Linux LPIC-3 Security Practice Exam Back to exams page. Take the LPIC-3 Security course here. 1. In Linux Extended File Attributes, which of the following is a valid attribute namespace?defaultsudoadministratorsystemQuestion 1 of 50 2. In iptables, is the default table. Question 2 of 50 3. To create an iptables rule specifying a port, the transport protocol utilized by such protocol must be specified as well. Which option is used to determine the transport protocol?-p-u-t-aQuestion 3 of 50 4. By default, HTTP servers listen on port , whereas HTTPS servers listen on port Question 4 of 50 5. In DNSSEC, zone signing keys must be signed by another key type called:PEMPKIZSKKSKQuestion 5 of 50 6. Which of the following DNS record contains a server's DNSSEC signature?RRSIGDSDNSKEYKSKQuestion 6 of 50 7. In Apache Httpd, the SSL module configuration file contains a directive used to indicate the SSL certificate file. Which directive is that?SSLCertificateKeyFileSSLCertificateFileSSLCertificateChainFileSSLCertKeyFileQuestion 7 of 50 8. In which path is the data that can be altered by the sysctl command?/dev/sys/sys/proc/sys/usr/libQuestion 8 of 50 9. the filter table, in iptables, has 3 chains. Rules that have source and destination ip addresses different from the own machine's address should be added to the chain. Question 9 of 50 10. Linux machines must have the ________________ kernel module loaded, to be able to forward packets.ip_forwardforwardfilter_forwardsysctlQuestion 10 of 50 11. A X509 SSL certificate carries a number of data, except:CA's signatureCA's private keycertificate owner's public keycertificate owner's nameQuestion 11 of 50 12. What happens when the command getfattr afile is run while the file afile has no extendedattributes set?getfattr prints a warning and exits with a value of 1getfattr prints a warning and exits with a values of 0No outputs is produced and getfattr exits with a value of 1No output is produced and getfattr exits with a value of 0Question 12 of 50 13. Which of the following code snippets is a valid client configuration for FreeRADIUS?client privnet {ipaddr = 192.0.0.0/24password = testing123}client privnet {ip = 192.0.0.0/24password = testing123}client privnet {ip = 192.0.0.0/24pass = testing123}client privnet {ipaddr = 192.0.0.0/24secret = testing123}Question 13 of 50 14. Which command, included in bind-utils, generates DNSSEC keys?named-genkeydnssec-keygendnssec-genkeynamed-keygenQuestion 14 of 50 15. Name one built-in iptables chain that does not belong to the nat table: Question 15 of 50 16. To change the Type of Service IP header field, a rule must be added to the table. Question 16 of 50 17. Which statement is true regarding the certificate of a Root CA?It is a self-signed certificateIt includes the private key of the CAIt must contain a host name as the common nameIt has an infinite lifetime and never expiresQuestion 17 of 50 18. Command used to redefine user password info, such as expire date, minimum age and maximum age.usermodpasswdchageshadowQuestion 18 of 50 19. Which command installs and configures a new FreeIPA server, including all subcomponents,and creates a new FreeIPA domain?dnf ipa-server-installdpkg-reconfigure ipa-serveryum -y install ipa-serveripa-server-installQuestion 19 of 50 20. Which of the following components is part of FreeIPA?Kerberos KDCDHCPIDSFreeRADIUSQuestion 20 of 50 21. Command to mount a CIFS share: Question 21 of 50 22. Which of the following commands changes the source IP address to 192.0.2.11 for all IPv4packets which go through the network interface eth0?iptables -t mangle -A POSTROUTING -i eth0 -j DNAT --to-source 192.0.2.11iptables -t nat -A POSTROUTING -i eth0 -j DNAT --to-source 192.0.2.11iptables -t nat -A PREROUTING -o eth0 -j SNAT --to-source 192.0.2.11iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 192.0.2.11Question 22 of 50 23. Which of the following information, within a DNSSEC-signed zone, is signed by the keysigning key?AAAAZSKRRSIGDSQuestion 23 of 50 24. SELinux stands for:Security-Enhanced LinuxSecurity LinuxSecurity Extension for LinuxSafety-Extended LinuxQuestion 24 of 50 25. SELinux mode that runs in logging-only mode.enforcingdisabledtargettedpermissiveQuestion 25 of 50 26. Which PAM module checks new passwords against dictionary words and enforces complexity?pam_cracklibpam_ldappam_dictionarypam_unixQuestion 26 of 50 27. Which command included in the Linux Audit system provides searching and filtering of