117-202

LPI 117-202

LPI 117-202 Linux Networking AdministrationPractice Test

Updated: Dec 26, 2009Version 2.1

Actua

lTests

.com

QUESTION NO: 1 CORRECT TEXT

According to the dhcpd.conf file below, which domain name will clients in the 172.16.87.0/24network get?

Answer: lab.certkiller.com

QUESTION NO: 2

Which of the following sentences is true about ISC DHCP?

A. It can't be configured to assign addresses to BOOTP clients.B. Its default behavior is to send DHCPNAK to clients that request inappropriate addresses.C. It can't be used to assign addresses to X - terminals.D. It can be configured to only assign addresses to known clients.E. None of the above.

Answer: D

QUESTION NO: 3

The host, called " Certkiller ", with the MAC address "08:00:2b:4c:59:23", should always be giventhe IP address of 192.168.1.2 by the DHCP server. Which of the following configurations willachieve this?

A. hostCertkiller {hardware-ethernet 08:00:2b:4c:59:23;fixed-address 192.168.1.2;}

LPI 117-202: Practice Exam

"Pass Any Exam. Any Time." - www.actualtests.com 2

Actua

lTests

.com

B. hostCertkiller {mac=08:00:2b:4c:59:23;ip= 192.168.1.2;}C. hostCertkiller = 08:00:2b:4c:59:23 192.168.1.2D. hostCertkiller {hardware ethernet 08:00:2b:4c:59:23;fixed-address 192.168.1.2;}E. hostCertkiller {hardware-address 08:00:2b.4c:59:23;fixed-ip 192.168.1.2;}

Answer: D

QUESTION NO: 4

Which dhcpd.conf option defines the DNS server address(es) to be sent to the DHCP clients?

A. domainnameB. domain-name-serversC. domain-nameserverD. domain-name-server

Answer: B

QUESTION NO: 5

What is a significant difference between host and zone keys generated by dnssec-keygen?

A. There is no difference.B. Both zone key files( .key/.private ) contain a public and private key.C. Both host keys files( .key/. private) contain a public and private key.D. Host Keys must always be generated if DNSSEC is used; zone keys are optionalE. Zone Keys must always be generated if is used; host keys are optional

Answer: B




Actua

lTests

.com

According to the configuration below, what is the e-mail address of the administrator for thisdomain?

Answer: [email protected]

QUESTION NO: 7

Which of these would be the simplest way to configure BIND to return a different version numberto queries?

A. Compile BIND with the option -blur-version=my version.B. Set version-string "my version" in BIND's configurationfile.C. Set version "my version" in BIND's configurationfile.D. Set version=my version in BIND's configuration file.E. Ser version-bind "my version" in BIND's configuration file.

Answer: C

QUESTION NO: 8

A. Any host, from any network, may use this server as its main DNS server.B. If the server doesn't know the answer to a query, it sends a recursive query to 192.168.0.4.



Actua

lTests

.com

C. If the server doesn't know the answer to a query, it sends a query to a root DNS server.D. Hosts in the network 10.0.0.0/24 will be able to ask for zone transfers.E. If the server doesn't know the answer to a query, it sends a recursive query to 192.168.0.4 and,if this fails, it returns a failure.

Answer: B

QUESTION NO: 9

A BIND server should be upgraded to use TSIG. Which configuration parameters should beadded, if the server should use the algorithm hmac-md5 and the key skrKc4DoTzi/tAkllPi7JZA== ?

A. TSIG server.example.com.algorithmhmac-md5;secret"skrKc4DoTzi/tAkllPi7JZA==";};B. key server.example.com. {algorithmhmac-md5;secretskrKc4DoTzi/tAkllPi7JZA==;};C. key server.example.com. {algorithmhmac-md5;secret"skrKc4DoTzi/tAkllPi7JZA==";};D. key server.example.com. {algorithm=hmac-md5;secret="skrKc4DoTzi/tAkllPi7JZA==";};E. key server.example.com. {algorithmhmac-md5secret"skrKc4DoTzi/tAkI1Pi7JZA=="};

Answer: C

QUESTION NO: 10

DNSSEC is used for?

A. Encrypted DNS queries betweennameservers.B. Cryptographic authentication of DNS zones.



Actua

lTests

.com

C. Secondary DNS queries for local zones.D. Defining a secure DNS section.E. Querying a secure DNS section.

Answer: B


Using only commands included with named, what is the command, with options or parameters, tomake named re-read its zone files?

Answer: rndc reload


Which type of DNS record defines which server(s) email for a domain should be sent to?

Answer: MX

QUESTION NO: 13

Some users are unable to connect to specific local hosts by name, while accessing hosts in otherzones works as expected. Given that the hosts are reachable by their IP addresses, which is thedefault log file that could provide hints about the problem?

A. /var/named/logB. /var/lib/named/dev/logC. /var/log/bind_errorsD. /var/log/bind/errorsE. /var/log/messages

Answer: E

QUESTION NO: 14

A BIND server should never answer queries from certain networks or hosts. Which configurationdirective could be used for this purpose?

A. deny-query{ ...; };B. no-answer{ ...; };



Actua

lTests

.com

C. deny-answer{ ...; };D. deny-access{ ...; };E. blackhole { ...; };

Answer: E

QUESTION NO: 15

What is the purpose of a PTR record?

A. To provide name to IP resolution.B. To provide IP to name resolution.C. To direct email to a specific host.D. To provide additional host information.E. To direct clients to anothernameserver.

Answer: B

QUESTION NO: 16

Performing a DNS lookup with dig results in this answer: What might be wrong in the zonedefinition?

A. Nothing. All seems to be good.B. There's no "." after linuserv.example.net in the PTR record in the forward lookup zone file.C. There's no "." afterlinuserv in the PTR record in the forward lookup zone file.D. There's no "." after linuserv.example.net in the PTR record in the reverse lookup zone file.E. The "." in the NS definition in reverse lookup zone has to be removed.

Answer: D

QUESTION NO: 17

What directive can be used in named.conf to restrict zone transfers to the 192.168.1.0/24network?



Actua

lTests

.com

A. allow-transfer{ 192.168.1.0/24; };B. allow-transfer{ 192.168.1.0/24 };C. allow-axfr { 192.168.1.0/24; };D. allow-axfr { 192.168.1.0/24 };E. allow-xfer { 192.168.1.0/24; };

Answer: A

QUESTION NO: 18

To securely use dynamic DNS updates, the use of TSIG is recommended. Which TWOstatements about TSIG are true?

A. TSIG is used for zone data encryptionB. TSIG is a signal to start a zone updateC. TSIG is used in zone filesD. TSIG is used only in server configurationE. Servers using TSIG must be in sync (time zone!)

Answer: D,E


In which configuration file can a key-file be defined to enable secure DNS zone transfers? (Pleaseenter the file name without the path)

Answer: named.conf


The users of the local network complain that name resolution is not fast enough. Enter thecommand, without the path or any options, that shows the time taken to resolve a DNS query.

Answer: dig

QUESTION NO: 21

Which option is used to configure pppd to use up to two DNS server addresses provided by theremote server?



Actua

lTests

.com

A. ms-dnsB. nameserverC. usepeerdnsD. dnsE. None of the above

Answer: E

QUESTION NO: 22

A DNS server has the IP address 192.168.0.1. Which TWO of the following need to be done on aclient machine to use this DNS server?

A. Addnameserver 192.168.0.1 to /etc/resolv.confB. Run route addnameserver 192.168.0.1C. Runifconfig eth0 nameserver 192.168.0.1D. Run echo "nameserver 192.168.1.1" >> /etc/resolv.confE. Runbind nameserver 192.168.1.1

Answer: A,D

QUESTION NO: 23

The mailserver is currently called fred, while the primary MX record points tomailhost.example.org. What must be done to direct example.org email towards fred?

A. Add an A record formailhost to fred's IP address.B. Add a CNAME record frommailhost to fredC. Add another MX record pointing tofred's IP address.D. Add a PTR record frommailhost to fred.

Answer: A


Which port must be open on a firewall, to allow a DNS server to receive queries? (Enter only theport number).

Answer: 53



Actua

lTests

.com

QUESTION NO: 25

Which of these ways can be used to only allow access to a DNS server from specifiednetworks/hosts?

A. Using thelimit{...;};statement in the named configuration file.B. Using the allow-query{...;};statement in the named configuration file.C. Using the answeronly{...;};statement in the named configuration file.D. Using theanswer{...;};statement in the named configuration file.E. Using the queryaccess{...;};statement in the named configuration file.

