202-400
COMENTARIOS |
ESTADÍSTICAS |
RÉCORDS
|
Título del Test: 202-400 Descripción: 202-400 |
Nuevo Comentario| Comentarios |
|---|
NO HAY REGISTROS |
|
After setting up Apache to run inside a chroot jail as a non-root user, httpd no longer starts. What is the primary cause of the problem?. Apache needs to start as root to bind to port 80. Apache cannot read the main index.html file because it was not moved into the chroot environment. A LoadModule line for mod_chroot needs to be added to httpd.conf. Apache requires a Virtual Host directive when running from a chroot environment. The mod_chroot configuration needs the absolute path to the chroot environment. Which file, on a majordomo server, will contain a list of all members' email addresses for the mailing list "linux-users"? (Enter only the file name). Users in the acl named 'sales_net' must only be allowed to access to the Internet at times specified in the time_acl named 'sales_time'. Which is the correct http_access directive, to configure this?. http_access deny sales_time sales_net. http_access allow sales_net sales_time. http_access allow sales_net and sales_time. allow http_access sales_net sales_time. http_access sales_net sales_time. The internal network (192.168.1.0-192.168.1.255) needs to be able to relay email through the site's sendmail server. What line must be added to /etc/mail/access to allow this?. 192.168.1.0/24 RELAY. 192.168.1 RELAY. 192.168.1.0/24 OK. 192.168.1 OK. What command is used to print NFS kernel statistics? (Provide the command with or without complete path). To configure an LDAP service in the company " domain Ltd", which of the following entries should be added to slapd.conf, in the Database Directives section, to set the rootdn so that the common name is Manager and the company's domain is domain.com ?. rootdn cn=Manager de= domain dc=com. rootdn "cn=Manager,dc= domain ,dc=com". rootdn en= domain ,dc=com,dc=Manager. rootdn "en= domain ,dc=com,dc=Manager". rootdn "cn=Manager de= domain dc=com". By default OpenLDAP logs via syslogd. What is the slapd.conf file directive to have the LDAP logs written to /var/log/ldap.log?. loglevel. logfile. syslogfile. logfilepath. A program, called vsftpd, running in a chroot jail, is giving the following error: /bin/vsftpd. Error while loading shared libraries: libc.so.6: cannot open shared object filE. No such file or directory. Which TWO of the following are possible solutions?. Get the vsftp source code and compile it statically. The file /etc/ld.so.conf must contain the path to the appropriate lib directory in the ch root jail. Create a symbolic link that points to the required library outside the chroot jail. Copy the required library to the appropriate lib directory in the ch root jail. Run the program using the command chroot and the option --static_libs. Please enter the command with all parameters and arguments, that could be used by root to list the cron jobs for the user john. Which of the following DNS record types is used to allow users and applications to make reverse DNS queries?. CNAME. IN. PTR. REV. REV. Which entry in the .procmailrc file will send a copy of an email to another mail address?. :0c. :0 copy. :c. :copy. :s. Select the INCORRECT statement regarding the LDIF file format: It contains a dn line, that indicates where the attributes listed in the following lines of the file must be added. In the file, a blank line separates one entry from another one. If an attribute contains binary data, some specific configurations must be made for this entry. The LDIF file accepts any type of file encoding. Which option within the ISC DHCPD configuration file defines the 1Pv4 DNS server address(es) to be sent to the DHCP clients?. domain-name-servers. domain-server. name-server. servers. What is DNSSEC used for?. Encrypted DNS queries between nameservers. Cryptographic authentication of DNS zones. Secondary DNS queries for local zones. Authentication of the user that initiated the DNS query. Encrypting DNS queries and answers. Which Squid configuration directive defines the authentication method to use?. auth_param. auth_method. auth_program. auth_mechanism. proxy_auth. What command is used to reload a set of saved netfilter rules?. iptables-restore. iptables-recover. iptables-load. iptables-reload. With fail2ban, what is a ‘jail’?. A netfilter rules chain blocking offending IP addresses for a particular service. A group of services on the server which should be monitored for similar attack patterns in the log files. A filter definition and a set of one or more actions to take when the filter is matched. The chroot environment in which fail2ban runs. Which ACL type in Squid's configuration file is used for authentication purposes?. proxyAuth. proxy_auth. proxy_passwd. auth. auth_required. After changing /etc/exports on a server, remote hosts are still unable to mount the exported directories. What should be the next action? Please select TWO correct answers. Restart the NFS daemon. Run exportfs -a on the server. Run exportfs -f on the server. Run showmount -a on the server. Restart the remote hosts. Which of these tools, without any options, provides the most information when performing DNS queries?. dig. nslookup. host. named-checkconf. named-checkzone. To securely use dynamic DNS updates, the use of TSIG is recommended. Which TWO statements about TSIG are true?. TSIG is used for zone data encryption. TSIG is a signal to start a zone update. TSIG is used in zone files. TSIG is used only in server configuration. Servers using TSIG must be in sync (time zone!). What command can be used to add a new newsgroup called ABC that allows posting?. ctlinnd newgroup domain n news. ctlinnd newgroup domain y news. ctlinnd addgroup domain y news. ctlinnd newgroup domain +rw news. ctlinnd addgroup domain +rw news. Users in the ACL named sales_net must only be allowed to access to the Internet at times specified in the time_acl named sales_time. Which is the correct http_access directive for Squid to configure this?. http_access deny sales_time sales_net. http_access allow sales_net sales_time. http_access allow sales_net and sales_time. allow http_access sales_net sales_time. http_access sales_net sales_time. Which command can be used to change the password for an LDAP entry?. Which global option in squid.cont sets the port number or numbers that Squid will use to listen for client requests?. port. client_port. http_port. server port. squid_port. A security-conscious administrator would change which TWO of the following lines found in an SSH configuration file?. Protocol 2, 1. PermitEmptyPasswords no. Port 22. PermitRootlogin yes. lgnoreRhosts yes. Which configuration parameter on a Postfix server modifies only the sender address and not the recipient address. alias_maps. alias_rewrite_maps. sender_canonical_maps. sender_rewrite_maps. A BIND server should never answer queries from certain networks or hosts. Which configuration directive could be used for this purpose?. deny-query { ... ; };. no-answer { ... ; };. deny-answer { ... ; };. deny-access { ... ; };. blackhole { ... ; };. Which file on a Postfix server modifies the sender address for outgoing e-mails? Please enter only the file name without the path. The syntax of the procmail configuration file is?. :0[flags][:[lockfile]] [* condition] action. [* condition] action: 0[flags][:[lockfile]]. :0[flags][:[lockfile]]:[* condition]:action. :0[flags][:[lockfile]]:[* condition] action. Which answer best describes the meaning of the following LDAP search command. ldapseareh -x" ( &( cn=ma rie )(te le phoneN um ber=9 *))". It is searching for all entries that don't have the en attribute equal to marie OR the telephoneNumber attribute starting with number 9. It is searching for all entries that have the en attribute equal to marie AND the telephoneNumber attribute starting with number 9. It is searching for all entries that have the en attribute equal to marie AND the telephoneNumber attribute ending with number 9. It is searching for all entries that don't have the en attribute equal to marie AND the telephoneNumber attribute starting with number 9. It is searching for all entries that have the en attribute different than marie OR the telephoneNumber attribute starting with number 9. Which option in named.cont specifies which hosts are permitted to ask for domain name information from the server?. allowed-hosts. accept-query. permit-query. allow-query. Which Apache directive allows the use of external configuration files defined by the directive AccessFileName?. AllowExternalConfig. AllowAccessFile. AllowConfig. lncludeAccessFile. AllowOverride. Which of the following are commonly used log file directives in Apache? (Choose TWO correct answers.). Configlog. Customlog. Errorlog. ServerLog. VHostLog. A private OID to be used with OpenLDAP should be obtained for a company when: The company plans to create custom schema files for their directory. The company intends to use a commercial LDAP schema. The company wants to make their directory available to the public on the Internet. The company wish to use an encrypted attribute. Which is the preferred mail server for the domain example.com, according to the BIND configuration below? (Type the fully-qualified domain name.) [..] @ IN MX 10 mx-ny.domain.com @ IN MX 50 mx-ca domain.com [..]