Massive Summer Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: netdisc

LPI 303-200 LPIC-3 Exam 303: Security, 2.0 Exam Practice Test

Demo: 9 questions
Total 60 questions

LPIC-3 Exam 303: Security, 2.0 Questions and Answers

Question 1

Which of the following openssl commands generates a certificate signing request (CSR) using the already existing private key contained in the file private/keypair.pem?

Options:

A.

openssl req -key private/keypair.pem -out req/csr.pem

B.

openssl req - new -key private/keypair.pem -out req/csr.pem

C.

openssl gencsr -key private/keypair.pem -out req/csr.pem

D.

openssl gencsr -new- key private/keypair.pem -out req/csr.pem

Question 2

Given that this device has three different keys, which of the following commands deletes only the first key?

Options:

A.

cryptsetup luksDelKey /dev/sda 1 0

B.

cryptsetup luksDelkey /dev/sda 1 1

C.

cryptsetup luksDelKey / dev /mapper/crypt- vol 1

D.

cryptsetup luksDelKey / dev /mapper/crypt- vol 0

Question 3

How does TSIG authenticate name servers in order to perform secured zone transfers?

Options:

A.

Both servers mutually verify their X509 certificates.

B.

Both servers use a secret key that is shared between the servers.

C.

Both servers verify appropriate DANE records for the labels of the NS records used to delegate the transferred zone.

D.

Both servers use DNSSEC to mutually verify that they are authoritative for the transferred zone.

Question 4

Which command installs and configures a new FreelPA server, including all sub-components, and creates a new FreelPA domain? (Specially ONLY the command without any path or parameters).

Options:

Question 5

Which of the following database names can be used within a Name Service Switch (NSS) configuration file? (Choose THREE correct answers).

Options:

A.

host

B.

shadow

C.

service

D.

passwd

E.

group

Question 6

Which of the following components are part of FreeIPA? (Choose THREE correct answers.)

Options:

A.

DHCP Server

B.

Kerberos KDC

C.

Intrusion Detection System

D.

Public Key Infrastructure

E.

Directory Server

Question 7

Which of the following methods can be used to deactivate a rule in Snort? (Choose TWO correct answers.)

Options:

A.

By placing a # in front of the rule and restarting Snort

B.

By placing a pass rule in local.rules and restarting Snort.

C.

By deleting the rule and waiting for Snort to reload its rules files automatically.

D.

By adding a pass rule to /etc/snort/rules.deactivated and waiting for Snort to reload its rules files automatically.

Question 8

Which of the following sections are allowed within the Kerberos configuration file krb5.conf? (Choose THREE correct answers.)

Options:

A.

[plugins]

B.

[crypto]

C.

[domain]

D.

[capaths]

E.

[realms]

Question 9

Which of the following statements is true about chroot environments?

Options:

A.

Symbolic links to data outside the chroot path are followed, making files and directories accessible

B.

Hard links to files outside the chroot path are not followed, to increase security

C.

The chroot path needs to contain all data required by the programs running in the chroot environment

D.

Programs are not able to set a chroot path by using a function call, they have to use the command chroot

E.

When using the command chroot, the started command is running in its own namespace and cannot communicate with other processes

Demo: 9 questions
Total 60 questions