Answer: B


Which is the preferred mail server for the domain example.com, according to the BINDconfiguration below? (Type the fully-qualified domain name.)

Answer: mx-ny.certkiller.com

QUESTION NO: 27

There is a restricted area in an Apache site, which requires users to authenticate against the file/srv/www/security/site-passwd. Which command is used to CHANGE the password of existingusers, without losing data, when Basic authentication is being used.

A. htpasswd -c /srv/www/security/site passwd userB. htpasswd /srv/www/security/site-passwd userC. htpasswd -n /srv/www/security/site-passwd userD. htpasswd -D /srv/www/security/site-passwd userE. None of the above.

Answer: B



Actua

lTests

.com

QUESTION NO: 28

Consider the following / srv/www/ default/html/ restricted/.htaccessAuthType BasicAuthUserFile / srv/www/ security/ site-passwdAuthName RestrictedRequire valid-userOrder deny,allowDeny from allAllow from 10.1.2.0/24Satisfy anyConsidering that DocumentRoot is set to /srv/www/default/html, which TWO of the followingsentences are true?

A. Apache will only grant access to http://server/restricted/to authenticated users connecting fromclients in the 10.1.2.0/24 networkB. This setup will only work if the directory /srv/www/default/html/restricted/ is configured withAllowOverride AuthConfig LimitC. Apache will require authentication for every client requesting connections tohttp://server/restricted/D. Users connecting from clients in the 10.1.2.0/24 network won't need to authenticate themselvesto access http://server/restricted/E. The Satisfy directive could be removed without changing Apache behaviour for this directory

Answer: B,D

QUESTION NO: 29

A web server is expected to handle approximately 200 simultaneous requests during normal usewith an occasional spike in activity and is performing slowly. Which directives in httpd.conf need tobe adjusted?

A. MinSpareServers & MaxSpareServers.B. MinSpareServers, MaxSpareServers, StartServers & MaxClients.C. MinServers, MaxServers & MaxClients.D. MinSpareServers, MaxSpareServers, StartServers, MaxClients & KeepAlive.

Answer: B

QUESTION NO: 30



Actua

lTests

.com

Which statements about the Alias and Redirect directives in Apache's configuration file are true?

A. Alias can only reference files underDocumentRootB. Redirect works with regular expressionsC. Redirect is handled on the client sideD. Alias is handled on the server sideE. Alias is not a valid configuration directive

Answer: C,D


Which file, in the local file-system, is presented when the client requestshttp://server/~joe/index.html and the following directive is present in server's Apache configurationfile?

UserDir site/html Given that all users have their home directory in /home, please type in the FULLfile name including the path.

Answer: /home/joe/site/html/index.html

QUESTION NO: 32

When Apache is configured to use name-based virtual hosts:

A. it's also necessary to configure a different IP address for each virtual host.B. the Listen directive is ignored by the server.C. it starts multiple daemons (one for each virtual host).D. it's also necessary to create aVirtualHost block for the main host.E. only the directivesServerName and DocumentRoot may be used inside a block.

Answer: D


Enter one of the Apache configuration file directives that defines where log files are stored.

Answer: ErrorLog

QUESTION NO: 34



Actua

lTests

.com

Which Apache directive is used to configure the main directory for the site, out of which it willserve documents?

A. ServerRootB. UserDirC. DirectoryIndexD. LocationE. DocumentRoot

Answer: E

QUESTION NO: 35

Which Apache directive allows the use of external configuration files defined by the directive

AaccessFileName?

A. AllowExternalConfigB. AllowAccessFileC. AllowConfigD. IncludeAccessFileE. AllowOverride

Answer: E

QUESTION NO: 36

Which of the following is recommended to reduce Squid's consumption of disk resources?

A. Disable the use of access lists.B. Reduce the size ofcache_dir in the configuration file.C. Rotate log files regularly.D. Disable logging of fully qualified domain names.E. Reduce the number of child processes to be started in the configuration file.

Answer: B

QUESTION NO: 37

Which ACL type in Squid's configuration file is used for authentication purposes?



Actua

lTests

.com

A. proxyAuthB. proxy_authC. proxy_passwdD. authE. auth_required

Answer: B

QUESTION NO: 38

The listing below is an excerpt from a Squid configuration file:

A. Users connecting fromlocalhost will be able to access web sites through this proxy.B. It's necessary to includea http_access rule denying access to all, at the end of the rules.C. It's possible to use this proxy to access SSL enabled web sites listening on any port.D. This proxy can't be used to access FTP servers listening on the default port.E. This proxy ismisconfigured and no user will be able to access web sites through it.

Answer: D

QUESTION NO: 39

In the file /var/squid/url_blacklist is a list of URLs that users should not be allowed to access. Whatis the correct entry in Squid's configuration file to create an acl named blacklist based on this file?

A. acl blacklist urlpath_regex /var/squid/url_blacklistB. acl blacklist file /var/squid/url_blacklistC. acl blacklist "/var/squid/url_blacklist"



Actua

lTests

.com

D. acl blacklist urlpath_regex "/var/squid/url_blacklist"E. acl urlpath_regex blacklist /var/squid/url_blacklist

Answer: D

QUESTION NO: 40

Users in the acl named 'sales_net' must only be allowed to access to the Internet at timesspecified in the time_acl named 'sales_time'. Which is the correct http_access directive, toconfigure this?

A. http_access deny sales_time sales_netB. http_access allow sales_net sales_timeC. http_access allow sales_net and sales_timeD. allowhttp_access sales_net sales_timeE. http_access sales_net sales_time

Answer: B

QUESTION NO: 41

What of the following is NOT a valid ACL type, when configuring squid?

A. srcB. sourceC. dstdomainD. url_regexE. time

Answer: B

QUESTION NO: 42

Which Squid configuration directive defines the authentication method to use?

A. auth_paramB. auth_methodC. auth_programD. auth_mechanismE. proxy_auth



Actua

lTests

.com

Answer: A

QUESTION NO: 43

The Internet gateway connects the clients with the Internet by using a Squid proxy. Only theclients from the network 192.168.1.0/24 should be able to use the proxy. Which of the followingconfiguration sections is correct?

A. acl local src 192.168.1.0/24http_allow localB. acl local src 192.168.1.0/24http_access allow localC. acl local src 192.168.1.0/24httpaccess allow localD. acl local src 192.168.1.0/24http_access_allow=localE. acl local src 192.168.1.0/24httpd local allow

Answer: B


A malicious user has sent a 35MB video clip, as an attachment, to hundreds of recipients. Lookingin the outbound queue reveals that this is the only mail there. This mail can be removed with thecommand rm _______________ * . Complete the path below.

Answer: /var/spool/mqueue/

QUESTION NO: 45

The syntax of the procmail configuration file is?

A. :0[flags][:[lockfile]][* condition]actionB. [* condition]action:0[flags][:[lockfile]]C. :0[flags][:[lockfile]][* condition] action



Actua

lTests

.com

D. :0[flags][:[lockfile]]:[* condition]actionE. :0[flags][:[lockfile]]:[* condition]:action

Answer: A

QUESTION NO: 46

Which of the following recipes will append emails from "root" to the "rootmails" mailbox?

A. :0c:rootmails* ^From.*rootB. :0c:* ^From.*rootrootmailsC. :0c:* ^From=rootrootmailsD. :0c:* ^From=*rootrootmailsE. :0c:$From=$rootrootmails

Answer: B

QUESTION NO: 47

The internal network (192.168.1.0-192.168.1.255) needs to be able to relay email through thesite's sendmail server. What line must be added to /etc/mail/access to allow this?

A. 192.168.1.0/24 RELAYB. 192.168.1 RELAYC. 192.168.1.0/24 OKD. 192.168.1 OK

Answer: B



Actua

lTests

.com


Please enter the name of the main majordomo configuration file without the path.

Answer: majordomo.cf


A procmail recipe is required to delete all emails marked as spam. Please complete the recipe.:0:* X-Spam-Status: Yes

Answer: /dev/null

QUESTION NO: 50

The following is an excerpt from a procmail configuration file::0 c* ! ^To: backup! backup

Which of the following is correct?

A. All mails will be backed up to the path defined by $MAILDIR .B. All mails to the local email address backup will be stored in the directory backup.C. A copy of all mails will be stored in file backup.D. A copy of all mails will be send to the local email address backup.E. Mails not addressed to backup are passed through a filter program named backup.

