Lpi 202-450 Free Practice Test

Pdfprep

4 years ago

202-450 test dumps incorporate a wide variety of testing features and capabilities with the ease of use. Due to decades of efforts of the Lpi experts, 202-450 prep questions are valid and accuracy with high hit rate. When the exam questions are updated or changed, 202-450 experts will devote all the time and energy to do study & research, then ensure that 202-450 prep questions have high quality, facilitating customers.

Page 1 of 5

1. On a Linux router, packet forwarding for IPv4 has been enabled. After a reboot, the machine no longer forwards IP packets from other hosts. The command:

echo 1 > /proc/sys/net/ipv4/ip_forward

temporarily resolves this issue.

Which one of the following options is the best way to ensure this setting is saved across system restarts?

Add echo 1 > /proc/sys/net/ipv4/ip_forward to the root user login script

Add echo 1 > /proc/sys/net/ipv4/ip_forward to any user login script

In /etc/sysct1.conf change net.ipv4.ip_forward to 1

In /etc/rc.local add net.ipv4.ip_forward = 1

In /etc/sysconfig/iptables-config add ipv4.ip_forward = 1

2. What information can be found in the file specified by the status parameter in an OpenVPN server configuration file? (Choose two.)

Errors and warnings generated by the openvpn daemon

Routing information

Statistical information regarding the currently running openvpn daemon

A list of currently connected clients

A history of all clients who have connected at some point

3. Which of the following lines in the sshd configuration file should, if present, be changed in order to increase the security of the server? (Choose two.)

Protocol 2, 1

PermitEmptyPasswords no

Port 22

PermitRootLogin yes

IgnoreRhosts yes

4. Which of the following nmap parameters scans a target for open TCP ports? (Choose two.)

-sO

-sZ

-sT

-sU

-sS

5. Which of the statements below are correct regarding the following commands, which are executed on a Linux router? (Choose two.)

Packets with source or destination addresses from fe80::/64 will never occur in the FORWARD chain

The rules disable packet forwarding because network nodes always use addresses from fe80::/64 to identify routers in their routing tables

ip6tables returns an error for the second command because the affected network is already part of another rule

Both ip6tables commands complete without an error message or warning

The rules suppress any automatic configuration through router advertisements or DHCPv6

6. What option in the client configuration file would tell OpenVPN to use a dynamic source port when making a connection to a peer?

src-port

remote

source-port

nobind

dynamic-bind

7. Which Linux user is used by vsftpd to perform file system operations for anonymous FTP users?

The Linux user which runs the vsftpd process

The Linux user that owns the root FTP directory served by vsftpd

The Linux user with the same user name that was used to anonymously log into the FTP server

The Linux user root, but vsftpd grants access to anonymous users only to globally read-/writeable files

The Linux user specified in the configuration option ftp_username

8. Which of the following sshd configuration should be set to no in order to fully disable password based logins? (Choose two.)

PAMAuthentication

ChallengegeResponseAuthentication

PermitPlaintextLogin

UsePasswords

PasswordAuthentication

9. When the default policy for the netfilter INPUT chain is set to DROP, why should a rule allowing traffic to localhost exist?

All traffic to localhost must always be allowed

It doesn’t matter; netfilter never affects packets addressed to localhost

Some applications use the localhost interface to communicate with other applications

syslogd receives messages on localhost

The iptables command communicates with the netfilter management daemon netfilterd on localhost to create and change packet filter rules

10. CORRECT TEXT

What command creates a SSH key pair? (Specify ONLY the command without any path or parameters)

Page 2 of 5

11. The content of which local file has to be transmitted to a remote SSH server in order to be able to log into the remote server using SSH keys?

~/.ssh/authorized_keys

~/.ssh/config

~/.ssh/id_rsa.pub

~/.ssh/id_rsa

~./ssh/known_hosts

12. What is the name of the network security scanner project which, at the core, is a server with a set of network vulnerability tests?

NetMap

OpenVAS

Smartscan

Wireshark

13. With fail2ban, what is a ‘jail’?

A netfilter rules chain blocking offending IP addresses for a particular service

A group of services on the server which should be monitored for similar attack patterns in the log files

A filter definition and a set of one or more actions to take when the filter is matched

The chroot environment in which fail2ban runs

14. The program vsftpd, running in a chroot jail, gives the following error:

Which of the following actions would fix the error?

