202-450 : LPIC-2 Exam 202 : Part 01

202-450 : LPIC-2 Exam 202 : Part 01

1. On a Linux router, packet forwarding for IPv4 has been enabled. After a reboot, the machine no longer forwards IP packets from other hosts. The command:
   echo 1 > /proc/sys/net/ipv4/ip_forward
   temporarily resolves this issue.

   Which one of the following options is the best way to ensure this setting is saved across system restarts?

   • Add echo 1 > /proc/sys/net/ipv4/ip_forward to the root user login script
   • Add echo 1 > /proc/sys/net/ipv4/ip_forward to any user login script
   • In /etc/sysct1.conf change net.ipv4.ip_forward to 1
   • In /etc/rc.local add net.ipv4.ip_forward = 1
   • In /etc/sysconfig/iptables-config add ipv4.ip_forward = 1

2. What information can be found in the file specified by the status parameter in an OpenVPN server configuration file? (Choose two.)

   • Errors and warnings generated by the openvpn daemon
   • Routing information
   • Statistical information regarding the currently running openvpn daemon
   • A list of currently connected clients
   • A history of all clients who have connected at some point

3. Which of the following lines in the sshd configuration file should, if present, be changed in order to increase the security of the server? (Choose two.)

   • Protocol 2, 1

   • PermitEmptyPasswords no

   • Port 22

   • PermitRootLogin yes

   • IgnoreRhosts yes

4. Which of the following nmap parameters scans a target for open TCP ports? (Choose two.)

   • -sO

   • -sZ

   • -sT

   • -sU

   • -sS

5. Which of the statements below are correct regarding the following commands, which are executed on a Linux router? (Choose two.)

   

   • Packets with source or destination addresses from fe80::/64 will never occur in the FORWARD chain
   • The rules disable packet forwarding because network nodes always use addresses from fe80::/64 to identify routers in their routing tables
   • ip6tables returns an error for the second command because the affected network is already part of another rule
   • Both ip6tables commands complete without an error message or warning
   • The rules suppress any automatic configuration through router advertisements or DHCPv6

6. What option in the client configuration file would tell OpenVPN to use a dynamic source port when making a connection to a peer?

   • src-port

   • remote

   • source-port

   • nobind

   • dynamic-bind

7. Which Linux user is used by vsftpd to perform file system operations for anonymous FTP users?

   • The Linux user which runs the vsftpd process
   • The Linux user that owns the root FTP directory served by vsftpd
   • The Linux user with the same user name that was used to anonymously log into the FTP server
   • The Linux user root, but vsftpd grants access to anonymous users only to globally read-/writeable files
   • The Linux user specified in the configuration option ftp_username

8. Which of the following sshd configuration should be set to no in order to fully disable password based logins? (Choose two.)

   • PAMAuthentication

   • ChallengegeResponseAuthentication

   • PermitPlaintextLogin

   • UsePasswords

   • PasswordAuthentication

9. When the default policy for the netfilter INPUT chain is set to DROP, why should a rule allowing traffic to localhost exist?

   • All traffic to localhost must always be allowed
   • It doesn’t matter; netfilter never affects packets addressed to localhost
   • Some applications use the localhost interface to communicate with other applications
   • syslogd receives messages on localhost
   • The iptables command communicates with the netfilter management daemon netfilterd on localhost to create and change packet filter rules

10. FILL BLANK

    What command creates a SSH key pair? (Specify ONLY the command without any path or parameters)

    • ssh-keygen

11. The content of which local file has to be transmitted to a remote SSH server in order to be able to log into the remote server using SSH keys?

    • ~/.ssh/authorized_keys

    • ~/.ssh/config

    • ~/.ssh/id_rsa.pub

    • ~/.ssh/id_rsa

    • ~./ssh/known_hosts

    Explanation:

    Reference: https://www.digitalocean.com/community/tutorials/ssh-essentials-working-with-ssh-servers-clients-and-keys

12. What is the name of the network security scanner project which, at the core, is a server with a set of network vulnerability tests?

    • NetMap
    • OpenVAS
    • Smartscan
    • Wireshark

13. With fail2ban, what is a ‘jail’?

    • A netfilter rules chain blocking offending IP addresses for a particular service
    • A group of services on the server which should be monitored for similar attack patterns in the log files
    • A filter definition and a set of one or more actions to take when the filter is matched
    • The chroot environment in which fail2ban runs
    Explanation:
    Reference: https://docs.plesk.com/en-US/onyx/administrator-guide/server-administration/protection-against-brute-force-attacks-fail2ban/fail2ban-jails-management.73382/

14. The program vsftpd, running in a chroot jail, gives the following error:

    

    Which of the following actions would fix the error?

    • The file /etc/ld.so.conf in the root filesystem must contain the path to the appropriate lib directory in the chroot jail
    • Create a symbolic link that points to the required library outside the chroot jail
    • Copy the required library to the appropriate lib directory in the chroot jail
    • Run the program using the command chroot and the option--static_libs

15. Which of the following Samba configuration parameters is functionally identical to the parameter read only=yes?

    • browseable=no

    • read write=no

    • writeable=no

    • write only=no

    • write access=no

16. How must Samba be configured such that it can check CIFS passwords against those found in /etc/passwd and /etc/shadow?

    • Set the parameters “encrypt passwords = yes” and “password file = /etc/passwd”
    • Set the parameters “encrypt passwords = yes”, “password file = /etc/passwd” and “password algorithm = crypt”
    • Delete the smbpasswd file and create a symbolic link to the passwd and shadow file
    • It is not possible for Samba to use /etc/passwd and /etc/shadow directly
    • Run smbpasswd to convert /etc/passwd and /etc/shadow to a Samba password file

17. In which CIFS share must printer drivers be placed to allow Point’n’Print driver deployment on Windows?

    • winx64drv$

    • print$

    • The name of the share is specified in the option print driver share within each printable share in smb.conf

    • pnpdrivers$

    • NETLOGON

18. Which of the following Samba services handles the membership of a file server in an Active Directory domain?

    • winbindd
    • nmbd
    • msadd
    • admemb
    • samba

19. Which of the following statements is true regarding the NFSv4 pseudo file system on the NFS server?

    • It must be called /exports
    • It usually contains bind mounts of the directory trees to be exported
    • It must be a dedicated partition on the server
    • It is defined in the option Nfsv4-Root in /etc/pathmapd.conf
    • It usually contains symlinks to the directory trees to be exported

20. A user requests a “hidden” Samba share, named confidential, similar to the Windows Administration Share. How can this be configured?

    • 

    • 

    • 

    • 

    •