Answer: D

QUESTION NO: 51

Where is the user foo's procmail configuration stored, if home directories are stored in /home?

Please enter the complete path to the file.

Answer: /home/foo/.procmailrc



Actua

lTests

.com

QUESTION NO: 52

Which network service or protocol is used by sendmail for RBLs (Realtime Blackhole Lists)?

A. RBLPB. SMTPC. FTPD. HTTPE. DNS

Answer: E

QUESTION NO: 53

On a newly-installed mail server with the IP address 10.10.10.1, ONLY local networks should beable to send email. How can the configuration be tested, using telnet, from outside the localnetwork?

A. telnet 10.10.10.1 25MAIL FROMRECEIPT TO:B. telnet 10.10.10.1 25RCPT FROM:[email protected] TO:C. telnet 10.10.10.1 25HELLO bogus.example.comMAIL FROM:RCPT TO:D. telnet 10.10.10.1 25HELO bogus.example.comMAIL FROM:RCPT TO:E. telnet 10.10.10.1 25HELO: bogus.example.comRCPT FROM:MAIL TO:

Answer: D




Actua

lTests

.com

All machines outside the network are able to send emails through the server to addresses notserved by that server. If the server accepts and delivers the email, then it is a(n)_______________.

Answer: open email relay

QUESTION NO: 55

Which entry in the .procmailrc file will send a copy of an email to another mail address?

A. :0 cB. :0 copyC. :cD. :copyE. :s

Answer: A

QUESTION NO: 56

Which file can be used to make sure that procmail is used to filter a user's incoming email?

A. ${HOME}/.procmailB. ${HOME}/.forwardC. ${HOME}/.bashrcD. /etc/procmailrcE. /etc/aliases

Answer: B


Which file, on a majordomo server, will contain a list of all members' email addresses for themailing list "linux-users"? (Enter only the file name).

Answer: linux-users

QUESTION NO: 58

A user is on holiday for two weeks. Anyone sending an email to that account should receive anauto-response. Which of the following procmail rules should be used, so that all incoming emails



Actua

lTests

.com

are processed by vacation?

A. :0c:| /usr/bin/vacation nobodyB. :w| /usr/bin/vacation nobodyC. :0fc:|/usr/bin/vacation nobodyD. | /usr/bin/vacation nobodyE. :> |/usr/bin/vacation nobody

Answer: A

QUESTION NO: 59

What security precautions must be taken when creating a directory into which files can beuploaded anonymously using FTP?

A. The directory must not have the execute permission set.B. The directory must not have the read permission set.C. The directory must not have the read or execute permission set.D. The directory must not have the write permission set.E. The directory must not contain other directories.

Answer: B

QUESTION NO: 60

What is the correct format for an ftpusers file entry?

A. Use only one username on each line.B. Add a colon after each username.C. Add a semicolon after each username.D. Add ALLOW after each username.E. Add DENY after each username.

Answer: A

QUESTION NO: 61

A security-conscious administrator would change which TWO of the following lines found in anSSH configuration file?



Actua

lTests

.com

A. Protocol 2,1B. PermitEmptyPasswords noC. Port 22D. PermitRootLogin yesE. IgnoreRhosts yes

Answer: A,D

QUESTION NO: 62

A system monitoring service checks the availability of a database server on port 5432 ofdestination.example.com. The problem with this is that the password will be sent in clear text.When using an SSH tunnel to solve the problem, which command should be used?

A. ssh -1 5432:127.0.0.1:5432 destination.example. comB. ssh -L 5432:destination.example.com:5432 127.0.0.1C. ssh -L 5432:127.0.0.1:5432 destination.example.comD. ssh -x destination.example.com:5432E. ssh -R 5432:127.0.0.1:5432 destination.example.com

Answer: C

QUESTION NO: 63

What must be done on a host to allow a user to log in to that host using an SSH key?

A. Add their private key to ~/.ssh/authorized_keysB. Reference their public key in ~/.ssh/configC. Runssh-agent on that hostD. Add their public key to ~/.ssh/authorized_keysE. Reference their private key in ~/.ssh/config

Answer: D


What command must be used to create an SSH key-pair? Please enter the command without thepath or any options or parameters.

Answer: ssh-keygen



Actua

lTests

.com


To allow X connections to be forwarded from or through an SSH server, what line must exist in thesshd configuration file?

Answer: X11Forwarding yes

QUESTION NO: 66

An SSH port-forwarded connection to the web server www.example.com was invoked using thecommand ssh -TL 80 :www.example.com:80 [email protected]. Which TWO of thefollowing are correct?

A. The client can connect to the web server by typing http://www.example.com/ into the browser'saddress bar and the connection will be encryptedB. The client can connect to www.example.com by typing http://localhost/ into the browser'saddress barandthe connection will be encryptedC. The client can't connect to the web server by typing http://www.example.com/ into thebrowser'saddressbar. This is only possible using http://localhost/D. It is only possible to port-forward connections to insecure services that provide an interactiveshell (liketelnet)E. The client can connect to the web server by typing http://www.example.com/ into the browser'saddressbarand the connection will not be encrypted

Answer: B,E


Which keys are stored in the authorized_keys file?

Answer: public

QUESTION NO: 68

Which of the following defines the maximum allowed article size in the configuration file for INN?

A. limitartsizeB. artsizelimitC. maxartlimitD. maxartsizeE. setartlimit



Actua

lTests

.com

Answer: D


In which file, on an INN news server, can access to the news server be configured? (Enter onlythe file name).

Answer: readers.conf

QUESTION NO: 70

The innd configuration file has been changed and it should be used as soon as possible. What isthe fastest way to accomplish that?

A. ctlinnd kill hupB. kill - HUP process idC. ctlinnd xexec inndD. ctlinnd reload inndE. /usr/sbin/innd reload

Answer: C

QUESTION NO: 71

What command can be used to add a new newsgroup called Certkiller that allows posting?

A. ctlinnd newgroup Certkiller n newsB. ctlinnd newgroup Certkiller y newsC. ctlinnd addgroup Certkiller y newsD. ctlinnd newgroup Certkiller +rw newsE. ctlinnd addgroup Certkiller +rw news

Answer: B

QUESTION NO: 72

Which TWO of the following commands could be used to add a second IP address to eth0?

A. ifconfig eth0 - add ip 192.168.123.10B. ifconfig eth0:1 192.168.123.10



Actua

lTests

.com

C. ifconfig eth0 1 192.168.123.10D. ifconfig eth0 +192.168.123.10E. ifconfig eth0:sub1 192.168.123.10

Answer: B,E

QUESTION NO: 73

If the command arp -f is run, which file will be read by default?

A. /etc/hostsB. /etc/ethersC. /etc/arp.confD. /etc/networksE. /var/cache/arp

Answer: B

QUESTION NO: 74

What command must be used to print the kernel's routing table?

A. route printB. route enumerateC. route showD. route listE. route

Answer: E

QUESTION NO: 75

What command would be used to configure the interface eth1:1 with the IP address 10 10.34 andthe netmask 255.255.255.0?

A. ifconfig eth1:1 10.10.3.4 netmask 255.255.255.0 startB. ifconfig 10.10.3.4 netmask 255.255.255.0 eth1:1 upC. ifconfig eth1:1 10.10.3.4 netmask 255.255.255.0 upD. ifconfig 10.10.3.4/255.255.255.0 eth1:1 upE. ifconfig eth1:1 10.10.3.4/255.255.255.0 up



Actua

lTests

.com

Answer: C

QUESTION NO: 76

Which option must be used with ifconfig, to also see interfaces that are down?

A. -dB. -aC. --allD. --downE. None.

Answer: B


What file should be edited to make the route command show human-readable names fornetworks?(Please enter the full path)

Answer: /etc/networks

QUESTION NO: 78

What is the command to add another IP address to an interface that already has (at least) one IPaddress?

A. ifconfig eth0:1 192.168.1.2B. ifconfig eth0 192.168.1.2C. ipconfig eth0:1 192.168.1.2D. ipconfig eth0 192.168.1.2

Answer: A

QUESTION NO: 79

The command route shows the following output:



Actua

lTests

.com

Which of the following statements is correct?

A. The network 169.254.0.0 is not a valid route.B. The host 194.168.123.5 is temporarily down.C. The host route 194.168.123.5 is rejected by the kernel.D. The "!H " signals that traffic to the host 194.168.123.5 is dropped.E. The network path to the host 194.168.123.5 is not available.

