Pass4sure 117-202 294q

Number: 117-202
Passing Score: 800
Time Limit: 120 min
File Version: 16.5

LPI 117-202

Linux Networking Administration

Finally, I got right questions for this exam and share with you guys. Best Wishes.
Exam A

QUESTION 1
Given this excerpt from an Apache configuration file, which of the numbered lines has INCORRECT syntax?

1: <VirtualHost *:80>

2: ServerAdmin admin9@server.example.org

3: DocumentRoot /home/http/admin

4: ServerName admin.server.example.org

5: DirectoryIndex index.php default.php

6: ErrorLog logs/admin.server.example.org-error_log

7: CustomLog logs/admin.server.example.org-access_log common

8: </VirtualHost>

A. 1
B. 1 and 4
C. 1, 4 and 7
D. 1 and 5
E. None. The configuration is valid

Correct Answer: E
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 2
Select the TWO correct statements about the following excerpt from httpd.conf:

<Directory /var/web/dir1>

<Files private.html>

Order allow, deny

Deny from all

</Files>

Real 2
LPI 117-202 Exam
</Directory>

A. The configuration will deny access to /var/web/dir1/private.html, /var/web/dirl/subdir2/private.html, /var/web/

dirl/subdir3/private.html and any other instance of private.html found under the /var/web/dir1/directory.
B. The configuration will deny access to /var/web/dir1/private.html, but it will allow access to /var/web/dirl/
subdir2/private.htm1, for example.
C. The configuration will allow access to any file named private.html under /var/web/dir1, but it will deny
access to any other files
D. The configuration will allow access just to the file named private.html under /var/web/dir1
E. The configuration will allow access to /var/web/private.html, if it exists

Correct Answer: AE
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 3
Considering the following excerpt from the httpd.conf file, select the correct answer below:

<Location> AllowOverride AuthConfig Indexes

</Location>

A. The Indexes directive in the excerpt allows the use of other index-related directives such as DirectoryIndex
B. Both directives AuthConfig and Indexes found in the server's .htaccess file will be overridden by the same
directives found in the httpd.conf file
C. The AuthConfig used in the excerpt allows the use of other authentication-related directives such as
AuthType
D. The excerpt is incorrect, as the AllowOverride cannot be used with Indexes, since the latter cannot be
overridden
E. The excerpt is incorrect, because AllowOverride cannot be used inside a Location section

Correct Answer: E
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 4
Which of the following lines in the Apache configuration file would allow only clients with a valid certificate to
access the website?

Real 3
LPI 117-202 Exam

A. SSLCA conf/ca.crt
B. AuthType ssl
C. IfModule libexec/ssl.c
D. SSLRequire
E. SSLVerifyClient require

Correct Answer: E
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 5
Which TWO of the following options are valid, in the /etc/exports file?
A. rw
B. ro
C. rootsquash
D. norootsquash
E. uid

Correct Answer: AB
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 6
Which of the following is needed, to synchronize the Unix password with the SMB password, when the
encrypted SMB password in the smbpasswd file is changed?

A. Nothing, because this is not possible.

B. Run netvamp regularly, to convert the passwords.
C. Rin winbind --sync, to synchronize the passwords.
D. Add unix password sync = yes to smb.conf.
E. Add smb unix password = sync to smb.conf.

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 7
The new file server is a member of the Windows domain "foo". Which TWO of the following

Real 4
LPI 117-202 Exam
configuration sections will allow members of the domain group "all" to read, write and execute files in "/srv/smb/
data"?

A. [data] comment = data share path = /srv/smb/data write list = @foo+all force group = @foo+all create mask
= 0550 directory mask = 0770
B. [data] comment = data share path = /srv/smb/data write list = @foo+all force group = @foo+all create mask
= 0770 directory mask = 0770
C. [data] path = /srv/smb/data write list = @foo+all force group = @foo+all create mask = 0770 directory mask
= 0770
D. [data] comment = data share path = /srv/smb/data write list = @foo+all force group = @foo+all directory
mask = 0770
E. [data] comment = data share path = /srv/smb/data write list = @foo+all force group = all create mask =
0550 directory mask = 0770

Correct Answer: BC
Section: (none)
Explanation

Explanation/Reference:
Explanation:
QUESTION 8
Which command can be used to list all exported file systems from a remote NFS server:

A. exportfs
B. nfsstat
C. rpcinfo
D. showmount
E. importfs

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 9
During which stage of the boot process would this message be seen?

Ide0: BM-DMA at 0xff00-0xff07, BIOS settings: hda:DMA, hdb:DMA

A. Boot loader start and hand off to kernel

B. Kernel loading
C. Hardware initialization and setup
D. Daemon initialization and setup
Real 5
LPI 117-202 Exam

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 10
Where should the LILO code reside, on a system with only one installation of Linux and no other operating
systems?

A. In the master boot record

B. In the boot sector
C. In the /boot directory
D. At the start of the kernel

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 11
During which stage of the boot process would this message be seen?

ide_setup:hdc=ide-scsi
A. Boot loader start and hand off to kernel
B. Kernel loading
C. Hardware initialization and setup
D. Daemon initialization and setup

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 12
What happens when the Linux kernel can't mount the root filesystem when booting?

A. An error message is shown, showing which device couldn't be mounted or informing that init couldn't be
found.
B. An error message is shown and the system reboots after a keypress.
Real 6
LPI 117-202 Exam
C. An error message is shown and the system boots in maintenance mode.
D. An error message is shown and the administrator is asked to specify a valid root filesystem to continue the
boot process.
E. An error message is shown, stating that the corresponding kernel module couldn't be loaded.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 13
Messages from programs are not appearing in the user's native language. What environment variable must be
set for this to happen?

A. LANG
B. I18N
C. MESSAGES
D. MSGS
E. LC_MSGS

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 14
When bash is invoked as an interactive login shell, which of the following sentences is true?

A. It first reads and executes commands in /etc/profile and then does same for ~/.bash_profile and ~/.bashrc
B. It first reads and executes commands in /etc/bashrc and then does same for /etc/profile
C. It reads and executes commands in ~/.bashrc only if /etc/profile or another initialization script calls it.
D. It ignores /etc/profile and only reads and executes commands in ~/.bashrc
E. It first reads and executes commands in /etc/profile and then does same for ~/.bash_profile, ~/.bash_login
and ~/.profile

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 15
Real 7
LPI 117-202 Exam
Why is the root file system mounted read-only during boot and remounted with write permission later on?

A. Because if problems with the root file system are detected during the boot, fsck can be run, without risk of
damage.
B. Because this way crackers cannot collect information about root with boot sniffers
C. To avoid writing to the disk, unless the root password is known.
D. To avoid other operating systems overwriting the Linux root partition
E. Because the disk has its own write protection that cannot change by the operating system.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 16
A GRUB boot loader installed in the MBR was accidentally overwritten. After booting with a rescue CDROM,
how can the lost GRUB first stage loader be recovered?

A. Use dd to restore a previous backup of the MBR

B. Install LILO since there is no easy way to recover GRUB
C. Running mformat will create a new MBR and fix GRUB using info from grub.conf
D. Run grub-install after verifying that grub.conf is correct.
E. Run fdisk --mbr /dev/had assuming that the boot harddisk is /dev/hda.

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 17
CORRECT TEXT

All machines outside the network are able to send emails through the server to addresses not served by that
server. If the server accepts and delivers the email, then it is a (n) _______________.

A.
B.
C.
D.

Correct Answer:
Section: (none)
Explanation

Explanation/Reference:
Answer: open email relay

QUESTION 18
Journalling doesn't appear to be working on an ext3 file-system. When booting, the following line appears:

Real 8
LPI 117-202 Exam
VFS: Mounted root (ext2 filesystem) readonly.

What could be causing the problem?

A. An old version of e2fsprogs is installed.

B. The kernel does not contain ext3 support.
C. The file-system is specified as ext2 in/etc/fstab.
D. The system was not shut down cleanly.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 19
What is the name of the dovecot configuration variable that specifies the location of user mail?

A. mbox
B. mail_location
C. user_dir
D. maildir
E. user_mail_dir

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 20
What is the missing keyword in the following configuration sample for dovecot which defines which
authentication types to support? (Specify only the

keywork) auth default {

______ = plain login cram-md5

}

A. auth_order
B. mechanisms
C. methods
D. supported
Real 9
LPI 117-202 Exam

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 21
What does the following procmail configuration section do?

:0fw

* < 256000

| /usr/bin/foo

A. procmail sends all email older than 256000 seconds to the external program foo
B. If an email contains a value less than 256000 anywhere within it, procmail will process the email with the
program foo
C. procmail sends mail containing less than 256000 words to program foo
D. The program foo is used instead of procmail for all emails larger than 256000 Bytes
E. If the email smaller than 256000 Bytes, procmail will process it with the program foo

Correct Answer: E
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 22
Which setting in the Courier IMAP configuration file will tell the IMAP daemon to only listen on the localhost
interface?

A. ADDRESS=127.0.0.1
B. Listen 127.0.0.1
C. INTERFACE=127.0.0.1
D. LOCALHOST_ONLY=1

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 23
Real 10
LPI 117-202 Exam
You suspect that you are receiving messages with a forged From: address. What could help you find out where
the mail is originating?

A. Install TCP wrappers, and log all connections on port 25

B. A dd the command 'FR-strlog' to the sendmail.cf file
C. Add the command 'define ('LOG_REAL_FROM') dnl' to the sendmail.mc file
D. Run a filter in the aliases file that checks the originating address when mail arrives
E. Look in the ReceiveD.and Message-ID.parts of the mail header

Correct Answer: E
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 24
You have to mount the /data filesystem from an NFS server(srvl) that does not support locking. Which of the
following mount commands should you use?

A. mount -a -t nfs
B. mount -o locking=off srvl:/data /mnt/data
C. mount -o nolocking srvl:/data /mnt/data
D. mount -o nolock srvl:/data /mnt/data
E. mount -o nolock /data@srvl /mn/data

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 25
In what mode is your FTP session when the client side makes the connections to both the data and command
ports of the FTP server?

A. passive
B. active
C. impassive
D. safe
E. inactive

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
Explanation:

Real 11
LPI 117-202 Exam
QUESTION 26
Which of the following organisations track and report on security related flaws in computer technology? (Please
select TWO answers)

A. Bugtraq
B. CERT
C. CSIS
D. Freshmeat
E. Kernel.org

Correct Answer: AC
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 27
Which of the following Linux services has support for only the Routing Information Protocol (RIP) routing
protocol?

A. gated
B. ipchains
C. netfilter
D. routed
E. zebra

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 28
Which of the following is NOT included in a Snort rule header?

A. protocol
B. action
C. source IP address
D. packet byte offset
E. source port
Real 12
LPI 117-202 Exam

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 29
Which environment variables are used by ssh-agent? (Please select TWO variables)
A. SSH_AGENT_KEY
B. SSH_AGENT_SOCK
C. SSH_AGENT_PID
D. SSH_AUTH_SOCK
E. SSH_AUTH_PID

Correct Answer: BC
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 30
What tool scans log files for unsuccessful login attempts and blocks the offending IP addresses with firewall
rules?

A. nessus
B. nmap
C. nc
D. watchlogs
E. fail2ban

Correct Answer: E
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 31
Running sysctl has the same effect as:

A. Changing the kernel compilation parameters

B. Writing to files inside /proc
C. Changing process limits using ulimit
D. Editing files inside /etc/sysconfig
Real 13
LPI 117-202 Exam
E. There is no equivalent to this utility

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 32
Which files are read by the lsdev command? (Please specify THREE answers)

A. /proc/dma
B. /proc/filesystems
C. /proc/interrupts
D. /proc/ioports
E. /proc/swaps

Correct Answer: ACD

Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 33
Which of the following describes the main purpose of strace?

A. Show the TCP/IP stack data, to help to solve network problems

B. Help to follow the traces of intruders of the internal network
C. Debug programs by displaying the original code of the program. It is a kind of "disassembler"
D. Reverse engineer applications, resulting in the source code of the program
E. Debug programs by monitoring system calls and reporting them

Correct Answer: E
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 34
The following data is some of the output produced by a program. Which program produced this output?

strftime (" Thu", 1024, "%a", 0xb7f64380) =4

Real 14
LPI 117-202 Exam
fwrite ("Thu", 3, 1, 0xb7f614e0) =1

fputc (' ', 0xb7f614e0) =32

strftime (" Feb", 1024, " %b", 0xb7f64380) =4

fwrite ("Feb", 3, 1, 0xb7f614e0) =1

fputc (' ', 0xb7f614e0) =32

fwrite ("19", 2, 1, 0xb7f614e0) =1

A. lsof
B. ltrace
C. nm
D. strace
E. time

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 35
On bootup, LILO prints out LIL and stops. What is the cause of this?

