On a Linux router, packet forwarding for IPv4 has been enabled. After a reboot, the machine no longer
forwards IP packets from other hosts. The command:
echo 1 > /proc/sys/net/ipv4/ip_forward temporarily resolves this issue.
Which one of the following options is the best way to ensure this setting is saved across system restarts? Add echo 1 > /proc/sys/net/ipv4/ip_forward to the root user login script Add echo 1 > /proc/sys/net/ipv4/ip_forward to any user login script In /etc/sysctl.conf change net.ipv4.ip_forward to 1 In /etc/rc.local add net.ipv4.ip_forward = 1 In /etc/sysconfig/iptables-config add ipv4.ip_forward = 1.
What information can be found in the file specified by the status parameter in an OpenVPN server configuration file? (Choose two.) Errors and warnings generated by the openvpn daemon Routing information Statistical information regarding the currently running openvpn daemon A list of currently connected clients A history of all clients who have connected at some point.
Which of the following lines in the sshd configuration file should, if present, be changed in order to increase the security of the server? (Choose two.) Protocol 2, 1 PermitEmptyPasswords no Port 22 PermitRootLogin yes IgnoreRhosts yes.
Which of the following nmap parameters scans a target for open TCP ports? (Choose two.) -sO -sZ -sT -sU -sS.
Which of the statements below are correct regarding the following commands, which are executed on a Linux router? (Choose two.)
ip6tables -A FORWARD -s fe80::/64 -j DROP
ip6tables -A FORWARD -d fe80::/64 -j DROP Packets with source or destination addresses from fe80::/64 will never occur in the FORWARD chain The rules disable packet forwarding because network nodes always use addresses from fe80::/64 to identify routers in their routing tables ip6tables returns an error for the second command because the affected network is already part of another rule Both ip6tables commands complete without an error message or warning The rules suppress any automatic configuration through router advertisements or DHCPv6.
What option in the client configuration file would tell OpenVPN to use a dynamic source port when making a connection to a peer? src-port remote source-port nobind dynamic-bind.
Which Linux user is used by vsftpd to perform file system operations for anonymous FTP users? The Linux user which runs the vsftpd process The Linux user that owns the root FTP directory served by vsftpd The Linux user with the same user name that was used to anonymously log into the FTP server The Linux user root, but vsftpd grants access to anonymous users only to globally read-/writeable files The Linux user specified in the configuration option ftp_username.
Which of the following sshd configuration should be set to no in order to fully disable password based logins? (Choose two.) PAMAuthentication ChallengegeResponseAuthentication PermitPlaintextLogin UsePasswords PasswordAuthentication.
When the default policy for the netfilter INPUT chain is set to DROP, why should a rule allowing traffic to localhost exist? All traffic to localhost must always be allowed It doesn't matter; netfilter never affects packets addressed to localhost Some applications use the localhost interface to communicate with other applications syslogd receives messages on localhost The iptables command communicates with the netfilter management daemon netfilterd on localhost to create and change packet filter rules.
What command creates a SSH key pair? (Specify ONLY the command without any path or parameters).
The content of which local file has to be transmitted to a remote SSH server in order to be able to log into the remote server using SSH keys? ~/.ssh/authorized_keys ~/.ssh/config ~/.ssh/id_rsa.pub ~/.ssh/id_rsa ~./ssh/known_hosts.
The content of which local file has to be transmitted to a remote SSH server in order to be able to log into. What is the name of the network security scanner project which, at the core, is a server with a set of network vulnerability tests? NetMap OpenVAS Smartscan Wireshark.
With fail2ban, what is a 'jail'? A netfilter rules chain blocking offending IP addresses for a particular service A group of services on the server which should be monitored for similar attack patterns in the log files A filter definition and a set of one or more actions to take when the filter is matched The chroot environment in which fail2ban runs.
The program vsftpd, running in a chroot jail, gives the following error:
/bin/vsftpd: error while loading shared libraries: libc.so.6:
cannot open shared object file: No such file or directory.
