This page was exported from Exams Labs Braindumps [ http://blog.examslabs.com ] Export date:Thu Nov 7 7:27:33 2024 / +0000 GMT ___________________________________________________ Title: [Apr-2024] Get 100% Real 202-450 Exam Questions, Accurate & Verified ExamsLabs Dumps in the Real Exam! [Q18-Q32] --------------------------------------------------- [Apr-2024] Get 100% Real 202-450 Exam Questions, Accurate & Verified ExamsLabs Dumps in the Real Exam! Pass Your LPIC-2 Certified Linux Engineer Exams Fast. All Top 202-450 Exam Questions Are Covered. NEW QUESTION 18It has been discovered that the company mail server is configured as an open relay. Which of the following actions would help prevent the mail server from being used as an open relay while maintaining the possibility to receive company mails? (Choose two.)  Restrict Postfix to only accept e-mail for domains hosted on this server  Configure Dovecot to support IMAP connectivity  Configure netfilter to not permit port 25 traffic on the public network  Restrict Postfix to only relay outbound SMTP from the internal network  Upgrade the mailbox format from mbox to maildir NEW QUESTION 19Select the Samba option below that should be used if the main intention is to setup a guest printer service?  security = cups  security = ldap  security = pam  security = share  security = printing NEW QUESTION 20In which CIFS share must printer drivers be placed to allow Point’n’Print driver deployment on Windows?  winx64drv$  print$  The name of the share is specified in the option print driver share within each printable share in smb.  conf pnpdrivers$  NETLOGON NEW QUESTION 21What word is missing from the following excerpt of a named.conf file?  networks  net  list  acl  group NEW QUESTION 22Which of the following sshd configuration should be set to no in order to fully disable password based logins?(Choose two.)  PAM Authentication  Challenge Response Authentication  Permit Plaintext Login  Use Passwords  Password Authentication ExplanationTo fully disable password based logins for SSH, you need to set both Challenge Response Authentication and Password Authentication to no in the sshd configuration file. These options control whether the server will accept password-based authentication methods such as keyboard-interactive or PAM. Setting them to no will only allow public key authentication or other methods that do not involve passwords. References:LPIC-2 Exam 202 Objectives1LPIC-2 Exam 202 Study Guide2LPIC-2 Exam 202 Topic 208: SSH Configuration3NEW QUESTION 23Which of the following Samba services handles the membership of a file server in an Active Directory domain?  winbindd  nmbd  msadd  admemb  samba ExplanationThe Samba service that handles the membership of a file server in an Active Directory domain is winbindd.Winbindd is a daemon that provides a number of services to the Name Service Switch (NSS) capability of the system, such as resolving user and group information from a Windows NT server and authentication. Winbindd can also be used to join a Samba file server to an Active Directory domain and authenticate domain users to access the file shares12 References:Chapter 4. Using Samba for Active Directory Integration Red Hat Enterprise Linux 7 – Red Hat Customer Portal Winbind: Use of Domain Accounts – SambaWikiNEW QUESTION 24In order to protect a directory on an Apache HTTPD web server with a password, this configuration was added to an .htaccessfile in the respective directory:Furthermore, a file /var/www/dir/ .htpasswdwas created with the following content:usera:S3cr3tGiven that all these files were correctly processed by the web server processes, which of the following statements is true about requests to the directory?  The user useracan access the site using the password s3cr3t  Accessing the directory as useraraises HTTP error code 442 (User Not Existent)  Requests are answered with HTTP error code 500 (Internal Server Error)  The browser prompts the visitor for a username and password but logins for userado not seem to work  The web server delivers the content of the directory without requesting authentication NEW QUESTION 25FILL BLANKWhich OpenLDAP client command can be used to change the password for an LDAP entry? (Specify ONLY the command without any path or parameters.) ldappasswdNEW QUESTION 26Fill in the blank.Which directive in a Nginx server configuration block defines the TCP ports on which the virtual host will be available, and which protocols it will use?(Specify ONLY the option name without any values.) listenNEW QUESTION 27A BIND server should be upgraded to use TSIG. Which configuration parameters should be added if the server should use the algorithm hmac-md5 and the key skrKc4DoTzi/takIlPi7JZA==?  