This page was exported from IT certification exam materials [ http://blog.dumpleader.com ]

Export date:Sat Feb 22 7:42:26 2025 / +0000 GMT

___________________________________________________


Title: Online Questions - Valid Practice To your 202-450 Exam (Updated 120 Questions) [Q31-Q55]

---------------------------------------------------



 Online Questions - Valid Practice To your 202-450 Exam (Updated 120 Questions)
Practice To 202-450 - Remarkable Practice On your LPIC-2 - Exam 202 (part 2 of 2), version 4.5 Exam


Passing the LPIC-2 Exam 202, Part 2 of 2, version 4.5 certification exam demonstrates to employers and peers that the individual has advanced Linux administration skills and is capable of managing complex Linux systems. It is a valuable certification for individuals seeking to advance their careers in Linux administration and can lead to higher-paying job opportunities.
 


QUESTION 31Which netfilter table contains built-in chains called INPUT, OUTPUTand FORWARD?
 ipconn
 filter
 nat
 default
 masq
Explanation/Reference:Reference: http://shorewall.org/NetfilterOverview.htmlQUESTION 32After running ssh-keygen and accepting the default values, which of the following files are changed or created? (Choose two.)
 ~/.ssh/id_rsa.key
 ~/.ssh/id_rsa.pub
 ~/.ssh/id_rsa.prv
 ~/.ssh/id_rsa.crt
 ~/.ssh/id_rsa
QUESTION 33Which of the following Samba configuration parameters is functionally identical to the parameter read only=yes?
 browseable=no
 read write=no
 writeable=no
 write only=no
 write access=no
QUESTION 34A host, called lpi, with the MAC address 08:00:2b:4c:59:23 should always be given the IP address of192.168.1.2 by a DHCP server running ISC DHCPD.Which of the following configurations will achieve this?
 Option A
 Option B
 Option C
 Option D
 Option E
QUESTION 35A user requests a “hidden” Samba share, named confidential, similar to the Windows Administration Share.How can this be configured?
 Option A
 Option B
 Option C
 Option D
 Option E
QUESTION 36In the main Postfix configuration file, how are service definitions continued on the next line?
 It isn’t possible. The service definition must fit on one line.
 The initial line must end with a backslash character ().
 The following line must begin with a plus character (+).
 The following line must begin with white space indentation.
 The service definition continues on the following lines until all of the required fields are specified.
ExplanationIn the main Postfix configuration file, which is usually /etc/postfix/main.cf, service definitions are continued on the next line by starting the following line with white space indentation. This means that the line must begin with one or more spaces or tabs. This is useful when a service definition has many parameters or options that would make the line too long or hard to read. For example, a service definition for the smtpd daemon could look like this:The first line defines the service name, type, private flag, unpriv flag, chroot flag, wakeup time, maxproc limit, and command. The following lines, indented with white space, define additional options for the smtpd command, such as the syslog name, the SASL authentication, and the recipient restrictions. Each option is prefixed with -o and separated by white space.References: You can find more information about the main Postfix configuration file and the service definition syntax in the following resources:Postfix Basic ConfigurationPostfix Architecture OverviewQUESTION 37Which FTP names are recognized as anonymous users in vsftp when the option anonymous_enable is set to yes in the configuration files? (Choose two.)
 anonymous
 ftp
 In the described configuration, any username which neither belongs to an existing user nor has another special meaning is treated as anonymous user.
 nobody
 guest
QUESTION 38After running ssh-keygen and accepting the default values, which of the following files are changed or created? (Choose two.)
 ~/.ssh/id_rsa.key
 ~/.ssh/id_rsa.pub
 ~/.ssh/id_rsa.prv
 ~/.ssh/id_rsa.crt
 ~/.ssh/id_rsa
