = 1
Answer: C
Question 22 : What information can be found in the file specified by the status parameter in an
OpenVPN server configuration file? (Choose two.)
A. Errors and warnings generated by the openvpn daemon
B. Routing information
C. Statistical information regarding the currently running openvpn daemon
D. A list of currently connected clients
E. A history of all clients who have connected at some point
Answer: B, D
Question 23 : Which of the following lines in the sshd configuration file should, if present, be changed in order to increase the security of the server? (Choose two.)
A. Protocol 2, 1
B. PermitEmptyPasswords no
C. Port 22
D. PermitRootLogin yes
E. IgnoreRhosts yes
Answer: A, D
Question 24: Which of the following nmap parameters scans a target for open TCP ports? (Choose two.)
A. –SO
B. -SZ
C. –ST
D. –SU E. –SS
Answer: C, E
Question 25: Which of the statements below are correct regarding the following commands, which are executed on a Linux router? (Choose two.)
A. Packets with source or destination addresses from fe80::/64 will never occur in the FORWARD chain
B. The rules disable packet forwarding because network nodes always use addresses from fe80::/64 to identify routers in their routing tables
C. ip6tables returns an error for the second command because the affected network is already part of another rule
D. Both ip6tables commands complete without an error message or warning
E. The rules suppress any automatic configuration through router advertisements or DHCPv6
Answer: A, D
Question 26: What option in the client configuration file would tell OpenVPN to use a dynamic source port when making a connection to a peer?
A. src-port
B. remote
C. source-port
D. nobind
E. dynamic-bind
Answer: D
Question 27: Which Linux user is used by vsftpd to perform file system operations for anonymous FTP users?
A. The Linux user which runs the vsftpd process
B. The Linux user that owns the root FTP directory served by vsftpd
C. The Linux user with the same user name that was used to anonymously log into the FTP server D. The Linux user root, but vsftpd grants access to anonymous users only to globally read/writeable files
E. The Linux user specified in the configuration option ftp_username
Answer: E
Question 28: Which of the following sshd configuration should be set to no in order to fully disable password based login ( choose TWO )
A. PAMAuthentication
B. ChallengegeResponseAuthentication
C. PermitPlaintextLogin
D. UsePasswords
E. PasswordAuthentication
Answer: B, E
Question 29: When the default policy for the netfilter INPUT chain is set to DROP, why should a rule allowing traffic to localhost exist?
A. All traffic to localhost must always be allowed
B. It doesn’t matter; netfilter never affects packets addressed to localhost
C. Some applications use the localhost interface to communicate with other applications
D. syslogd receives messages on localhost
E. The iptables command communicates with the netfilter management daemon netfilterd on localhost to create and change packet filter rules
Answer : C
Question 30: The content of which local file has to be transmitted to a remote SSH server in order to be able to log into the remote server using SSH keys?
A. ~/.ssh/authorized_keys
B. ~/.ssh/config
C. ~/.ssh/id_rsa.pub
D. ~/.ssh/id_rsa
E. ~./ssh/known_hosts
Answer: C
Question 31: What is the name of the network security scanner project which, at the core, is a server with a set of network vulnerability tests?
A. NetMap
B. Open VAS
C. SmartScan
D. WireShark
Anwer: B
Question 32: With fail2ban, what is a ‘jail’?
A. A netfilter rules chain blocking offending IP addresses for a particular service
B. A group of services on the server which should be monitored for similar attack patterns in the log files
C. A filter definition and a set of one or more actions to take when the filter is matched D. The chroot environment in which fail2ban runs
Answer: C
Question 33: The program vsftpd, running in a chroot jail, gives the following error:
A. The file /etc/ld.so.conf in the root filesystem must contain the path to the appropriate lib directory in the chroot jail
B. Create a symbolic link that points to the required library outside the chroot jail
C. Copy the required library to the appropriate lib directory in the chroot jail D. Run the program using the command chroot and the option–static_libs
Answer: C
Question 34: Which of the following Samba configuration parameters is functionally identical to the parameter read only=yes?
A. browseable=no
B. read write = no
C. writeable = no
D. wrile only = no
E. write access = no
Answer : C
Question 35: How must Samba be configured such that it can check CIFS passwords against those found in /etc/passwd and /etc/shadow
A. Set the parameters “encrypt passwords = yes” and “password file = /etc/passwd”
B. Set the parameters “encrypt passwords = yes”, “password file = /etc/passwd” and “password algorithm = crypt”
C. Delete the smbpasswd file and create a symbolic link to the passwd and shadow file
D. It is not possible for Samba to use /etc/passwd and /etc/shadow directly
E. Run smbpasswd to convert /etc/passwd and /etc/shadow to a Samba password file
Answer : D
Question 36: In which CIFS share must printer drivers be placed to allow Point’n’Print driver deployment on Windows?
A. winx64drv$ B. print$
C. The name of the share is specified in the option print driver share within each printable share in smb.conf
D. pnpdrivers$
E. NETLOGON
Answer: B
Question 37: Which of the following Samba services handles the membership of a file server in an Active Directory domain?
A. winbindd
B. nmbd
C. msadd
D. admemb
E. samba
Answer: A
Question 38: Which of the following statements is true regarding the NFSv4 pseudo file system on the NFS server?
A. It must be called /exports
B. It usually contains bind mounts of the directory trees to be exported
C. It must be a dedicated partition on the server
D. It is defined in the option Nfsv4-Root in /etc/pathmapd.conf
E. It usually contains symlinks to the directory trees to be exported
Answer : B
Question 39: A user requests a “hidden” Samba share, named confidential, similar to the Windows Administration Share. How can this be configured?