Option A  Option B  Option C  Option D  Option E ExplanationTSIG stands for Transaction SIGnature, which is a mechanism for authenticating DNS messages using a shared secret key and a cryptographic hash algorithm. TSIG can be used to secure DNS updates, zone transfers, and queries between DNS servers and clients. To configure a BIND server to use TSIG, the following parameters should be added to the named.conf file:A key statement that defines the name, algorithm, and secret of the TSIG key. The name can be any arbitrary string, the algorithm can be one of the supported algorithms such as hmac-md5, hmac-sha1, hmac-sha256, etc., and the secret can be a base64-encoded string that represents the shared secret key.For example:key “server.example.com” { algorithm hmac-md5; secret “skrKc4DoTzi/takIlPi7JZA==”; }; A server statement that specifies the IP address or hostname of the remote server that will use the TSIG key, and the name of the key that should be used for communication. For example:server 192.168.1.10 { keys { “server.example.com”; }; };A zone statement that indicates the zone name, type, and file of the zone that will use TSIG, and the name of the key that should be used for updates or transfers. For example:zone “example.com” { type master; file “example.com.zone”; allow-update { key “server.example.com”; }; allow-transfer { key “server.example.com”; }; }; Option E shows the correct configuration parameters that should be added if the server should use the algorithm hmac-md5 and the key skrKc4DoTzi/takIlPi7JZA==. The other options are incorrect because they either use the wrong syntax, the wrong algorithm, the wrong key name, or the wrong secret.References:LPIC-2 exam 202 objectives, topic 208.2, “Securing a DNS server”BIND 9 Administrator Reference Manual, chapter 6, “Access Control Lists and TSIG” How to Configure DNS Server with TSIG on CentOS 8NEW QUESTION 28What is the name of the network security scanner project which, at the core, is a server with a set of network vulnerability tests?  NetMap  OpenVAS  Smartscan  Wireshark ExplanationOpenVAS is a network security scanner project that, at the core, is a server with a set of network vulnerability tests (NVTs) to detect security problems in remote systems and applications. It is an open-source tool that was forked from Nessus, a popular commercial scanner. OpenVAS can perform comprehensive scans of networks and hosts, as well as web application scanning and compliance testing. It also provides a graphical user interface (GUI) and a command-line interface (CLI) for managing scans and reports. References:Greenbone Vulnerability Management – Gentoo wikiThe Best Network Vulnerability Scanners Tested in 2023 – ComparitechNEW QUESTION 29With fail2ban, what is a ‘jail’?  A netfilter rules chain blocking offending IP addresses for a particular service  A group of services on the server which should be monitored for similar attack patterns in the log files  A filter definition and a set of one or more actions to take when the filter is matched  The chroot environment in which fail2ban runs ExplanationA Fail2Ban jail is a combination of a filter and one or several actions. A filter defines a regular expression that matches a pattern corresponding to a failed login attempt or another suspicious activity. Actions define commands that are executed when the filter catches an abusive IP address. A jail can have active or inactive status1 References: 1: Fail2Ban Jails Management | Plesk Obsidian documentationNEW QUESTION 30Using its standard configuration, how does fail2ban block offending SSH clients?  By rejecting connections due to its role as a proxy in front of SSHD.  By modifying and adjusting the SSHD configuration.  By creating and maintaining netfilter rules.  By creating null routes that drop any answer packets sent to the client.  By modifying and adjusting the TCP Wrapper configuration for SSHD. NEW QUESTION 31Which of the following authentication mechanisms are supported by Dovecot? (Choose three.)  ldap  digest-md5  cram-md5  plain  krb5 Explanation/Reference: https://wiki2.dovecot.org/Authentication/MechanismsNEW QUESTION 32Which of the following OpenVPN configuration options makes OpenVPN forward network packets between VPN clients itself instead of passing the packets on to the Linux host which runs the OpenVPN server for further processing?  inter-client-traffic  client-to-client  client-router  client-pass  grant-client-traffic  Loading … Penetration testers simulate 202-450 exam: https://www.examslabs.com/Lpi/LPIC-2-Certified-Linux-Engineer/best-202-450-exam-dumps.html --------------------------------------------------- Images: https://blog.examslabs.com/wp-content/plugins/watu/loading.gif https://blog.examslabs.com/wp-content/plugins/watu/loading.gif --------------------------------------------------- --------------------------------------------------- Post date: 2024-04-07 14:15:12 Post date GMT: 2024-04-07 14:15:12 Post modified date: 2024-04-07 14:15:12 Post modified date GMT: 2024-04-07 14:15:12