A. The descriptor table is bad

B. LILO failed to load the second stage loader
C. LILO failed to load the primary stage loader
D. LILO failed to locate the kernel image

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 36
A server was rebuilt using a full system backup but with a different disk setup. The kernel won't boot,
complaining it cannot find the root filesystem. Which of the following commands will fix this error by pointing the
kernel image to the new root partition?

A. mkbootdisk
B. tune2fs
C. rdev
Real 15
LPI 117-202 Exam
D. grub-install
E. fdisk

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 37
An administrator wants to issue the command echo 1 >/var/ log/boater.log once all of the scripts in / etc/rc2.d
have been executed. What is the best way to accomplish this?

A. Add the command to /etc/rc.local

B. Create a script in ~/.kde/Autostart/ and place the command in it
C. Create a script in /etc/init.d/ and place a link to it in /etc/rc2.d/
D. Create a script in /etc/rc2.d/ and place the command in it

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 38
An administrator has placed an executable in the directory /etc/init.d, however it is not being executed when the
system boots into runlevel 2. What is the most likely cause of this?
A. The script has not been declared in /etc/services
B. runleve1 2 is not declared in /etc/inittab
C. The script has the permissions 700 and is owned by root
D. A corresponding link was not created in /etc/rc2.d

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 39
For an LDAP client configuration, the LDAP base needs to be set. Which TWO of the following actions would
achieve that?

A. export LDAPBASE=dc=linuxfoo,dc=com
Real 16
LPI 117-202 Exam
B. export BASE=dc=linuxfoo,dc=com
C. Edit ldapbase.conf and add "BASE dc=linuxfoo,dc=com".
D. Edit cldap.conf and add "BASE dc=linuxfoo,dc=com".
E. Edit ldap.conf and add "BASE dc=linuxfoo,dc=com".

Correct Answer: AE
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 40
Which of the following options can be passed to a DHCP client machine using configuration options on the
DHCP server?

A. The NIS domain name

B. The resolving order in /etc/resolv.conf
C. The priority order in nsswitch.conf
D. The filter rules for iptables
E. The contents of hosts.allow and hosts.deny

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 41
Which answer best describes the meaning of the following LDAP search commanD. ldapseareh - x" (&
(cn=marie)(telephoneNumber=9*))"

A. It is searching for all entries that don't have the cn attribute equal to marie OR the telephoneNumber
attribute starting with number 9
B. It is searching for all entries that have the cn attribute equal to marie AND the telephoneNumber attribute
starting with number 9
C. It is searching for all entries that have the cn attribute equal to marie AND the telephoneNumber attribute
ending with number 9
D. It is searching for all entries that don't have the cn attribute equal to marie AND the telephoneNumber
attribute starting with number 9
E. It is searching for all entries that have the cn attribute different than marie OR the telephoneNumber
attribute starting with number 9

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Explanation:

Real 17
LPI 117-202 Exam

QUESTION 42
In a PAM configuration file, a sufficient control allows access:

A. Immediately on success, if no previous required or requisite control failed

B. Immediately on success, regardless of other controls
C. After waiting if all other controls return success
D. Immediately, but only if the user is root

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 43
After setting up Apache to run inside a chroot jail as a non-root user, httpd no longer starts. What is the primary
cause of the problem?

A. Apache needs to start as root to bind to port 80

B. Apache cannot read the main index.html file because it was not moved into the chroot environment
C. A LoadModule line for mod_chroot needs to be added to httpd.conf
D. Apache requires a VirtualHost directive when running from a chroot environment
E. The mod_chroot configuration needs the absolute path to the chroot environment

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 44
Which is a valid Squid option to define a listening port?

A. port = 3128
B. http-listen-port=3128
C. http_port 3128
D. squid_port 3128

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
Explanation:

Real 18
LPI 117-202 Exam

QUESTION 45
What is the name of the network security scanner project which, at the core, is a server with a set of network
vulnerability tests (NVTs)?

A. nmap
B. OpenVAS
C. Snort
D. wireshark

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 46
How must Samba be configured, so that it can check passwords against the ones in /etc/passwd and / etc/
shadow?

A. Set the parameters "encrypt passwords = yes" and "password file = /etc/passwd".
B. Set the parameters "encrypt passwords = yes", "password file = /etc/passwd" and "password algorithm
=crypt"
C. Delete the smbpasswd file and create a symbolic link to the passwd and shadow file
D. It is not possible for Samba to use/etc/passwd and /etc/shadow
E. Run smbpasswd to convert /etc/passwd and /etc/shadow to a Samba pass word file

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 47
What is the standard port number for the unencrypted IMAP service?

A. 25
B. 143
C. 443
D. 993
E. 1066
Real 19
LPI 117-202 Exam

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 48
Considering the following kernel IP routing table below, which of the following commands must be used to
remove the route to the network 10.10.1.0/24?

A. route del 10.10.1.0

B. route del 10.10.1.0/24
C. route del - net 10.10.1.0/24
D. route del 10.10.1.0/24 gw 192.168.246.11
E. route del -net 10.10.1.0

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 49
After changing /etc/exports on a server, remote hosts are still unable to mount the exported directories. What
should be the next action? Please select TWO correct answers.

A. Restart the NFS daemon

B. Run exportfs -a on the server
C. Run exportfs -f on the server
D. Run showmount -a on the server
E. Restart the remote hosts

Correct Answer: BC
Section: (none)
Explanation

Explanation/Reference:
Explanation:

Real 20
LPI 117-202 Exam

QUESTION 50
Considering the following kernel IP routing table now, which of the following commands must be remove the
route to the network 10.10.1.0/24?

Kernel IP routing table

A. routedel 10.10.1.0
B. routedel 10.10.1.0/24
C. routedel -net 10.10.1.0/24
D. routedel 10.10.1.0/24 gw 192.168.246.11
E. routedel -net 10.10.1.0

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 51
CORRECT TEXT

Postfix daemons can be chroot'd by setting the chroot flag in _______. (Supply only the filename, without a
path)

A.
B.
C.
D.

Correct Answer:
Section: (none)
Explanation

Explanation/Reference:
Answer: master.cf

QUESTION 52
Some users are unable to connect to specific local hosts by name, while accessing hosts in other zones works
as expected. Given that the hosts are reachable by their IP addresses, which is the default log file that could
provide hints about the problem?

A. /var/named/log
B. /var/lib/named/dev/log
C. /var/log/bind_errors
Real 21
LPI 117-202 Exam
D. /var/log/bind/errors
E. /var/log/messages

Correct Answer: E
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 53
Which Squid configuration directive defines the authentication method to use?

A. auth_param
B. auth_method
C. auth_program
D. auth_mechanism
E. proxy_auth

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 54
Which entry in the .procmailrc file will send a copy of an email to another mail address?

A. :0 c
B. :0 copy
C. :c
D. :copy
E. :s

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 55
A security-conscious administrator would change which TWO of the following lines found in an SSH
configuration file?

A. Protocol 2, 1
Real 22
LPI 117-202 Exam
B. PermitEmptyPasswords no
C. Port 22
D. PermitRootLogin yes
E. IgnoreRhosts yes

Correct Answer: AD
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 56
CORRECT TEXT

What is the default location for sendmail configuration files? (Please provide the complete path to the directory)

A.
B.
C.
D.

Correct Answer:
Section: (none)
Explanation

Explanation/Reference:
Answer: /etc/mail

QUESTION 57
CORRECT TEXT

In which directory can all parameters available to sysctl be found? (Provide the full path)

A.
B.
C.
D.

Correct Answer:
Section: (none)
Explanation

Explanation/Reference:
Answer: /proc/sys

QUESTION 58
CORRECT TEXT

Instead of running the command echo 1 >/proc/sys/net/ipv4/ip_forward, the configuration setting is going to be
added to /etc/sysctl.conf. What is the missing value in the configuration line below? (Please specify only the
missing value)

A.
B.
C.
D.

Correct Answer:
Section: (none)
Explanation

Explanation/Reference:
Answer: net.ipv4.ip_forward

QUESTION 59
CORRECT TEXT

What is the name of the module in Apache that provides the HTTP Basic Authentication functionality? (Please
provide ONLY the module name)

A.
B.
C.
D.

Correct Answer:
Section: (none)
Explanation

Explanation/Reference:
Answer: mod_auth

Real 23
LPI 117-202 Exam

QUESTION 60
CORRECT TEXT

What command is used to print NFS kernel statistics? (Provide the command with or without complete path)

A.
B.
C.
D.

Correct Answer:
Section: (none)
Explanation

Explanation/Reference:
Answer: nfsstat

QUESTION 61
Which of the following sentences is true about ISC DHCP?

A. It can't be configured to assign addresses to BOOTP clients.

B. Its default behavior is to send DHCPNAK to clients that request inappropriate addresses.
C. It can't be used to assign addresses to X - terminals.
D. It can be configured to only assign addresses to known clients.
E. None of the above.

Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:

QUESTION 62
The host, called " Certkiller ", with the MAC address "08:00:2b:4c:59:23", should always be given the IP
address of 192.168.1.2 by the DHCP server. Which of the following configurations will achieve this?

A. host Certkiller {
hardware-ethernet 08:00:2b:4c:59:23;
fixed-address 192.168.1.2;
}
B. host Certkiller {
mac=08:00:2b:4c:59:23;
ip= 192.168.1.2;
}
C. host Certkiller = 08:00:2b:4c:59:23 192.168.1.2
D. host Certkiller {
hardware ethernet 08:00:2b:4c:59:23;
fixed-address 192.168.1.2;
}
E. host Certkiller {
hardware-address 08:00:2b.4c:59:23;
fixed-ip 192.168.1.2;
Real 24
LPI 117-202 Exam
}

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 63
Which dhcpd.conf option defines the DNS server address(es) to be sent to the DHCP clients?

A. domainname
B. domain-name-servers
C. domain-nameserver
D. domain-name-server

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 64
What is a significant difference between host and zone keys generated by dnssec-keygen?

A. There is no difference.
B. Both zone key files ( .key/.private ) contain a public and private key.
C. Both host keys files ( .key/. private) contain a public and private key.
D. Host Keys must always be generated if DNSSEC is used; zone keys are optional
E. Zone Keys must always be generated if is used; host keys are optional

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 65
Which of these would be the simplest way to configure BIND to return a different version number to queries?

A. Compile BIND with the option -blur-version=my version.

B. Set version-string "my version" in BIND's configuration file.
C. Set version "my version" in BIND's configuration file.
Real 25
LPI 117-202 Exam
D. Set version=my version in BIND's configuration file.
E. Ser version-bind "my version" in BIND's configuration file.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 66

A. Any host, from any network, may use this server as its main DNS server.
B. If the server doesn't know the answer to a query, it sends a recursive query to 192.168.0.4.
C. If the server doesn't know the answer to a query, it sends a query to a root DNS server.
D. Hosts in the network 10.0.0.0/24 will be able to ask for zone transfers.
E. If the server doesn't know the answer to a query, it sends a recursive query to 192.168.0.4 and, if this fails,
it returns a failure.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 67
A BIND server should be upgraded to use TSIG. Which configuration parameters should be added, if the
server should use the algorithm hmac-md5 and the key skrKc4DoTzi/tAkllPi7JZA== ?

A. TSIG server.example.com.
algorithm hmac-md5;
secret "skrKc4DoTzi/tAkllPi7JZA==";
};
Real 26
LPI 117-202 Exam
B. key server.example.com. {
algorithm hmac-md5;
secret skrKc4DoTzi/tAkllPi7JZA==;
};
C. key server.example.com. {
algorithm hmac-md5;
secret "skrKc4DoTzi/tAkllPi7JZA==";
};
D. key server.example.com. {
algorithm=hmac-md5;
secret="skrKc4DoTzi/tAkllPi7JZA==";
};
E. key server.example.com. {
algorithm hmac-md5
secret "skrKc4DoTzi/tAkI1Pi7JZA=="
};

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 68
DNSSEC is used for?

A. Encrypted DNS queries between nameservers.

B. Cryptographic authentication of DNS zones.
C. Secondary DNS queries for local zones.
D. Defining a secure DNS section.
E. Querying a secure DNS section.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 69
CORRECT TEXT
This program has 3 operating modes: copy-in mode, copy-out mode, and copy-pass mode, and is used to copy
files into or out of archives. What program is this? (Please provide the command name only, with no
arguments or path.)