. In what mode is your FTP session when the client side makes the connections to both the data and command ports of the FTP server?. passive. active. impassive. safe. inactive. Consider the following/ srv/www/ default/html/ restricted/.htaccess AuthType Basic AuthUserFile / srv/www/ security/ site-passwd AuthName Restricted Require valid-user Order deny,allow Deny from all Allow from 10.1.2.0/24 Satisfy any Considering that DocumentRoot is set to /srv/www/default/html, which TWO of the following sentences are true?. Apache will only grant access to http://server/restricted/to authenticated users connecting from clients in the 10.1.2.0/24 network. This setup will only work if the directory /srv/www/default/html/restricted/ is configured with AllowOverride AuthConfig Limit. Apache will require authentication for every client requesting connections to http://server/restricted/. Users connecting from clients in the 10.1.2.0/24 network won't need to authenticate themselves to access http://server /restricted/. The Satisfy directive could be removed without changing Apache behavior for this directory. According to the configuration below, what is the e-mail address of the administrator for this domain? $TTL 86400 $ORIGIN domain.com @ IN SOA mars.domain.com hostmaster.domain.com 2005020801 10800 3600 604800 86400). Which Apache directive is used to configure the main directory for the site, out of which it will serve documents?. ServerRoot. UserDir. Directorylndex. Location. DocumentRoot. The users of the local network complain that name resolution is not fast enough. Enter the command, without the path or any options, that shows the time taken to resolve a DNS query. According to this LDIF excerpt, which organizational unit is Robert Smith part of? (Specify only the organizational unit.) Smith,ou=people,dc=example,dc=com objectclass: inetOrgPerson en: Robert Smith en: Robert J Smith en: bob smith sn: smith uiD. rjsmith userpassword. r Jsm itH carlicense. HISCAR 123 homephone. 555-111-2222 mail: r.smith@example.com mail: rsmith@example.com mail: bob.smith@example.com dn: cn=Robert description: swell guy. The host, called " domain ", with the MAC address "08:00:2b:4c:59:23", should always be given the IP address of 192.168.1.2 by the DHCP server. Which of the following configurations will achieve this?. host domain { hardware-ethernet 08:00:2b:4c:59:23; fixed-address 192.168.1.2; }. host domain { mac=08:00:2b:4c:59:23; ip= 192.168.1.2; }. host domain = 08:00:2b:4c:59:23 192.168.1.2. host domain { hardware ethernet 08:00:2b:4c:59:23; fixed-address 192.168.1.2; }. host domain { hardware-address 08:00:2b.4c:59:23; fixed-ip 192.168.1.2; }. Which format, for storing user e-mail, uses the directories tmp, cur and new in order to solve reliability problems in other storage formats?. imap. maildir. mbox. mh. pop3. The new file server is a member of the Windows domain "too". Which TWO of the following configuration sections will allow members of the domain group "all" to read, write and execute files in "/srv/smb/data"?. [data] comment = data share path = /srv/smb/data write list = @foo+all force group = @foo+all create mask= 0550 directory mask= 0770. [data] comment = data share path = /srv/smb/data write list = @foo+all force group = @foo+all create mask= 0770 directory mask= 0770. [data] path = /srv/smb/data write list = @foo+all force group = @foo+all create mask = 0770 directory mask= 0770. [data] comment = data share path = /srv/smb/data write list = @foo+all force group = @foo+all directory mask= 0770. [data] comment = data share path = /srv/smb/data write list = @foo+all force group = all create mask=0 550 directory mask= 0770. As of Linux kernel 2.4, which software is used to configure a VPN?. IPSec. SSH. net - tools. FreeS/WAN. iproute2. Which of the following commands can be used to list all exported file systems from a remote NFS server?. exportfs. mount. nfslist. rpcstat. showmount. A user requests a "hidden" Samba share, named confidential, similar to the Windows Administration Share. How can this be configured?. [confidential] comment= hidden share path= /srv/smb/hidden write list = user create mask = 0700 directory mask= 0700. [$confidential] comment= hidden share path= /srv/smb/hidden write list = user create mask = 0700 directory mask= 0700. [#confidential] comment= hidden share path= /srv/smb/hidden write list = user create mask = 0700 directory mask= 0700. [%confidential] comment= hidden share path= /srv/smb/hidden write list = user create mask = 0700 directory mask= 0700. [confidential$] comment= hidden share path= /srv/smb/hidden write list = user create mask = 0700 directory mask= 0700. On a newly-installed mail server with the IP address 10.10.10.1, ONLY local networks should be able to send email. How can the configuration be tested, using telnet, from outside the local network?. telnet 10.10.10.1 25 MAIL FROM<admin@example.com> RECEIPT TO:<someone@example.org>. telnet 10.10.10.1 25 RCPT FROM:admin@example.com MAIL TO:<someone@example.org>. telnet 10.10.10.1 25 HELLO bogus.example.com MAIL FROM:<anyone@example.org> RCPT TO:<someone@example.net>. telnet 10.10.10.1 25 HELO bogus.example.com MAIL FROM:<anyone@example.org> RCPT TO:<someone@example.net>. telnet 10.10.10.1 25 HELO: bogus.example.com RCPT FROM:<anyone@example.org> MAIL TO:<someone@example.net>. Messages from programs are not appearing in the user's native language. What environment variable must be set for this to happen?. LANG. I18N. MESSAGES. MSGS. LC_MSGS. Which of the following is needed, to synchronise the UNIX password with the Samba password, when the encrypted Samba password in the smbpasswd file is changed?. Nothing, because this is not possible. Run netvamp regularly, to convert the passwords. Run win bind --sync, to synchronise the passwords. Add unix password sync= yes to smb.conf. Add smb unix password= sync to smb.conf. While analyzing a slapd.conf file, an administrator noted that the rootdn and rootpw directives are not present. Where is the LDAP administrator account defined?. It is using the default account admin with the password admin. The account is defined by an ACL in slapd.conf. It is using the default account admin without a password. The account is defined in the file /etc/ldap.secret. The account is defined in the file /etc/ldap.root.conf. Which of the following actions should be considered when a FTP chroot jail is created? (Choose THREE correct answers.). Create /dev/ and /etc/ in the chroot enviroment. Create /etc/passwd in the chroot enviroment. Bind-mount /proc in the ch root environment. Create the user ftp in the chroot enviroment. Create /dev/kmem in the chroot environment. A user is on holiday for two weeks. Anyone sending an email to that account should receive an autoresponse. Which of the following procmail rules should be used, so that all incoming emails are processed by vacation?. :0c: | /usr/bin/vacation nobody. :w | /usr/bin/vacation nobody. :0fc: | /usr/bin/vacation nobody. | /usr/bin/vacation nobody. :> | /usr/bin/vacation nobody. When trying to reverse proxy a web server through Nginx, what keyword is required to pass the Host header from the original request to the proxied server? ... { Host $host. proxy_pass_header. proxy_forward_header. proxy_set_header. proxy_heade. Which setting in the Courier IMAP configuration file will tell the IMAP daemon to listen only on the localhost interface?. ADDRESS=127.0.0.1. Listen 127.0.0.1. INTERFACE=127.0.0.1. LOCALHOST_ONLY=1. Which of these ways can be used to only allow access to a DNS server from specified networks/hosts?. Using the limit{ ... ;};statement in the named configuration file. Using the allow-query{ ... ;};statement in the named configuration file. Using the answer only{ ... ;};statement in the named configuration file. Using the answer{ ... ;};statement in the named configuration file. Using the query access{ ... ;};statement in the named configuration file. Which of the following is correct about this excerpt from an LDIF file? dn: cn=PrintOperators,ou=Groups,ou=IT,o=BR. dn is the domain name. o is the organizational unit. cn is the common name. dn is the relative distinguished name. Which of these sets of entries will the following command return? ldapsearch -x "( I (en=marie)(!