Which of the following actions would fix the error? The file /etc/ld.so.conf in the root filesystem must contain the path to the appropriate lib directory in the chroot jail Create a symbolic link that points to the required library outside the chroot jail Copy the required library to the appropriate lib directory in the chroot jail Run the program using the command chroot and the option--static_libs.
Which of the following Samba configuration parameters is functionally identical to the parameter read only=yes? browseable=no read write=no writeable=no write only=no write access=no.
How must Samba be configured such that it can check CIFS passwords against those found in /etc/passwd and /etc/shadow? Set the parameters "encrypt passwords = yes" and "password file = /etc/passwd" Set the parameters "encrypt passwords = yes", "password file = /etc/passwd" and "password algorithm = crypt" Delete the smbpasswd file and create a symbolic link to the passwd and shadow file It is not possible for Samba to use /etc/passwd and /etc/shadow directly Run smbpasswd to convert /etc/passwd and /etc/shadow to a Samba password file.
In which CIFS share must printer drivers be placed to allow Point'n'Print driver deployment on Windows? winx64drv$ print$ The name of the share is specified in the option print driver share within each printable share in smb.conf pnpdrivers$ NETLOGON.
Which of the following Samba services handles the membership of a file server in an Active Directory domain? winbindd nmbd msadd admemb samba.
Which of the following statements is true regarding the NFSv4 pseudo file system on the NFS server? It must be called /exports It usually contains bind mounts of the directory trees to be exported It must be a dedicated partition on the server It is defined in the option Nfsv4-Root in /etc/pathmapd.conf It usually contains symlinks to the directory trees to be exported.
A user requests a "hidden" Samba share, named confidential, similar to the Windows Administration Share. How can this be configured? [confidential]
comment = hidden share
path = /srv/smb/hidden
write list = user
create mask = 0700
directory mask = 0700 [$confidential]
comment = hidden share
path = /srv/smb/hidden
write list = user
create mask = 0700
directory mask = 0700 [#confidential]
comment = hidden share
path = /srv/smb/hidden
write list = user
create mask = 0700
directory mask = 0700 [#confidential]
comment = hidden share
path = /srv/smb/hidden
write list = user
create mask = 0700
directory mask = 0700 [confidential$]
comment = hidden share
path = /srv/smb/hidden
write list = user
create mask = 0700
directory mask = 0700.
Which of the following options are valid in /etc/exports? (Choose two.) rw ro rootsquash norootsquash uid.
Which command is used to configure which file systems a NFS server makes available to clients? exportfs mkfs.nfs mount nfsservct1 telinit.
Which of these tools, without any options, provides the most information when performing DNS queries? dig nslookup host named-checkconf named-checkzone.
Performing a DNS lookup with dig results in this answer:
;; question SECTION:
;5.123.168.192.in-addr.arpa. IN PTR
;; ANSWER SECTION:
5.123.168.192.in-addr.arpa. 600 IN PTR linuserv.example.net.123.168.192.in-addr.arpa.
;;AUTHORITY SECTION:
123.168.192.in-addr.arpa. 600 IN NS linuserv.example.net.
;; ADDITIONAL SECTION:
linuserv.example.net. 600 IN A 192.168.123.5 There is no . after linuserv.example.net in the PTR record in the forward lookup zone file There is no . after linuserv in the PTR record in the forward lookup zone file There is no . after linuserv.example.net in the PTR record in the reverse lookup zone file The . in the NS definition in the reverse lookup zone has to be removed.
What option for BIND is required in the global options to disable recursive queries on the DNS server by default? allow-recursive-query ( none; ); allow-recursive-query off; recursion { disabled; }; recursion { none; }; recursion no;.
Which of the following DNS records could be a glue record? ns1.lab A 198.51.100.53 lab NS 198.51.100.53 ns1.lab NS 198.51.100.53 ns1. A 198.51.100.53 ns1.lab GLUE 198.51.100.53.
What is DNSSEC used for? Encrypted DNS queries between nameservers Cryptographic authentication of DNS zones Secondary DNS queries for local zones Authentication of the user that initiated the DNS query Encrypting DNS queries and answers.
What word is missing from the following excerpt of a named.conf file?
___________ friends {
10.10.0.0/24; 192.168.1.0/24;
};
options
{ allow-query { friends; };
}; networks net list acl group.