A.
B.
C.
D.

Correct Answer:
Section: (none)
Explanation

Explanation/Reference:
Real 27
LPI 117-202 Exam

QUESTION 70
A BIND server should never answer queries from certain networks or hosts. Which configuration directive
could be used for this purpose?

A. deny-query { ...; };
B. no-answer { ...; };
C. deny-answer { ...; };
D. deny-access { ...; };
E. blackhole { ...; };

Correct Answer: E
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 71
What is the purpose of a PTR record?

A. To provide name to IP resolution.

B. To provide IP to name resolution.
C. To direct email to a specific host.
D. To provide additional host information.
E. To direct clients to another nameserver.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 72
Performing a DNS lookup with dig results in this answer: What might be wrong in the zone definition?
Real 28
LPI 117-202 Exam

A. Nothing. All seems to be good.

B. There's no "." after linuserv.example.net in the PTR record in the forward lookup zone file.
C. There's no "." after linuserv in the PTR record in the forward lookup zone file.
D. There's no "." after linuserv.example.net in the PTR record in the reverse lookup zone file.
E. The "." in the NS definition in reverse lookup zone has to be removed.

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 73
What directive can be used in named.conf to restrict zone transfers to the 192.168.1.0/24 network?

A. allow-transfer { 192.168.1.0/24; };
B. allow-transfer { 192.168.1.0/24 };
C. allow-axfr { 192.168.1.0/24; };
D. allow-axfr { 192.168.1.0/24 };
E. allow-xfer { 192.168.1.0/24; };

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 74
To securely use dynamic DNS updates, the use of TSIG is recommended. Which TWO statements about
TSIG are true?

A. TSIG is used for zone data encryption

B. TSIG is a signal to start a zone update
C. TSIG is used in zone files
D. TSIG is used only in server configuration
E. Servers using TSIG must be in sync (time zone!)

Correct Answer: DE
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 75
Real 29
LPI 117-202 Exam
Which option is used to configure pppd to use up to two DNS server addresses provided by the remote server?

A. ms-dns
B. nameserver
C. usepeerdns
D. dns
E. None of the above

Correct Answer: E
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 76
A DNS server has the IP address 192.168.0.1. Which TWO of the following need to be done on a client
machine to use this DNS server?

A. Add nameserver 192.168.0.1 to /etc/resolv.conf

B. Run route add nameserver 192.168.0.1
C. Run ifconfig eth0 nameserver 192.168.0.1
D. Run echo "nameserver 192.168.1.1" >> /etc/resolv.conf
E. Run bind nameserver 192.168.1.1

Correct Answer: AD
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 77
The mailserver is currently called fred, while the primary MX record points to mailhost.example.org.

What must be done to direct example.org email towards fred?

A. Add an A record for mailhost to fred's IP address.

B. Add a CNAME record from mailhost to fred
C. Add another MX record pointing to fred's IP address.
D. Add a PTR record from mailhost to fred.

Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Explanation:

Real 30
LPI 117-202 Exam

QUESTION 78
Which of these ways can be used to only allow access to a DNS server from specified networks/hosts?

A. Using the limit{...;};statement in the named configuration file.

B. Using the allow-query{...;};statement in the named configuration file.
C. Using the answer only{...;};statement in the named configuration file.
D. Using the answer{...;};statement in the named configuration file.
E. Using the query access{...;};statement in the named configuration file.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 79
There is a restricted area in an Apache site, which requires users to authenticate against the file /srv/ www/
security/site-passwd.

Which command is used to CHANGE the password of existing users, without losing data, when Basic
authentication is being used.

A. htpasswd -c /srv/www/security/site passwd user

B. htpasswd /srv/www/security/site-passwd user
C. htpasswd -n /srv/www/security/site-passwd user
D. htpasswd -D /srv/www/security/site-passwd user
E. None of the above.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 80
Consider the following / srv/www/ default/html/ restricted/.htaccess

AuthType Basic

AuthUserFile / srv/www/ security/ site-passwd

Real 31
LPI 117-202 Exam
AuthName Restricted

Require valid-user

Order deny,allow
Deny from all

Allow from 10.1.2.0/24

Satisfy any

Considering that DocumentRoot is set to /srv/www/default/html, which TWO of the following sentences are
true?

A. Apache will only grant access to http://server/restricted/to authenticated users connecting from clients in the
10.1.2.0/24 network
B. This setup will only work if the directory /srv/www/default/html/restricted/ is configured with AllowOverride
AuthConfig Limit
C. Apache will require authentication for every client requesting connections to http://server/restricted/
D. Users connecting from clients in the 10.1.2.0/24 network won't need to authenticate themselves to access
http://server/restricted/
E. The Satisfy directive could be removed without changing Apache behavior for this directory

Correct Answer: BD
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 81
A web server is expected to handle approximately 200 simultaneous requests during normal use with an
occasional spike in activity and is performing slowly. Which directives in httpd.conf need to be adjusted?

A. MinSpareServers & MaxSpareServers.

B. MinSpareServers, MaxSpareServers, StartServers & MaxClients.
C. MinServers, MaxServers & MaxClients.
D. MinSpareServers, MaxSpareServers, StartServers, MaxClients & KeepAlive.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Explanation:

Real 32
LPI 117-202 Exam

QUESTION 82
Which statements about the Alias and Redirect directives in Apache's configuration file are true?

A. Alias can only reference files under DocumentRoot

B. Redirect works with regular expressions
C. Redirect is handled on the client side
D. Alias is handled on the server side
E. Alias is not a valid configuration directive

Correct Answer: CD
Section: (none)
Explanation
Explanation/Reference:
Explanation:

QUESTION 83
When Apache is configured to use name-based virtual hosts:

A. it's also necessary to configure a different IP address for each virtual host.
B. the Listen directive is ignored by the server.
C. it starts multiple daemons (one for each virtual host).
D. it's also necessary to create a VirtualHost block for the main host.
E. only the directives ServerName and DocumentRoot may be used inside a block.

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 84
Which Apache directive is used to configure the main directory for the site, out of which it will serve
documents?

A. ServerRoot
B. UserDir
C. DirectoryIndex
D. Location
E. DocumentRoot

Correct Answer: E
Section: (none)
Explanation

Explanation/Reference:
Explanation:

Real 33
LPI 117-202 Exam

QUESTION 85
Which Apache directive allows the use of external configuration files defined by the directive AccessFileName?

A. AllowExternalConfig
B. AllowAccessFile
C. AllowConfig
D. IncludeAccessFile
E. AllowOverride

Correct Answer: E
Section: (none)
Explanation

Explanation/Reference:
Explanation:
QUESTION 86
Which of the following is recommended to reduce Squid's consumption of disk resources?

A. Disable the use of access lists.

B. Reduce the size of cache_dir in the configuration file.
C. Rotate log files regularly.
D. Disable logging of fully qualified domain names.
E. Reduce the number of child processes to be started in the configuration file.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 87
Which ACL type in Squid's configuration file is used for authentication purposes?

A. proxyAuth
B. proxy_auth
C. proxy_passwd
D. auth
E. auth_required
Real 34
LPI 117-202 Exam

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 88
The listing below is an excerpt from a Squid configuration filE.
A. Users connecting from localhost will be able to access web sites through this proxy.
B. It's necessary to include a http_access rule denying access to all, at the end of the rules.
C. It's possible to use this proxy to access SSL enabled web sites listening on any port.
D. This proxy can't be used to access FTP servers listening on the default port.
E. This proxy is misconfigured and no user will be able to access web sites through it.

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 89
In the file /var/squid/url_blacklist is a list of URLs that users should not be allowed to access. What is the
correct entry in Squid's configuration file to create an acl named blacklist based on this file?

A. acl blacklist urlpath_regex /var/squid/url_blacklist

B. acl blacklist file /var/squid/url_blacklist
C. acl blacklist "/var/squid/url_blacklist"
Real 35
LPI 117-202 Exam
D. acl blacklist urlpath_regex "/var/squid/url_blacklist"
E. acl urlpath_regex blacklist /var/squid/url_blacklist

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 90
Users in the acl named 'sales_net' must only be allowed to access to the Internet at times specified in the
time_acl named 'sales_time'. Which is the correct http_access directive, to configure this?

A. http_access deny sales_time sales_net

B. http_access allow sales_net sales_time
C. http_access allow sales_net and sales_time
D. allow http_access sales_net sales_time
E. http_access sales_net sales_time

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 91
What of the following is NOT a valid ACL type, when configuring squid?

A. src
B. source
C. dstdomain
D. url_regex
E. time

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 92
CORRECT TEXT

The command ___________ -x foo will delete the user foo from the Samba database. (Specify the command
only, no path information.)

Real 36
LPI 117-202 Exam

A.
B.
C.
D.

Correct Answer:
Section: (none)
Explanation

Explanation/Reference:
Answer: smbpasswd

QUESTION 93
The Internet gateway connects the clients with the Internet by using a Squid proxy. Only the clients from the
network 192.168.1.0/24 should be able to use the proxy. Which of the following configuration sections is
correct?
A. acl local src 192.168.1.0/24
http_allow local
B. acl local src 192.168.1.0/24
http_access allow local
C. acl local src 192.168.1.0/24
http access allow local
D. acl local src 192.168.1.0/24
http_access_allow=local
E. acl local src 192.168.1.0/24
httpd local allow

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 94
The syntax of the procmail configuration file is?

A. :0[flags][:[lockfile]]
[* condition]
action
B. [* condition]
action
:0[flags][:[lockfile]]
C. :0[flags][:[lockfile]]
[* condition] action
D. :0[flags][:[lockfile]]:[* condition]
action
E. :0[flags][:[lockfile]]:[* condition]:action

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
Explanation:

Real 37
LPI 117-202 Exam

QUESTION 95
Which of the following recipes will append emails from "root" to the "rootmails" mailbox?

A. :0c:
rootmails
* ^From.*root
B. :0c:
* ^From.*root
rootmails
C. :0c:
* ^From=root
rootmails
D. :0c:
* ^From=*root
rootmails
E. :0c:
$From=$root
rootmails

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 96
The internal network (192.168.1.0-192.168.1.255) needs to be able to relay email through the site's sendmail
server. What line must be added to /etc/mail/access to allow this?

A. 192.168.1.0/24 RELAY
B. 192.168.1 RELAY
C. 192.168.1.0/24 OK
D. 192.168.1 OK

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 97
The following is an excerpt from a procmail configuration filE.

:0 c

Real 38
LPI 117-202 Exam
* ! ^To: backup

! backup

Which of the following is correct?

A. All mails will be backed up to the path defined by $MAILDIR

B. All mails to the local email address backup will be stored in the directory backup.
C. A copy of all mails will be stored in file backup.
D. A copy of all mails will be send to the local email address backup.
E. Mails not addressed to backup are passed through a filter program named backup.

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
Explanation:
QUESTION 98
Which network service or protocol is used by sendmail for RBLs (Realtime Blackhole Lists)?

A. RBLP
B. SMTP
C. FTP
D. HTTP
E. DNS

Correct Answer: E
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 99
On a newly-installed mail server with the IP address 10.10.10.1, ONLY local networks should be able to send
email. How can the configuration be tested, using telnet, from outside the local network?

A. telnet 10.10.10.1 25
MAIL FROM<admin@example.com>
RECEIPT TO:<someone@example.org>
B. telnet 10.10.10.1 25
RCPT FROM:admin@example.com
MAIL TO:<someone@example.org>
Real 39
LPI 117-202 Exam
C. telnet 10.10.10.1 25
HELLO bogus.example.com
MAIL FROM:<anyone@example.org>
RCPT TO:<someone@example.net>
D. telnet 10.10.10.1 25
HELO bogus.example.com
MAIL FROM:<anyone@example.org>
RCPT TO:<someone@example.net>
E. telnet 10.10.10.1 25
HELO: bogus.example.com
RCPT FROM:<anyone@example.org>
MAIL TO:<someone@example.net>

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 100
CORRECT TEXT

What postfix configuration setting defines the domains for which Postfix will deliver mail locally? (Please
provide only the configuration setting name with no other information)

A.
B.
C.
D.

Correct Answer:
Section: (none)
Explanation

Explanation/Reference:
Answer: mydomain

Topic 2, Volume B

QUESTION 101
Which file can be used to make sure that procmail is used to filter a user's incoming email?