Answer: C

QUESTION NO: 80

A network client has an ethernet interface configured with an IP address in the subnet192.168.0.0/24. This subnet has a router, with the IP address 192.168.0.1, that connects thissubnet to the Internet. What needs to be done on the client to enable it to use the router as itsdefault gateway?

A. Run route add defaultgw 192.168.0.1 eth1.B. Run route addgw 192.168.0.1 eth1.C. Runifconfig eth0 defaultroute 192.168.0.1.D. Add "defaultroute 192.168.0.1" to /etc/resolv.conf.E. Run route adddefaultgw=192.168.0.1 if=eth0.

Answer: A

QUESTION NO: 81

A server with 2 network interfaces, eth0 and eth1, should act as a router. eth0 has the IP address192.168.0.1 in the subnet 192.168.0.1/24 and eth1 has the IP address 10.0.0.1 in the subnet10.0.0.0/16. The routing table looks fine, but no data is traversing the networks. Which TWO of thefollowing need to be done?

A. Enable IP forwarding with echo "1" > /proc/sys/net/ipv4/ip_forwardB. Add new firewall chains to handle inbound & outbound traffic on both interfaces.C. Reconfigure the firewall rules to allow traffic to traverse the networks.D. The routing table needs to be restarted, for the changes to take effect.



Actua

lTests

.com

E. The server needs to be restarted, for the changes to take effect.

Answer: A,C

QUESTION NO: 82

What command is used to add a route to the 192.168.4.0/24 network via 192.168.0.2?

A. route add - network 192.168.4.0netmask 255.255.255.0 gw 192.168.0.2B. route add - net 192.168.4.0/24gw 192.168.0.2C. route add - network 192.168.4.0/24 192.168.0.2D. route add - net 192.168.4.0netmask 255.255.255.0 192.168.0.2E. route add - net 192.168.4.0netmask 255.255.255.0 gw 192.168.0.2

Answer: E

QUESTION NO: 83

Considering the following kernel IP routing table now, which of the following commands must beemove the route to the network 10.10.1.0/24?

Kernel IP routing table

A. routedel 10.10.1.0B. routedel 10.10.1.0/24C. routedel -net 10.10.1.0/24D. routedel 10.10.1.0/24 gw 192.168.246.11E. routedel -net 10.10.1.0

Answer: C

QUESTION NO: 84

Which of the following sentences is true, when using the following /etc/pam.d/login file?#%PAM-l.0



Actua

lTests

.com

auth required /lib/security/pam_securetty.soauth required /lib/security/pam_nologin.soauth sufficient /lib/security/pam_unix.so shadow nullok md5 use_authtokauth required /lib/security/pam_ldap.so use_first_passaccount sufficient /lib/security/pam_unix.soaccount required /lib/security/pam_ldap.sopassword required /lib/security/pam_cracklib.sopassword sufficient /lib/security/pam_unix.so nullok use_authtok md5 shadowpassword required /lib/security/pam_ldap.so use_first_passsession optional /lib/security/pam_console.sosession sufficient /lib/security/pam_unix.sosession required /lib/security/pam_ldap.so

A. All users will be authenticated against the LDAP directoryB. This is the only file needed to configure LDAP authentication on LinuxC. Only local users will be able to log in, when the file/etc/nologin existsD. Ordinary users will be able to change their password to be blankE. If the control flags for auth were changed to required, local users wouldn't be able to log in

Answer: D

QUESTION NO: 85

LDAP-based authentication against a newly-installed LDAP server does not work as expected.The file /etc/pam.d/login includes the following configuration parameters. Which of them is NOTcorrect?

A. password required /lib/security/pam_ldap.soB. auth sufficient /lib/security/pam_ldap.souse_first_passC. account sufficient /lib/security/pam_ldap.soD. password required /lib/security/pam_pwdb.soE. auth required /lib/security/pam_ldap.so

Answer: E

QUESTION NO: 86

What is the advantage of using SASL authentication with OpenLDAP?

A. It can prevent the transmission of plain text passwords over the network.B. It disables anonymous access to the LDAP server.



Actua

lTests

.com

C. It enables the use of Access Control Lists.D. It allows the use of LDAP to authenticate system users over the network.E. All of the above.

Answer: A

QUESTION NO: 87

In a PAM configuration file, which of the following is true about the required control flag?

A. If the module returns success, no more modules of the same type will be invokedB. The success of the module is needed for the module-type facility to succeed. If it returns afailure, control is returned to the calling applicationC. The success of the module is needed for the module-type facility to succeedHowever, allremaining modules of the same type will be invoked.D. The module is not critical and whether it returns success or failure is not important.E. If the module returns failure, no more modules of the same type will be invoked

Answer: C


In which directory are the PAM modules stored?

Answer: /lib/security

QUESTION NO: 89

Considering the following kernel IP routing table below, which of the following commands must beused to remove the route to the network 10.10.1.0/24?

A. routedel 10.10.1.0B. routedel 10.10.1.0/24C. routedel - net 10.10.1.0/24



Actua

lTests

.com

D. routedel 10.10.1.0/24 gw 192.168.246.11E. routedel -net 10.10.1.0

Answer: C

QUESTION NO: 90

Which of the following is true, when a server uses PAM authentication and both /etc/pam.conf &/etc/pam.d/ exist?

A. It causes error messages.B. /etc /pam.conf will be ignored.C. /etc /pam.d/ will be ignored.D. Both are used, but /etc/pam.d/ has a higher priority.E. Both are used, but /etc/pam.conf has a higher priority.

Answer: B

QUESTION NO: 91

Which of the following tools, on its own, can provide dial-in access to a server?

A. mingettyB. pppdC. dipD. chatE. mgetty

Answer: E

QUESTION NO: 92

When configuring a PPP dial-in server, which option is used (in the pppd configuration file) toenable user authentication against the system password database?

A. loginB. authC. localD. passwordE. user



Actua

lTests

.com

Answer: A

QUESTION NO: 93

To configure an LDAP service in the company " Certkiller Ltd", which of the following entriesshould be added to slapd.conf, in the Database Directives section, to set the rootdn so that thecommon name is Manager and the company's domain is Certkiller .com ?

A. rootdn cn=Manager dc= Certkiller dc=comB. rootdn "cn=Manager,dc= Certkiller ,dc=com"C. rootdn cn= Certkiller ,dc=com,dc=ManagerD. rootdn "cn= Certkiller ,dc=com,dc=Manager"E. rootdn "cn=Manager dc= Certkiller dc=com"


Which command can be used to change the password for an LDAP entry?

Answer: ldappasswd

QUESTION NO: 95

Which of the following commands can gather entries from the specified administrative NISdatabase group?

A. ypserv groupB. getent groupC. rpcinfo groupD. ypbind groupE. yppoll group

Answer: B

QUESTION NO: 96

What could be a reason for invoking vsftpd from (x) inetd?

A. It's not a good idea, because (x)inetd is not secureB. Runningvsftpd in standalone mode is only possible as root, which could be a security riskC. vsftpd cannot be started in standalone mode



Actua

lTests

.com

D. (x)inetd has more access control capabilitiesE. (x)inetd is needed to run vsftpd in a chroot jail

Answer: D

QUESTION NO: 97

An SSH server is configured to use tcp_wrappers and only hosts from the class C network192.168.1.0 should be allowed to access it. Which of the following lines would achieve this, whenentered in/etc/hosts.allow?

A. ALLOW: 192.168.1.0/255.255.255.0 : sshdB. sshd : 192.168.1.0/255.255.255.0 : ALLOWC. 192.168.1.0/255.255.255.0 : ALLOW: sshdD. tcpd: sshd : 192.168.1.0/255.255.255.0 : ALLOWE. sshd : ALLOW: 192.168.1.0/255.255.255.0

Answer: B

QUESTION NO: 98

Which TWO of the following statements about xinetd and inetd are correct?

A. xinetd supports access control by time.B. xinetd only supports TCP connections.C. xinetd is faster than xinetd and should be preferred for this reason.D. xinetd includes support for X connections.E. xinetd and inetd are used to reduce the number of listening daemons.

Answer: A,E

QUESTION NO: 99

A correctly-formatted entry has been added to /etc/hosts.allow to allow certain clients to connect toa service, but this is having no effect. What would be the cause of this?