In a BIND zone file, what does the @ character indicate? It's the fully qualified host name of the DNS server It's an alias for the e-mail address of the zone master It's the name of the zone as defined in the zone statement in named.conf It's used to create an alias between two CNAME entries.
Which BIND option should be used to limit the IP addresses from which slave name servers may connect? allow-zone-transfer allow-transfer allow-secondary allow-slaves allow-queries.
In order to protect a directory on an Apache HTTPD web server with a password, this configuration was added to an .htaccess file in the respective directory:
AuthType Basic
AuthName "Protected Directory"
AuthUserFile /var/www/dir/ .htpasswd
Require valid-user
Furthermore, a file /var/www/dir/ .htpasswd was created with the following content: usera:S3cr3t
Given that all these files were correctly processed by the web server processes, which of the following statements is true about requests to the directory? The user usera can access the site using the password s3cr3t Accessing the directory as usera raises HTTP error code 442 (User Not Existent) Requests are answered with HTTP error code 500 (Internal Server Error) The browser prompts the visitor for a username and password but logins for usera do not seem to work The web server delivers the content of the directory without requesting authentication.
Which Apache HTTPD directive enables HTTPS protocol support? HTTPSEngine on SSLEngine on SSLEnable on HTTPSEnable on HTTPSEnable on.
What configuration directive of the Apache HTTPD server defines where log files are stored? (Specify ONE of the directives without any other options.).
Which statements about the Alias and Redirect directives in Apache HTTPD's configuration file are true? (Choose two.) Alias can only reference files under DocumentRoot Redirect works with regular expressions Redirect is handled on the client side Alias is handled on the server side Alias is not a valid configuration directive.
Which http_access directive for Squid allows users in the ACL named sales_net to only access the Internet at times specified in the time_acl named sales_time? http_access deny sales_time sales_net http_access allow sales_net sales_time http_access allow sales_net and sales-time allow http_access sales_net sales_time http_access sales_net sales_time.
Which global option in squid.conf sets the port number or numbers that Squid will use to listen for client requests? client_port port http_port server_port squid_port.
When using mod_authz_core, which of the following strings can be used as an argument to Require in an Apache HTTPD configuration file to specify the authentication provider? (Choose three.) method all regex header expr.
Which tool creates a Certificate Signing Request (CSR) for serving HTTPS with Apache HTTPD? apachect1 certgen cartool httpsgen openssl.
In response to a certificate signing request, a certification authority sent a web server certificate along with the certificate of an intermediate certification authority that signed the web server certificate.
What should be done with the intermediate certificate in order to use the web server certificate with Apache HTTPD? The intermediate certificate should be merged with the web server's certificate into one file that is specified in SSLCertificateFile The intermediate certificate should be used to verify the certificate before its deployment on the web server and can be deleted The intermediate certificate should be stored in its own file which is referenced in SSLCaCertificateFile The intermediate certificate should be improved into the certificate store of the web browser used to test the correct operation of the web server The intermediate certificate should be archived and resent to the certification authority in order to request a renewal of the certificate.
Which directive in a Nginx server configuration block defines the TCP ports on which the virtual host will be available, and which protocols it will use? (Specify ONLY the option name without any values.).
When trying to reverse proxy a web server through Nginx, what keyword is missing from the following configuration sample?
location /{
______________http://proxiedserver:8080;
} remote_proxy reverse_proxy proxy_reverse proxy_pass forward_to.
If there is no access directive, what is the default setting for OpenLDAP? access to *
by * read access to *
by anonymous none
by * read access to *
by anonymous auth
by * read access to *
by anonymous write
by * read.
A host, called lpi, with the MAC address 08:00:2b:4c:59:23 should always be given the IP address of 192.168.1.2 by a DHCP server running ISC DHCPD.
Which of the following configurations will achieve this? host lpi {
hardware-ethernet 08:00:2b:4c:59:23;
fixed-address 192.168.1.2;
} host lpi {
mac=08:00:2b:4c:59:23; ip=192.168.1.2;
} host lpi = 08:00:2b:4c:59:23 192.168.1.2 host lpi {
hardware ethernet 08:00:2b:4c:59:23;
fixed-address 192.168.1.2;
} host lpi {
hardware-address 08:00:2b:4c:59:23;
fixed-address 192.168.1.2;
}.