(telephoneNumber=9*)))". Entries that don't have a en of marie or don't have a telephoneNumber that begins with 9. Entries that have a en of marie or don't have a telephoneNumber beginning with 9. Entries that have a en of marie and a telephoneNumber ending with 9. Entries that don't have a en of marie and don't have a telephoneNumber beginning with 9. Entries that have a en of marie or have a telephoneNumber beginning with 9. Which Samba-related command will show all options that were not modified using smb.conf and thus are set to their default values? Please enter the command and its parameter(s): On a Linux router, packet forwarding for 1Pv4 has been enabled. After a reboot, the machine no longer forwards IP packets from other hosts. The command. echo 1 > /proc/sys/net/ipv4/ip_forward temporarily resolves this issue. Which one of the following options is the best way to ensure this setting is saved across system restarts?. Add echo 1 > /proc/sys/net/ipv4/ip_forward to the root user login script. Add echo 1 > /proc/sys/net/ipv4/ip_forward to any user login script. In /etc/sysctl.conf change net.ipv4.ip_forward to 1. In /etc/re.local add net.ipv4.ip_forward = 1. In /etc/sysconfig/iptables-config add ipv4.ip_foward = 1. Which of the following sentences is true, when using the following /etc/pam.d/login file? # %PAM-LO auth required /lib/security/pam_securetty.so auth required /lib/security/pam_nologin.so auth sufficient /lib/security/pam_unix.so shadow nullok md5 use_authtok auth required /lib/security/pam_ldap.so use_first_pass account sufficient /lib/security/pam_unix.so account required /lib/security/pam_ldap.so password required /lib/security/pam_cracklib.so password sufficient /lib/security/pam_unix.so nullok use_authtok md5 shadow password required /lib/security/pam_ldap.so use_first_pass session optional /lib/security/pam_console.so session sufficient /lib/security/pam_unix.so session required /lib/security/pam_ldap.so. All users will be authenticated against the LDAP directory. This is the only file needed to configure LDAP authentication on Linux. Only local users will be able to log in, when the file/etc/nologin exists. Ordinary users will be able to change their password to be blank. If the control flags for auth were changed to required, local users wouldn't be able to log in. A web server is expected to handle approximately 200 simultaneous requests during normal use with an occasional spike in activity and is performing slowly. Which directives in httpd.conf need to be adjusted?. MinSpareServers & MaxSpareServers. MinSpareServers, MaxSpareServers, StartServers & MaxClients. MinServers, MaxServers & MaxClients. MinSpareServers, MaxSpareServers, StartServers, MaxClients & KeepAlive. What word is missing from the following excerpt of a named.cont file? __ friends { 1 0.10.0.0/24; 192.168.1.0/24; }; options { allow-query { friends; }; };. networks. net. list. acl. Given this excerpt from an Apache configuration file, which of the numbered lines has INCORRECT syntax? 1 : <VirtualHost *:80> 2 : ServerAdmin admin9@server.example.org 3 : DocumentRoot /home/http/ad min 4 : ServerName admin.server.example.org 5 : Directorylndex index.php default.php 6 : Errorlog logs/admin.server.example.org-error_log 7 : Customlog logs/admin.server.example.org-access_log common 8 : </VirtualHost>. 1. 1 and 4. 1, 4 and 7. 1 and 5. None. The configuration is valid. Which command can be used to list all exported file systems from a remote NFS server: exportfs. nfsstat. rpcinfo. showmount. importfs. When the Apache HTTP Server is configured to use name-based virtual hosts: It's necessary to configure a different IP address for each virtual host. The Listen directive is required for each virtual host. Each virtual host can serve requests to exactly one hostname only. It is required to create a Virtual Host block for the main host. The setting NameVirtualHost *:80 indicates that all name based virtual hosts will listen on port 80. What directive can be used in named.cont to restrict zone transfers to the 192.168.1.0/24 network?. allow-transfer { 192.168.1.0/24; };. allow-transfer { 192.168.1.0/24 };. allow-axfr { 192.168.1.0/24; };. allow-axfr { 192.168.1.0/24 };. allow-xfer { 192.168.1.0/24; };. Which of the following tools, on its own, can provide dial-in access to a server?. mingetty. pppd. dip. chat. mgetty. For an LDAP client configuration, the LDAP base needs to be set. Which TWO of the following actions would achieve that?. export LDAPBASE=dc=linuxfoo,dc=com. export BASE=dc=linuxfoo,dc=com. Edit ldapbase.conf and add "BASE dc=linuxfoo,dc=com". Edit cldap.conf and add "BASE dc=linuxfoo,dc=com". Edit ldap.conf and add "BASE dc=linuxfoo,dc=com". What postfix configuration setting defines the domains for which Postfix will deliver mail locally? (Please provide only the configuration setting name with no other information). In which directory are the PAM modules stored?. A procmail recipe is required to delete all emails marked as spam. Please complete the recipe. :0: * X-Spam-Status: Yes. Which of the following configuration lines will export /usr/local/share/ to nfsclient with readwrite access, ensuring that all changes are written straight to the disk?. nfsclient:/usr/local/share/:rw,sync. nfsclient(rw,sync) /usr /local/share. /usr /local/share nfsclient(rw,sync). /usr /local/share nfsclient:rw:sync. /usr /local/share nfsclient(rw). What is the path to the global postfix configuration file? (Please specify the complete directory path and file name). In a BIND zone file, what does the @ character indicate?. It's the fully qualified host name of the DNS server. It's an alias for the e-mail address of the zone master. It's the name of the zone as defined in the zone statement in named.cont. It's used to create an alias between two CNAME entries. Which of the following daemons will monitor log files for inappropriate activity, such as login attempts, from remote IP addresses and will add netfilter rules to block the offending address?. fail2ban. portsentry. openids. logwatch. Which THREE of the following actions should be considered when a FTP chroot jail is created?. Create /dev/ and /etc/ in the chroot enviroment. Create /etc/passwd in the chroot enviroment. Create /var/cache/ftp in the chroot enviroment. Create the user ftp in the chroot enviroment. Create /usr/sbin/ in the chroot enviroment. Which dhcpd.conf option defines the DNS server address(es) to be sent to the DHCP clients?. domain name. domain-name-servers. domain-nameserver. domain-name-server. Please enter the complete command to create a new password file for HTIP basic authentication (/home/http/data/web _passwd) for user john. Which BIND option should be used to limit from which IP addresses slave name servers may connect?. allow-zone-transfer. allow-transfer. allow-secondary. allow-slaves. allow-queries. What must be done on a host to allow a user to log in to that host using an SSH key?. Add their private key to~;. ssh/authorized_keys. Reference their public key in~;. ssh/config. Run ssh-agent on that host. Add their public key to~;. ssh/authorized_keys. Reference their private key in~;. ssh/config. According to the dhcpd.conf file below, which domain name will clients in the 172.16.87.0/24 network get? default-lease-tiem 1800; max-lease-tiem 7200; option domain-name "domain.com" subnet 172.16.87.0 netmask 255.255.255.0 { range 172.16.87.128 172.16.87.254; option broadcast-address 172.16.87.255; option domain-name-servers 172.168.87.1; option domain-name "lab.domain.com"; } subnet 172.16.88.0 netmask 255.255.255.0 { range 172.16.88.128 172.16.88.254; option broadcast-address 172.16.88.255; option domain-name-servers 172.16.88.1; }. A malicious user has sent a 35MB video clip, as an attachment, to hundreds of Recipients. Looking in the outbound queue reveals that this is the only mail there. This mail can be removed with the command rm ______ *. Complete the path below. With Nginx, which of the following directives is used to proxy requests to a FastCGI application?. fastcgi_pass. fastcgi_proxy. proxy_fastcgi. proxy_fastcgi_pass. What option for BIND is required in the global options to disable recursive queries on the DNS server by default?. allow-recursive-query { none; };. allow-recursive-query off;. recursion { none; };. recursion no;. What is the missing keyword in the following configuration sample for dovecot which defines which authentication types to support? (Specify only the keywork) auth default { ___ =plain login cram-md5 }. auth_order. mechanisms. methods. supported. Which option is used to configure pppd to use up to two DNS server addresses provided by the remote server?. ms-dns. nameserver. usepeerdns. dns. None of the above. Which port must be open on a firewall, to allow a DNS server to receive queries? (Enter only the port number). In a PAM configuration file, which of the following is true about the sufficient control flag in the following line? Auth sufficient pam_module.so. This PAM module is called if it is present, otherwise, further modules will be tried. This module is sufficient to determine both success or failure of an authentication attempt and no other modules will need to be tried. Failure of this module will not be considered fatal and, if the module succeeds, success will be returned to the application immediately without considering and further modules. If a previous required module fails, success of this module will be used to check if further modules in the stack should be tried. What is the default location for sendmail configuration files? (Please provide the complete path to the directory). If there is no access directive, what is the default setting for OpenLDAP?. access to* by anonymous read by* none. access to* by anonymous read by* read. access to* by anonymous auth by * read. access to * by anonymous write by* read. Which of the following sentences is TRUE about FreeS/WAN?. FreeS/WAN doesn't support remote users (i.e. notebook users with dynamic IP addresses) connecting to the LAN. FreeS/WAN needs a patch to support NAT traversal for users behind a NAT gateway. FreeS/WAN doesn't require any Linux kernel 2.4 modules to work properly. FreeS/WAN only enables the use of strong encryption between Linux hosts. FreeS/WAN can't be used to establish a VPN between a Linux host and a Microsoft Windows 2000 Server host. Which of the following commands is used to change user passwords in an OpenLDAP directory?. passwd. ldpasswd. smbpasswd. ldappasswd. chpasswd. What is a significant difference between host and zone keys generated by dnssec-keygen?. There is no difference. Both zone key files (.key/.private) contain a public and private key. Both host keys files (.key/. private) contain a public and private key. Host Keys must always be generated if DNSSEC is used; zone keys are optional. Zone Keys must always be generated if is used; host keys are optional. In which file, on an INN news server, can access to the news server be configured? (Enter only the file name). Which of these would be the simplest way to configure BIND to return a different version number to queries?. Compile BIND with the option -blur-version=my version. Set version-string "my version" in BIN D's configuration file. Set version "my version" in BIN D's configuration file. Set version=my version in BIN D's configuration file. Ser version-bind "my version" in BIN D's configuration file. To be able to access the server with the IP address 10.12.34.56 using HTTPS, a rule for iptables has to be written. Given that the client host's IP address is 192.168.43.12, which of the following commands is correct?. iptables - A FORWARD -p tcp -s 0/0 -d 10.12.34.56 --dport 80 -j ACCEPT. iptables - A FORWARD -p tcp -s 192.168.43.12 d 10.12.34.56:443 -j ACCEPT. iptables - A FORWARD -p tcp -s 192.168.43.12 -d 10.12.34.56 --dport 443 -j ACCEPT. iptables -A INPUT -p tcp -s 192.168.43.12 - d 10.12.34.56:80 -j ACCEPT. iptables - A FORWARD -p tcp -s 0/0 -d 10.12.34.56 --dport 443 -j ACCEPT. In order to prevent all anonymous FTP users from listing uploaded file names, what security precaution can be taken when creating an upload directory?. The directory must not have the execute permission set. The directory must not have the read permission set. The directory must not have the read or execute permission set. The directory must not have the write permission set. The directory must not contain other directories. The command -x foo will delete the user foo from the Samba database. (Specify the command only, no path information.). What tool scans log files for unsuccessful login attempts and blocks the offending IP addresses with firewall rules?. nessus. nmap. nc. watchlogs. fail2ban. Which configuration block in Nginx is used to define settings for a reverse proxied web server?. server. location. reverse. http. What is the standard port number for the unencrypted IMAP service?. 25. 143. 443. 993. 1066. Which option can be used to allow access to a BIND DNS server from only specified networks/hosts?. Using the limit { ... ; }; statement in the named configuration file. Using the allow-query { ... ; }; statement in the named configuration file. Using the answer-only { ... ; }; statement in the named configuration file. Using the allow-answer { ... ; }; statement in the named configuration file. Using the query-access { ... ; }; statement in the named configuration file. Which of the following Samba configuration parameters is functionally identical to the parameter read only=yes?. browseable=no. read write=no. writeable=no. write only=no. write access=no. A BIND server should be upgraded to use TSIG. Which configuration parameters should be added, if the server should use the algorithm hmac-mdS and the key skrKc4DoTzi/tAkllPi7JZA==?. TSIG server.example.com. algorithm hmac-mdS; secret "skrKc4DoTzi/tAkllPi7JZA=="; };. key server.example.com. { algorithm hmac-mdS; secret skrKc4DoTzi/tAkllPi7JZA==; };. key server.example.com. { algorithm hmac-mdS; secret "skrKc4DoTzi/tAkllPi7JZA=="; };. key server.example.com. { algorithm=hmac-mdS; secret="skrKc4DoTzi/tAkllPi7JZA=="; };. key server.example.com. { algorithm hmac-mdS secret "skrKc4DoTzi/tAkl 1Pi7JZA==" };. A company is transitioning to a new domain name and wants to accept e-mail for both domains for all of its users on a Postfix server. Which configuration option should be updated to accomplish this?. mydomain. mylocations. mydestination. myhosts. mydomains. Which tool can be used to create Certificate Signing Requests (CSR) for running an Apache server with HTTPS?. apachectl. certgen. csrtool. httpsgen. openssl. Which of the following defines the maximum allowed article size in the configuration file for INN?. limitartsize. artsizelimit. maxartlimit. maxartsize. setartlimit. Which server program will understand and can reply to NetBIOS name service requests?. netbios. nmbd. smbd. winbindd. Which of the following lines in the Apache configuration file would allow only clients with a valid certificate to access the website?. SSLCA conf/ca.crt. AuthType ssl. lfModule libexec/ssl.c. SSLRequire. SSLVerifyClient require. What is the name of the network security scanner project which, at the core, is a server with a set of network vulnerability tests (NVTs)?. nmap. OpenVAS. Snort. wireshark. An administrator wants to issue the command echo 1 >/var/ log/boater.log once all of the scripts in/etc/rc2.d have been executed. What is the best way to accomplish this?. Add the command to /etc/rc.local. Create a script in ~/.kde/Autostart/ and place the command in it. Create a script in /etc/init.d/ and place a link to it in /etc/rc2.d/. Create a script in /etc/rc2.d/ and place the command in it. A private OID to be used with OpenLDAP should be obtained for a company when: The company intends to use a commercial LDAP schema. The company wants to make their directory available to the public on