A. tcpd needs to be sent the HUP signal.B. The service needs to be restarted.C. The machine needs to be restarted.D. There is a conflicting entry in /etc/hosts.deny .E. The service does not supporttcpwrappers



Actua

lTests

.com

Answer: E

QUESTION NO: 100

Which TWO /etc/hosts.allow entries will allow access to sshd from the class C network192.168.1.0?

A. sshd : 192.168.1.B. sshd : 192.168.1C. sshd : 192.168.1.0 netmask 255.255.255.0D. sshd : 192.168.1.0/255.255.255.0E. sshd : 192.168.1.0

Answer: A,D

QUESTION NO: 101

Which TWO of the following statements about the tcp_wrappers configuration files are correct?

A. Both files must be edited, to gettcp_wrappers to work properlyB. It is possible to configuretcp_wrappers using just one fileC. (x)inetd requires these filesD. All programs that provide network services use these files to control accessE. tcpd uses these files to control access to network services

Answer: B,E

QUESTION NO: 102

What is the appropriate configuration file entry to allow SSH to run from inetd?

A. ssh stream tcp nowait root /usr/sbin/tcpd sshdB. ssh stream tcp nowait root /usr/sbin/tcpd tcpdC. ssh stream tcpd nowait root /usr/sbin/tcpd sshdD. ssh data tcpd nowait root /usr/sbin/tcpd sshdE. ssh data tcp nowait root /usr/sbin/tcpd sshd

Answer: A

QUESTION NO: 103



Actua

lTests

.com

Which of the following sentences is TRUE about FreeS/WAN?

A. FreeS/WAN doesn't support remote users (i.e. notebook users with dynamic IP addresses)connecting to the LANB. FreeS/WAN needs a patch to support NAT traversal for users behind a NAT gatewayC. FreeS/WAN doesn't require any Linux kernel 2.4 modules to work properlyD. FreeS/WAN only enables the use of strong encryption between Linux hostsE. FreeS/WAN can't be used to establish a VPN between a Linux host and a Microsoft Windows2000 Server host

Answer: B

QUESTION NO: 104

As of Linux kernel 2.4, which software is used to configure a VPN?

A. IPSecB. SSHC. net - toolsD. FreeS/WANE. iproute2

Answer: D

QUESTION NO: 105

A program, called vsftpd, running in a chroot jail, is giving the following error: /bin/vsftpd: errorwhile loading shared libraries: libc.so.6: cannot open shared object file: No such file or directory.Which TWO of the following are possible solutions?

A. Get thevsftp source code and compile it statically.B. The file /etc/ld.so.conf must contain the path to the appropriate lib directory in the chroot jailC. Create a symbolic link that points to the required library outside thechroot jailD. Copy the required library to the appropriate lib directory in thechroot jail.E. Run the program using the commandchroot and the option --static_libs

Answer: A,D

QUESTION NO: 106

Which of the following can the program tripwire NOT check?



Actua

lTests

.com

A. File size.B. File signature.C. Permissions.D. File existence.E. Boot sectors.

Answer: E

QUESTION NO: 107

The following is an excerpt from the output of tcpdump -nli eth1 'udp': 13:03:17.277327 IP192.168.123.5.1065 > 192.168.5.112.53: 43653+ A? lpi.org. (25) 13:03:17.598624 IP192.168.5.112.53 > 192.168.123.5.1065: 43653 1/0/0 A 24.215.7.109 (41) Which network serviceor protocol was used?

A. FTPB. HTTPC. SSHD. DNSE. DHCP

Answer: D


According to the tcpdump output below, what is the IP address of the client host?

Answer: 192.168.246.11


Running tcpdump -nli eth1 'icmp' shows the following output: 11:56:35.599063 IP 192.168.123.5 >194.25.2.129: icmp 64: echo request seq 1 11:56:35.670910 IP 194.25.2.129 > 192.168.123.5:icmp 64: echo reply seq 1 What command was used on the host 192.168.123.5, to generate thisoutput?



Actua

lTests

.com

Answer: ping

QUESTION NO: 110

A server is being used as a smurf amplifier, whereby it is responding to ICMP Echo-Requestpackets sent to its broadcast address. To disable this, which command needs to be run?

A. ifconfig eth0 nobroadcastB. echo "0" > /proc/sys/net/ipv4/icmp_echo_accept_broadcastsC. iptables -A INPUT -p icmp -j REJECTD. echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcastsE. echo "1" > /proc/sys/net/ipv4/icmp_echo_nosmurf

Answer: D

QUESTION NO: 111

When the default policy for the iptables INPUT chain is set to DROP, why should a rule allowingtraffic to localhost exist?

A. All traffic tolocalhost must always be allowed.B. It doesn't matter;iptables never affects packets addressed to localhostC. Sendmail delivers emails to localhostD. Some applications use thelocalhost interface to communicate with other applications.E. syslogd receives messages on localhost

Answer: D

QUESTION NO: 112

To be able to access the server with the IP address 10.12.34.56 using HTTPS, a rule for iptableshas to be written. Given that the client host's IP address is 192.168.43.12, which of the followingcommands is correct?

A. iptables - A FORWARD -p tcp -s 0/0 -d 10.12.34.56 --dport 80 -j ACCEPTB. iptables - A FORWARD -p tcp -s 192.168.43.12 d 10.12.34.56:443 -j ACCEPT.C. iptables - A FORWARD -p tcp -s 192.168.43.12 -d 10.12.34.56 --dport 443 -j ACCEPT.D. iptables - A INPUT -p tcp -s 192.168.43.12 - d 10.12.34.56:80 -j ACCEPT.E. iptables - A FORWARD -p tcp -s 0/0 -d 10.12.34.56 --dport 443 -j ACCEPT.

Answer: C



Actua

lTests

.com


Which Apache directive is used to configure the main directory for the site, out of which it willserve documents?

Answer: DocumentRoot


Which file on a Postfix server modifies the sender address for outgoing e-mails? Please enter onlythe file name without the path

Answer: sender_canonical

QUESTION NO: 115

When connecting to an SSH server for the first time, its fingerprint is received and stored in a file,which is located at:

A. ~/ .ssh/fingerprintsB. ~/ .ssh/id_dsaC. ~/ .ssh/known_hostsD. ~/ .ssh/id_dsa.pubE. ~/ .ssh/gpg.txt

Answer: C


Which command can be used to save the current iptables rules into a file? Please enter only thecommand without path or parameters.

Answer: iptables-save

QUESTION NO: 117

Which THREE of the following actions should be considered when a FTP chroot jail is created?



Actua

lTests

.com

A. Create /dev/ and /etc/ in thechroot enviromentB. Create /etc/passwd in the chroot enviromentC. Create /var/cache/ftp in the chroot enviromentD. Create the user ftp in thechroot enviromentE. Create /usr/sbin/ in the chroot enviroment

Answer: A,B,D


All machines outside the network are able to send emails through the server to addresses notserved by that server. If the server accepts and delivers the email, then it is a(n) _____________.Please enter the English term, without any punctuation.

Answer: open relay

QUESTION NO: 119

Connecting to a remote host on the same LAN using ssh public-key authentication works butforwarding X11 doesn't. The remote host allows access to both services. Which of the followingcan be the reason for that behaviour?

A. The remote user'sssh_config file disallows X11 forwardingB. The remote server'ssshd_config file disallows X11 forwardingC. A different public key has to be used for X11D. X11 cannot be forwarded if public-key authentication was usedE. X11 though SSH needs a special X11 server application installed

Answer: B

QUESTION NO: 120

An iptables firewall was configured to use the target MASQUERADE to share a dedicated wirelessconnection to the Internet with a few hosts on the local network. The Internet connection becomesvery unstable in rainy days and users complain their connections drop when downloading e-mailor large files, while web browsing seems to be working fine. Which change to your iptables rulescould alleviate the problem?

A. Change the target MASQUERADE to SNATB. Change the target MASQUERADE to DNATC. Change the target MASQUERADE to BALANCE and provide a backup Internet connection



Actua

lTests

.com

D. Change the target MASQUERADE to REDIRECT and provide a backup Internet connectionE. Change the target MASQUERADE to BNAT

Answer: A

QUESTION NO: 121

Which command line create an SSH tunnel for POP and SMTP protocols?

A. ssh- L :110 -L :25 -1 user -N mailhostB. ssh -L 25:110 -1 user -N mailhostC. ssh -L mailhost:110 -L mailhost:25 -1 user -N mailhostD. ssh -L mailhost:25:110 -1 userE. ssh -L 110:mailhost:110 -L 25:mailhost:25 -1 user -N mailhost

Answer: E


Please enter the command used to remove Kerberos tickets from the cache below.