The file /etc/ld.so.conf in the root filesystem must contain the path to the appropriate lib directory in the chroot jail

Create a symbolic link that points to the required library outside the chroot jail

Copy the required library to the appropriate lib directory in the chroot jail

Run the program using the command chroot and the option--static_libs

15. Which of the following Samba configuration parameters is functionally identical to the parameter read only=yes?

browseable=no

read write=no

writeable=no

write only=no

write access=no

16. How must Samba be configured such that it can check CIFS passwords against those found in /etc/passwd and /etc/shadow?

Set the parameters “encrypt passwords = yes” and “password file = /etc/passwd”

Set the parameters “encrypt passwords = yes”, “password file = /etc/passwd” and “password algorithm = crypt”

Delete the smbpasswd file and create a symbolic link to the passwd and shadow file

It is not possible for Samba to use /etc/passwd and /etc/shadow directly

Run smbpasswd to convert /etc/passwd and /etc/shadow to a Samba password file

17. In which CIFS share must printer drivers be placed to allow Point’n’Print driver deployment on Windows?

winx64drv$

print$

The name of the share is specified in the option print driver share within each printable share in smb.conf

pnpdrivers$

NETLOGON

18. Which of the following Samba services handles the membership of a file server in an Active Directory domain?

winbindd

nmbd

msadd

admemb

samba

19. Which of the following statements is true regarding the NFSv4 pseudo file system on the NFS server?

It must be called /exports

It usually contains bind mounts of the directory trees to be exported

It must be a dedicated partition on the server

It is defined in the option Nfsv4-Root in /etc/pathmapd.conf

It usually contains symlinks to the directory trees to be exported

20. A user requests a “hidden” Samba share, named confidential, similar to the Windows Administration Share.

How can this be configured?

Option A

Option B

Option C

Option D

Option E

Page 3 of 5

21. Which of the following options are valid in /etc/exports? (Choose two.)

rootsquash

norootsquash

uid

22. Which command is used to configure which file systems a NFS server makes available to clients?

exportfs

mkfs.nfs

mount

nfsservct1

telinit

23. Which of these tools, without any options, provides the most information when performing DNS queries?

dig

nslookup

host

named-checkconf

named-checkzone

24. Performing a DNS lookup with dig results in this answer:

There is no . after linuserv.example.net in the PTR record in the forward lookup zone file

There is no . after linuserv in the PTR record in the forward lookup zone file

There is no . after linuserv.example.net in the PTR record in the reverse lookup zone file

The . in the NS definition in the reverse lookup zone has to be removed

25. What option for BIND is required in the global options to disable recursive queries on the DNS server by default?

allow-recursive-query ( none; );

allow-recursive-query off;

recursion { disabled; };

recursion { none; };

recursion no;

26. Which of the following DNS records could be a glue record?

ns1.labA198.51.100.53

labNS198.51.100.53

ns1.labNS198.51.100.53

ns1.A198.51.100.53

ns1.labGLUE198.51.100.53

27. What is DNSSEC used for?

Encrypted DNS queries between nameservers

Cryptographic authentication of DNS zones

Secondary DNS queries for local zones

Authentication of the user that initiated the DNS query

Encrypting DNS queries and answers

28. What word is missing from the following excerpt of a named.conf file?

networks

net

list

acl

group

29. In a BIND zone file, what does the @ character indicate?

It’s the fully qualified host name of the DNS server

It’s an alias for the e-mail address of the zone master

It’s the name of the zone as defined in the zone statement in named.conf

It’s used to create an alias between two CNAME entries

30. Which BIND option should be used to limit the IP addresses from which slave name servers may connect?

allow-zone-transfer

allow-transfer

allow-secondary

allow-slaves

allow-queries

Page 4 of 5

31. In order to protect a directory on an Apache HTTPD web server with a password, this configuration was added to an .htaccess file in the respective directory:

Furthermore, a file /var/www/dir/ .htpasswd was created with the following content:

usera:S3cr3t

Given that all these files were correctly processed by the web server processes, which of the following statements is true about requests to the directory?

