Which of the statements below are correct regarding the following commands, which are executed on a Linux router? (Choose two.)

A. Packets with source or destination addresses from fe80::/64 will never occur in the FORWARD chain

B. The rules disable packet forwarding because network nodes always use addresses from fe80::/64 to identify routers in their routing tables

C. ip6tables returns an error for the second command because the affected network is already part of another rule

D. Both ip6tables commands complete without an error message or warning

E. The rules suppress any automatic configuration through router advertisements or DHCPv6

FILL BLANK -
What command displays NFC kernel statistics? (Specify ONLY the command without any path or parameters.)
nfsstat

In order to prevent all anonymous FTP users from listing uploaded file names, what security precaution can be taken when creating an upload directory?

A. The directory must not have the execute permission set.

B. The directory must not have the read permission set.

C. The directory must not have the read or execute permission set.

D. The directory must not have the write permission set.

E. The directory must not contain other directories.

Which command is used to configure which file systems a NFS server makes available to clients?

A. exportfs

B. mkfs.nfs

C. mount

D. nfsservct1

E. telinit

When the default policy for the net filter INPUT chain is set to DROP, why should a rule allowing traffic to localhost exist?

A. All traffic to localhost must always be allowed

B. It doesn’t matter; net filter never affects packets addressed to localhost

C. Some applications use the localhost interface to communicate with other applications

D. syslogd receives messages on localhost

E. The iptables command communicates with the net filter management daemon net lterd on localhost to create and change packet filter rules

Using its standard configuration, how does fail2ban block offending SSH clients?

A. By rejecting connections due to its role as a proxy in front of SSH

B. By modifying and adjusting the SSHD configuration.

C. By creating and maintaining net filter rules.

D. By creating null routes that drop any answer packets sent to the client.

E. By modifying and adjusting the TCP Wrapper configuration for SSH

F. eference: https://www.digitalocean.com/community/tutorials/how-to-protect-ssh-with-fail2ban-on-centos-7 Community vote distribution
Reference: https://www.digitalocean.com/community/tutorials/how-to-protect-ssh-with-fail2ban-on-centos-7 Community vote distribution

In a BIND zone file, what does the @ character indicate?

A. It’s the fully quali ed host name of the DNS server

B. It’s an alias for the e-mail address of the zone master

C. It’s the name of the zone as defined in the zone statement in named.conf

D. It’s used to create an alias between two CNAME entries

There is a restricted area in a site hosted by Apache HTTPD, which requires users to authenticate against the file /srv/www/security/sitepasswd. Which command is used to CHANGE the password of existing users, without losing data, when Basic authentication is being used?

A. htpasswd “”c /srv/www/security/sitepasswd user

B. htpasswd /srv/www/security/sitepasswd user

C. htpasswd “”n /srv/www/security/sitepasswd user

D. htpasswd “”D /srv/www/security/sitepasswd user

Which BIND option should be used to limit the IP addresses from which slave name servers may connect?

A. allow-zone-transfer

B. allow-transfer

C. allow-secondary

D. allow-slaves

E. allow-queries

Which option in named.conf speci es which host are permitted to ask for domain name information from the server?

A. allowed-hosts

B. accept-query

C. permit-query

D. allow-query

E. query-group

What word is missing from the following excerpt of a named.conf file?

A. networks

B. net

C. list

D. acl

E. group

Which global option in squid.conf sets the port number or numbers that Squid will use to listen for client requests?

A. port

B. client_port

C. http_port

D. server_port

E. squid_port

FILL BLANK -
Which doveadm sub-command displays a list of connections of Dovecot in the following format? (Specify ONLY the command without any parameters.)

Which of the following PAM modules sets and unsets environment variables?

A. pam_set

B. pam_shell

C. pam-vars

D. pam-env

E. pam_export
eference: https://www.linux.org/docs/man5/pam_env.html
Reference: https://www.linux.org/docs/man5/pam_env.html

Which of the following statements is true regarding the NFSv4 pseudo file system on the NFS server?

A. It must be called /exports

B. It usually contains bind mounts of the directory trees to be exported

C. It must be a dedicated partition on the server

D. It is defined in the option Nfsv4-Root in /etc/pathmapd.conf

E. It usually contains symlinks to the directory trees to be exported

To allow X connections to be forwarded from or through an SSH server, what configuration keyword must be set to yes in the sshd configuration file?

A. AllowForwarding

B. ForwardingAllow

C. XllForwardingAllow

D. XllForwarding
eference: https://help.ubuntu.com/community/SSH/OpenSSH/configuring
Reference: https://help.ubuntu.com/community/SSH/OpenSSH/configuring

To which destination will a route appear in the Linux routing table after activating IPv6 on a router's network interface, even when no global IPv6 addresses have been assigned to the interface?

A. fe80::/10

B. 0::/128

C. 0::/0

D. fe80::/64

E. 2000::/3

Which of the following PAM modules allows the system administrator to use an arbitrary file containing a list of user and group names with restrictions on the system resources available to them?