the Internet. The company plans to create custom schema files for their directory. The company wish to use an encrypted attribute. Which Apache directive is used to specify the method of authentication like e.g. None or Basic?. AuthUser. AllowedAuthUser. AuthType. AllowAuth. The Internet gateway connects the clients with the Internet by using a Squid proxy. Only the clients from the network 192.168.1.0/24 should be able to use the proxy. Which of the following configuration sections is correct?. acl local src 192.168.1.0/24 http_allow local. acl local src 192.168.1.0/24 http_access allow local. acl local src 192.168.1.0/24 http access allow local. acl local src 192.168.1.0/24 http_access_allow=local. acl local src 192.168.1.0/24 httpd local allow. The Samba configuration file contains the following lines: hosts allow= 192.168.1.100 192.168.2.0/255.255.255.0 localhost hosts deny= 192.168.2.31 interfaces= 192.168.1.0/255.255.255.0 192.168.2.0/255.255.255.0 A workstation is on the wired network with an IP address of 192.168.1.117 but is unable to access the Samba server. A wireless laptop with an IP address of 192.168.2.93 can access the Samba server. Additional troubleshooting shows that almost every machine on the wired network is unable to access the Samba server. Which single choice below will permit wired workstations to connect to the Samba server without denying access to any one else?. hosts allow= 192.168.1.1-255. hosts allow= 192.168.1.100 192.168.2.200 local host. hosts deny= 192.168.1.100/255.255.255.0 192.168.2.31 localhost. hosts deny= 192.168.2.200/255.255.255.0 192.168.2.31 localhost. hosts allow= 192.168.1.0/255.255.255.0 192.168.2.0/255.255.255.0 localhost. Where should the line: $ TTL 86400 be placed in a BIND zone file?. As the first line of the zone file. In any zone file containing hints to the root servers. In the SOA record of the zone file. It is required just before any A records are defined. When configuring a PPP dial-in server, which option is used (in the pppd configuration file) to enable user authentication against the system password database?. login. auth. local. password. user. In the main Postfix configuration file, how are service definitions continued on the next line?. It isn't possible. The service definition must fit on one line. The initial line must end with a backslash character(\). The following line must begin with a plus character(+). The following line must begin with white space indentation. The service definition continues on the following lines until all of the required fields are specified. Which TWO of the following options are valid, in the /etc/exports file?. rw. ro. rootsquash. norootsquash. uid. Connecting to a remote host on the same LAN using ssh public-key authentication works but forwarding Xll doesn't. The remote host allows access to both services. Which of the following can be the reason for that behavior?. The remote user's ssh_config file disallows Xll forwarding. The remote server's sshd_config file disallows Xll forwarding. A different public key has to be used for Xll. Xll cannot be forwarded if public-key authentication was used. Xll though SSH needs a special Xll server application installed. When trying to reverse proxy a web server through Nginx, what keyword is missing from the following configuration sample? location/ { http://proxiedserver:8080. remote_proxy. reverse_proxy. proxy_reverse. proxy_pass. Considering the following excerpt from the httpd.conf file, select the correct answer below: < Location> AllowOverride AuthConfig Indexes < /Location>. The Indexes directive in the excerpt allows the use of other index-related directives such as Directorylndex. Both directives AuthConfig and Indexes found in the server's .htaccess file will be overridden by the same directives found in the httpd.conf file. The AuthConfig used in the excerpt allows the use of other authentication-related directives such as AuthType. The excerpt is incorrect, as the AllowOverride cannot be used with Indexes, since the latter cannot be overridden. The excerpt is incorrect, because AllowOverride cannot be used inside a Location section. The program vsftpd, running in a ch root jail, gives the following error: /bin/vsftpD. error while loading shared libraries: libc.so.6: cannot open shared object file. No such file or directory. Which of the following actions would fix the error?. The file /etc/Id.so.cont in the root filesystem must contain the path to the appropriate lib directory in the chroot jail. Create a symbolic link that points to the required library outside the chroot jail. Copy the required library to the appropriate lib directory in the ch root jail. Run the program using the command chroot and the option - static_libs. In a PAM configuration file, a sufficient control allows access: Immediately on success, if no previous required or requisite control failed. Immediately on success, regardless of other controls. After waiting if all other controls return success. Immediately, but only if the user is root. What is the purpose of a PTR record?. To provide name to IP resolution. To provide IP to name resolution. To direct email to a specific host. To provide additional host information. To direct clients to another nameserver. In the file /var/squid/url_blacklist is a list of URLs that users should not be allowed to access. What is the correct entry in Squid's configuration file to create an acl named blacklist based on this file?. acl blacklist urlpath_regex /var/squid/url_blacklist. acl blacklist file /var/squid/url_blacklist. acl blacklist "/var/squid/url_blacklist". acl blacklist urlpath_regex "/var/squid/url_blacklist". acl urlpath_regex blacklist /var/squid/url_blacklist. Which of the following commands can gather entries from the specified administrative NIS database group?. ypserv group. getent group. rpcinfo group. ypbind group. yppoll group. What command can be used to check the Samba configuration file?. testconfig. testsmbconfig. smbtestcfg. smbtestparm. testparm. A network has many network printers connected and they should get their addresses using DHCP. What information from each printer is needed to always assign them the same IP address when dhcpd is used as the DHCP server?. MAC address. Host name. Serial number. Factory default IP address. Built-in network card type. Which of the following commands can be used to connect and interact with remote services? (Choose TWO correct answers.). nettalk. nc. telnet. cat. netmap. In which configuration file can a key-file be defined to enable secure DNS zone transfers? (Please enter the file name without the path). There is a restricted area in an Apache site, which requires users to authenticate against the file /srv/www /security /site-passwd. Which command is used to CHANGE the password of existing users, without losing data, when Basic authentication is being used. htpasswd -c /srv/www/security/site passwd user. htpasswd /srv/www/security/site-passwd user. htpasswd -n /srv/www/security/site-passwd user. htpasswd -D /srv/www/security/site-passwd user. None of the above. What parameter in the sshd configuration file instructs sshd to prevent specific user names from logging in to a system? (Please specify the parameter only without settings.). In a PAM configuration file, which of the following is true about the required control flag?. If the module returns success, no more modules of the same type will be invoked. The success of the module is needed for the module-type facility to succeed. If it returns a failure, control is returned to the calling application. The success of the module is needed for the module-type facility to succeed. However, all remaining modules of the same type will be invoked. The module is not critical and whether it returns success or failure is not important. If the module returns failure, no more modules of the same type will be invoked. If no ACL lines are included in slapd.conf, what is the default behavior of slapd?. Allow anyone to read any entry. Deny anyone from reading any entries. Only certain attributes such as userPassword are protected from read access. Access to the directory is only allowed from the local machine. Which of the following recipes will append emails from "root" to the "rootmails" mailbox?. :0c: rootmails * A From. *root. :0c: * A From. *root rootmails. :0c: * AFrom=root rootmails. :0c: * AFrom=*root rootmails. :0c: $From=$root rootmails. Enter one of the Apache configuration file directives that defines where log files are stored. How can a user's default shell be checked, by querying an NIS server?. ypquery user@example.com. ypgrep user example.com. ypmatch -d example.com user passwd. ypcat -d example.com user. ypq @example.com user +shell. LDAP-based authentication against a newly-installed LDAP server does not work as expected. The file /etc/pam.d/login includes the following configuration parameters. Which of them is NOT correct?. password required /lib/security/pam_ldap.so. auth sufficient /lib/security/pam_ldap.so use_first_pass. account sufficient /lib/security/pam_ldap.so. password required /lib/security/pam_pwdb.so. auth required /lib/security/pam_ldap.so. Please enter the name of the main majordomo configuration file without the path. An SSH port-forwarded connection to the web server www.example.com was invoked using the command ssh -TL 80 :www.example.com:80 user@www.example.com. Which TWO of the following are correct?. The client can connect to the web server by typing http://www.example.com/ into the browser's address bar and the connection will be encrypted. The client can connect to www.example.com by typing http://localhost/ into the browser's address bar and the connection will be encrypted. The client can't connect to the web server by typing http://www.example.com/ into the browser's address bar. This is only possible using http://localhost/. It is only possible to port-forward connections to insecure services that provide an interactive shell (like telnet). The client can connect to the web server by typing http://www.example.com/ into the browser's address bar and the connection will not be encrypted. Which statements about the Alias and Redirect directives in Apache's configuration file are true?. Alias can only reference files under DocumentRoot. Redirect works with regular expressions. Redirect is handled on the client side. Alias is handled on the server side. Alias is not a valid configuration directive. Which of these tools can provide the most information about DNS queries?. dig. nslookup. host. named-checkconf. named-checkzone. After having a laptop assigned to a new subnet, a user is no longer able to login to the SSH server with an error message like Connection closed by remote host. Which of the following are possible approaches to determine and fix the cause of this problem? (Choose TWO correct answers.). Generate a new host key on the client and replace the current client host key on the SSH server. Verify that the settings in /etc/host.allow and /etc/host.deny are not preventing access. Flush the ARP table and the neighbor discovery cache on both the SSH server and the client. Add the new IP address of the client to the AllowHosts configuration setting on the SSH server. Check that there are no netfilter rules that reject SSH connections from the new IP address. Unlike many other services, OpenSSH cannot be configured to hide its version information without recompiling from source code. What is the primary reason for this disclosure of version information?. There are many inconsistent SSH client and server versions. This information is used to enable protocol compatibility adjustments. The information is used for surveys of SSH servers on the internet by the OpenSSH project. Being a security centric application, the OpenSSH developers do not rely on security through obscurity. It is used by network auditing tools to report on when versions of ssh require security updates. Which is a valid Squid option to define a listening port?. port= 3128. http-listen-port=3128. http_port 3128. squid_port 3128. With which parameter in the smb.conf file can a share be hidden?. Which of the following files needs to be changed in order to enable anonymous FTP logins with vsftpd?. /etc/vsftpd/ftpd.conf. /etc/ftpd.conf. /etc/vsftpd/anon.conf. /etc/vsftpd.conf. /etc/vsftp/ftp.conf. Which of the following sentences is true about ISC DHCP?. It can't be configured to assign addresses to BOOTP clients. Its default behavior is to send DHCPNAK to clients that request inappropriate addresses. It can't be used to assign addresses to X - terminals. It can be configured to only assign addresses to known clients. None of the above. Select the alternative that shows the correct way to disable a user login (except for root). The use of the pam_nologin module along with the /etc/login configuration file. The use of the pam_deny module along with the /etc/deny configuration file. The use of the pam_pwdb module along with the /etc/pwdb.conf configuration file. The use of the pam_console module along with the /etc/security/console.perms configuration file. The use of the pam_nologin module along with the /etc/nologin configuration file. What is the advantage of using SASL authentication with OpenLDAP?. It can prevent the transmission of plain text passwords over the network. It disables anonymous access to the LDAP server. It enables the use of Access Control Lists. It allows the use of LDAP to authenticate system users over the network. All of the above. When the default policy for the iptables INPUT chain is set to DROP, why should a rule allowing traffic to localhost exist?. All traffic to local host must always be allowed. It doesn't matter; iptables never affects packets addressed to local host. Sendmail delivers emails to local host. Some applications use the local host interface to communicate with other applications. syslogd receives messages on localhost. How must Samba be configured so that it can check passwords against the ones in /etc/passwd and /etc/shadow?. Set the parameters "encrypt passwords= yes" and "password file= /etc/passwd". Set the parameters "encrypt passwords = yes", "password file = /etc/passwd" and "password algorithm= crypt". Delete the smbpasswd file and create a symbolic link to the passwd and shadow file. It is not possible for Samba to use /etc/passwd and /etc/shadow directly. Run smbpasswd to convert /etc/passwd and /etc/shadow to a Samba password file. What is the name of the dovecot configuration variable that specifies the location of user mail?. mbox. mail_location. user_dir. maildir. user_mail_dir. Given the following section of a ISC DHCPD configuration file. subnet 192.168.1.0 netmask 255.255.255.0 { # Set the default gateway to be used by # the PC clients option ______ 192.168.1.254; .... What keyword is missing in order to provide a default gateway address to clients?. gateway. nexthop. route. routers. transit. To allow X connections to be forwarded from or through an SSH server, what line must exist in the sshd configuration file?. Which Apache directive is used to specify the RSA private key that was used in the generation of the SSL certificate for the server?. SSLCertiftcateKeyFile. SSLKeyFile. SSLPrivateKeyFile. SSLRSAKeyFile. When the default policy for the netfilter INPUT chain is set to DROP, why should a rule allowing traffic to local host exist?. All traffic to local host must always be allowed. It doesn't matter; netfilter never affects packets addressed to local host. Some applications use the local host interface to communicate with other applications. syslogd receives messages on localhost. It has been discovered that the company mail server is configured as an open relay. Which of the following actions would help prevent the mail server from being used as an open relay? (Choose TWO correct answers.). Restrict Postfix to only accept e-mail for domains hosted on this server. Configure Dovecot to support I MAP connectivity. Configure netfilter to not permit port 25 traffic on the public network. Restrict Postfix to only relay outbound SMTP from the internal network. Upgrade the mailbox format from mbox to maildir. An SSH server is configured to use tcp_wrappers and only hosts from the class C network 192.168.1.0 should be allowed to access it. Which of the following lines would achieve this, when entered in/etc/hosts.allow?. ALLOW: 192.168.1.0/255.255.255.0: sshd. sshd : 192.168.1.0/255.255.255.0: ALLOW. 