How is the LDAP administrator account configured when the rootdn and rootpw directives are not present in the slapd.conf file? The default account admin with the password admin are used The account is defined by an ACL in slapd.conf The default account admin is used without a password The account is defined in the file /etc/ldap.secret The account is defined in the file /etc/ldap.root.conf.
Which of the following PAM modules allows the system administrator to use an arbitrary file containing a list of user and group names with restrictions on the system resources available to them? pam_filter pam_limits pam_listfile pam_unix.
According to this LDIF excerpt, which organizational unit is Robert Smith part of? (Specify only the organizational unit.)
dn: cn=Robert Smith, ou=people, dc=example,dc=com
objectclass: inetOrgPerson
cn: Robert Smith
cn: Robert J Smith
cn: bob smith
sn: smith
uid: rjsmith
userpassword: rJsmitH
carlicense: HISCAR 123
homephone: 555-111-2222
mail: r.smith@example.com
mail: rsmith@example.com
mail: bob.smith@example.com
description: swell guy.
In a PAM configuration file, which of the following is true about the required control flag? If the module returns success, no more modules of the same type will be invoked The success of the module is needed for the module-type facility to succeed. If it returns a failure, control is returned to the calling application The success of the module is needed for the module-type facility to succeed. However, all remaining modules of the same type will be invoked The module is not critical and whether it returns success or failure is not important If the module returns failure, no more modules of the same type will be invoked.
What is the name of the root element of the LDAP tree holding the configuration of an OpenLDAP server that is using directory based configuration? (Specify ONLY the element's name without any additional information.).
How are PAM modules organized and stored? As plain text files in /etc/security/ A statically linked binaries in /etc/pam.d/bin/ As Linux kernel modules within the respective sub directory of /lib/modules/ As shared object files within the /lib/ directory hierarchy As dynamically linked binaries in /usr/lib/pam/sbin/.
Which of the following statements in the ISC DHCPD configuration is used to specify whether or not an address pool can be used by nodes which have a corresponding host section in the configuration? identified-nodes unconfigured-hosts missing-peers unmatched-hwaddr unknown-clients.
In order to specify alterations to an LDAP entry, what keyword is missing from the following LDIF file excerpt?
cn=Some Person, dc=example, dc=com
changetype:_____________
...
Specify the keyword only and no other information.
Which OpenLDAP client command can be used to change the password for an LDAP entry? (Specify ONLY the command without any path or parameters.).
A company is transitioning to a new DNS domain name and wants to accept e-mail for both domains for all of its users on a Postfix server. Which configuration option should be updated to accomplish this? mydomain mylocations mydestination myhosts mydomains.
What is the path to the global Postfix configuration file? (Specify the full name of the file, including path.).
When are Sieve filters usually applied to an email? When the email is delivered to a mailbox When the email is relayed by an SMTP server When the email is received by an SMTP smarthost When the email is sent to the first server by an MUA When the email is retrieved by an MUA.
It has been discovered that the company mail server is configured as an open relay. Which of the following actions would help prevent the mail server from being used as an open relay while maintaining the possibility to receive company mails? (Choose two.) Restrict Postfix to only accept e-mail for domains hosted on this server Configure Dovecot to support IMAP connectivity Configure netfilter to not permit port 25 traffic on the public network Restrict Postfix to only relay outbound SMTP from the internal network Upgrade the mailbox format from mbox to maildir.
After the installation of Dovecot, it is observed that the dovecot processes are shown in ps ax like this:
31248? S 0:00 dovecot/imap
31253? S 0:00 dovecot/imap-login
In order to associate the processes with users and peers, the username, IP address of the peer and the connection status, which of the following options must be set? --with-linux-extprocnames for ./configure when building Dovecot sys.ps.allow_descriptions = 1 in sysct1.conf or /proc proc.all.show_status = 1 in sysctl.conf or /proc verbose_proctitle = yes in the Dovecot configuration process_format = "%u %I %s" in the Dovecot configuration.