A. pam_ filter

B. pam_limits

C. pam_list file

D. pam_unix

Which of the following actions synchronizes UNIX passwords with the Samba passwords when the encrypted Samba password is changed using smbpasswd?

A. There are no actions to accomplish this since is not possible.

B. Run netvamp regularly, to convert the passwords.

C. Run winbind “”sync, to synchronize the passwords.

D. Add unix password sync = yes to smb.conf

E. Add smb unix password = sync to smb.conf

On a Linux router, packet forwarding for IPv4 has been enabled. After a reboot, the machine no longer forwards IP packets from other hosts. The command: echo 1 > /proc/sys/net/ipv4/ip_forward temporarily resolves this issue. Which one of the following options is the best way to ensure this setting is saved across system restarts?

A. Add echo 1 > /proc/sys/net/ipv4/ip_forward to the root user login script

B. Add echo 1 > /proc/sys/net/ipv4/ip_forward to any user login script

C. In /etc/sysct1.conf change net.ipv4.ip_forward to 1

D. In /etc/rc.local add net.ipv4.ip_forward = 1

E. In /etc/sysconfig/iptables-config add ipv4.ip_forward = 1

Which of the following Samba configuration parameters is functionally identical to the parameter read only=yes?

A. browseable=no

B. read write=no

C. writeable=no

D. write only=no

E. write access=no

FILL BLANK -
Which OpenLDAP client command can be used to change the password for an LDAP entry? (Specify ONLY the command without any path or parameters.)

In order to protect a directory on an Apache HTTPD web server with a password, this configuration was added to an .htaccess file in the respective directory:

Furthermore, a file /var/www/dir/ .htpasswd was created with the following content: usera:S3cr3t Given that all these files were correctly processed by the web server processes, which of the following statements is true about requests to the directory?

A. The user usera can access the site using the password s3cr3t

B. Accessing the directory as usera raises HTTP error code 442 (User Not Existent)

C. Requests are answered with HTTP error code 500 (Internal Server Error)

D. The browser prompts the visitor for a username and password but logins for usera do not seem to work

E. The web server delivers the content of the directory without requesting authentication A

Which of these tools provides DNS information in the following format?


A. dig

B. nslookup

C. host

D. named-checkconf

E. named-checkzone

Which of the following actions are available in Sieve core lters? (Choose three.)

A. drop

B. discard

C. leinto

D. relay

E. reject

What is the standard port used by OpenVPN?

A. 1723

B. 4500

C. 500

D. 1194

Which rdnc sub command can be used in conjunction with the name of a zone in order to make BIND reread the content of the specific zone file without reloading other zones as well?

A. lookup

B. reload

C. leupdate

D. reread

E. zoneupdate

Which Linux user is used by vsftpd to perform file system operations for anonymous FTP users?

A. The Linux user which runs the vsftpd process

B. The Linux user that owns the root FTP directory served by vsftpd

C. The Linux user with the same user name that was used to anonymously log into the FTP server

D. The Linux user root, but vsftpd grants access to anonymous users only to globally read-/writeable files

E. The Linux user speci ed in the configuration option ftp_username

Performing a DNS lookup with dig results in this answer:

A. There is no . after linuserv.example.net in the PTR record in the forward lookup zone file

B. There is no . after linuserv in the PTR record in the forward lookup zone file

C. There is no . after linuserv.example.net in the PTR record in the reverse lookup zone file

D. The . in the NS definition in the reverse lookup zone has to be removed

FILL BLANK -
According to this LDIF excerpt, which organizational unit is Robert Smith part of? (Specify only the organizational unit.)

When trying to reverse proxy a web server through Nginx, what keyword is missing from the following configuration sample?

A. remote_proxy

B. reverse_proxy

C. proxy_reverse

D. proxy_pass

E. forward_to

Which Post x command can be used to rebuild all of the alias database files with a single invocation and without the need for any command line arguments?

A. makealiases

B. newaliases

C. postalias

D. postmapbuild

How must Samba be configured such that it can check CIFS passwords against those found in /etc/passwd and /etc/shadow?

A. Set the parameters “encrypt passwords = yes” and “password file = /etc/passwd”

B. Set the parameters “encrypt passwords = yes”, “password file = /etc/passwd” and “password algorithm = crypt”

C. Delete the smbpasswd file and create a symbolic link to the passwd and shadow file

D. It is not possible for Samba to use /etc/passwd and /etc/shadow directly

E. Run smbpasswd to convert /etc/passwd and /etc/shadow to a Samba password file D

In the main Post x configuration file, how are service definitions continued on the next line?

A. It isn’t possible. The service definition must t on one line.

B. The initial line must end with a backslash character ().

C. The following line must begin with a plus character (+).

D. The following line must begin with white space indentation.

E. The service definition continues on the following lines until all of the required elds are speci ed.

When are Sieve lters usually applied to an email?