192.168.1.0/255.255.255.0: ALLOW: sshd. tcpd sshd : 192.168.1.0/255.255.255.0 : ALLOW. sshd : ALLOW: 192.168.1.0/255.255.255.0. Which of the following is true, when a server uses PAM authentication and both /etc/pam.conf & /etc/pam.d/ exist?. It causes error messages. /etc/pam.conf will be ignored. /etc/pam.d/ will be ignored. Both are used, but /etc/pam.d/ has a higher priority. Both are used, but /etc/pam.conf has a higher priority. Where is the procmail configuration of the user foo stored if home directories are located in /home? (Specify the full name of the file, including path.). What option in the client configuration file would tell OpenVPN to use a dynamic source port when making a connection to a peer?. src-port. remote. source-port. nobind. To allow X connections to be forwarded from or through an SSH server, what configuration keyword must be set to yes in the sshd configuration file?. AllowForwarding. ForwardingAllow. X11ForwardingAllow. X11Forwarding. What parameter in the sshd configuration file instructs sshd to permit only specific user names to log in to a system? (Please specify the parameter only without settings). What information can be found in the file specified by the status parameter in an OpenVPN server configuration file? (Choose TWO correct answers.). Errors and warnings generated by the openvpn daemon. Routing information. Statistical information regarding the currently running openvpn daemon. A list of currently connected clients. A history of all clients who have connected at some point. How must Samba be configured, so that it can check passwords against the ones in /etc/passwd and /etc/shadow?. Set the parameters "encrypt passwords= yes" and "password file= /etc/passwd". Set the parameters "encrypt passwords = yes", "password file = /etc/passwd" and "password algorithm =crypt". Delete the smbpasswd file and create a symbolic link to the passwd and shadow file. It is not possible for Samba to use/etc/passwd and /etc/shadow. Run smbpasswd to convert /etc/passwd and /etc/shadow to a Samba pass word file. Which network service or protocol is used by sendmail for RBLs (Realtime Blackhole Lists)?. RBLP. SMTP. FTP. HTIP. DNS. The mailserver is currently called fred, while the primary MX record points to mailhost.example.org What must be done to direct example.org email towards fred?. Add an A record for mailhost to fred's IP address. Add a CNAME record from mail host to fred. Add another MX record pointing to fred's IP address. Add a PTR record from mail host to fred. A system monitoring service checks the availability of a database server on port 5432 of destination.example.com. The problem with this is that the password will be sent in clear text. When using an SSH tunnel to solve the problem, which command should be used?. ssh -R 5432:127.0.0.1:5432 destination.example.com. ssh -L 5432: destination.example.com:5432 127.0.0.1. ssh -L 5432:127.0.0.1:5432 destination.example.com. ssh -x destination.example.com:5432. The following is an excerpt from a procmail configuration file. :0 C * ! To: backup ! backup Which of the following is correct?. All mails will be backed up to the path defined by $MAILDIR. All mails to the local email address backup will be stored in the directory backup. A copy of all mails will be stored in file backup. A copy of all mails will be send to the local email address backup. Mails not addressed to backup are passed through a filter program named backup. What security precautions must be taken when creating a directory into which files can be uploaded anonymously using FTP?. The directory must not have the execute permission set. The directory must not have the read permission set. The directory must not have the read or execute permission set. The directory must not have the write permission set. The directory must not contain other directories. Which Apache directive will enable HTTPS protocol support?. HTTPSEngine. SSLEngine. SSLEnable. HTTPSEnable. What does the testparm command confirm regarding Samba configuration?. The configuration file will load successfully. The services will operate as expected. The Samba services will be started automatically when the system boots. The netfilter configuration of the Samba server does not block any access to the services defined in the configuration. Select the TWO correct statements about the following excerpt from httpd.conf: < Directory /var/web/dirl> < Files private.html> Order allow, deny Deny from all </Files> </Directory>. The configuration will deny access to /var/web/dirl/private.html, /var/web/dirl/subdir2/private.html, /var/web/dirl/subdir3/private.html and any other instance of private.html found under the /var/web/dirl/directory. The configuration will deny access to /var/web/dirl/private.html, but it will allow access to /var/web/dirl/subdir2/private.html, for example. The configuration will allow access to any file named private.html under /var/web/dirl, but it will deny access to any other files. The configuration will allow access just to the file named private.html under /var/web/dirl. The configuration will allow access to /var/web/private.html, if it exists. Which Apache HTTP Server directive specifies the types of directives that are allowed in .htaccess files?. AllowExternalConfig. AllowAccessFile. AllowConfig. AllowOverride. Which of the following services must be started first on an NFS server?. mountd. nfsd. portmap. statd. Which of the following is needed, to synchronize the Unix password with the SMB password, when the encrypted SMB password in the smbpasswd file is changed?. Nothing, because this is not possible. Run netvamp regularly, to convert the passwords. Rin winbind --sync, to synchronize the passwords. Add unix password sync= yes to smb.conf. Add smb unix password= sync to smb.conf. Specify the command to create a SSH key-pair. (Specify ONLY the command without any path or parameters.). Which Squid configuration keyword is used to define networks and times that the service may be accessed?. acl. allow. http_allow. permit. The listing below is an excerpt from a Squid configuration file. [...] acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_obeject acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 acl Safe_ports port 80 443 1025-65535 acl CONNECT method CONNECT acl localhost src 10.0.0.0/24 http_acces allow manager localhost http_acces deny manager http_acces deny !Safe_ports http_acces deny CONNECT !SSL_ports http_acces allow localnet [...]. Users connecting from local host will be able to access web sites through this proxy. It's necessary to include a http_access rule denying access to all, at the end of the rules. It's possible to use this proxy to access SSL enabled web sites listening on any port. This proxy can't be used to access FTP servers listening on the default port. This proxy is misconfigured and no user will be able to access web sites through it. Which command is used to tell the NFS server which filesystems to make available to clients?. exportfs. mkfs.nfs. mount. nfsservctl. telinit. When Apache is configured to use name-based virtual hosts: it's also necessary to configure a different IP address for each virtual host. the Listen directive is ignored by the server. it starts multiple daemons (one for each virtual host). it's also necessary to create a Virtual Host block for the main host. only the directives ServerName and DocumentRoot may be used inside a block. What is the name of the procmail configuration file that is placed in a user home directory? (Specify the file name only without any path.). What is the appropriate configuration file entry to allow SSH to run from inetd?. ssh stream tcp nowait root /usr/sbin/tcpd sshd. ssh stream tcp nowait root /usr/sbin/tcpd tcpd. ssh stream tcpd nowait root /usr/sbin/tcpd sshd. ssh data tcpd nowait root /usr/sbin/tcpd sshd. ssh data tcp nowait root /usr/sbin/tcpd sshd. Postfix daemons can be chroot'd by setting the chroot flag in ___ . (Supply only the filename, without a path). Using only commands included with named, what is the command, with options or parameters, to make named re-read its zone files?. Which keys are stored in the authorized_keys file?. All machines outside the network are able to send emails through the server to addresses not served by that server. If the server accepts and delivers the email, then it is a (n) _____ Please enter the English term, without any punctuation. Which of the following is NOT included in a Snort rule header?. protocol. action. source IP address. packet byte offset. source port. Why are different IP addresses recommended when hosting multiple HTIPS virtual hosts? (Choose