Which Postfix command can be used to rebuild all of the alias database files with a single invocation and without the need for any command line arguments? makealiases newaliases postalias postmapbuild.
Which action in a Sieve filter forwards a message to another email address without changing the message? (Specify ONLY the action's name without any parameters.).
Which of the following authentication mechanisms are supported by Dovecot? (Choose three.) ldap digest-md5 cram-md5 plain krb5.
Which of the following services belongs to NFSv4 and does not exist in NFSv3? rpc.idmapd rpc.statd nfsd rpc.mountd.
Which of the following actions synchronizes UNIX passwords with the Samba passwords when the encrypted Samba password is changed using smbpasswd? There are no actions to accomplish this since is not possible. Run netvamp regularly, to convert the passwords. Run winbind --sync, to synchronize the passwords. Add unix password sync = yes to smb.conf Add smb unix password = sync to smb.conf.
In order to join a file server to the Active Directory domain intra.example.com, the following smb.conf has been created:
[global]
workgroup = intra.example.com
netbios name = Fileserver
server role = member server
idmap config * : backend = tdb
idmap config * : ranged = 10000-199999
windbind enum users = yes
windbind enum group = yes
The command net ads join raises an error and the server is not joined to the domain. What should be done to successfully join the domain? Change server role to ad member server to join an Active Directory domain instead of an NT4 domain. Add realm = intra.example.com to the smb.conf and change workgroup to the domain's netbios workgroup name. Manually create a machine account in the Active Directory domain and specify the machine account's name with ""U when starting net ads join. Remove the winbind enum users and winbind enum groups since winbind is incompatible with Active Directory domains. Remove all idmap configuration stanzas since the id mapping is defined globally in an Active Directory domain and cannot be changed on a member server.
In order to export /usr and /bin via NFSv4, /exports was created and contains working bind mounts to /usr and /bin. The following lines are added to /etc/exports on the NFC server:
/exports 192.0.1.0/24 (rw, sync, fsid=0, crossmnt, no_subtree_check)
/exports/usr 192.0.2.0/24 (rw, sync, fsid=0, crossmnt, no_subtree_check)
/exports/bin 192.0.2.0/24 (rw, sync, fsid=0, crossmnt, no_subtree_check)
After running –
mount -t nfsv4 server:/ /mnt
of an NFC-Client, it is observed that /mnt contains the content of the server's /usr directory instead of the content of the NFSv4 foot folder.
Which option in /etc/exports has to be changed or removed in order to make the NFSv4 root folder appear when mounting the highest level of the server? (Specify ONLY the option name without any values or parameters.).
What does the samba-tool testparm command confirm regarding the Samba configuration? The configuration loads successfully. The service operates as expected. The Samba services are started automatically when the system boots. The netfilter configuration on the Samba server does not block any access to the services defined in the configuration. All running Samba processes use the most recent configuration version.
Select the Samba option below that should be used if the main intention is to setup a guest printer service? security = cups security = ldap security = pam security = share security = printing.
The Samba configuration file contains the following lines:
host allow = 192.168.1.100 192.168.2.0/255.255.255.0 local host
host deny = 192.168.2.31
interfaces = 192.168.1.0/255.255.255.0 192.168.2.0/255.255.255.0
A workstation is on the wired network with an IP address of 192.168.1.177 but is unable to access the Samba server. A wireless laptop with an IP address 192.168.2.93 can access the Samba server. Additional trouble shooting shows that almost every machine on the wired network is unable to access the Samba server.
Which alternate host allow declaration will permit wired workstations to connect to the Samba server without denying access to anyone else? host allow = 192.168.1.1-255 host allow = 192.168.1.100 192.168.2.200 localhost host deny = 192.168.1.100/255.255.255.0 192.168.2.31 localhost host deny = 192.168.2.200/255.255.255.0 192.168.2.31 localhost host allow = 192.168.1.0/255.255.255.0 192.168.2.0/255.255.255.0 localhost.
What command displays NFC kernel statistics? (Specify ONLY the command without any path or parameters.).
Which keyword is used in the Squid configuration to define networks and times used to limit access to the service? acl allow http_allow permit.