ExplanationAfter running ssh-keygen and accepting the default values, the following files are changed or created in the user’s home directory under the .ssh subdirectory:~/.ssh/id_rsa: This file contains the private key of the user, which is used for authenticating the user to a remote server. The private key is encrypted with a passphrase, which can be left empty for convenience, but this is not recommended for security reasons. The private key should be kept secret and protected by the user, and should not be copied or shared with anyone else.~/.ssh/id_rsa.pub: This file contains the public key of the user, which is used for verifying the user’s identity by the remote server. The public key can be copied and distributed to any server that the user wants to access via SSH. The public key can also be appended to the ~/.ssh/authorized_keys file on the remote server, which allows the user to log in without entering a password.The other options are not correct. There is no file called ~/.ssh/id_rsa.key, ~/.ssh/id_rsa.prv, or ~/.ssh/id_rsa.crt created by ssh-keygen. The .key, .prv, and .crt extensions are not used by ssh-keygen, and they may be confused with other types of keys or certificates.References:How to Use ssh-keygen to Generate a New SSH Key?How To Set Up SSH KeysSSH Essentials: Working with SSH Servers, Clients, and KeysQUESTION 39Which option in the Postfix configuration makes Postfix pass email to external destinations to another SMTP-server? (Specify ONLY the option name without any values.)
relay serverQUESTION 40In order to join a file server to the Active Directory domain intra.example.com, the following smb.confhas been created:The command net ads joinraises an error and the server is not joined to the domain. What should be done to successfully join the domain?
 Change server roleto ad member serverto join an Active Directory domain instead of an NT4 domain.
 Add realm = intra.example.comto the smb.confand change workgroupto the domain’s netbios workgroup name.
 Manually create a machine account in the Active Directory domain and specify the machine account’s name with -Uwhen starting net ads join.
 Remove the winbind enum usersand winbind enum groupssince winbind is incompatible with Active Directory domains.
 Remove all idmapconfiguration stanzas since the id mapping is defined globally in an Active Directory domain and cannot be changed on a member server.
QUESTION 41How must Samba be configured such that it can check CIFS passwords against those found in /etc/passwd and/etc/shadow?
 Set the parameters “encrypt passwords = yes” and “password file = /etc/passwd”
 Set the parameters “encrypt passwords = yes”, “password file = /etc/passwd” and “password algorithm = crypt”
 Delete the smbpasswd file and create a symbolic link to the passwd and shadow file
 It is not possible for Samba to use /etc/passwd and /etc/shadow directly
 Run smbpasswd to convert /etc/passwd and /etc/shadow to a Samba password file
QUESTION 42Which of the following actions are available in Sieve core filters? (Choose three.)
 drop
 discard
 fileinto
 relay
 reject
ExplanationSieve is a language for filtering and sorting email messages on a mail server. Sieve core filters are the basic actions that can be applied to a message that matches a set of conditions. The following actions are available in Sieve core filters:discard: This action discards the message silently, without sending any notification to the sender or the recipient. This action is useful for deleting spam or unwanted messages.fileinto: This action delivers the message to a specified mailbox. The mailbox can be an existing one or a new one that is created by the action. This action is useful for organizing messages into different folders based on their content or headers.reject: This action rejects the message and sends a notification to the sender with a specified reason. The message is not delivered to the recipient. This action is useful for informing the sender that the message was not accepted due to some policy or error.The other options are not valid actions in Sieve core filters. drop, relay, and fileinto are not recognized keywords by Sieve.References:Sieve: An Email Filtering Language, section 2.10, “Actions”Sieve Tutorial, section 4, “Actions”QUESTION 43Performing a DNS lookup with dig results in this answer:
 There is no . after linuserv.example.net in the PTR record in the forward lookup zone file
 There is no . after linuserv in the PTR record in the forward lookup zone file
 There is no . after linuserv.example.net in the PTR record in the reverse lookup zone file
 The . in the NS definition in the reverse lookup zone has to be removed
QUESTION 44How is the LDAP administrator account configured when the rootdn and rootpw directives are not present in the slapd.conf file?
 The default account admin with the password admin are used
 The account is defined by an ACL in slapd.conf
 The default account admin is used without a password
 The account is defined in the file /etc/ldap.secret
 The account is defined in the file /etc/ldap.root.conf