TWO correct answers.). Apache caches SSL keys based on IP address. The SSL connection is made before the virtual host name is known by the server. The SSL key is tied to a specific IP address when issued by the Certificate Authority. This is only needed when dynamic content is being generated by more than one of the virtual hosts. The Server Name Indication extension to TLS is not universally supported. What is the name of the module in Apache that provides the HTIP Basic Authentication functionality? (Please provide ONLY the module name). Which type of DNS record defines which server(s) email for a domain should be sent to?. A new user was created on a master NIS server using useradd but cannot log in from an NIS client. Older users can log in. Which step was probably forgotten, when creating the new user?. Running yppush on the NIS server to propagate map changes to NIS clients. Running make inside /var/yp on the NIS server to generate new maps. Starting the yppasswdd daemon on the NIS server to receive login re quests from NIS clients. Starting the ypxfr daemon on the NIS client to fetch map changes from the NIS server. Restarting ypxfr daemons on the NIS client and server to fetch map changes. Given that all users have their home directory in /home and the following directive is present in the Apache HTTPD Server configuration file, what is the full filesystem path to the file referenced by the URL http://server/-joe/index.html? UserDir public_html. /home/joe/public_html/index.html. /home/public_html/joe/index.html. /home/joe/public_html/htdocs/index.html. /home/joe/apache/public_html/index.html. Why should the Postfix parameter disable_vrfy_command be set to yes on a publicly accessible mail server?. It prevents e-mail delivery attempts to a non-existent user. It prevents some techniques of gathering existing e-mail addresses. It enables verification attempts on the sender e-mail address. It speeds up forwarding of relayed e-mail. Select the Samba option below that should be used if the main intention is to setup a guest printer service?. security= cups. security= ldap. security= pam. security= share. security= printing. Which subcommands to the openssl command are used in the process of generating a private key and a Certificate Signing Request (CSR)? (Choose TWO correct answers.). csr. gencsr. genkey. genrsa. req. Which of the following configuration lines will export /usr/local/share/ to nfsclient with readwrite access, ensuring that all changes are straight to the disk?. /usr /local/share nfsclient(rw) written. nfsclient: /usr /local/share/:rw,sync. /usr/local/share nfsclient:rw:sync. /usr /local/share nfsclient(rw,sync). nfsclient(rw,sync) /usr /local/share. Which of the following PAM modules will allow the system administrator to use an arbitrary file containing a list of user and group names with restrictions on the system resources available to them?. pam_filter. pam_limits. pam_listfile. pam_unix. Which of the following are Samba security modes or levels? (Choose TWO correct answers.). ads. data. ldap. network. share. What could be a reason for invoking vsftpd from (x) inetd?. It's not a good idea, because (x) inetd is not secure. Running vsftpd in standalone mode is only possible as root, which could be a security risk. vsftpd cannot be started in standalone mode. (x) inetd has more access control capabilities. (x) inetd is needed to run vsftpd in a chroot jail. Which records must be entered in a zone file in order to use "Round Robin Load Distribution" for a web server?. www.example.org. 60 IN A 192.168.1.1 www.example.org. 60 IN A 192.168.1.2 www.example.org. 60 IN A 192.168.1.3. www.example.org. 60 IN A 192.168.1.1;192.168.1.2;192.168.1.3. www.example.org. 60 IN A 192.168.1-3. www.example.org. 60 IN RR 192.168.1:3. www.example.org. 60 IN RR 192.168.1.1;192.168.1.2;192.168.1.3. Which site-specific configuration file for the shadow login suite must be modified to log login failures? Please enter the complete path to that file. Which command is used to administer IPv6 netfilter rules?. iptables. iptables. iptables6. ip6tables. ipv6tables. When connecting to an SSH server for the first time, its fingerprint is received and stored in a file, which is located at: -/ .ssh/fingerprints. -/ .ssh/id_dsa. -/ .ssh/known_hosts. -/ .ssh/id_dsa.pub. -/ .ssh/gpg.txt. Which of the following is recommended to reduce Squid's consumption of disk resources?. Disable the use of access lists. Reduce the size of cache_dir in the configuration file. Rotate log files regularly. Disable logging of fully qualified domain names. Reduce the number of child processes to be started in the configuration file. What of the following is NOT a valid ACL type, when configuring squid?. src. source. dstdomain. url_regex. time. Please enter the Kerberos S configuration file name without path below. Which of the following are alternate DNS software packages to BIND? (Choose TWO correct answers.). djbdns. easydns. superdns. dnsmasq. dnstiny. In which Apache context should SSL support be activated?. In a Virtual Host directive. In a Location directive. In a Directory directive which is set to/. In a SSL Host directive. Which command line create an SSH tunnel for POP and SMTP protocols?. ssh- L :110 -L :25 -1 user -N mail host. ssh -L 25:110 -1 user -N mail host. ssh -L mailhost:110 -L mailhost:25 -1 user -N mail host. ssh -L mailhost:25:110 -1 user. ssh -L 110:mailhost:110 -L 25:mailhost:25 -1 user -N mailhost. An iptables firewall was configured to use the target MASQUERADE to share a dedicated wireless connection to the Internet with a few hosts on the local network. The Internet connection becomes very unstable in rainy days and users complain their connections drop when downloading e-mail or large files, while web browsing seems to be working fine. Which change to your iptables rules could alleviate the problem?. Change the target MASQUERADE to SNAT. Change the target MASQUERADE to DNAT. Change the target MASQUERADE to BALANCE and provide a backup Internet connection. Change the target MASQUERADE to REDIRECT and provide a backup Internet connection. Change the target MASQUERADE to BNAT. Which of the following sshd configuration settings should be set to no in order to fully disable password based logins? (Choose THREE correct answers.). PAMAuthentication. ChallengeResponseAuthentication. UsePAM. UsePasswords. PasswordAuthentication. Which of the following options are valid in the /etc/exports file? (Choose TWO correct answers.). rw. ro. rootsquash. norootsquash. uid. Please enter the command used to remove Kerberos tickets from the cache below. Which Postfix command can be used to rebuild all of the alias database files with a single invocation?. makealiases. newaliases. postalias. postmapbuild. With netfilter, which packet matching table contains built-in chains called INPUT, OUTPUT and FORWARD?. ipconn. filter. nat. default. masq. Which environment variables are used by ssh-agent? (Please select TWO variables). SSH_AGENT_KEY. SSH_AGENT_SOCK. SSH_AGENT_PID. SSH_AUTH_SOCK. SSH_AUTH_PID. What does the following procmail configuration section do? :0fw * < 256000 I /usr/bin/foo. procmail sends all email older than 256000 seconds to the external program foo. If an email contains a value less than 256000 anywhere within it, procmail will process the email with the program foo. procmail sends mail containing less than 256000 words to program foo. The program foo is used instead of procmail for all emails larger than 256000 Bytes. If the email smaller than 256000 Bytes, procmail will process it with the program foo. Which file can be used to make sure that procmail is used to filter a user's incoming email?. ${HOME}/.procmail. ${HOME}/.forward. ${HOME}/.bashrc. /etc/procmailrc. /etc/aliases. What types of virtual network devices does OpenVPN use for connections? (Choose TWO correct answers.). eth. tap. lo. tun. ppp. You suspect that you are receiving messages with a forged From: address. What could help you find out where the mail is originating?. Install TCP wrappers, and log all connections on port 25. Add the command 'FR-strlog' to the sendmail.cf file. Add the command 'define ('LOG_REAL_FROM') dnl' to the sendmail.mc file. Run a filter in the aliases file that checks the originating address when mail arrives. Look in the Received. and Message-ID. parts of the mail header. |