The following Apache HTTPD configuration has been set up to create a virtual host available at www.example.com and www2.example.com:
<VirtualHost *:80>
ServerName www.example.com
ServerName www2.example.com
ServerAdmin webmaster@example.com
DocumentRoot /var/www/
<Directory /srv/www/>
Require all granted
</Directory>
</VirtualHost>
Even though Apache HTTPD correctly processed the configuration file, requests to both names are not handled correctly. What should be changed in order to ensure correct operations? The configuration must be split into two VirtualHost sections since each virtual host may only have one name. The port mentioned in opening VirtualHost tag has to be appended to the ServerName declaration's values. Both virtual host names have to be placed as comma separated values in one ServerName declaration. Both virtual host names have to be mentioned in the opening VirtualHost tag. Only one Server name declaration may exist, but additional names can be declared in ServerAlias options.
Given the following Squid configuration excerpt:
cache_dir ufs /var/spool/squid3/ 1024 16 256
Which of the following directories will exist directly within the directory:
Dovecot/var/spool/squid3/? (Choose two.) 0F A0 0b FF 00.
Which of the following statements are true regarding Server Name Indication (SNI)? (Choose two.) It supports transparent failover of TLS sessions from one web server to another. It allows multiple SSL/TLS secured virtual HTTP hosts to coexist on the same IP address. It enables HTTP servers to update the DNS of their virtual hosts' names using the X 509 certificates of the virtual hosts. It provides a list of available virtual hosts to the client during the TLS handshake. It submits the host name of the requested URL during the TLS handshake.
Which Apache HTTPD configuration directive specifies the RSA private key that was used in the generation of the SSL certificate for the server? SSLCertificateKeyFile SSLKeyFile SSLPrivateKeyFile SSLRSAKeyFile.
There is a restricted area in a site hosted by Apache HTTPD, which requires users to authenticate against the file /srv/www/security/sitepasswd.
Which command is used to CHANGE the password of existing users, without losing data, when Basic authentication is being used? htpasswd -c /srv/www/security/sitepasswd user htpasswd /srv/www/security/sitepasswd user htpasswd -n /srv/www/security/sitepasswd user htpasswd -D /srv/www/security/sitepasswd user.
Which of the following DNS record types is used for reverse DNS queries? CNAME IN PTR REV RIN.
Which Apache HTTPD configuration directive is used to specify the method of authentication, e.g. None or Basic? AuthUser AllowedAuthUser AuthType AllowAuth.
Which of the following are logging directives in Apache HTTPD? (Choose two.) TransferLog CustomLog ErrorLog ServerLog VHostLog.
Which option within a Nginx server configuration section defines the file system path from which the content of the server is retrieved? location htdocs DocumentRoot root base_dir.
With Nginx, which of the following directives is used to proxy requests to a FastCGI application? fastcgi_pass fastcgi_proxy proxy_fastcgi proxy_fastcgi_pass fastcgi_forward.
Which of the following information has to be submitted to a certification authority in order to request a web server certificate? The web server's private key. The IP address of the web server. The list of ciphers supported by the web server. The web server's SSL configuration file. The certificate signing request.
For what purpose is TCP/IP stack fingerprinting used by nmap? It is used to determine the remote operating system. It is used to filter out responses from specific servers. It is used to identify duplicate responses from the same remote server. It is used to masquerade the responses of remote servers. It is used to uniquely identify servers on the network for forensics.
To allow X connections to be forwarded from or through an SSH server, what configuration keyword must be set to yes in the sshd configuration file? AllowForwarding ForwardingAllow XllForwardingAllow XllForwarding.
What is the standard port used by OpenVPN? 1723 4500 500 1194.
What option in the sshd configuration file instructs sshd to permit only specific user names to log in to a system? (Specify ONLY the option name without any values.).
Using its standard configuration, how does fail2ban block offending SSH clients? By rejecting connections due to its role as a proxy in front of SSHD. By modifying and adjusting the SSHD configuration. By creating and maintaining netfilter rules. By creating null routes that drop any answer packets sent to the client. By modifying and adjusting the TCP Wrapper configuration for SSHD.