A. ${HOME}/.procmail
B. ${HOME}/.forward
C. ${HOME}/.bashrc
D. /etc/procmailrc
E. /etc/aliases

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 102
Real 40
LPI 117-202 Exam
A user is on holiday for two weeks. Anyone sending an email to that account should receive an autoresponse.

Which of the following procmail rules should be used, so that all incoming emails are processed by vacation?

A. :0c:
| /usr/bin/vacation nobody
B. :w
| /usr/bin/vacation nobody
C. :0fc:
|/usr/bin/vacation nobody
D. | /usr/bin/vacation nobody
E. :> |/usr/bin/vacation nobody

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 103
What security precautions must be taken when creating a directory into which files can be uploaded
anonymously using FTP?

A. The directory must not have the execute permission set.

B. The directory must not have the read permission set.
C. The directory must not have the read or execute permission set.
D. The directory must not have the write permission set.
E. The directory must not contain other directories.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 104
What is the correct format for an ftpusers file entry?

A. Use only one username on each line.

B. Add a colon after each username.
C. Add a semicolon after each username.
D. Add ALLOW after each username.
Real 41
LPI 117-202 Exam
E. Add DENY after each username.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 105
CORRECT TEXT

What is the path to the global postfix configuration file? (Please specify the complete directory path and file
name)

A.
B.
C.
D.

Correct Answer:
Section: (none)
Explanation

Explanation/Reference:
Answer: /etc/postfix/main.cf

QUESTION 106
A system monitoring service checks the availability of a database server on port 5432 of
destination.example.com. The problem with this is that the password will be sent in clear text. When using an
SSH tunnel to solve the problem, which command should be used?

A. ssh -1 5432:127.0.0.1:5432 destination.example. com

B. ssh -L 5432:destination.example.com:5432 127.0.0.1
C. ssh -L 5432:127.0.0.1:5432 destination.example.com
D. ssh -x destination.example.com:5432
E. ssh -R 5432:127.0.0.1:5432 destination.example.com

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 107
What must be done on a host to allow a user to log in to that host using an SSH key?

A. Add their private key to ~/. ssh/authorized_keys

B. Reference their public key in ~/. ssh/config
C. Run ssh-agent on that host
D. Add their public key to ~/. ssh/authorized_keys
E. Reference their private key in ~/. ssh/config

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
Explanation:

Real 42
LPI 117-202 Exam

QUESTION 108
An SSH port-forwarded connection to the web server www.example.com was invoked using the command ssh
-TL 80 :www.example.com:80 user@www.example.com. Which TWO of the following are correct?

A. The client can connect to the web server by typing http://www.example.com/ into the browser's address bar
and the connection will be encrypted
B. The client can connect to www.example.com by typing http://localhost/ into the browser's address bar and
the connection will be encrypted
C. The client can't connect to the web server by typing http://www.example.com/ into the browser's address
bar. This is only possible using http://localhost/
D. It is only possible to port-forward connections to insecure services that provide an interactive shell (like
telnet)
E. The client can connect to the web server by typing http://www.example.com/ into the browser's address bar
and the connection will not be encrypted

Correct Answer: BE
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 109
Which of the following defines the maximum allowed article size in the configuration file for INN?

A. limitartsize
B. artsizelimit
C. maxartlimit
D. maxartsize
E. setartlimit

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 110
The innd configuration file has been changed and it should be used as soon as possible. What is the fastest
way to accomplish that?

Real 43
LPI 117-202 Exam

A. ctlinnd kill hup

B. kill - HUP process id
C. ctlinnd xexec innd
D. ctlinnd reload innd
E. /usr/sbin/innd reload

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 111
Which of the following configuration lines will export /usr/local/share/ to nfsclient with read-write access,
ensuring that all changes are straight to the disk?

A. /usr/local/share nfsclient(rw) written

B. nfsclient: /usr/local/share/:rw,sync
C. /usr/local/share nfsclient:rw:sync
D. /usr/local/share nfsclient(rw,sync)
E. nfsclient(rw,sync) /usr/local/share

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 112
CORRECT TEXT

Which Samba-related command will show all options that were not modified using smb.conf and thus are set to
their default values? Please enter the command and its parameter(s):
A.
B.
C.
D.

Correct Answer:
Section: (none)
Explanation

Explanation/Reference:
Answer: testparm -v

QUESTION 113
CORRECT TEXT

You are not sure whether the kernel has detected a piece of hardware in your machine. What command,
without options or parameters, should be run to present the contents of the kernel ringbuffer?

A.
B.
C.
D.

Correct Answer:
Section: (none)
Explanation

Explanation/Reference:
Answer: dmesg

Real 44
LPI 117-202 Exam

QUESTION 114
CORRECT TEXT

Which program lists information about files opened by processes and produces output that can be parsed by
other programs?

A.
B.
C.
D.

Correct Answer:
Section: (none)
Explanation

Explanation/Reference:

QUESTION 115
CORRECT TEXT

Which site-specific configuration file for the shadow login suite must be modified to log login failures? Please
enter the complete path to that file.
A.
B.
C.
D.

Correct Answer:
Section: (none)
Explanation

Explanation/Reference:
Answer: /etc/login.defs

QUESTION 116
What command can be used to add a new newsgroup called ABC that allows posting?

A. ctlinnd newgroup Certkiller n news

B. ctlinnd newgroup Certkiller y news
C. ctlinnd addgroup Certkiller y news
D. ctlinnd newgroup Certkiller +rw news
E. ctlinnd addgroup Certkiller +rw news

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 117
Which TWO of the following commands could be used to add a second IP address to eth0?

A. ifconfig eth0 - add ip 192.168.123.10

B. ifconfig eth0:1 192.168.123.10
C. ifconfig eth0 1 192.168.123.10
D. ifconfig eth0 +192.168.123.10
E. ifconfig eth0:sub1 192.168.123.10

Correct Answer: BE
Section: (none)
Explanation

Explanation/Reference:
Real 45
LPI 117-202 Exam

Explanation:

QUESTION 118
If the command arp -f is run, which file will be read by default?

A. /etc/hosts
B. /etc/ethers
C. /etc/arp.conf
D. /etc/networks
E. /var/cache/arp

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 119
What command must be used to print the kernel's routing table?

A. route print
B. route enumerate
C. route show
D. route list
E. route

Correct Answer: E
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 120
What command would be used to configure the interface eth1:1 with the IP address 10 10.34 and the netmask
255.255.255.0?

A. ifconfig eth1:1 10.10.3.4 netmask 255.255.255.0 start

B. ifconfig 10.10.3.4 netmask 255.255.255.0 eth1:1 up
C. ifconfig eth1:1 10.10.3.4 netmask 255.255.255.0 up
D. ifconfig 10.10.3.4/255.255.255.0 eth1:1 up
E. ifconfig eth1:1 10.10.3.4/255.255.255.0 up
Real 46
LPI 117-202 Exam

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 121
Which option must be used with ifconfig, to also see interfaces that are down?

A. -d
B. -a
C. --all
D. --down
E. None.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 122
What is the command to add another IP address to an interface that already has (at least) one IP address?

A. ifconfig eth0:1 192.168.1.2

B. ifconfig eth0 192.168.1.2
C. ipconfig eth0:1 192.168.1.2
D. ipconfig eth0 192.168.1.2

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 123
The command route shows the following output:

Real 47
LPI 117-202 Exam
Which of the following statements is correct?

A. The network 169.254.0.0 is not a valid route.

B. The host 194.168.123.5 is temporarily down.
C. The host route 194.168.123.5 is rejected by the kernel.
D. The "!H " signals that traffic to the host 194.168.123.5 is dropped.
E. The network path to the host 194.168.123.5 is not available.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 124
A network client has an ethernet interface configured with an IP address in the subnet 192.168.0.0/24.

This subnet has a router, with the IP address 192.168.0.1, that connects this subnet to the Internet.

What needs to be done on the client to enable it to use the router as its default gateway?

A. Run route add default gw 192.168.0.1 eth1.

B. Run route add gw 192.168.0.1 eth1.
C. Run ifconfig eth0 defaultroute 192.168.0.1.
D. Add "defaultroute 192.168.0.1" to /etc/resolv.conf.
E. Run route add defaultgw=192.168.0.1 if=eth0.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 125
A server with 2 network interfaces, eth0 and eth1, should act as a router. eth0 has the IP address 192.168.0.1
in the subnet 192.168.0.1/24 and eth1 has the IP address 10.0.0.1 in the subnet 10.0.0.0/16.

The routing table looks fine, but no data is traversing the networks. Which TWO of the following need to be
done?

A. Enable IP forwarding with echo "1" > /proc/sys/net/ipv4/ip_forward Real 48

LPI 117-202 Exam
B. Add new firewall chains to handle inbound & outbound traffic on both interfaces.
C. Reconfigure the firewall rules to allow traffic to traverse the networks.
D. The routing table needs to be restarted, for the changes to take effect.
E. The server needs to be restarted, for the changes to take effect.

Correct Answer: AC
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 126
What command is used to add a route to the 192.168.4.0/24 network via 192.168.0.2?

A. route add - network 192.168.4.0 netmask 255.255.255.0 gw 192.168.0.2

B. route add - net 192.168.4.0/24 gw 192.168.0.2
C. route add - network 192.168.4.0/24 192.168.0.2
D. route add - net 192.168.4.0 netmask 255.255.255.0 192.168.0.2
E. route add - net 192.168.4.0 netmask 255.255.255.0 gw 192.168.0.2

Correct Answer: E
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 127
Which of the following sentences is true, when using the following /etc/pam.d/login file?

#%PAM-l.0

auth required /lib/security/pam_securetty.so

auth required /lib/security/pam_nologin.so

auth sufficient /lib/security/pam_unix.so shadow nullok md5 use_authtok

auth required /lib/security/pam_ldap.so use_first_pass

account sufficient /lib/security/pam_unix.so

account required /lib/security/pam_ldap.so

password required /lib/security/pam_cracklib.so

password sufficient /lib/security/pam_unix.so nullok use_authtok md5 shadow

Real 49
LPI 117-202 Exam
password required /lib/security/pam_ldap.so use_first_pass

session optional /lib/security/pam_console.so

session sufficient /lib/security/pam_unix.so

session required /lib/security/pam_ldap.so

A. All users will be authenticated against the LDAP directory

B. This is the only file needed to configure LDAP authentication on Linux
C. Only local users will be able to log in, when the file/etc/nologin exists
D. Ordinary users will be able to change their password to be blank
E. If the control flags for auth were changed to required, local users wouldn't be able to log in

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 128
LDAP-based authentication against a newly-installed LDAP server does not work as expected. The file /etc/
pam.d/login includes the following configuration parameters. Which of them is NOT correct?

A. password required /lib/security/pam_ldap.so

B. auth sufficient /lib/security/pam_ldap.so use_first_pass
C. account sufficient /lib/security/pam_ldap.so
D. password required /lib/security/pam_pwdb.so
E. auth required /lib/security/pam_ldap.so

Correct Answer: E
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 129
What is the advantage of using SASL authentication with OpenLDAP?
A. It can prevent the transmission of plain text passwords over the network.
B. It disables anonymous access to the LDAP server.
C. It enables the use of Access Control Lists.
D. It allows the use of LDAP to authenticate system users over the network.
E. All of the above.
Real 50
LPI 117-202 Exam

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 130
In a PAM configuration file, which of the following is true about the required control flag?

A. If the module returns success, no more modules of the same type will be invoked
B. The success of the module is needed for the module-type facility to succeed. If it returns a failure, control is
returned to the calling application
C. The success of the module is needed for the module-type facility to succeed. However, all remaining
modules of the same type will be invoked.
D. The module is not critical and whether it returns success or failure is not important.
E. If the module returns failure, no more modules of the same type will be invoked

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 131
Which of the following is true, when a server uses PAM authentication and both /etc/pam.conf & /etc/pam.d/
exist?

A. It causes error messages.

B. /etc /pam.conf will be ignored.
C. /etc / pam.d/ will be ignored.
D. Both are used, but /etc/pam.d/ has a higher priority.
E. Both are used, but /etc/pam.conf has a higher priority.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 132
Which of the following tools, on its own, can provide dial-in access to a server?

A. mingetty
B. pppd
 Real 51
LPI 117-202 Exam
C. dip
D. chat
E. mgetty

Correct Answer: E
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 133
When configuring a PPP dial-in server, which option is used (in the pppd configuration file) to enable user
authentication against the system password database?

A. login
B. auth
C. local
D. password
E. user

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 134
To configure an LDAP service in the company " Certkiller Ltd", which of the following entries should be added
to slapd.conf, in the Database Directives section, to set the rootdn so that the common name is Manager and
the company's domain is Certkiller .com ?