A. Option A
B. Option B
C. Otion C
D. Option D
E. Option E
Answer: E
Question 40: In order to protect a directory on an Apache HTTPD web server with a password, this configuration was added to an .htaccess file in the respective directory:
Furthermore, a file /var/www/dir/ .htpasswd was created with the following content: usera:S3cr3t
Given that all these files were correctly processed by the web server processes, which of the following statements is true about requests to the directory?
A. The user usera can access the site using the password s3cr3t
B. Accessing the directory as usera raises HTTP error code 442 (User Not Existent)
C. Requests are answered with HTTP error code 500 (Internal Server Error)
D. The browser prompts the visitor for a username and password but logins for usera do not seem to work E. The web server delivers the content of the directory without requesting authentication
Answer : E
Question 41: Which Apache HTTPD directive enables HTTPS protocol support?
A. HTTPSEngine on
B. SSLEngine on
C. SSLEnable on
D. HTTPSEnable on
E. StartTLS on
Answer : B
Question 42: Which statements about the Alias and Redirect directives in Apache HTTPD’s configuration file are true? (Choose two.)
A. Alias can only reference files under DocumentRoot
B. Redirect works with regular expressions
C. Redirect is handled on the client side
D. Alias is handled on the server side
E. Alias is not a valid configuration directive
Answer : C, D
Question 43: Which http_access directive for Squid allows users in the ACL named sales_net to only access the Internet at times specified in the time_acl named sales_time?
A. http_access deny sales_time sales_net
B. http_access allow sales_net sales_time
C. http_access allow sales_net and sales-time
D. allow http_access sales_net sales_time
E. http_access sales_net sales_time
Answer: B
Question 44: Which global option in squid.conf sets the port number or numbers that Squid will use to listen for client requests?
A. port
B. clien_port
C. http_port
D. server_port
E. squid_port
Answer: C
Question 45: When using mod_authz_core, which of the following strings can be used as an argument to Require in an Apache HTTPD configuration file to specify the authentication provider? (Choose three.) A. method
B. all
C. regex
D. header
E. expr
Answer : A, B ,E
Question 46: Which tool creates a Certificate Signing Request (CSR) for serving HTTPS with Apache HTTPD? A. apachect1
B. certgen
C. cartool
D. httpsgen
E. openssl
Answer: E
Question 47: In response to a certificate signing request, a certification authority sent a web server certificate along with the certificate of an intermediate certification authority that signed the web server certificate. What should be done with the intermediate certificate in order to use the web server certificate with Apache HTTPD?
A. The intermediate certificate should be merged with the web server’s certificate into one file that is specified in SSLCertificateFile
B. The intermediate certificate should be used to verify the certificate before its deployment on the web server and can be deleted
C. The intermediate certificate should be stored in its own file which is referenced in SSLCaCertificateFile
D. The intermediate certificate should be improved into the certificate store of the web browser used to test the correct operation of the web server
E. The intermediate certificate should be archived and resent to the certification authority in order to request a renewal of the certificate
Answer: A
Question 48: When trying to reverse proxy a web server through Nginx, what keyword is missing from the following configuration sample?
A. remote_proxy
B. reverse_proxy
C. proxy_reverse
D. proxy_pass
E. forward_to
Answer: D
Question 49: If there is no access directive, what is the default setting for OpenLDAP?
A. Option A
B. Option B
C. Option C
D. Option D
Answer: A
Question 50: A host, called lpi, with the MAC address 08:00:2b:4c:59:23 should always be given the IP address of 192.168.1.2 by a DHCP server running ISC DHCPD.
Which of the following configurations will achieve this?
A. Option A
B. Option B
C. Option C
D. Option D
E. Option E
Answer: D
Question 51 : How is the LDAP administrator account configured when the rootdn and rootpw directives are not present in the slapd.conf file?
A. The default account admin with the password admin are used
B. The account is defined by an ACL in slapd.conf
C. The default account admin is used without a password
D. The account is defined in the file /etc/ldap.secret
E. The account is defined in the file /etc/ldap.root.conf
Answer: B
Question 52: Which of the following PAM modules allows the system administrator to use an arbitrary file containing a list of user and group names with restrictions on the system resources available to them?
A. pam_filter
B. pam_limits
C. pam_listfile
D. pam_unix
Answer: B
Question 53: In a PAM configuration file, which of the following is true about the required control flag?
A. If the module returns success, no more modules of the same type will be invoked
B. The success of the module is needed for the module-type facility to succeed. If it returns a failure, control is returned to the calling application
C. The success of the module is needed for the module-type facility to succeed. However, all remaining modules of the same type will be invoked
D. The module is not critical and whether it returns success or failure is not important E. If the module returns failure, no more modules of the same type will be invoked
Answer: C
Question 54: How are PAM modules organized and stored?
A. As plain text files in /etc/security/
B. A statically linked binaries in /etc/pam.d/bin/
C. As Linux kernel modules within the respective sub directory of /lib/modules/
D. As shared object files within the /lib/ directory hierarchy
E. As dynamically linked binaries in /usr/lib/pam/sbin/
Answer : D
Question 55: Which of the following statements in the ISC DHCPD configuration is used to specify whether or not an address pool can be used by nodes which have a corresponding host section in the configuration?
A. identified-nodes
B. unconfigured-hosts C. missing-peers
D. unmatched-hwaddr
E. unknown-clients
Answer: E
Question 56: Which of the following authentication mechanisms are supported by Dovecot? (Choose three.)
A. ldap
B. digest-md5
C. cram-md5
D. plain
E. krb5
Answer: B, C ,D
Question 57: Which of the following services belongs to NFSv4 and does not exist in NFSv3? A. rpc.idmap
B. rpc.statd
C. nfsd
D. rpc.mountd
Answer: A