The user usera can access the site using the password s3cr3t

Accessing the directory as usera raises HTTP error code 442 (User Not Existent)

Requests are answered with HTTP error code 500 (Internal Server Error)

The browser prompts the visitor for a username and password but logins for usera do not seem to work

The web server delivers the content of the directory without requesting authentication

32. Which Apache HTTPD directive enables HTTPS protocol support?

HTTPSEngine on

SSLEngine on

SSLEnable on

HTTPSEnable on

StartTLS on

33. CORRECT TEXT

What configuration directive of the Apache HTTPD server defines where log files are stored? (Specify ONE of the directives without any other options.)

34. Which statements about the Alias and Redirect directives in Apache HTTPD’s configuration file are true? (Choose two.)

Alias can only reference files under DocumentRoot

Redirect works with regular expressions

Redirect is handled on the client side

Alias is handled on the server side

Alias is not a valid configuration directive

35. Which http_access directive for Squid allows users in the ACL named sales_net to only access the Internet at times specified in the time_acl named sales_time?

http_access deny sales_time sales_net

http_access allow sales_net sales_time

http_access allow sales_net and sales-time

allow http_access sales_net sales_time

http_access sales_net sales_time

36. Which global option in squid.conf sets the port number or numbers that Squid will use to listen for client requests?

port

client_port

http_port

server_port

squid_port

37. When using mod_authz_core, which of the following strings can be used as an argument to Require in an Apache HTTPD configuration file to specify the authentication provider? (Choose three.)

method

all

regex

header

expr

38. Which tool creates a Certificate Signing Request (CSR) for serving HTTPS with Apache HTTPD?

apachect1

certgen

cartool

httpsgen

openssl

39. In response to a certificate signing request, a certification authority sent a web server certificate along with the certificate of an intermediate certification authority that signed the web server certificate.

What should be done with the intermediate certificate in order to use the web server certificate with Apache HTTPD?

The intermediate certificate should be merged with the web server’s certificate into one file that is specified in SSLCertificateFile

The intermediate certificate should be used to verify the certificate before its deployment on the web server and can be deleted

The intermediate certificate should be stored in its own file which is referenced in SSLCaCertificateFile

The intermediate certificate should be improved into the certificate store of the web browser used to test the correct operation of the web server

The intermediate certificate should be archived and resent to the certification authority in order to request a renewal of the certificate

40. CORRECT TEXT

Which directive in a Nginx server configuration block defines the TCP ports on which the virtual host will be available, and which protocols it will use? (Specify ONLY the option name without any values.)

Page 5 of 5

41. When trying to reverse proxy a web server through Nginx, what keyword is missing from the following configuration sample?

remote_proxy

reverse_proxy

proxy_reverse

proxy_pass

forward_to

42. If there is no access directive, what is the default setting for OpenLDAP?

Option A

Option B

Option C

Option D

43. A host, called lpi, with the MAC address 08:00:2b:4c:59:23 should always be given the IP address of 192.168.1.2 by a DHCP server running ISC DHCPD.

Which of the following configurations will achieve this?

Option A

Option B

Option C

Option D

Option E

44. How is the LDAP administrator account configured when the rootdn and rootpw directives are not present in the slapd.conf file?

The default account admin with the password admin are used

The account is defined by an ACL in slapd.conf

The default account admin is used without a password

The account is defined in the file /etc/ldap.secret

The account is defined in the file /etc/ldap.root.conf

45. Which of the following PAM modules allows the system administrator to use an arbitrary file containing a list of user and group names with restrictions on the system resources available to them?

pam_filter

pam_limits

pam_listfile

pam_unix

46. CORRECT TEXT

According to this LDIF excerpt, which organizational unit is Robert Smith part of? (Specify only the organizational unit.)

47. In a PAM configuration file, which of the following is true about the required control flag?

If the module returns success, no more modules of the same type will be invoked

The success of the module is needed for the module-type facility to succeed. If it returns a failure, control is returned to the calling application

The success of the module is needed for the module-type facility to succeed. However, all remaining modules of the same type will be invoked

The module is not critical and whether it returns success or failure is not important

If the module returns failure, no more modules of the same type will be invoked

48. CORRECT TEXT

What is the name of the root element of the LDAP tree holding the configuration of an OpenLDAP server that is using directory based configuration? (Specify ONLY the element’s name without any additional information.)

Categories: Lpi Online Questions

Tags: 202-450 Online Questions