117-303 - LPI Level 3 Exam 303

Go back to LPI

Example Questions

The system administrator is keeping local configuration file changes in RCS. What command will commit the file RCS revision control AND keep a local, unlocked copy of the latest version of the file? Which of the following methods can be used to deactivate a rule in Snort? (Select 2 correct answers) What OpenSSL command will generate a private RSA key of 2048 bits and no passphrase? An unprivileged user issued a command which produced the following log message: avc: denied { getattr } for pid=984 exe=/usr/bin/vim path=/etc/shadow dev=03:01 ino=134343 scontext=hugh:user_r:user_t tcontext=system_u:object:shadow_t tclass=file What does the message mean? What is the syntax error in the following simple Puppet configuration file? class test_class { file { "/tmp/test.txt": mode => 600, owner => root, group => root } } # Define the node node testclient { isa test_class } The apache administrator has added the following lines to the configuration files: <Directory /> AllowOverride None </Directory> What is the purpose of this directive? A user is attempting to connect to a remote server via SSH and receives the following message: The authenticity of host 'mail.example.com (208.77.188.166)' can't be established. RSA key fingerprint is 92:32:55:e9:c4:20:ae:1b:2c:d7:91:40:90:89:1c:ad. Are you sure you want to continue connecting (yes/no)? What does this indicate? How does AppArmor configure its access control settings? When adding additional users to a file's extended ACL's, what is true abount the default behaviour of the ACL mask for the file? Which of the following are valid deployment scenarios? (Select 3 correct answers) Which of the following is NOT and valid scan technique with nmap ? Which OpenSSL command is used to inspect the information stored in a certificate? Which syslog configuration line will send out logged messages to a remote syslog server? You wish to revoke write access for all groups and named users on a file. Which command will make a correct ACL changes? Which GPG command us used to create a revocation certificate in case a GPG key ever needs to be called? What is true about the permissions for the file afile give the following output from getfacl? (Select 2 correct answers) % getfacl afile # file: afile # owner: matt # group: support user:: rwx user:hugh:rw group::r group:staff:rx mask::rwx other::r You have downloaded a file named file.tgz along with a signature file named file.tgz.asc. Which command can be used to verify that file.tgz hat not beeing tampered with since the file creator created the signature? Assume that you have already retrieved the public key of the file creator (Select 3 correct answers) Which of the following commands will create a new, signed tw.pol file? Which of the following is not an iptables rule set? Which command is used to add an additional name, email address and comment to an existing private key? Which command will list all of the extended attributes on the file afile.txt with the values? What is the purpose of snort inline? What does the following iptables rule accomplish: iptables A INPUT s 208.77.188.166 j DROP Which of the following are builtin chains for the iptables nat table? (Select 3 correct answers) Which of the following statements are true about Linux Extended Attributes on files? (Select 2 correct answers) What does the following iptables rule accomplish: iptables A INPUT d 10.142.232.1 p tcp dport 20:21 j ACCEPT SELinux is a Linux feature that: Which GPG command is used to sign a public key? (Select 2 correct answers) Under which path is the SELinux pseudofilesystem found ? What is an SO rule in the context of Snort? Which of the following parameters should be set in main.cf to enable TLS in Postfix? The OpenSSL command can be used to test connections with various secure services. What command will open a connection with a remote POP3S (POP3 over SSL) server? When a user logs into a system using SSH, what is the format of SELinux security context which will assign the user_r role and the user_t domain to their login session? Which command will set the user.author attribute on the file afile.txt Which option is required to syslogd in order for it to accept remote log message? Linux Extended Attributes include attributes classes. Which of the following are included in the defined attributes classes ? (Select 3 correct answers) Which of the following export options, when specified in /etc/exports, will tell the server to use the NFSv4 Pseudofilesystem? What is one of the primary claimed benefits of Smack over SELinux? Someone who whises to receive and encrypted file has provided a key UID and a key fingerprint for verification to the data sender. Assuming that this key is on a public keyserver, what command will fetch the public key from the server ? The command 'nmap sS O 10.142.232.10' produces the following output: PORT STATE SERVICE 631/tcp open ipp 3306/tcp open mysql Which of the following statements are true ? (Select 2 correct answers) What OpenSSL command will generate a selfsigned test certificate? What is the purpose of tripwire? You are certain that your kernel has been compiled with ACL support, however, when you try to set an ACL on a file, you get the following output: % setfacl m user:hugh:r afile.txt setfacl: afile.txt: Operation not supported What is the most likely reason for this problem? Which of the following are common techniques for securing Nagios ? (Select 3 correct answers) Which of the following are common techniques for securing a sendmail server ? (Select 3 correct answers) What is the difference between an SELinux domain an an SELinux type ? On a new Linux system, the root user is being asked to provide the root user password before being able to use the su command. What line in the /etc/pam.d/su file will allow root to use su without supplying passwords? What OpenSSL command will generate a certificate signing request (CSR) using the private key file privkey.pem? A user is attempting to connect to a remote host via SSH and following message is displayed: Host key verification failed. Which of the following options could resolve the problem? (Select 2 correct answers) Which of the following can be done to secure BIND server? (Select 3 correct answers)