ExplanationWhen the rootdn and rootpw directives are not present in the slapd.conf file, the LDAP administrator account is defined in the file /etc/ldap.secret. This file contains the password for the LDAP root user, which is usually cn=admin,dc=example,dc=com. The file should be owned by root and have permissions of 600 to prevent unauthorized access. The file is referenced by the olcRootPW directive in the cn=config database, which is used to configure the LDAP server. The olcRootPW directive can also be set by using the ldappasswd command with the -Y EXTERNAL option, which allows the LDAP server to authenticate itself to itself using the SASL EXTERNAL mechanism12.References:How To Configure OpenLDAP and Perform Administrative LDAP Tasks | DigitalOcean: A tutorial from DigitalOcean on how to configure OpenLDAP and perform administrative LDAP tasks, which includes the use of the /etc/ldap.secret file and the ldappasswd command.OpenLDAP Software 2.6 Administrator’s Guide: Configuring slapd: The official documentation of OpenLDAP on how to configure the slapd daemon, which includes the description of the olcRootPW directive and the SASL EXTERNAL mechanism.QUESTION 45CORRECT TEXTWhich directive in a Nginx server configuration block defines the TCP ports on which the virtual host will be available, and which protocols it will use? (Specify ONLY the option name without any values.)
listenQUESTION 46Which of the following PAM modules allows the system administrator to use an arbitrary file containing a list of user and group names with restrictions on the system resources available to them?
 pam_filter
 pam_limits
 pam_listfile
 pam_unix
ExplanationThe pam_listfile module is a PAM module that allows the system administrator to use an arbitrary file containing a list of user and group names with restrictions on the system resources available to them. The module can be used to deny or allow access to services based on the contents of the file. The file can contain items such as usernames, group names, terminal names, remote host names, remote user names, or shell names. The module can be configured to match the item against the file and take the appropriate action, such as allowing or denying access, or ignoring the request. The module can also be restricted to apply only to a specific user or group class. The file should be a plain text file with one item per line and not be world writable12.References:pam_listfile(8) – Linux man page: A manual page for the pam_listfile module, which explains its syntax, options, and examples.pam_listfile(8) – Linux manual page – man7.org: Another manual page for the pam_listfile module, which provides similar information as the previous reference.QUESTION 47FILL BLANKIn order to specify alterations to an LDAP entry, what keyword is missing from the following LDIF file excerpt?Specify the keyword only and no other information.
addQUESTION 48Which action in a Sieve filter forwards a message to another email address without changing the message?(Specify ONLY the action’s name without any parameters.)
redirectExplanation:The redirect action in a Sieve filter forwards a message to another email address without changing the message. The redirect action takes a single argument, which is the email address to forward the message to.The syntax of the redirect action is as follows:redirect “email_address”;The redirect action does not affect the delivery of the message to the original recipient, unless the stop or keep actions are used. The redirect action can be combined with other actions or tests to create more complex filters. For example, the following Sieve filter will forward any messages from Alice to Bob, and then stop processing the rest of the script:require “fileinto”; if address :is “from” “alice@example.com” { redirect “bob@example.com”; stop; } References:LPIC-2 Exam 202 Objectives, Objective 205.4: Managing a dovecot serverSieve filter (advanced custom filters) | Proton, Proton Mail SupportSieve: An Email Filtering Language, RFC 5228Sieve Email Filtering | Tiger Technologies Support, Tiger Technologies Support[Sieve: A Mail Filtering Language], Sieve.InfoQUESTION 49CORRECT TEXTWhich action in a Sieve filter forwards a message to another email address without changing the message? (Specify ONLY the action’s name without any parameters.)
redirectQUESTION 50Which of the following DNS records could be a glue record?
 ns1.labA198.51.100.53
 labNS198.51.100.53
 ns1.labNS198.51.100.53
 ns1.A198.51.100.53
 ns1.labGLUE198.51.100.53
QUESTION 51Which of the following PAM modules allows the system administrator to use an arbitrary file containing a list of user and group names with restrictions on the system resources available to them?
 pam_filter
 pam_limits
 pam_listfile
 pam_unix
QUESTION 52Which of the following services belongs to NFSv4 and does not exist in NFSv3?
 rpc.idmapd
 rpc.statd
 nfsd
 rpc.mountd
