LPI 303-200 practice test

Question 1

What is the purpose of IP sets?

• A. They group together IP addresses that are assigned to the same network interfaces.
• B. They group together IP addresses and networks that can be referenced by the network routing table.
• C. They group together IP addresses that can be referenced by netfilter rules.
• D. They group together IP and MAC addresses used by the neighbors on the local network.
• E. They group together IP addresses and user names that can be referenced from /etc/hosts allow and /etc/hosts deny

Question 2

Which of the following methods can be used to deactivate a rule in Snort? (Choose TWO correct
answers.)

• A. By placing a # in front of the rule and restarting Snort
• B. By placing a pass rule in local.rules and restarting Snort.
• C. By deleting the rule and waiting for Snort to reload its rules files automatically.
• D. By adding a pass rule to /etc/snort/rules.deactivated and waiting for Snort to reload its rules files automatically.

Question 3

Which of the following keywords are built-in chairs for the iptables nat table? (Choose THREE correct
answers)

• A. OUTPUT
• B. MASQUERADE
• C. PROCESSING
• D. POSTROUTING
• E. PREROUTING

Question 4

Which of the following commands displays all ebtable rules contained in the table filter including
their packet and byte counters?

• A. ebtables -t nat -L -v
• B. ebtables-L-t filter -Lv
• C. ebtables-t filter-L-Lc
• D. ebtables -t filter -Ln -L
• E. ebtables-L -Lc-t filter

Question 5

Which of the following command lines sets the administrator password for ntop to testing 123?

• A. ntop --set-admin-password=testing123
• B. ntop --set-password-testing123
• C. ntop --reset-password=testing 123
• D. ntop --set-new-password=testing123

Question 6

Which of the following commands changes the source IP address to 192.0.2.11 for all IPv4 packets
which go through the network interface eth0?

• A. iptables ~t nat -A POSTROUTING ~o eth0 -j SNAT -to-source 192.0.2.11
• B. iptables ~t nat -A PREROUT1NG -\ eth0 -j SNAT -to-source 192.0.2.11
• C. iptables -t nat -A POSTROUTING H eth0 -j DNAT -to-source 192.0.2.11
• D. iptables -t mangle -A POSTROUTING -i eth0 -j SNAT -to-source 192.0.2.11
• E. iptables -t mangle -A POSTROUTING -0 eth0 -j SNAT -to-source 192.0.2.11

Question 7

What is the purpose of the program snort-stat?

• A. It displays statistics from the running Snort process.
• B. It returns the status of all configured network devices.
• C. It reports whether the Snort process is still running and processing packets.
• D. It displays the status of all Snort processes.
• E. It reads syslog files containing Snort information and generates port scan statistics.

Question 8

Which of the following commands makes the contents of the eCryptfs encrypted directory -/Private
available to the user?

• A. ecryptfsclient
• B. ecryptfs.mount
• C. ecryptfs-mount-private
• D. decryptfs
• E. ecryptfs-manage-di rectory

Question 9

Which of the following openssl commands generates a certificate signing request (CSR) using the
already existing private key contained in the file private/keypair.pem?

• A. openssl req -key private/keypair.pem -out req/csr.pem
• B. openssl req - new -key private/keypair.pem -out req/csr.pem
• C. openssl gencsr -key private/keypair.pem -out req/csr.pem
• D. openssl gencsr -new- key private/keypair.pem -out req/csr.pem

Question 10

Which command, included in BIND, generates DNSSEC keys? (Specify ONLY the command without
any path or parameters.)

Question 11

Which DNS label points to the DANE information used to secure HTTPS connections to
https://www.example.com/
?

• A. example.com
• B. dane.www.example.com
• C. soa.example com D. www.example.com
• E. _443_tcp.www example.com

Question 12

Which of the following practices are important for the security of private keys? (Choose TWO correct
answers.)

• A. Private keys should be created on the systems where they will be used and should never leave them.
• B. private keys should be uploaded to public key servers.
• C. Private keys should be included in X509 certificates.
• D. Private keys should have a sufficient length for the algorithm used for key generation.
• E. Private keys should always be stored as plain text files without any encryption.

Question 13

Which of the following configuration options makes Apache HTTPD require a client certificate for
authentication?

• A. Limit valid-x509
• B. SSLRequestClientCert always
• C. Require valid-x509
• D. SSLVerifyClient require
• E. SSLPolicy valid-client-cert

Question 14

Which of the following information, within a DNSSEC- signed zone, is signed by the key signing key?

• A. The non-DNSSEC records like A, AAAA or MX
• B. The zone signing key of the zone.
• C. The RRSIG records of the zone.
• D. The NSEC or NSEC3 records of the zone.
• E. The DS records pointing to the zone

Question 15

Which of the following statements is true regarding eCryptfs?

• A. For every file in an eCryptfs directory there exists a corresponding file that contains the encrypted content.
• B. The content of all files in an eCryptfs directory is stored in an archive file similar to a tar file with an additional index to improve performance.
• C. After unmounting an eCryptfs directory, the directory hierarchy and the original file names are still visible, although, it is not possible to view the contents of the files.
• D. When a user changes his login password, the contents of his eCryptfs home directory has to be re- encrypted using his new login password.
• E. eCryptfs cannot be used to encrypt only directories that are the home directory of a regular Linux user.