A. rootdn cn=Manager dc= Certkiller dc=com

B. rootdn "cn=Manager,dc= Certkiller ,dc=com"
C. rootdn cn= Certkiller ,dc=com,dc=Manager
D. rootdn "cn= Certkiller ,dc=com,dc=Manager"
E. rootdn "cn=Manager dc= Certkiller dc=com"

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 135
Which of the following commands can gather entries from the specified administrative NIS

Real 52
LPI 117-202 Exam
database group?
A. ypserv group
B. getent group
C. rpcinfo group
D. ypbind group
E. yppoll group

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 136
What could be a reason for invoking vsftpd from (x) inetd?

A. It's not a good idea, because (x) inetd is not secure

B. Running vsftpd in standalone mode is only possible as root, which could be a security risk
C. vsftpd cannot be started in standalone mode
D. (x) inetd has more access control capabilities
E. (x) inetd is needed to run vsftpd in a chroot jail

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 137
An SSH server is configured to use tcp_wrappers and only hosts from the class C network 192.168.1.0 should
be allowed to access it. Which of the following lines would achieve this, when entered in/etc/ hosts.allow?

A. ALLOW: 192.168.1.0/255.255.255.0 : sshd

B. sshd : 192.168.1.0/255.255.255.0 : ALLOW
C. 192.168.1.0/255.255.255.0 : ALLOW: sshd
D. tcpD.sshd : 192.168.1.0/255.255.255.0 : ALLOW
E. sshd : ALLOW: 192.168.1.0/255.255.255.0

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Explanation:

Real 53
LPI 117-202 Exam

QUESTION 138
Which TWO of the following statements about xinetd and inetd are correct?

A. xinetd supports access control by time.

B. xinetd only supports TCP connections.
C. xinetd is faster than xinetd and should be preferred for this reason.
D. xinetd includes support for X connections.
E. xinetd and inetd are used to reduce the number of listening daemons.

Correct Answer: AE
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 139
A correctly-formatted entry has been added to /etc/hosts.allow to allow certain clients to connect to a service,
but this is having no effect. What would be the cause of this?

A. tcpd needs to be sent the HUP signal.

B. The service needs to be restarted.
C. The machine needs to be restarted.
D. There is a conflicting entry in /etc/hosts.deny .
E. The service does not support tcpwrappers

Correct Answer: E
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 140
Which TWO /etc/hosts.allow entries will allow access to sshd from the class C network 192.168.1.0?

A. sshd : 192.168.1.
B. sshd : 192.168.1
C. sshd : 192.168.1.0 netmask 255.255.255.0
D. sshd : 192.168.1.0/255.255.255.0
E. sshd : 192.168.1.0

Correct Answer: AD
Section: (none)
Explanation

Explanation/Reference:
Explanation:

Real 54
LPI 117-202 Exam

QUESTION 141
Which TWO of the following statements about the tcp_wrappers configuration files are correct?

A. Both files must be edited, to get tcp_wrappers to work properly

B. It is possible to configure tcp_wrappers using just one file
C. (x) inetd requires these files
D. All programs that provide network services use these files to control access
E. tcpd uses these files to control access to network services
Correct Answer: BE
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 142
What is the appropriate configuration file entry to allow SSH to run from inetd?

A. ssh stream tcp nowait root /usr/sbin/tcpd sshd

B. ssh stream tcp nowait root /usr/sbin/tcpd tcpd
C. ssh stream tcpd nowait root /usr/sbin/tcpd sshd
D. ssh data tcpd nowait root /usr/sbin/tcpd sshd
E. ssh data tcp nowait root /usr/sbin/tcpd sshd

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 143
Which of the following sentences is TRUE about FreeS/WAN?

A. FreeS/WAN doesn't support remote users (i.e. notebook users with dynamic IP addresses) connecting to
the LAN
B. FreeS/WAN needs a patch to support NAT traversal for users behind a NAT gateway
C. FreeS/WAN doesn't require any Linux kernel 2.4 modules to work properly
D. FreeS/WAN only enables the use of strong encryption between Linux hosts
E. FreeS/WAN can't be used to establish a VPN between a Linux host and a Microsoft Windows 2000 Server
host
Real 55
LPI 117-202 Exam

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 144
As of Linux kernel 2.4, which software is used to configure a VPN?

A. IPSec
B. SSH
C. net - tools
D. FreeS/WAN
E. iproute2

Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:

QUESTION 145
A program, called vsftpd, running in a chroot jail, is giving the following error: /bin/vsftpD. error while loading
shared libraries: libc.so.6: cannot open shared object filE. No such file or directory.
Which TWO of the following are possible solutions?

A. Get the vsftp source code and compile it statically.

B. The file /etc/ld.so.conf must contain the path to the appropriate lib directory in the chroot jail
C. Create a symbolic link that points to the required library outside the chroot jail
D. Copy the required library to the appropriate lib directory in the chroot jail.
E. Run the program using the command chroot and the option --static_libs

Correct Answer: AD
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 146
Which of the following can the program tripwire NOT check?

A. File size.
B. File signature.
C. Permissions.
Real 56
LPI 117-202 Exam
D. File existence.
E. Boot sectors.

Correct Answer: E
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 147
The following is an excerpt from the output of tcpdump -nli eth1 'udp':

13:03:17.277327 IP 192.168.123.5.1065 > 192.168.5.112.53: 43653+ A? lpi.org. (25)

13:03:17.598624 IP 192.168.5.112.53 > 192.168.123.5.1065: 43653 1/0/0 A 24.215.7.109 (41)

Which network service or protocol was used?

A. FTP
B. HTTP
C. SSH
D. DNS
E. DHCP
Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 148
A server is being used as a smurf amplifier, whereby it is responding to ICMP Echo-Request packets sent to its
broadcast address. To disable this, which command needs to be run?

A. ifconfig eth0 nobroadcast

B. echo "0" > /proc/sys/net/ipv4/icmp_echo_accept_broadcasts
C. iptables -A INPUT -p icmp -j REJECT
D. echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
E. echo "1" > /proc/sys/net/ipv4/icmp_echo_nosmurf

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
Explanation:

Real 57
LPI 117-202 Exam

QUESTION 149
When the default policy for the iptables INPUT chain is set to DROP, why should a rule allowing traffic to
localhost exist?

A. All traffic to localhost must always be allowed.

B. It doesn't matter; iptables never affects packets addressed to localhost
C. Sendmail delivers emails to localhost
D. Some applications use the localhost interface to communicate with other applications.
E. syslogd receives messages on localhost

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 150
To be able to access the server with the IP address 10.12.34.56 using HTTPS, a rule for iptables has to be
written. Given that the client host's IP address is 192.168.43.12, which of the following commands is correct?

A. iptables - A FORWARD -p tcp -s 0/0 -d 10.12.34.56 --dport 80 -j ACCEPT

B. iptables - A FORWARD -p tcp -s 192.168.43.12 d 10.12.34.56:443 -j ACCEPT.
C. iptables - A FORWARD -p tcp -s 192.168.43.12 -d 10.12.34.56 --dport 443 -j ACCEPT.
D. iptables - A INPUT -p tcp -s 192.168.43.12 - d 10.12.34.56:80 -j ACCEPT.
E. iptables - A FORWARD -p tcp -s 0/0 -d 10.12.34.56 --dport 443 -j ACCEPT.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 151
Which THREE of the following actions should be considered when a FTP chroot jail is created?

A. Create /dev/ and /etc/ in the chroot enviroment

B. Create /etc/passwd in the chroot enviroment
C. Create /var/cache/ftp in the chroot enviroment
D. Create the user ftp in the chroot enviroment
E. Create /usr/sbin/ in the chroot enviroment

Correct Answer: ABD

Section: (none)
Explanation

Explanation/Reference:
Real 58
LPI 117-202 Exam

Explanation:

QUESTION 152
Connecting to a remote host on the same LAN using ssh public-key authentication works but forwarding X11
doesn't. The remote host allows access to both services. Which of the following can be the reason for that
behavior?

A. The remote user's ssh_config file disallows X11 forwarding

B. The remote server's sshd_config file disallows X11 forwarding
C. A different public key has to be used for X11
D. X11 cannot be forwarded if public-key authentication was used
E. X11 though SSH needs a special X11 server application installed

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 153
An iptables firewall was configured to use the target MASQUERADE to share a dedicated wireless connection
to the Internet with a few hosts on the local network.

The Internet connection becomes very unstable in rainy days and users complain their connections drop when
downloading e-mail or large files, while web browsing seems to be working fine.

Which change to your iptables rules could alleviate the problem?

A. Change the target MASQUERADE to SNAT

B. Change the target MASQUERADE to DNAT
C. Change the target MASQUERADE to BALANCE and provide a backup Internet connection
D. Change the target MASQUERADE to REDIRECT and provide a backup Internet connection
E. Change the target MASQUERADE to BNAT

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
Explanation:

Real 59
LPI 117-202 Exam

QUESTION 154
Which command line create an SSH tunnel for POP and SMTP protocols?

A. ssh- L :110 -L :25 -1 user -N mailhost

B. ssh -L 25:110 -1 user -N mailhost
C. ssh -L mailhost:110 -L mailhost:25 -1 user -N mailhost
D. ssh -L mailhost:25:110 -1 user
E. ssh -L 110:mailhost:110 -L 25:mailhost:25 -1 user -N mailhost

Correct Answer: E
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 155
Which of these tools can provide the most information about DNS queries?

A. dig
B. nslookup
C. host
D. named-checkconf
E. named-checkzone

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 156
Which records must be entered in a zone file in order to use "Round Robin Load Distribution" for a web server?

A. www.example.org. 60 IN A 192.168.1.1
www.example.org. 60 IN A 192.168.1.2
www.example.org. 60 IN A 192.168.1.3
B. www.example.org. 60 IN A 192.168.1.1;192.168.1.2;192.168.1.3
C. www.example.org. 60 IN A 192.168.1-3
D. www.example.org. 60 IN RR 192.168.1:3
E. www.example.org. 60 IN RR 192.168.1.1;192.168.1.2;192.168.1.3
Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
Real 60
LPI 117-202 Exam

Explanation:

QUESTION 157
Which command would release the current IP address leased by a DHCP server?

A. ipconfig /release
B. ifconfig --release-all
C. dhclient -r
D. ifconfig --release
E. pump --release

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 158
Remote access to a CD-RW device on a machine on a LAN must be restricted to a selected user group. Select
the TWO correct alternatives that describe the possible solutions for this problem.

A. The remote access to these devices can be allowed to users by changing the display manager
configuration and allowing sudo access for the user that will log in remotely
B. The pam_console module allows access configuration to these devices via console, including simultaneous
access by many users
C. The pam_console module can be used to control access to devices via console, allowing/denying access to
these devices in the user's session
D. If the pam_console module is used, it must be checked as required, because it is essential for user
authentication
E. Through the sudo configuration file, it is possible to set users that will have the power of the root user, so
they can access the devices. Besides that, it is important to configure the /etc/pam.d/su file, so the PAM
modules can secure the service

Correct Answer: CE
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 159
Select the alternative that shows the correct way to disable a user login (except for root)

Real 61
LPI 117-202 Exam

A. The use of the pam_nologin module along with the /etc/login configuration file
B. The use of the pam_deny module along with the /etc/deny configuration file
C. The use of the pam_pwdb module along with the /etc/pwdb.conf configuration file
D. The use of the pam_console module along with the /etc/security/console.perms configuration file
E. The use of the pam_nologin module along with the /etc/nologin configuration file

Correct Answer: E
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 160
A new user was created on a master NIS server using useradd but cannot log in from an NIS client.

Older users can log in. Which step was probably forgotten, when creating the new user?

A. Running yppush on the NIS server to propagate map changes to NIS clients
B. Running make inside /var/yp on the NIS server to generate new maps
C. Starting the yppasswdd daemon on the NIS server to receive login re quests from NIS clients
D. Starting the ypxfr daemon on the NIS client to fetch map changes from the NIS server
E. Restarting ypxfr daemons on the NIS client and server to fetch map changes

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 161
How can a user's default shell be checked, by querying an NIS server?

A. ypquery user@example.com
B. ypgrep user example.com
C. ypmatch -d example.com user passwd
D. ypcat -d example.com user
E. ypq @example.com user +shell

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
Explanation:

Real 62
LPI 117-202 Exam

QUESTION 162
A network has many network printers connected and they should get their addresses using DHCP.