Answer: kdestory


Please enter the Kerberos 5 configuration file name without path below.

Answer: kdc.conf

QUESTION NO: 124

Which of these tools can provide the most information about DNS queries?

A. digB. nslookupC. hostD. named-checkconfE. named-checkzone

Answer: A



Actua

lTests

.com

QUESTION NO: 125

Which records must be entered in a zone file in order to use "Round Robin Load Distribution" for aweb server?

A. www.example.org. 60 IN A 192.168.1.1www.example.org. 60 IN A 192.168.1.2www.example.org. 60 IN A 192.168.1.3B. www.example.org. 60 IN A 192.168.1.1;192.168.1.2;192.168.1.3C. www.example.org. 60 IN A 192.168.1-3D. www.example.org. 60 IN RR 192.168.1:3E. www.example.org. 60 IN RR 192.168.1.1;192.168.1.2;192.168.1.3

Answer: A

QUESTION NO: 126

Which command would release the current IP address leased by a DHCP server?

A. ipconfig /releaseB. ifconfig --release-allC. dhclient -rD. ifconfig --releaseE. pump --release

Answer: C

QUESTION NO: 127

Remote access to a CD-RW device on a machine on a LAN must be restricted to a selected usergroup. Select the TWO correct alternatives that describe the possible solutions for this problem.

A. The remote access to these devices can be allowed to users by changing the display managerconfiguration and allowingsudo access for the user that will log in remotelyB. Thepam_console module allows access configuration to these devices via console, includingsimultaneous access by many usersC. Thepam_console module can be used to control access to devices via console,allowing/denying access to these devices in the user's sessionD. If thepam_console module is used, it must be checked as required, because it is essential foruser authentication



Actua

lTests

.com

E. Through thesudo configuration file, it is possible to set users that will have the power of the rootuser, so they can access the devices. Besides that, it is important to configure the /etc/pam.d/sufile, so the PAM modules can secure the service

Answer: C,E

QUESTION NO: 128

Select the alternative that shows the correct way to disable a user login (except for root)

A. The use of thepam_nologin module along with the /etc/login configuration fileB. The use of thepam_deny module along with the /etc/deny configuration fileC. The use of thepam_pwdb module along with the /etc/pwdb.conf configuration fileD. The use of thepam_console module along with the /etc/security/console.perms configuration fileE. The use of thepam_nologin module along with the /etc/nologin configuration file

Answer: E

QUESTION NO: 129

A new user was created on a master NIS server using useradd but cannot log in from an NISclient. Older users can log in. Which step was probably forgotten, when creating the new user?

A. Runningyppush on the NIS server to propagate map changes to NIS clientsB. Running make inside /var/yp on the NIS server to generate new mapsC. Starting theyppasswdd daemon on the NIS server to receive login re quests from NIS clientsD. Starting theypxfr daemon on the NIS client to fetch map changes from the NIS serverE. Restartingypxfr daemons on the NIS client and server to fetch map changes

Answer: A

QUESTION NO: 130

How can a user's default shell be checked, by querying an NIS server?

A. ypquery [email protected]. ypgrep user example.comC. ypmatch -d example.com user passwdD. ypcat -d example.com userE. ypq @example.com user +shell



Actua

lTests

.com

Answer: D

QUESTION NO: 131

A network has many network printers connected and they should get their addresses using DHCP.What information from each printer is needed to always assign them the same IP address whendhcpd is used as the DHCP server?

A. MAC addressB. Host nameC. Serial numberD. Factory default IP addressE. Built-in network card type

Answer: A

QUESTION NO: 132

Which daemon is required on the client if an ethernet device gets its IP address from a centralserver?

A. dhcpB. dhcpcdC. bootpdD. ethdE. dhcpd

Answer: B

QUESTION NO: 133

Which TWO of the following wireless tools can be used to check the wireless network link quality?

A. iwconfigB. iwlinkC. iwscanD. iwifiE. iwspy

Answer: A,E



Actua

lTests

.com

QUESTION NO: 134

Given this excerpt from an Apache configuration file, which of the numbered lines hasINCORRECT syntax?

1: 2: ServerAdmin [email protected]: DocumentRoot /home/http/admin4: ServerName admin.server.example.org5: DirectoryIndex index.php default.php6: ErrorLog logs/admin.server.example.org-error_log7: CustomLog logs/admin.server.example.org-access_log common8:

A. 1B. 1 and 4C. 1, 4 and 7D. 1 and 5E. None. The configuration is valid

Answer: E


Please enter the complete command to create a new password file for HTTP basic authentication(/home/http/data/web _passwd) for user john.

Answer: htpasswd -c /home/http/data/web_passwd john

QUESTION NO: 136

Select the TWO correct statements about the following excerpt from httpd.conf:

Order allow, denyDeny from all

A. The configuration will deny access to /var/web/dir1/private.html,/var/web/dirl/subdir2/private.html, /var/web/dirl/subdir3/private.html and any other instance ofprivate.html found under the /var/web/dir1/directory.



Actua

lTests

.com

B. The configuration will deny access to /var/web/dir1/private.html, but it will allow access to/var/web/dirl/subdir2/private.htm1, for example.C. The configuration will allow access to any file named private.html under /var/web/dir1, but it willdeny access to any other filesD. The configuration will allow access just to the file named private.html under /var/web/dir1E. The configuration will allow access to /var/web/private.html, if it exists

Answer: A,E

QUESTION NO: 137

Considering the following excerpt from the httpd.conf file, select the correct answer below:

AllowOverride AuthConfig Indexes

A. The Indexes directive in the excerpt allows the use of other index-related directives such asDirectoryIndexB. Both directivesAuthConfig and Indexes found in the server's .htaccess file will be overridden bythe same directives found in the httpd.conf fileC. The AuthConfig used in the excerpt allows the use of other authentication-related directivessuch as AuthTypeD. The excerpt is incorrect, as theAllowOverride cannot be used with Indexes, since the lattercannot be overriddenE. The excerpt is incorrect, becauseAllowOverride cannot be used inside a Location section

Answer: E

QUESTION NO: 138

Which of the following lines in the Apache configuration file would allow only clients with a validcertificate to access the website?

A. SSLCA conf/ca.crtB. AuthType sslC. IfModule libexec/ssl.cD. SSLRequireE. SSLVerifyClient require

Answer: E



Actua

lTests

.com


What directive can be used in named.conf to restrict zone transfers to the 192.168.1.0/24network?

Answer: allow-transfer { 192.168.1.0/24; };


With which parameter in the smb.conf file can a share be hidden?

Answer: $

QUESTION NO: 141

Which TWO of the following options are valid, in the /etc/exports file?

A. rwB. roC. rootsquashD. norootsquashE. uid

Answer: A,B

Explanation:Reference:


nfsd, portmap and ________ daemons must be running on an NFS server.

Answer: mountd

QUESTION NO: 143

Which of the following is needed, to synchronize the Unix password with the SMB password, whenthe encrypted SMB password in the smbpasswd file is changed?



Actua

lTests

.com

A. Nothing, because this is not possible.B. Runnetvamp regularly, to convert the passwords.C. Rin winbind --sync, to synchronize the passwords.D. Addunix password sync = yes to smb.conf.E. Addsmb unix password = sync to smb.conf.

Answer: D

QUESTION NO: 144

What command can be used to check the Samba configuration file?

A. testconfigB. testsmbconfigC. smbtestcfgD. smbtestparmE. testparm

Answer: E

QUESTION NO: 145

The new file server is a member of the Windows domain "foo". Which TWO of the followingconfiguration sections will allow members of the domain group "all" to read, write and execute filesin "/srv/smb/data"?

A. [data] comment = data share path = /srv/smb/data write list = @foo+all force group = @foo+allcreate mask = 0550 directory mask = 0770B. [data] comment = data share path = /srv/smb/data write list = @foo+all force group = @foo+allcreate mask = 0770 directory mask = 0770C. [data] path = /srv/smb/data write list = @foo+all force group = @foo+all create mask = 0770directory mask = 0770D. [data] comment = data share path = /srv/smb/data write list = @foo+all force group = @foo+alldirectory mask = 0770E. [data] comment = data share path = /srv/smb/data write list = @foo+all force group = all createmask = 0550 directory mask = 0770

Answer: B,C

QUESTION NO: 146



Actua

lTests

.com

Which command can be used to list all exported file systems from a remote NFS server:

A. exportfsB. nfsstatC. rpcinfoD. showmountE. importfs

Answer: D

QUESTION NO: 147

During which stage of the boot process would this message be seen?