Which FTP names are recognized as anonymous users in vsftp when the option anonymous_enable is set to yes in the configuration files? (Choose two.) anonymous ftp In the described configuration, any username which neither belongs to an existing user nor has another special meaning is treated as anonymous user. nobody guest.
Which of the following commands can be used to connect and interact with remote TCP network services? (Choose two.) nettalk nc telnet cat netmap.
To which destination will a route appear in the Linux routing table after activating IPv6 on a router's network interface, even when no global IPv6 addresses have been assigned to the interface? Fe80::/10 0::/128 0::/0 fe80::/64 2000::/3.
In order to prevent all anonymous FTP users from listing uploaded file names, what security precaution can be taken when creating an upload directory? The directory must not have the execute permission set. The directory must not have the read permission set. The directory must not have the read or execute permission set. The directory must not have the write permission set. The directory must not contain other directories.
Which command is used to administer IPv6 netfilter rules? iptables iptablesv6 iptables6 ip6tables ipv6tables.
Which netfilter table contains built-in chains called INPUT, OUTPUT and FORWARD? ipconn filter nat default masq.
After running ssh-keygen and accepting the default values, which of the following files are changed or created? (Choose two.) ~/.ssh/id_rsa.key ~/.ssh/id_rsa.pub ~/.ssh/id_rsa.prv ~/.ssh/id_rsa.crt ~/.ssh/id_rsa.
Which of the following OpenVPN configuration options makes OpenVPN forward network packets between VPN clients itself instead of passing the packets on to the Linux host which runs the OpenVPN server for further processing? inter-client-traffic client-to-client client-router client-pass grant-client-traffic.
Which of these tools provides DNS information in the following format?
www.example.com has address 172.25.25.55
www.example.com has address 172.25.25.63
www.example.com has IPv6 address fdb4:8fbc:36el:101f dig nslookup host named-checkconf named-checkzone.
Which rdnc sub command can be used in conjunction with the name of a zone in order to make BIND reread the content of the specific zone file without reloading other zones as well? lookup reload fileupdate reread zoneupdate.
A zone file contains the following lines:
$ORIGIN example.com
host2.example.org. IN A 198.51.100.102
and is included in the BIND configuration using this configuration stanza:
zone "example.com" {
type master;
file "db.example.com";
};
Which problem is contained in this configuration? The zone statement is the BIND configuration must contain the cross-zone-data yes; statement. The zone cannot contain records for a name which is outside the zone's hierarchy. The $ORIGIN declaration cannot be used in zone files that are included for a specific zone name in the BIND configuration. An A record cannot contain an IPv4 address because its value is supposed to be a reverse DNS name. Names of records in a zone file cannot be fully qualified domain names.
According to the configuration below, what is the full e-mail address of the administrator for this domain?.
$ORIGIN example.com
@ IN SOA mars.example.com pluto.example.com (
2016073142
10800
3600
604800
86400 ).
What is the purpose of DANE? Verify the integrity of name information retrieved via DNS. Allow secure dynamic DNS updates. Invalidate name information stored on caching name servers to speed up DNS updates. Discover which servers within a DNS domain offer a specific service. Provide a way to verify the association of X 509 certificates to DNS host names.
A BIND server should be upgraded to use TSIG. Which configuration parameters should be added if the server should use the algorithm hmac-md5 and the key skrKc4DoTzi/takIlPi7JZA==? TSIG server.example.com. {
algorithm hmac-md5;
secret "skrKc4DoTzi/tAkllPi7JZA==";
}; key server.example.com. {
algorithm hmac-md5;
secret skrKc4DoTzi/tAkllPi7JZA==;
}; key server.example.com. {
algorithm hmac-md5;
secret "skrKc4DoTzi/tAkllPi7JZA==";
}; key server.example.com. {
algorithm=hmac-md5;
secret="skrKc4DoTzi/tAkllPi7JZA==";
}; key server.example.com.
algorithm hmac-md5
secret "skrKc4DoTzi/tAkI1Pi7JZA==";.
Which option in named.conf specifies which host are permitted to ask for domain name information from the server? allowed-hosts accept-query permit-query allow-query query-group.