What information from each printer is needed to always assign them the same IP address when dhcpd is used
as the DHCP server?
A. MAC address
B. Host name
C. Serial number
D. Factory default IP address
E. Built-in network card type

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 163
Which daemon is required on the client if an ethernet device gets its IP address from a central server?

A. dhcp
B. dhcpcd
C. bootpd
D. ethd
E. dhcpd

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 164
Which TWO of the following wireless tools can be used to check the wireless network link quality?

A. iwconfig
B. iwlink
C. iwscan
D. iwifi
E. iwspy
Real 63
LPI 117-202 Exam

Correct Answer: AE
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 165
What command can be used to check the Samba configuration file?

A. testconfig
B. testsmbconfig
C. smbtestcfg
D. smbtestparm
E. testparm

Correct Answer: E
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 166
CORRECT TEXT

Please enter the command with all parameters and arguments, that could be used by root to list the

cron jobs for the user john.

A.
B.
C.
D.

Correct Answer:
Section: (none)
Explanation

Explanation/Reference:
Answer: crontab -u john -l

QUESTION 167
CORRECT TEXT

With which parameter in the smb.conf file can a share be hidden?

A.
B.
C.
D.

Correct Answer:
Section: (none)
Explanation

Explanation/Reference:

QUESTION 168
CORRECT TEXT

nfsd, portmap and ________ daemons must be running on an NFS server.

A.
B.
C.
D.

Correct Answer:
Section: (none)
Explanation

Explanation/Reference:
Answer: mountd

Real 64
LPI 117-202 Exam

QUESTION 169
CORRECT TEXT

You have installed some new libraries, but these are not available to programs and are not listed by lconfig -p.
What file should the path to the libraries be added to, before running ldconfig?

A.
B.
C.
D.

Correct Answer:
Section: (none)
Explanation

Explanation/Reference:
Answer: ld.so.conf

QUESTION 170
When connecting to an SSH server for the first time, its fingerprint is received and stored in a file, which is
located at:

A. ~/ .ssh/fingerprints
B. ~/ .ssh/id_dsa
C. ~/ .ssh/known_hosts
D. ~/ .ssh/id_dsa.pub
E. ~/ .ssh/gpg.txt

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 171
CORRECT TEXT

According to the dhcpd.conf file below, which domain name will clients in the 172.16.87.0/24 network get?
Real 65
LPI 117-202 Exam

A.
B.
C.
D.

Correct Answer:
Section: (none)
Explanation

Explanation/Reference:
Answer: lab.certkiller.com

QUESTION 172
CORRECT TEXT

According to the configuration below, what is the e-mail address of the administrator for this domain?

A.
B.
C.
D.

Correct Answer:
Section: (none)
Explanation
Explanation/Reference:
Answer: hostmaster@certkiller.com

QUESTION 173
CORRECT TEXT

Using only commands included with named, what is the command, with options or parameters, to make named
re-read its zone files?

A.
B.
C.
D.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
Answer: rndc reload

QUESTION 174
CORRECT TEXT

Which type of DNS record defines which server(s) email for a domain should be sent to?

A.
B.
C.
D.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 175
CORRECT TEXT

In which configuration file can a key-file be defined to enable secure DNS zone transfers? (Please enter the file
name without the path)

A.
B.
C.
D.

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
Answer: named.conf
Real 66
LPI 117-202 Exam

QUESTION 176
CORRECT TEXT

The users of the local network complain that name resolution is not fast enough. Enter the command, without
the path or any options, that shows the time taken to resolve a DNS query.

A.
B.
C.
D.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 177
CORRECT TEXT

Which port must be open on a firewall, to allow a DNS server to receive queries? (Enter only the port number).

A.
B.
C.
D.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 178
CORRECT TEXT

Which is the preferred mail server for the domain example.com, according to the BIND configuration below?
(Type the fully-qualified domain name.)

A.
B.
C.
D.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Answer: mx-ny.certkiller.com

QUESTION 179
CORRECT TEXT

Which file, in the local file-system, is presented when the client requests http://server/~joe/index.html and the
following directive is present in server's Apache configuration file?

UserDir site/html

Real 67
LPI 117-202 Exam
Given that all users have their home directory in /home, please type in the FULL file name

including the path.

A.
B.
C.
D.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Answer: /home/joe/site/html/index.html

QUESTION 180
CORRECT TEXT

Enter one of the Apache configuration file directives that defines where log files are stored.

A.
B.
C.
D.

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
Answer: ErrorLog

QUESTION 181
CORRECT TEXT

A malicious user has sent a 35MB video clip, as an attachment, to hundreds of Recipients. Looking in the
outbound queue reveals that this is the only mail there.

This mail can be removed with the command rm _______________ * . Complete the path below.

A.
B.
C.
D.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
Answer: /var/spool/mqueue/

QUESTION 182
CORRECT TEXT

Please enter the name of the main majordomo configuration file without the path.

A.
B.
C.
D.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
Answer: majordomo.cf

QUESTION 183
CORRECT TEXT

A procmail recipe is required to delete all emails marked as spam. Please complete the recipe.

:0:

* X-Spam-Status: Yes

A.
B.
C.
D.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Answer: /dev/null

Real 68
LPI 117-202 Exam
QUESTION 184
CORRECT TEXT

Where is the user foo's procmail configuration stored, if home directories are stored in /home?

Please enter the complete path to the file.

A.
B.
C.
D.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
Answer: /home/foo/.procmailrc

QUESTION 185
CORRECT TEXT

Which file, on a majordomo server, will contain a list of all members' email addresses for the mailing list "linux-
users"? (Enter only the file name).

A.
B.
C.
D.

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
Answer: linux-users

QUESTION 186
CORRECT TEXT

What command must be used to create an SSH key-pair? Please enter the command without the path or any
options or parameters.

A.
B.
C.
D.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Answer: ssh-keygen
QUESTION 187
CORRECT TEXT

To allow X connections to be forwarded from or through an SSH server, what line must exist in the sshd
configuration file?

A.
B.
C.
D.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
Answer: X11Forwarding yes

QUESTION 188
CORRECT TEXT

Which keys are stored in the authorized_keys file?

A.
B.
C.
D.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Answer: public

QUESTION 189
CORRECT TEXT
In which file, on an INN news server, can access to the news server be configured? (Enter only

Real 69
LPI 117-202 Exam
the file name).

A.
B.
C.
D.

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
Answer: readers.conf

QUESTION 190
CORRECT TEXT

What file should be edited to make the route command show human-readable names for networks? (Please
enter the full path)

A.
B.
C.
D.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
Answer: /etc/networks

QUESTION 191
CORRECT TEXT

In which directory are the PAM modules stored?

A.
B.
C.
D.

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
Answer: /lib/security

QUESTION 192
CORRECT TEXT

Which command can be used to change the password for an LDAP entry?

A.
B.
C.
D.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
Answer: ldappasswd

QUESTION 193
CORRECT TEXT

According to the tcpdump output below, what is the IP address of the client host?
A.
B.
C.
D.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
Real 70
LPI 117-202 Exam

QUESTION 194
CORRECT TEXT

Running tcpdump -nli eth1 'icmp' shows the following output:

11:56:35.599063 IP 192.168.123.5 > 194.25.2.129: icmp 64: echo request seq 1

11:56:35.670910 IP 194.25.2.129 > 192.168.123.5: icmp 64: echo reply seq 1

What command was used on the host 192.168.123.5, to generate this output?

A.
B.
C.
D.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 195
CORRECT TEXT

Please enter the complete command to create a new password file for HTTP basic authentication (/home/http/
data/web _passwd) for user john.

A.
B.
C.
D.
Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
Answer: htpasswd -c /home/http/data/web_passwd john

QUESTION 196
CORRECT TEXT

Which file on a Postfix server modifies the sender address for outgoing e-mails? Please enter only the file
name without the path

A.
B.
C.
D.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
Answer: sender_canonical

QUESTION 197
CORRECT TEXT

Which command can be used to save the current iptables rules into a file? Please enter only the command
without path or parameters.

A.
B.
C.
D.

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
Answer: iptables-save

QUESTION 198
CORRECT TEXT

All machines outside the network are able to send emails through the server to addresses not served by that
server. If the server accepts and delivers the email, then it is a (n) _____________.

Real 71
LPI 117-202 Exam
Please enter the English term, without any punctuation.

A.
B.
C.
D.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Answer: open relay

QUESTION 199
CORRECT TEXT

Please enter the command used to remove Kerberos tickets from the cache below.

A.
B.
C.
D.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Answer: kdestroy

QUESTION 200
CORRECT TEXT

Please enter the Kerberos 5 configuration file name without path below.

A.
B.
C.
D.

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
Answer: krb5.conf

Topic 3, Volume C

QUESTION 201
Which of these tools, without any options, provides the most information when performing DNS queries?

A. dig
B. nslookup
C. host
D. named-checkconf
E. named-checkzone

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 202
Which of the following DNS record types is used to allow users and applications to make reverse DNS
queries?

A. CNAME
Real 72
LPI 117-202 Exam
B. IN
C. PTR
D. REV
E. RIN

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 203
What is DNSSEC used for?

A. Encrypted DNS queries between nameservers.

B. Cryptographic authentication of DNS zones.
C. Secondary DNS queries for local zones.
D. Authentication of the user that initiated the DNS query.
E. Encrypting DNS queries and answers.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 204
Which option can be used to allow access to a BIND DNS server from only specified networks/hosts?

A. Using the limit { ...; }; statement in the named configuration file.

B. Using the allow-query { ...; }; statement in the named configuration file.
C. Using the answer-only { ...; }; statement in the named configuration file.
D. Using the allow-answer { ...; }; statement in the named configuration file.
E. Using the query-access { ...; }; statement in the named configuration file.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 205
Which Apache HTTP Server directive specifies the types of directives that are allowed in .htaccess files?

Real 73
LPI 117-202 Exam

A. AllowExternalConfig
B. AllowAccessFile
C. AllowConfig
D. AllowOverride

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 206
Given that all users have their home directory in /home and the following directive is present in the Apache
HTTPD Server configuration file, what is the full filesystem path to the file referenced by the URL http://server/
~joe/index.html?

UserDir public_html

A. /home/joe/public_html/index.html
B. /home/public_html/joe/index.html
C. /home/joe/public_html/htdocs/index.html
D. /home/joe/apache/public_html/index.html

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 207
When the Apache HTTP Server is configured to use name-based virtual hosts:

A. It's necessary to configure a different IP address for each virtual host.

B. The Listen directive is required for each virtual host.
C. Each virtual host can serve requests to exactly one hostname only.
D. It is required to create a VirtualHost block for the main host.
E. The setting NameVirtualHost *:80 indicates that all name based virtual hosts will listen on port 80.

Correct Answer: E
Section: (none)
Explanation

Explanation/Reference:
Explanation:

Real 74
LPI 117-202 Exam

QUESTION 208
Which of the following are commonly used log file directives in Apache? (Choose TWO correct answers.)

A. ConfigLog
B. CustomLog
C. ErrorLog
D. ServerLog
E. VHostLog

Correct Answer: BC
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 209
Which tool can be used to create Certificate Signing Requests (CSR) for running an Apache server with
HTTPS?

A. apachectl
B. certgen
C. csrtool
D. httpsgen
E. openssl

Correct Answer: E
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 210
Why are different IP addresses recommended when hosting multiple HTTPS virtual hosts? (Choose TWO
correct answers.)

A. Apache caches SSL keys based on IP address.

B. The SSL connection is made before the virtual host name is known by the server.
C. The SSL key is tied to a specific IP address when issued by the Certificate Authority.
D. This is only needed when dynamic content is being generated by more than one of the virtual hosts.
E. The Server Name Indication extension to TLS is not universally supported.

Correct Answer: BE
Section: (none)
Explanation

Explanation/Reference:
Real 75
LPI 117-202 Exam

Explanation:
QUESTION 211
Users in the ACL named sales_net must only be allowed to access to the Internet at times specified in the
time_acl named sales_time. Which is the correct http_access directive for Squid to configure this?

A. http_access deny sales_time sales_net

B. http_access allow sales_net sales_time
C. http_access allow sales_net and sales_time
D. allow http_access sales_net sales_time
E. http_access sales_net sales_time

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 212
Which Squid configuration keyword is used to define networks and times that the service may be accessed?

A. acl
B. allow
C. http_allow
D. permit

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 213
A user requests a "hidden" Samba share, named confidential, similar to the Windows Administration Share.
How can this be configured?