Ide0: BM-DMA at 0xff00-0xff07, BIOS settings: hda:DMA, hdb:DMA

A. Boot loader start and hand off to kernelB. Kernel loadingC. Hardware initialization and setupD. Daemon initialization and setup

Answer: C

QUESTION NO: 148

Where should the LILO code reside, on a system with only one installation of Linux and no otheroperating systems?

A. In the master boot recordB. In the boot sectorC. In the /boot directoryD. At the start of the kernel

Answer: A

QUESTION NO: 149

During which stage of the boot process would this message be seen?

ide_setup:hdc=ide-scsi



Actua

lTests

.com

A. Boot loader start and hand off to kernelB. Kernel loadingC. Hardware initialization and setupD. Daemon initialization and setup

Answer: B


You have installed some new libraries, but these are not available to programs and are not listedby lconfig -p. What file should the path to the libraries be added to, before running ldconfig?

Answer: ld.so.conf

QUESTION NO: 151

What happens when the Linux kernel can't mount the root filesystem when booting?

A. An error message is shown, showing which device couldn't be mounted or informing thatinitcouldn't be found.B. An error message is shown and the system reboots after akeypress.C. An error message is shown and the system boots in maintenance mode.D. An error message is shown and the administrator is asked to specify a valid rootfilesystem tocontinue the boot process.E. An error message is shown, stating that the corresponding kernel module couldn't be loaded.

Answer: A


Please enter the command with all parameters and arguments, that could be used by root to listthe cron jobs for the user john.

Answer: crontab -u john -l


You are not sure whether the kernel has detected a piece of hardware in your machine. Whatcommand, without options or parameters, should be run to present the contents of the kernel ring-buffer?



Actua

lTests

.com

Answer: dmesg

QUESTION NO: 154

Messages from programs are not appearing in the user's native language. What environmentvariable must be set for this to happen?

A. LANGB. I18NC. MESSAGESD. MSGSE. LC_MSGS

Answer: A


Which program lists information about files opened by processes and produces output that can beparsed by other programs?

Answer: lsof

QUESTION NO: 156

When bash is invoked as an interactive login shell, which of the following sentences is true?

A. It first reads and executes commands in /etc/profile and then does same for ~/.bash_profile and~/.bashrcB. It first reads and executes commands in /etc/bashrc and then does same for /etc/profileC. It reads and executes commands in ~/.bashrc only if /etc/profile or another initialization scriptcalls it.D. It ignores /etc/profile and only reads and executes commands in ~/.bashrcE. It first reads and executes commands in /etc/profile and then does same for ~/.bash_profile,~/.bash_login and ~/.profile

Answer: C

QUESTION NO: 157

Why is the root file system mounted read-only during boot and remounted with write permissionlater on?



Actua

lTests

.com

A. Because if problems with the root file system are detected during the boot,fsck can be run,without risk of damage.B. Because this way crackers cannot collect information about root with boot sniffersC. To avoid writing to the disk, unless the root password is known.D. To avoid other operating systems overwriting the Linux root partitionE. Because the disk has its own write protection that cannot change by the operating system.

Answer: A


Which site-specific configuration file for the shadow login suite must be modified to log loginfailures? Please enter the complete path to that file.

Answer: /etc/login.defs

QUESTION NO: 159

Which of the following configuration lines will export /usr/local/share/ to nfsclient with read-writeaccess, ensuring that all changes are straight to the disk?

A. /usr/local/share nfsclient(rw) writtenB. nfsclient: /usr/local/share/:rw,syncC. /usr/local/share nfsclient:rw:syncD. /usr/local/share nfsclient(rw,sync)E. nfsclient(rw,sync) /usr/local/share

Answer: D


Which Samba-related command will show all options that were not modified using smb.conf andthus are set to their default values? Please enter the command and its parameter(s):

Answer: testparm -v

QUESTION NO: 161

A GRUB boot loader installed in the MBR was accidentally overwritten. After booting with a rescueCD-ROM, how can the lost GRUB first stage loader be recovered?



Actua

lTests

.com

A. Usedd to restore a previous backup of the MBRB. Install LILO since there is no easy way to recover GRUBC. Runningmformat will create a new MBR and fix GRUB using info from grub.confD. Run grub-install after verifying thatgrub.conf is correct.E. Runfdisk --mbr /dev/had assuming that the boot harddisk is /dev/hda.

Answer: D

QUESTION NO: 162

Where should the LILO code reside, on a system with only one installation of Linux and no otheroperating systems?

A. In the master boot recordB. In the boot sectorC. In the /boot directoryD. At the start of the kernel

Answer: A

QUESTION NO: 163

Journalling doesn't appear to be working on an ext3 file-system. When booting, the following lineappears: VFS: Mounted root (ext2 filesystem) readonly. What could be causing the problem?

A. An old version of e2fsprogs is installed.B. The kernel does not contain ext3 support.C. The file-system is specified as ext2 in/etc/fstab.D. The system was not shut down cleanly.

Answer: B


What is the path to the global postfix configuration file? (Please specify the complete directorypath and file name)

Answer: /etc/postfix/main.cf

QUESTION NO: 165



Actua

lTests

.com

What is the name of the dovecot configuration variable that specifies the location of user mail?

A. mboxB. mail_locationC. user_dirD. maildirE. user_mail_dir

Answer: B

QUESTION NO: 166

What is the missing keyword in the following configuration sample for dovecot which defines whichauthentication types to support? (Specify only the keywork)

auth default {______ = plain login cram-md5}

A. auth_orderB. mechanismsC. methodsD. supported

Answer: B


What postfix configuration setting defines the domains for which Postfix will deliver mail locally?(Please provide only the configuration setting name with no other information)

Answer: mydomain

QUESTION NO: 168

What does the following procmail configuration section do?

:0fw* < 256000| /usr/bin/foo



Actua

lTests

.com

A. procmail sends all email older than 256000 seconds to the external program fooB. If an email contains a value less than 256000 anywhere withinit, procmail will process the emailwith the program fooC. procmail sends mail containing less than 256000 words to program fooD. The programfoo is used instead of procmail for all emails larger than 256000 BytesE. If the email smaller than 256000 Bytes,procmail will process it with the program foo

Answer: E

QUESTION NO: 169

Which setting in the Courier IMAP configuration file will tell the IMAP daemon to only listen on thelocalhost interface?

A. ADDRESS=127.0.0.1B. Listen 127.0.0.1C. INTERFACE=127.0.0.1D. LOCALHOST_ONLY=1

Answer: A

QUESTION NO: 170

You suspect that you are receiving messages with a forged From: address. What could help youfind out where the mail is originating?

A. Install TCP wrappers, and log all connections on port 25B. Add the command 'FR-strlog' to the sendmail.cf fileC. Add the command 'define ('LOG_REAL_FROM')dnl' to the sendmail.mc fileD. Run a filter in the aliases file that checks the originating address when mail arrivesE. Look in the Received: and Message-ID: parts of the mail header

Answer: E

QUESTION NO: 171

You have to mount the /data filesystem from an NFS server(srvl) that does not support locking.Which of the following mount commands should you use?

A. mount -a -t nfsB. mount -o locking=offsrvl:/data /mnt/data



Actua

lTests

.com

C. mount -onolocking srvl:/data /mnt/dataD. mount -onolock srvl:/data /mnt/dataE. mount -onolock /data@srvl /mn/data

Answer: D

QUESTION NO: 172

After changing /etc/exports on a server, remote hosts are still unable to mount the exporteddirectories. What should be the next action?

Please select TWO correct answers.

A. Restart the NFS daemonB. Runexportfs -a on the serverC. Runexportfs -f on the serverD. Runshowmount -a on the serverE. Restart the remote hosts

Answer: B


The command ___________ -x foo will delete the user foo from the Samba database. (Specify thecommand only, no path information.)

Answer: smbpasswd

QUESTION NO: 174

In what mode is your FTP session when the client side makes the connections to both the dataand command ports of the FTP server?

A. passiveB. activeC. impassiveD. safeE. inactive

Answer: A



Actua

lTests

.com

QUESTION NO: 175

Which of the following organisations track and report on security related flaws in computertechnology? (Please select TWO answers)

A. BugtraqB. CERTC. CSISD. FreshmeatE. Kernel.org

Answer: A,C

QUESTION NO: 176

Which of the following Linux services has support for only the Routing Information Protocol (RIP)routing protocol?