theaudit log?getfaclulimitauditdausearchQuestion 27 of 50 28. Wireshark and Tcpdump are two examples of network tools that require the ___________ library.promismacpcapsniffQuestion 28 of 50 29. The SNMP protocol uses ports 161 and 162 and it uses as a transport protocol. Question 29 of 50 30. Nmap can perform port scans using different scanning methods, but its default method is:SYNFINXMASICMPQuestion 30 of 50 31. The Nmap syn scan is also called:3-way handshake scanFIN scanFingerprint scanStealth scanQuestion 31 of 50 32. This is NOT a valid DNSSEC record:NSECNSEC3RRSIGPTRQuestion 32 of 50 33. This software does not require the pcap library.tcpdumpwiresharkCactiSnortQuestion 33 of 50 34. This is not a network management software:SELinuxCactiZabbixNTopQuestion 34 of 50 35. Snort is a(n):Vulnerability scannerNIDSHIDSPort scannerQuestion 35 of 50 36. In Snort, the _____________ environment variable determines the network which Snort should monitor.LOCALNETINTERNAL_NETEXTERNAL_NETHOME_NETQuestion 36 of 50 37. Which of the following database names can be used within a Name Service Switch (NSS) configuration file?shadowpasswdhostnisQuestion 37 of 50 38. Which of the following commands adds a new user newuser to FreeIPA?ipa user-add newuser --first New --last Useripa-admin create user --account newuser --fname New --iname Useruseradd newuser --directory ipa --gecos 'New User'ipa-user- add newuser --name 'New User'Question 38 of 50 39. Which of the following resources of a shell and its child processes can be controlled by the Bash build-in command ulimit?The maximum number of newly created filesThe maximum number of environment variablesThe maximum size of written filesThe maximum length of user namesQuestion 39 of 50 40. Which of the following authentication methods was added to NFS in version 4?SSL certificate authenticationWinbind authenticationSSH hostkey authenticationKerberos authenticationQuestion 40 of 50 41. NFSv4 transmits data using both TCP and UDP transport protocols.TrueFalseQuestion 41 of 50 42. By default, Nmap scan the most common ports. Question 42 of 50 43. Which of the following openssl commands generates a certificate signing request (CSR) using the already existing private key contained in the file private/keypair.pem?openssl req -key private/keypair.pem -out req/csr.pemopenssl gencsr -new- key private/keypair.pem -out req/csr.pemopenssl gencsr -key private/keypair.pem -out req/csr.pemopenssl req - new -key private/keypair.pem -out req/csr.pemQuestion 43 of 50 44. What effect does the following command have on TCP packets?iptables -A INPUT -d 10.142.232.1 -p tcp --dport 20:21 -j ACCEPTForward all TCP traffic not on port 20 or 21 to the IP address 10.142.232.1Accept only TCP traffic from 10.142.232.1 destined for port 20 or 21Drop all TCP traffic coming from 10.142.232.1 destined for port 20 or 21Accept all TCP traffic on port 20 and 21 for the IP address 10.142.232.1Question 44 of 50 45. It is true about chroot environments:Symbolic links to data outside the chroot path are followed, making files and directories accessibleHard links to files outside the chroot path are not followed, to increase securityThe chroot path needs to contain all data required by the programs running in the chroot environmentWhen using the command chroot, the started command is running in its own namespace and cannot communicate with other processesQuestion 45 of 50 46. How are SELinux permissions related to standard Linux permissions?Standard Linux permissions override SELinux permissionsSELinux permissions override standard Linux permissionsSELinux permissions are verified before standard Linux permissionsSELinux and standard Linux permissions do not overlap everQuestion 46 of 50 47. Which of the following practices are important for the security of private keys?Private keys should be created on the systems where they will be used and should never leave them.Private keys should be uploaded to public key servers.Private keys should always be stored as plain text files without any encryption.Private keys should be included in X509 certificates.Question 47 of 50 48. The following command displays the current rules of the nat table (all chains):iptables nat Question 48 of 50 49. Which of the following access control models is established by using SELinux?MACSACDACUACQuestion 49 of 50 50. Which of the following access control models is established by standard Linux Permissions?MACSACDACUACQuestion 50 of 50 Loading...