A. [confidential]
comment = hidden share
path = /srv/smb/hidden
Real 76
LPI 117-202 Exam
write list = user
create mask = 0700
directory mask = 0700
B. [$confidential]
comment = hidden share
path = /srv/smb/hidden
write list = user
create mask = 0700
directory mask = 0700
C. [#confidential]
comment = hidden share
path = /srv/smb/hidden
write list = user
create mask = 0700
directory mask = 0700
D. [%confidential]
comment = hidden share
path = /srv/smb/hidden
write list = user
create mask = 0700
directory mask = 0700
E. [confidential$]
comment = hidden share
path = /srv/smb/hidden
write list = user
create mask = 0700
directory mask = 0700

Correct Answer: E
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 214
How must Samba be configured so that it can check passwords against the ones in /etc/passwd and /etc/
shadow?

A. Set the parameters "encrypt passwords = yes" and "password file = /etc/passwd".
B. Set the parameters "encrypt passwords = yes", "password file = /etc/passwd" and "password algorithm =
crypt".
C. Delete the smbpasswd file and create a symbolic link to the passwd and shadow file.
D. It is not possible for Samba to use /etc/passwd and /etc/shadow directly.
E. Run smbpasswd to convert /etc/passwd and /etc/shadow to a Samba password file.

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
Real 77
LPI 117-202 Exam

Explanation:

QUESTION 215
Which of the following is needed, to synchronise the UNIX password with the Samba password, when the
encrypted Samba password in the smbpasswd file is changed?

A. Nothing, because this is not possible.

B. Run netvamp regularly, to convert the passwords.
C. Run winbind --sync, to synchronise the passwords.
D. Add unix password sync = yes to smb.conf.
E. Add smb unix password = sync to smb.conf.

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 216
The Samba configuration file contains the following lines:

hosts allow = 192.168.1.100 192.168.2.0/255.255.255.0 localhost

hosts deny = 192.168.2.31

interfaces = 192.168.1.0/255.255.255.0 192.168.2.0/255.255.255.0

A workstation is on the wired network with an IP address of 192.168.1.117 but is unable to access the Samba
server. A wireless laptop with an IP address of 192.168.2.93 can access the Samba server. Additional
troubleshooting shows that almost every machine on the wired network is unable to access the Samba server.
Which single choice below will permit wired workstations to connect to the Samba server without denying
access to any one else?

A. hosts allow = 192.168.1.1-255

B. hosts allow = 192.168.1.100 192.168.2.200 localhost
C. hosts deny = 192.168.1.100/255.255.255.0 192.168.2.31 localhost
D. hosts deny = 192.168.2.200/255.255.255.0 192.168.2.31 localhost
E. hosts allow = 192.168.1.0/255.255.255.0 192.168.2.0/255.255.255.0 localhost

Correct Answer: E
Section: (none)
Explanation

Explanation/Reference:
Explanation:

Real 78
LPI 117-202 Exam

QUESTION 217
Which of the following Samba configuration parameters is functionally identical to the parameter read
only=yes?

A. browseable=no
B. read write=no
C. writeable=no
D. write only=no
E. write access=no

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 218
Which of the following are Samba security modes or levels? (Choose TWO correct answers.)

A. ads
B. data
C. ldap
D. network
E. share

Correct Answer: AE
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 219
What does the testparm command confirm regarding Samba configuration?

A. The configuration file will load successfully.

B. The services will operate as expected.
C. The Samba services will be started automatically when the system boots.
D. The netfilter configuration of the Samba server does not block any access to the services defined in the
configuration.
Real 79
LPI 117-202 Exam

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 220
Select the Samba option below that should be used if the main intention is to setup a guest printer service?

A. security = cups
B. security = ldap
C. security = pam
D. security = share
E. security = printing

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 221
Which server program will understand and can reply to NetBIOS name service requests?

A. netbios
B. nmbd
C. smbd
D. winbindd

Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Explanation:

QUESTION 222
Which of the following options are valid in the /etc/exports file? (Choose TWO correct answers.)

A. rw
B. ro
C. rootsquash
D. norootsquash
E. uid
Real 80
LPI 117-202 Exam

Correct Answer: AB
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 223
Which of the following services must be started first on an NFS server?

A. mountd
B. nfsd
C. portmap
D. statd

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 224
Which of the following commands can be used to list all exported file systems from a remote NFS server?

A. exportfs
B. mount
C. nfslist
D. rpcstat
E. showmount

Correct Answer: E
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 225
Which of the following configuration lines will export /usr/local/share/ to nfsclient with read-write access,
ensuring that all changes are written straight to the disk?

A. nfsclient:/usr/local/share/:rw,sync
B. nfsclient(rw,sync) /usr/local/share
C. /usr/local/share nfsclient(rw,sync)
D. /usr/local/share nfsclient:rw:sync
Real 81
LPI 117-202 Exam
E. /usr/local/share nfsclient(rw)

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 226
Which command is used to tell the NFS server which filesystems to make available to clients?

A. exportfs
B. mkfs.nfs
C. mount
D. nfsservctl
E. telinit

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 227
Which option within the ISC DHCPD configuration file defines the IPv4 DNS server address(es) to be sent to
the DHCP clients?

A. domain-name-servers
B. domain-server
C. name-server
D. servers

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 228
Given the following section of a ISC DHCPD configuration filE.

subnet 192.168.1.0 netmask 255.255.255.0 {

...
Real 82
LPI 117-202 Exam
# Set the default gateway to be used by

# the PC clients

option _____________ 192.168.1.254;

...

What keyword is missing in order to provide a default gateway address to clients?

A. gateway
B. nexthop
C. route
D. routers
E. transit

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 229
Which of the following PAM modules will allow the system administrator to use an arbitrary file containing a list
of user and group names with restrictions on the system resources available to them?

A. pam_filter
B. pam_limits
C. pam_listfile
D. pam_unix

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 230
Which of the following commands is used to change user passwords in an OpenLDAP directory?

A. passwd
B. ldpasswd
Real 83
LPI 117-202 Exam
C. smbpasswd
D. ldappasswd
E. chpasswd

Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Explanation:

QUESTION 231
Which of these sets of entries will the following command return?

ldapsearch -x "(|(cn=marie)(!(telephoneNumber=9*)))"

A. Entries that don't have a cn of marie or don't have a telephoneNumber that begins with 9.
B. Entries that have a cn of marie or don't have a telephoneNumber beginning with 9.
C. Entries that have a cn of marie and a telephoneNumber ending with 9.
D. Entries that don't have a cn of marie and don't have a telephoneNumber beginning with 9.
E. Entries that have a cn of marie or have a telephoneNumber beginning with 9.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 232
Which of the following is correct about this excerpt from an LDIF file?

dn: cn=PrintOperators,ou=Groups,ou=IT,o=BR

A. dn is the domain name.

B. o is the organizational unit.
C. cn is the common name.
D. dn is the relative distinguished name.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 233
Real 84
LPI 117-202 Exam
While analyzing a slapd.conf file, an administrator noted that the rootdn and rootpw directives are not present.
Where is the LDAP administrator account defined?

A. It is using the default account admin with the password admin.

B. The account is defined by an ACL in slapd.conf.
C. It is using the default account admin without a password.
D. The account is defined in the file /etc/ldap.secret.
E. The account is defined in the file /etc/ldap.root.conf.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Explanation:
QUESTION 234
If no ACL lines are included in slapd.conf, what is the default behavior of slapd?

A. Allow anyone to read any entry.

B. Deny anyone from reading any entries.
C. Only certain attributes such as userPassword are protected from read access.
D. Access to the directory is only allowed from the local machine.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 235
Select the INCORRECT statement regarding the LDIF file format:

A. It contains a dn line, that indicates where the attributes listed in the following lines of the file must be added.
B. In the file, a blank line separates one entry from another one.
C. If an attribute contains binary data, some specific configurations must be made for this entry.
D. The LDIF file accepts any type of file encoding.

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 236
Real 85
LPI 117-202 Exam
A private OID to be used with OpenLDAP should be obtained for a company when:

A. The company intends to use a commercial LDAP schema.

B. The company wants to make their directory available to the public on the Internet.
C. The company plans to create custom schema files for their directory.
D. The company wish to use an encrypted attribute.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 237
CORRECT TEXT

According to this LDIF excerpt, which organizational unit is Robert Smith part of? (Specify only the
organizational unit.)

dn: cn=Robert
Smith,ou=people,dc=example,dc=com

objectclass: inetOrgPerson

cn: Robert Smith

cn: Robert J Smith

cn: bob smith

sn: smith

uiD. rjsmith

userpassworD. rJsmitH

carlicensE. HISCAR 123

homephonE. 555-111-2222

mail: r.smith@example.com

mail: rsmith@example.com

mail: bob.smith@example.com

Real 86
LPI 117-202 Exam
description: swell guy

A.
B.
C.
D.

Correct Answer:
Section: (none)
Explanation

Explanation/Reference:
Answer: people, ou=people

QUESTION 238
If there is no access directive, what is the default setting for OpenLDAP?

A. access to * by anonymous read by * none

B. access to * by anonymous read by * read
C. access to * by anonymous auth by * read
D. access to * by anonymous write by * read

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 239
By default OpenLDAP logs via syslogd. What is the slapd.conf file directive to have the LDAP logs written to /
var/log/ldap.log?

A. loglevel
B. logfile
C. syslogfile
D. logfilepath

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 240
Which configuration parameter on a Postfix server modifies only the sender address and not the recipient
address?

A. alias_maps
B. alias_rewrite_maps
C. sender_canonical_maps
D. sender_rewrite_maps
Real 87
LPI 117-202 Exam

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 241
In the main Postfix configuration file, how are service definitions continued on the next line?

A. It isn't possible. The service definition must fit on one line.

B. The initial line must end with a backslash character (\).
C. The following line must begin with a plus character (+).
D. The following line must begin with white space indentation.
E. The service definition continues on the following lines until all of the required fields are specified.

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 242
It has been discovered that the company mail server is configured as an open relay. Which of the following
actions would help prevent the mail server from being used as an open relay? (Choose TWO correct answers.)

A. Restrict Postfix to only accept e-mail for domains hosted on this server.
B. Configure Dovecot to support IMAP connectivity.
C. Configure netfilter to not permit port 25 traffic on the public network.
D. Restrict Postfix to only relay outbound SMTP from the internal network.
E. Upgrade the mailbox format from mbox to maildir.

Correct Answer: AD
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 243
CORRECT TEXT

Where is the procmail configuration of the user foo stored if home directories are located in /home? (Specify
the full name of the file, including path.)

A.
B.
C.
D.

Correct Answer:
Section: (none)
Explanation

Explanation/Reference:
Answer: /home/foo/.procmailrc

Real 88
LPI 117-202 Exam

QUESTION 244
CORRECT TEXT

What is the name of the procmail configuration file that is placed in a user home directory? (Specify the file
name only without any path.)

A.
B.
C.
D.

Correct Answer:
Section: (none)
Explanation

Explanation/Reference:
Answer: .procmailrc

QUESTION 245
Which format, for storing user e-mail, uses the directories tmp, cur and new in order to solve reliability
problems in other storage formats?

A. imap
B. maildir
C. mbox
D. mh
E. pop3

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 246
Which setting in the Courier IMAP configuration file will tell the IMAP daemon to listen only on the localhost
interface?

A. ADDRESS=127.0.0.1
B. Listen 127.0.0.1
C. INTERFACE=127.0.0.1
D. LOCALHOST_ONLY=1

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 247
When the default policy for the netfilter INPUT chain is set to DROP, why should a rule allowing

Real 89
LPI 117-202 Exam
traffic to localhost exist?

A. All traffic to localhost must always be allowed.

B. It doesn't matter; netfilter never affects packets addressed to localhost.
C. Some applications use the localhost interface to communicate with other applications.
D. syslogd receives messages on localhost.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 248
On a Linux router, packet forwarding for IPv4 has been enabled. After a reboot, the machine no longer
forwards IP packets from other hosts. The commanD.

echo 1 > /proc/sys/net/ipv4/ip_forward temporarily resolves this issue. Which one of the following options is the
best way to ensure this setting is saved across system restarts?

A. Add echo 1 > /proc/sys/net/ipv4/ip_forward to the root user login script.

B. Add echo 1 > /proc/sys/net/ipv4/ip_forward to any user login script.
C. In /etc/sysctl.conf change net.ipv4.ip_forward to 1.
D. In /etc/rc.local add net.ipv4.ip_forward = 1.
E. In /etc/sysconfig/iptables-config add ipv4.ip_foward = 1.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 249
The program vsftpd, running in a chroot jail, gives the following error:

/bin/vsftpD. error while loading shared libraries: libc.so.6: cannot open shared object filE. No such file or
directory.