Which doveadm sub-command displays a list of connections of Dovecot in the following format? (Specify ONLY the command without any parameters.)
username # proto (pids) (ips)
usera 1 imap (31519) (198.51.100.14)
userb 1 imap (31608) (203.0.113.129).
Which of the following actions are available in Sieve core filters? (Choose three.) drop discard fileinto relay reject.
Which of the following statements allow the logical combinations of conditions in Sieve filters? (Choose two.) allof anyof noneof and or.
Which configuration parameter on a Postfix server modifies only the sender address and not the recipient address? alias_maps alias_rewrite_maps sender_canonical_maps sender_rewrite_maps.
Which option in the Postfix configuration makes Postfix pass email to external destinations to another SMTP-server? (Specify ONLY the option name without any values.).
What is the name of the Dovecot configuration variable that specifies the location of user mail? mbox mail_location user_dir maildir user_mail_dir.
In the main Postfix configuration file, how are service definitions continued on the next line? It isn't possible. The service definition must fit on one line. The initial line must end with a backslash character (\). The following line must begin with a plus character (+). The following line must begin with white space indentation. The service definition continues on the following lines until all of the required fields are specified.
Which of the following commands displays an overview of the Postfix queue content to help identify remote sites that are causing excessive mail traffic? mailtraf queuequery qshape postmap poststats.
Which of these sets of entries does the following command return?
ldapsearch -x “(|(cn=marie) (!(telephoneNumber=9*)))” Entries that don't have a cn of marie or don't have a telephoneNumber that begins with 9. Entries that have a cn of marie or don't have a telephoneNumber beginning with 9. Entries that have a cn of marie and a telephoneNumber that ending with 9. Entries that don't have a cn of marie and don't have a telephoneNumber beginning with 9. Entries that have a cn of marie or have a telephoneNumber beginning with 9.
Which of the following types of IPv6 address assignments does DHCPv6 support? (Choose three.) Assignments of normal IPv6 addresses that can be renewed. Assignments of temporary IPv6 addresses that cannot be renewed. Assignments of blacklisted IPv6 addresses that should no longer be used. Assignments of IPv6 prefixes that can be used for routing or further assignments. Assignments of anonymous IPv6 addresses whose assignment is not logged by the DHCPv6 server.
Which attitude of an object in LDAP defines which other attributes can be set for the object? (Specify ONLY the attribute name without any values.).
Which of the following commands is used to change user passwords in an OpenLDAP directory? setent ldpasswd olppasswd ldappasswd ldapchpw.
Which of the following is correct about this excerpt from an LDIF file?
dn: cn=PrintOperators,ou=Groups,o=IT,DC=mycompany,DC=example,DC=com dn is the domain name. o is the operator name. cn is the common name. dn is the relative distinguished name. DC is the delegation container.
Which of the following statements is INCORRECT regarding the LDIF file format? It contains a dn line that indicates where the attributes listed in the following lines of the file must be added. In the file, a blank line separates one entry from another one. If an attribute contains binary data, some specific configurations must be made for this entry. The LDIF file accepts any type of file encoding.
Which option within the ISC DHCPD configuration file defines the IPv4 DNS server address(es) to be sent to the DHCP clients? domain-name-servers domain-server name-server servers.
Which of the following PAM modules sets and unsets environment variables? pam_set pam_shell pam-vars pam-env pam_export.
Which of the following lines is valid in a configuration file in /etc/pam.d/? auth required pam_unix.so try_first_pass nullok auth try_first_pass nullok, require pam_unix.so auth required:pam_unix.so(try_first_pass nullok) auth pam_unix.so(required try_first_pass nullok).
Select the alternative that shows the correct way to disable a user login for all users except root The use of the pam_block module along with the /etc/login configuration file. The use of the pam_deny module along with the /etc/deny configuration file. The use of the pam_pwdb module along with the /etc/pwdv.conf configuration file. The use of the pam_nologin module along with the /etc/nologin configuration file.
Which of the following values can be used in the OpenLDAP attribute olcBackend for any object of the class olcBackendConfig to specify a backend? (Choose three.) xml bdb passwd ldap text.
|
