[Apr-2024] Get 100% Real 202-450 Exam Questions, Accurate & Verified ExamsLabs Dumps in the Real Exam! [Q18-Q32]

April 7, 2024 202-450, Lpi 0 Comments

[Apr-2024] Get 100% Real 202-450 Exam Questions, Accurate & Verified ExamsLabs Dumps in the Real Exam! [Q18-Q32]

4.5/5 - (2 votes)

[Apr-2024] Get 100% Real 202-450 Exam Questions, Accurate & Verified ExamsLabs Dumps in the Real Exam!

Pass Your LPIC-2 Certified Linux Engineer Exams Fast. All Top 202-450 Exam Questions Are Covered.

NEW QUESTION 18
It has been discovered that the company mail server is configured as an open relay. Which of the following actions would help prevent the mail server from being used as an open relay while maintaining the possibility to receive company mails? (Choose two.)

Restrict Postfix to only accept e-mail for domains hosted on this server

Configure Dovecot to support IMAP connectivity

Configure netfilter to not permit port 25 traffic on the public network

Restrict Postfix to only relay outbound SMTP from the internal network

Upgrade the mailbox format from mbox to maildir

NEW QUESTION 19
Select the Samba option below that should be used if the main intention is to setup a guest printer service?

security = cups

security = ldap

security = pam

security = share

security = printing

NEW QUESTION 20
In which CIFS share must printer drivers be placed to allow Point’n’Print driver deployment on Windows?

winx64drv$

print$

The name of the share is specified in the option print driver share within each printable share in smb.

conf pnpdrivers$

NETLOGON

NEW QUESTION 21
What word is missing from the following excerpt of a named.conf file?

networks

net

list

acl

group

NEW QUESTION 22
Which of the following sshd configuration should be set to no in order to fully disable password based logins?
(Choose two.)

PAM Authentication

Challenge Response Authentication

Permit Plaintext Login

Use Passwords

Password Authentication

Explanation
To fully disable password based logins for SSH, you need to set both Challenge Response Authentication and Password Authentication to no in the sshd configuration file. These options control whether the server will accept password-based authentication methods such as keyboard-interactive or PAM. Setting them to no will only allow public key authentication or other methods that do not involve passwords. References:
LPIC-2 Exam 202 Objectives1
LPIC-2 Exam 202 Study Guide2
LPIC-2 Exam 202 Topic 208: SSH Configuration3

NEW QUESTION 23
Which of the following Samba services handles the membership of a file server in an Active Directory domain?

winbindd

nmbd

msadd

admemb

samba

Explanation
The Samba service that handles the membership of a file server in an Active Directory domain is winbindd.
Winbindd is a daemon that provides a number of services to the Name Service Switch (NSS) capability of the system, such as resolving user and group information from a Windows NT server and authentication. Winbindd can also be used to join a Samba file server to an Active Directory domain and authenticate domain users to access the file shares12 References:
Chapter 4. Using Samba for Active Directory Integration Red Hat Enterprise Linux 7 – Red Hat Customer Portal Winbind: Use of Domain Accounts – SambaWiki

NEW QUESTION 24
In order to protect a directory on an Apache HTTPD web server with a password, this configuration was added to an .htaccessfile in the respective directory:

Furthermore, a file /var/www/dir/ .htpasswdwas created with the following content:
usera:S3cr3t
Given that all these files were correctly processed by the web server processes, which of the following statements is true about requests to the directory?

The user useracan access the site using the password s3cr3t

Accessing the directory as useraraises HTTP error code 442 (User Not Existent)

Requests are answered with HTTP error code 500 (Internal Server Error)

The browser prompts the visitor for a username and password but logins for userado not seem to work

The web server delivers the content of the directory without requesting authentication

NEW QUESTION 25
FILL BLANK
Which OpenLDAP client command can be used to change the password for an LDAP entry? (Specify ONLY the command without any path or parameters.)

ldappasswd

NEW QUESTION 26
Fill in the blank.
Which directive in a Nginx server configuration block defines the TCP ports on which the virtual host will be available, and which protocols it will use?
(Specify ONLY the option name without any values.)

listen

NEW QUESTION 27
A BIND server should be upgraded to use TSIG. Which configuration parameters should be added if the server should use the algorithm hmac-md5 and the key skrKc4DoTzi/takIlPi7JZA==?