Which of the following actions would fix the error?

A. The file /etc/ld.so.conf in the root filesystem must contain the path to the appropriate lib directory in the
chroot jail.
B. Create a symbolic link that points to the required library outside the chroot jail.
Real 90
LPI 117-202 Exam
C. Copy the required library to the appropriate lib directory in the chroot jail.
D. Run the program using the command chroot and the option --static_libs.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 250
In order to prevent all anonymous FTP users from listing uploaded file names, what security precaution can be
taken when creating an upload directory?

A. The directory must not have the execute permission set.

B. The directory must not have the read permission set.
C. The directory must not have the read or execute permission set.
D. The directory must not have the write permission set.
E. The directory must not contain other directories.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 251
Which of the following actions should be considered when a FTP chroot jail is created? (Choose THREE
correct answers.)

A. Create /dev/ and /etc/ in the chroot enviroment.

B. Create /etc/passwd in the chroot enviroment.
C. Bind-mount /proc in the chroot environment.
D. Create the user ftp in the chroot enviroment.
E. Create /dev/kmem in the chroot environment.

Correct Answer: ABD

Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 252
Which of the following lines in the sshd configuration file should, if present, be changed in order to increase the
security of the server? (Choose TWO correct answers.)

Real 91
LPI 117-202 Exam

A. Protocol 2,1
B. PermitEmptyPasswords no
C. Port 22
D. PermitRootLogin yes
E. IgnoreRhosts yes

Correct Answer: AD
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 253
To allow X connections to be forwarded from or through an SSH server, what configuration keyword must be
set to yes in the sshd configuration file?

A. AllowForwarding
B. ForwardingAllow
C. X11ForwardingAllow
D. X11Forwarding

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 254
CORRECT TEXT

Specify the command to create a SSH key-pair. (Specify ONLY the command without any path or parameters.)

A.
B.
C.
D.

Correct Answer:
Section: (none)
Explanation

Explanation/Reference:
Answer: ssh-keygen

QUESTION 255
CORRECT TEXT

What parameter in the sshd configuration file instructs sshd to permit only specific user names to log in to a
system? (Please specify the parameter only without settings)

A.
B.
C.
D.

Correct Answer:
Section: (none)
Explanation

Explanation/Reference:
Answer: allowusers, AllowUsers

QUESTION 256
Real 92
LPI 117-202 Exam
For what purpose is TCP/IP stack fingerprinting used by nmap?

A. It is used to determine the remote operating system.

B. It is used to filter out responses from specific servers.
C. It is used to identify duplicate responses from the same remote server.
D. It is used to masquerade the responses of remote servers.
E. It is used to uniquely identify servers on the network for forensics.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 257
Which of the following files needs to be changed in order to enable anonymous FTP logins with vsftpd?

A. /etc/vsftpd/ftpd.conf
B. /etc/ftpd.conf
C. /etc/vsftpd/anon.conf
D. /etc/vsftpd.conf
E. /etc/vsftp/ftp.conf

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 258
What information can be found in the file specified by the status parameter in an OpenVPN server
configuration file? (Choose TWO correct answers.)

A. Errors and warnings generated by the openvpn daemon

B. Routing information
C. Statistical information regarding the currently running openvpn daemon
D. A list of currently connected clients
E. A history of all clients who have connected at some point

Correct Answer: BD
Section: (none)
Explanation

Explanation/Reference:
Explanation:

Real 93
LPI 117-202 Exam

QUESTION 259
What types of virtual network devices does OpenVPN use for connections? (Choose TWO correct answers.)

A. eth
B. tap
C. lo
D. tun
E. ppp

Correct Answer: BD
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 260
What is the standard port used by OpenVPN?

A. 1723
B. 4500
C. 500
D. 1194

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 261
What option in the client configuration file would tell OpenVPN to use a dynamic source port when making a
connection to a peer?

A. src-port
B. remote
C. source-port
D. nobind

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
Explanation:

Real 94
LPI 117-202 Exam

QUESTION 262
What word is missing from the following excerpt of a named.conf file?

____ friends {

10.10.0.0/24; 192.168.1.0/24;

};

options {

allow-query { friends; };

};

A. networks
B. net
C. list
D. acl

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 263
Which option in named.conf specifies which hosts are permitted to ask for domain name information from the
server?

A. allowed-hosts
B. accept-query
C. permit-query
D. allow-query
Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 264
Which of the following are alternate DNS software packages to BIND? (Choose TWO correct answers.)

Real 95
LPI 117-202 Exam

A. djbdns
B. easydns
C. superdns
D. dnsmasq
E. dnstiny

Correct Answer: AD
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 265
What option for BIND is required in the global options to disable recursive queries on the DNS server by
default?

A. allow-recursive-query { none; };
B. allow-recursive-query off;
C. recursion { none; };
D. recursion no;

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 266
In a BIND zone file, what does the @ character indicate?

A. It's the fully qualified host name of the DNS server.

B. It's an alias for the e-mail address of the zone master.
C. It's the name of the zone as defined in the zone statement in named.conf.
D. It's used to create an alias between two CNAME entries.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 267
Where should the line:

Real 96
LPI 117-202 Exam
$TTL 86400 be placed in a BIND zone file?

A. As the first line of the zone file.

B. In any zone file containing hints to the root servers.
C. In the SOA record of the zone file.
D. It is required just before any A records are defined.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 268
Which BIND option should be used to limit from which IP addresses slave name servers may connect?

A. allow-zone-transfer
B. allow-transfer
C. allow-secondary
D. allow-slaves
E. allow-queries

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 269
Which Apache directive is used to specify the method of authentication like e.g. None or Basic?

A. AuthUser
B. AllowedAuthUser
C. AuthType
D. AllowAuth

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 270
Real 97
LPI 117-202 Exam
Which Apache directive will enable HTTPS protocol support?
A. HTTPSEngine
B. SSLEngine
C. SSLEnable
D. HTTPSEnable

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 271
Which subcommands to the openssl command are used in the process of generating a private key and a
Certificate Signing Request (CSR)? (Choose TWO correct answers.)

A. csr
B. gencsr
C. genkey
D. genrsa
E. req

Correct Answer: DE
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 272
Which Apache directive is used to specify the RSA private key that was used in the generation of the SSL
certificate for the server?

A. SSLCertificateKeyFile
B. SSLKeyFile
C. SSLPrivateKeyFile
D. SSLRSAKeyFile

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 273
Real 98
LPI 117-202 Exam
In which Apache context should SSL support be activated?

A. In a VirtualHost directive
B. In a Location directive
C. In a Directory directive which is set to /
D. In a SSLHost directive
Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 274
Which global option in squid.conf sets the port number or numbers that Squid will use to listen for client
requests?

A. port
B. client_port
C. http_port
D. server_port
E. squid_port

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 275
In a PAM configuration file, which of the following is true about the sufficient control flag in the following line?

Auth sufficient pam_module.so

A. This PAM module is called if it is present, otherwise, further modules will be tried.
B. This module is sufficient to determine both success or failure of an authentication attempt and no other
modules will need to be tried.
C. Failure of this module will not be considered fatal and, if the module succeeds, success will be returned to
the application immediately without considering and further modules.
D. If a previous required module fails, success of this module will be used to check if further modules in the
stack should be tried.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
Real 99
LPI 117-202 Exam

Explanation:

QUESTION 276
Which Postfix command can be used to rebuild all of the alias database files with a single invocation?

A. makealiases
B. newaliases
C. postalias
D. postmapbuild
Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 277
A company is transitioning to a new domain name and wants to accept e-mail for both domains for all of its
users on a Postfix server. Which configuration option should be updated to accomplish this?

A. mydomain
B. mylocations
C. mydestination
D. myhosts
E. mydomains

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 278
Why should the Postfix parameter disable_vrfy_command be set to yes on a publicly accessible mail server?

A. It prevents e-mail delivery attempts to a non-existent user.

B. It prevents some techniques of gathering existing e-mail addresses.
C. It enables verification attempts on the sender e-mail address.
Real 100
LPI 117-202 Exam
D. It speeds up forwarding of relayed e-mail.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 279
Which command is used to administer IPv6 netfilter rules?

A. iptables
B. iptablesv6
C. iptables6
D. ip6tables
E. ipv6tables

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 280
Which of the following are predefined targets for netfilter rules? (Choose TWO correct answers.)

A. JUMP
B. REROUTE
C. NAT
D. ACCEPT
E. RETURN

Correct Answer: DE
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 281
With netfilter, which packet matching table contains built-in chains called INPUT, OUTPUT and FORWARD?

A. ipconn
B. filter
Real 101
LPI 117-202 Exam
C. nat
D. default
E. masq

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 282
What command is used to reload a set of saved netfilter rules?

A. iptables-restore
B. iptables-recover
C. iptables-load
D. iptables-reload

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 283
Which of the following daemons will monitor log files for inappropriate activity, such as login attempts, from
remote IP addresses and will add netfilter rules to block the offending address?
A. fail2ban
B. portsentry
C. openids
D. logwatch

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 284
With fail2ban what is a 'jail'?

A. A netfilter rules chain blocking offending IP addresses for a particular service.

B. A group of services on the server which should be monitored for similar attack patterns in the Real 102
LPI 117-202 Exam
log files.
C. A filter definition and a set of one or more actions to take when the filter is matched.
D. The chroot environment in which fail2ban runs.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 285
Which command can be used when writing scripts which perform tests against remote services?

A. snort
B. netmap
C. nc
D. telnet

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 286
Which of the following commands can be used to connect and interact with remote services? (Choose TWO
correct answers.)

A. nettalk
B. nc
C. telnet
D. cat
E. netmap

Correct Answer: BC
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 287
Which configuration block in Nginx is used to define settings for a reverse proxied web server?

A. server
Real 103
LPI 117-202 Exam
B. location
C. reverse
D. http

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 288
When trying to reverse proxy a web server through Nginx, what keyword is missing from the following
configuration sample?

location / {

_________ http://proxiedserver:8080;

A. remote_proxy
B. reverse_proxy
C. proxy_reverse
D. proxy_pass

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 289
When trying to reverse proxy a web server through Nginx, what keyword is required to pass the Host header
from the original request to the proxied server?

... {

_________ Host $host

...

}
A. proxy_pass_header
B. proxy_forward_header
Real 104
LPI 117-202 Exam
C. proxy_set_header
D. proxy_header

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 290
With Nginx, which of the following directives is used to proxy requests to a FastCGI application?

A. fastcgi_pass
B. fastcgi_proxy
C. proxy_fastcgi
D. proxy_fastcgi_pass

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 291
CORRECT TEXT

What parameter in the sshd configuration file instructs sshd to prevent specific user names from logging in to a
system? (Please specify the parameter only without settings.)

A.
B.
C.
D.

Correct Answer:
Section: (none)
Explanation

Explanation/Reference:
Answer: DenyUsers, denyusers

QUESTION 292
Which of the following sshd configuration settings should be set to no in order to fully disable password based
logins? (Choose THREE correct answers.)

A. PAMAuthentication
B. ChallengeResponseAuthentication
C. UsePAM
D. UsePasswords
E. PasswordAuthentication

Correct Answer: BCE

Section: (none)
Explanation

Explanation/Reference:
Explanation:

Real 105
LPI 117-202 Exam

QUESTION 293
After having a laptop assigned to a new subnet, a user is no longer able to login to the SSH server with an error
message like Connection closed by remote host. Which of the following are possible approaches to determine
and fix the cause of this problem? (Choose TWO correct answers.)

A. Generate a new host key on the client and replace the current client host key on the SSH server.
B. Verify that the settings in /etc/host.allow and /etc/host.deny are not preventing access.
C. Flush the ARP table and the neighbor discovery cache on both the SSH server and the client.
D. Add the new IP address of the client to the AllowHosts configuration setting on the SSH server.
E. Check that there are no netfilter rules that reject SSH connections from the new IP address.

Correct Answer: BE
Section: (none)
Explanation

Explanation/Reference:
Explanation:

QUESTION 294
Unlike many other services, OpenSSH cannot be configured to hide its version information without recompiling
from source code. What is the primary reason for this disclosure of version information?

A. There are many inconsistent SSH client and server versions. This information is used to enable protocol
compatibility adjustments.
B. The information is used for surveys of SSH servers on the internet by the OpenSSH project.
C. Being a security centric application, the OpenSSH developers do not rely on security through obscurity.
D. It is used by network auditing tools to report on when versions of ssh require security updates.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
Explanation:

Real 106