ExplanationThe rpc.idmapd service is a new component of NFSv4 that does not exist in NFSv3. It is responsible for mapping user and group IDs between the NFS client and server, using string names instead of numeric values.This allows for better security and compatibility across different systems. The rpc.idmapd service runs on both the NFS client and server and communicates with each other using the NFSv4 protocol. The other services, rpc.statd, nfsd, and rpc.mountd, are common to both NFSv3 and NFSv4, although they have some differences in functionality and behavior. References: 1, 2, 3QUESTION 53Which command is used to administer IPv6 netfilter rules?
 iptables
 iptablesv6
 iptables6
 ip6tables
 ipv6tables
ExplanationThe command that is used to administer IPv6 netfilter rules is ip6tables. ip6tables is a command-line tool that allows the user to configure the tables, chains, and rules of the IPv6 packet filter in the Linux kernel. Netfilter is a framework that provides packet filtering, network address translation, and other functions for the Linux kernel. ip6tables can be used to create firewall rules, port forwarding rules, network address translation rules, and other types of rules that affect the flow of IPv6 packets. ip6tables has a similar syntax and functionality to iptables, which is the tool for IPv4 netfilter rules. However, ip6tables and iptables are independent of each other and have separate tables, chains, and rules. ip6tables can also be used in conjunction with ip6tables-restore and ip6tables-save, which are tools to save and restore the ip6tables rules to and from a file.The other options are not correct. iptables is the tool for IPv4 netfilter rules, not IPv6. iptablesv6, iptables6, and ipv6tables are not valid commands in Linux.References:ip6tables – Linux manual pageNetfilter – WikipediaHow to Configure IPTables for IPv6 on LinuxQUESTION 54Which of the following nmap parameters scans a target for open TCP ports? (Choose two.)
 -sO
 -sZ
 -sT
 -sU
 -sS
ExplanationThe nmap command is a network exploration and security auditing tool that can scan hosts and networks for open ports, services, operating systems, vulnerabilities, and other information. The nmap parameters that can scan a target for open TCP ports are:-sT: This parameter performs a TCP connect scan, which establishes a complete connection to the target host by completing a TCP three-way handshake. This is the default scan type when the user does not have root privileges. The advantage of this scan is that it works on any system that supports TCP, but the disadvantage is that it is easily detectable by firewalls and intrusion detection systems.-sS: This parameter performs a TCP SYN scan, which sends a TCP SYN packet to the target port and waits for a response. If the response is a SYN/ACK packet, the port is open. If the response is a RST packet, the port is closed. This scan does not complete the TCP three-way handshake, so it is faster and stealthier than the TCP connect scan. However, this scan requires root privileges and may not work on some systems that do not follow the TCP standard.The other parameters are not related to TCP port scanning:-sO: This parameter performs an IP protocol scan, which sends IP packets with the specified protocol number set in the IP header. It can be used to determine which IP protocols are supported by the target host.-sZ: This parameter is not a valid nmap parameter and will cause an error.-sU: This parameter performs a UDP scan, which sends a UDP packet to the target port and waits for a response. If the response is an ICMP port unreachable message, the port is closed. If the response is a UDP packet, the port is open. This scan can be used to find open UDP ports, which are often used by DNS, SNMP, DHCP, and other services.References: LPIC-2 202 exam objectives, LPIC-2 202-450 Exam Prep: Network Configuration, Nmap Tutorial: Common Commands, Nmap Scan Types Cybersecurity | Nmap | TCP Connect Scan | CodecademyQUESTION 55What word is missing from the following excerpt of a named.conf file?
 networks
 net
 list
 acl
 group
 Loading …






	
	

True 202-450 Exam Extraordinary Practice For the Exam: https://www.dumpleader.com/202-450_exam.html


---------------------------------------------------


Images: https://blog.dumpleader.com/wp-content/plugins/watu/loading.gif

https://blog.dumpleader.com/wp-content/plugins/watu/loading.gif



---------------------------------------------------




---------------------------------------------------


Post date: 2024-01-25 13:47:27

Post date GMT: 2024-01-25 13:47:27

Post modified date: 2024-01-25 13:47:27

Post modified date GMT: 2024-01-25 13:47:27