Option A

Option B

Option C

Option D

Option E

Explanation
TSIG stands for Transaction SIGnature, which is a mechanism for authenticating DNS messages using a shared secret key and a cryptographic hash algorithm. TSIG can be used to secure DNS updates, zone transfers, and queries between DNS servers and clients. To configure a BIND server to use TSIG, the following parameters should be added to the named.conf file:
A key statement that defines the name, algorithm, and secret of the TSIG key. The name can be any arbitrary string, the algorithm can be one of the supported algorithms such as hmac-md5, hmac-sha1, hmac-sha256, etc., and the secret can be a base64-encoded string that represents the shared secret key.
For example:
key “server.example.com” { algorithm hmac-md5; secret “skrKc4DoTzi/takIlPi7JZA==”; }; A server statement that specifies the IP address or hostname of the remote server that will use the TSIG key, and the name of the key that should be used for communication. For example:
server 192.168.1.10 { keys { “server.example.com”; }; };
A zone statement that indicates the zone name, type, and file of the zone that will use TSIG, and the name of the key that should be used for updates or transfers. For example:
zone “example.com” { type master; file “example.com.zone”; allow-update { key “server.example.com”; }; allow-transfer { key “server.example.com”; }; }; Option E shows the correct configuration parameters that should be added if the server should use the algorithm hmac-md5 and the key skrKc4DoTzi/takIlPi7JZA==. The other options are incorrect because they either use the wrong syntax, the wrong algorithm, the wrong key name, or the wrong secret.
References:
LPIC-2 exam 202 objectives, topic 208.2, “Securing a DNS server”
BIND 9 Administrator Reference Manual, chapter 6, “Access Control Lists and TSIG” How to Configure DNS Server with TSIG on CentOS 8

NEW QUESTION 28
What is the name of the network security scanner project which, at the core, is a server with a set of network vulnerability tests?

NetMap

OpenVAS

Smartscan

Wireshark

Explanation
OpenVAS is a network security scanner project that, at the core, is a server with a set of network vulnerability tests (NVTs) to detect security problems in remote systems and applications. It is an open-source tool that was forked from Nessus, a popular commercial scanner. OpenVAS can perform comprehensive scans of networks and hosts, as well as web application scanning and compliance testing. It also provides a graphical user interface (GUI) and a command-line interface (CLI) for managing scans and reports. References:
Greenbone Vulnerability Management – Gentoo wiki
The Best Network Vulnerability Scanners Tested in 2023 – Comparitech

NEW QUESTION 29
With fail2ban, what is a ‘jail’?

A netfilter rules chain blocking offending IP addresses for a particular service

A group of services on the server which should be monitored for similar attack patterns in the log files

A filter definition and a set of one or more actions to take when the filter is matched

The chroot environment in which fail2ban runs

Explanation
A Fail2Ban jail is a combination of a filter and one or several actions. A filter defines a regular expression that matches a pattern corresponding to a failed login attempt or another suspicious activity. Actions define commands that are executed when the filter catches an abusive IP address. A jail can have active or inactive status1 References: 1: Fail2Ban Jails Management | Plesk Obsidian documentation

NEW QUESTION 30
Using its standard configuration, how does fail2ban block offending SSH clients?

By rejecting connections due to its role as a proxy in front of SSHD.

By modifying and adjusting the SSHD configuration.

By creating and maintaining netfilter rules.

By creating null routes that drop any answer packets sent to the client.

By modifying and adjusting the TCP Wrapper configuration for SSHD.

NEW QUESTION 31
Which of the following authentication mechanisms are supported by Dovecot? (Choose three.)

ldap

digest-md5

cram-md5

plain

krb5

Explanation/Reference: https://wiki2.dovecot.org/Authentication/Mechanisms

NEW QUESTION 32
Which of the following OpenVPN configuration options makes OpenVPN forward network packets between VPN clients itself instead of passing the packets on to the Linux host which runs the OpenVPN server for further processing?

inter-client-traffic

client-to-client

client-router

client-pass

grant-client-traffic

Loading …