A. gatedB. ipchainsC. netfilterD. routedE. zebra

Answer: D

QUESTION NO: 177

Which of the following is NOT included in a Snort rule header?

A. protocolB. actionC. source IP addressD. packet byte offsetE. source port

Answer: D

QUESTION NO: 178

Which environment variables are used by ssh-agent? (Please select TWO variables)



Actua

lTests

.com

A. SSH_AGENT_KEYB. SSH_AGENT_SOCKC. SSH_AGENT_PIDD. SSH_AUTH_SOCKE. SSH_AUTH_PID

Answer: B,C

QUESTION NO: 179

What tool scans log files for unsuccessful login attempts and blocks the offending IP addresseswith firewall rules?

A. nessusB. nmapC. ncD. watchlogsE. fai12ban

Answer: E


This program has 3 operating modes: copy-in mode, copy-out mode, and copy-pass mode, and isused to copy files into or out of archives. What program is this? (Please provide the commandname only, with no arguments or path.)

Answer: cpio

QUESTION NO: 181

Running sysctl has the same effect as:

A. Changing the kernel compilation parametersB. Writing to files inside /procC. Changing process limits usingulimitD. Editing files inside /etc/sysconfigE. There is no equivalent to this utility

Answer: B



Actua

lTests

.com

QUESTION NO: 182

Which files are read by the lsdev command? (Please specify THREE answers)

A. /proc/dmaB. /proc/filesystemsC. /proc/interruptsD. /proc/ioportsE. /proc/swaps

Answer: A,C,D

QUESTION NO: 183

Which of the following describes the main purpose of strace?

A. Show the TCP/IP stack data, to help to solve network problemsB. Help to follow the traces of intruders of the internal networkC. Debug programs by displaying the original code of the program.Itis a kind of "disassembler"D. Reverse engineer applications, resulting in the source code of the programE. Debug programs by monitoring system calls and reporting them

Answer: E

QUESTION NO: 184

The following data is some of the output produced by a program. Which program produced thisoutput?

strftime (" Thu", 1024, "%a", 0xb7f64380) =4fwrite("Thu", 3, 1, 0xb7f614e0) =1fputc (' ', 0xb7f614e0) =32strftime (" Feb", 1024, " %b", 0xb7f64380) =4fwrite("Feb", 3, 1, 0xb7f614e0) =1fputc (' ', 0xb7f614e0) =32fwrite("19", 2, 1, 0xb7f614e0) =1

A. lsofB. 1traceC. nmD. straceE. time



Actua

lTests

.com

Answer: B


In which directory can all parameters available to sysctl be found? (Provide the full path)

Answer: /proc/sys

QUESTION NO: 186

On bootup, LILO prints out LIL and stops. What is the cause of this?

A. The descriptor table is badB. LILO failed to load the second stage loaderC. LILO failed to load the primary stage loaderD. LILO failed to locate the kernel image

Answer: A

QUESTION NO: 187

A server was rebuilt using a full system backup but with a different disk setup. The kernel won'tboot, complaining it cannot find the root filesystem. Which of the following commands will fix thiserror by pointing the kernel image to the new root partition?

A. mkbootdiskB. tune2fsC. rdevD. grub-installE. fdisk

Answer: C

QUESTION NO: 188

An administrator wants to issue the command echo 1 >/var/ log/boater.log once all of the scripts in/etc/rc2.d have been executed. What is the best way to accomplish this?

A. Add the command to /etc/rc.localB. Create a script in ~/.kde/Autostart/ and place the command in it



Actua

lTests

.com

C. Create a script in /etc/init.d/ and place a link to it in /etc/rc2.d/D. Create a script in /etc/rc2.d/ and place the command in it

Answer: A

QUESTION NO: 189

An administrator has placed an executable in the directory /etc/init.d, however it is not beingexecuted when the system boots into runlevel 2. What is the most likely cause of this?

A. The script has not been declared in /etc/servicesB. runleve1 2 is not declared in /etc/inittabC. The script has the permissions 700 and is owned by rootD. A corresponding link was not created in /etc/rc2.d

Answer: D


Instead of running the command echo 1 >/proc/sys/net/ipv4/ip_forward, the configuration setting isgoing to be added to /etc/sysctl.conf. What is the missing value in the configuration line below?(Please specify only the missing value)

Answer: net.ipv4.ip_forward

QUESTION NO: 191

For an LDAP client configuration, the LDAP base needs to be set. Which TWO of the followingactions would achieve that?

A. export LDAPBASE=dc=linuxfoo,dc=comB. export BASE=dc=linuxfoo,dc=comC. Editldapbase.conf and add "BASE dc=linuxfoo,dc=com".D. Editcldap.conf and add "BASE dc=linuxfoo,dc=com".E. Editldap.conf and add "BASE dc=linuxfoo,dc=com".

Answer: A,E

QUESTION NO: 192



Actua

lTests

.com

Which of the following options can be passed to a DHCP client machine using configurationoptions on the DHCP server?

A. The NIS domain nameB. The resolving order in /etc/resolv.confC. The priority order innsswitch.confD. The filter rules foriptablesE. The contents ofhosts.allow and hosts.deny

Answer: A

QUESTION NO: 193

Which answer best describes the meaning of the following LDAP search command:

ldapseareh -x" (&(cn=marie)(telephoneNumber=9*))"

A. It is searching for all entries that don't have thecn attribute equal to marie OR thetelephoneNumber attribute starting with number 9B. It is searching for all entries that have thecn attribute equal to marie AND the telephoneNumberattribute starting with number 9C. It is searching for all entries that have thecn attribute equal to marie AND the telephoneNumberattribute ending with number 9D. It is searching for all entries that don't have thecn attribute equal to marie AND thetelephoneNumber attribute starting with number 9E. It is searching for all entries that have thecn attribute different than marie OR thetelephoneNumber attribute starting with number 9

Answer: B

QUESTION NO: 194

In a PAM configuration file, a sufficient control allows access:

A. Immediately on success, if no previous required or requisite control failedB. Immediately on success, regardless of other controlsC. After waiting if all other controls return successD. Immediately, but only if the user is root

Answer: A



Actua

lTests

.com


What is the name of the module in Apache that provides the HTTP Basic Authenticationfunctionality? (Please provide ONLY the module name)

Answer: mod_auth

QUESTION NO: 196

After setting up Apache to run inside a chroot jail as a non-root user, httpd no longer starts. Whatis the primary cause of the problem?

A. Apache needs to start as root to bind to port 80B. Apache cannot read the main index.html file because it was not moved into thechrootenvironmentC. ALoadModule line for mod_chroot needs to be added to httpd.confD. Apache requires aVirtualHost directive when running from a chroot environmentE. Themod_chroot configuration needs the absolute path to the chroot environment

Answer: A

QUESTION NO: 197

Which is a valid Squid option to define a listening port?

A. http-listen-port=3128B. http_port 3128C. squid_port 3128

Answer: C

QUESTION NO: 198

What is the name of the network security scanner project which, at the core, is a server with a setof network vulnerability tests (NVTs)?

A. nmapB. OpenVASC. SnortD. wireshark

Answer: B



Actua

lTests

.com

QUESTION NO: 199

How must Samba be configured, so that it can check passwords against the ones in /etc/passwdand /etc/shadow?

A. Set the parameters "encrypt passwords = yes" and "password file = /etc/passwd".B. Set the parameters "encrypt passwords = yes", "password file = /etc/passwd" and "passwordalgorithm =crypt"C. Delete thesmbpasswd file and create a symbolic link to the passwd and shadow fileD. It is not possible for Samba to use/etc/passwd and /etc/shadowE. Runsmbpasswd to convert /etc/passwd and /etc/shadow to a Samba pass word file

Answer: D


What command is used to print NFS kernel statistics? (Provide the command with or withoutcomplete path)

Answer: nfsstat

QUESTION NO: 201

What is the standard port number for the unencrypted IMAP service?

A. 25B. 143C. 443D. 993E. 1066

Answer: A


What is the default location for sendmail configuration files? (Please provide the complete path tothe directory)

Answer: /etc/mail



Actua

lTests

.com


Postfix daemons can be chroot'd by setting the chroot flag in _______. (Supply only the filename,without a path)

Answer: master.cf



117-202

Documents

server answer

b question

set version

c question

ser version

server doesnt

dhcp server

optional answer