A. When the email is delivered to a mailbox

B. When the email is relayed by an SMTP server

C. When the email is received by an SMTP smarthost

D. When the email is sent to the first server by an MUA

E. When the email is retrieved by an MUA

FILL BLANK -
What command creates a SSH key pair? (Specify ONLY the command without any path or parameters)

FILL BLANK -
In order to specify alterations to an LDAP entry, what keyword is missing from the following LDIF file excerpt?

Specify the keyword only and no other information.

Which of the following is correct about this excerpt from an LDIF file?

A. dn is the domain name.

B. o is the operator name.

C. cn is the common name.

D. dn is the relative distinguished name.

E. DC is the delegation container.

Which option within the ISC DHCPD configuration file defines the IPv4 DNS server address(es) to be sent to the DHCP clients?

A. domain-name-servers

B. domain-server

C. name-server

D. servers

Which of the following commands is used to change user passwords in an OpenLDAP directory?

A. setent

B. ldpasswd

C. olppasswd

D. ldappasswd

E. ldapchpw

Which of the following services belongs to NFSv4 and does not exist in NFSv3?

A. rpc.idmapd

B. rpc.statd

C. nfsd

D. rpc.mountd
eference: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/5/html/deployment_guide/ch-nfs
Reference: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/5/html/deployment_guide/ch-nfs

Which keyword is used in the Squid configuration to define networks and times used to limit access to the service?

A. acl

B. allow

C. http_allow

D. permit
eference: https://www.tecmint.com/configure-squid-server-in-linux/
Reference: https://www.tecmint.com/configure-squid-server-in-linux/

Which statements about the Alias and Redirect directives in Apache HTTPD's configuration file are true? (Choose two.)

A. Alias can only reference files under DocumentRoot

B. Redirect works with regular expressions

C. Redirect is handled on the client side

D. Alias is handled on the server side

E. Alias is not a valid configuration directive

Which of the following information has to be submitted to a certi cation authority in order to request a web server certificate?

A. The web server’s private key.

B. The IP address of the web server.

C. The list of ciphers supported by the web server.

D. The web server’s SSL configuration file.

E. The certificate signing request.

Which Apache HTTPD configuration directive speci es the RSA private key that was used in the generation of the SSL certificate for the server?

A. SSLcertificateKeyFile

B. SSLKeyFile

C. SSLPrivateKeyFile

D. SSLRSAKeyFile
eference: https://httpd.apache.org/docs/2.4/ssl/ssl_faq.html#aboutcerts
Reference: https://httpd.apache.org/docs/2.4/ssl/ssl_faq.html#aboutcerts

Which of these sets of entries does the following command return?

A. Entries that don’t have a cn of marie or don’t have a telephoneNumber that begins with 9.

B. Entries that have a cn of marie or don’t have a telephoneNumber beginning with 9.

C. Entries that have a cn of marie and a telephoneNumber that ending with 9.

D. Entries that don’t have a cn of marie and don’t have a telephoneNumber beginning with 9.

E. Entries that have a cn of marie or have a telephoneNumber beginning with 9.

The following Apache HTTPD configuration has been set up to create a virtual host available at www.example.com and www2.example.com:

Even though Apache HTTPD correctly processed the configuration file, requests to both names are not handled correctly. What should be changed in order to ensure correct operations?

A. The configuration must be split into two VirtualHost sections since each virtual host may only have one name.

B. The port mentioned in opening VirtualHost tag has to be appended to the ServerName declaration’s values.

C. Both virtual host names have to be placed as comma separated values in one ServerName declaration.

D. Both virtual host names have to be mentioned in the opening VirtualHost tag.

E. Only one Server name declaration may exist, but additional names can be declared in ServerAlias options.

A host, called lpi, with the MAC address 08:00:2b:4c:59:23 should always be given the IP address of 192.168.1.2 by a DHCP server running ISC DHCP

A. Which of the following configurations will achieve this?

B. IMAGE”202-450 Exam ITE-17_18.jpg” width=”456″ height=”126″>

C. IMAGE”202-450 Exam ITE-17_19.jpg” width=”316″ height=”124″>

D. host lpi = 08:00:2b:4c:59:23 192.168.1.2

E. IMAGE”202-450 Exam ITE-17_20.jpg” width=”453″ height=”128″>

F. IMAGE”202-450 Exam ITE-17_21.jpg” width=”438″ height=”133″>

What is the name of the network security scanner project which, at the core, is a server with a set of network vulnerability tests?

A. NetMap

B. OpenVAS

C. Smartscan

D. Wireshark

When using mod_authz_core, which of the following strings can be used as an argument to Require in an Apache HTTPD configuration file to specify the authentication provider? (Choose three.)

A. method

B. all

C. regex

D. header

E. expr
eference: https://httpd.apache.org/docs/2.4/mod/mod_authz_core.html
Reference: https://httpd.apache.org/docs/2.4/mod/mod_authz_core.html