[Q34-Q54] Exam Questions and Answers for 202-450 Study Guide Questions and Answers!

admin 202-450 Lpi March 17, 2024

Rate this post

Exam Questions and Answers for 202-450 Study Guide Questions and Answers!

LPIC-2 – Exam 202 (part 2 of 2), version 4.5 Certification Sample Questions and Practice Exam

QUESTION 34
Which rdnc sub command can be used in conjunction with the name of a zone in order to make BIND reread the content of the specific zone file without reloading other zones as well?

lookup

reload

fileupdate

reread

zoneupdate

QUESTION 35
Which configuration parameter on a Postfix server modifies only the sender address and not the recipient address?

alias_maps

alias_rewrite_maps

sender_canonical_maps

sender_rewrite_maps

QUESTION 36
In a BIND zone file, what does the @ character indicate?

It’s the fully qualified host name of the DNS server

It’s an alias for the e-mail address of the zone master

It’s the name of the zone as defined in the zone statement in named.conf

It’s used to create an alias between two CNAME entries

QUESTION 37
It has been discovered that the company mail server is configured as an open relay. Which of the following actions would help prevent the mail server from being used as an open relay while maintaining the possibility to receive company mails? (Choose two.)

Restrict Postfix to only accept e-mail for domains hosted on this server

Configure Dovecot to support IMAP connectivity

Configure netfilter to not permit port 25 traffic on the public network

Restrict Postfix to only relay outbound SMTP from the internal network

Upgrade the mailbox format from mbox to maildir

Explanation
An open relay is a mail server that allows anyone to send e-mail through it without authentication or authorization. This can expose the mail server to spam, abuse, and blacklisting. To prevent the mail server from being used as an open relay, while maintaining the possibility to receive company mails, the following actions would help:
Restrict Postfix to only accept e-mail for domains hosted on this server. This can be done by setting the mydestination parameter in the /etc/postfix/main.cf file to include the company domains, and the smtpd_recipient_restrictions parameter to reject_unauth_destination. This will ensure that Postfix will only accept mail for the domains that it is responsible for, and reject mail for other domains unless the sender is authenticated or authorized. For example:
mydestination = example.com, example.net, localhost smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination Restrict Postfix to only relay outbound SMTP from the internal network. This can be done by setting the mynetworks parameter in the /etc/postfix/main.cf file to include the IP addresses or networks of the internal hosts that are allowed to relay mail through Postfix, and the smtpd_relay_restrictions parameter to permit_mynetworks. This will ensure that Postfix will only relay mail from the trusted internal hosts, and reject mail from external hosts unless the sender is authenticated or authorized. For example:
mynetworks = 192.168.0.0/24, 127.0.0.0/8 smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination The other actions would not help prevent the mail server from being used as an open relay, or they would affect the functionality of the mail server. Configuring Dovecot to support IMAP connectivity would not affect the SMTP relay, but it would allow users to access their mailboxes remotely. Configuring netfilter to not permit port 25 traffic on the public network would prevent the mail server from receiving any mail from the outside world, which would defeat the purpose of having a mail server. Upgrading the mailbox format from mbox to maildir would not affect the SMTP relay, but it would change the way the mail messages are stored on the disk.
References:
LPIC-2 Exam 202 Objectives, Objective 205.3: Managing a postfix server
Postfix Basic Configuration, Postfix Documentation
Postfix SMTP relay and access control, Postfix Documentation
How to disable open relay on Postfix? – Howtoforge, Forum
Postfix SMTP relay without authentication | Guide – Bobcares, Blog

QUESTION 38
Which of the following values can be used in the OpenLDAP attribute olcBackend for any object of the class olcBackendConfig to specify a backend? (Choose three.)

xml

bdb

passwd

ldap

text

QUESTION 39
Which of the following PAM modules allows the system administrator to use an arbitrary file containing a list of user and group names with restrictions on the system resources available to them?

pam_filter

pam_limits

pam_listfile

pam_unix

QUESTION 40
When the default policy for the netfilter INPUT chain is set to DROP, why should a rule allowing traffic to localhost exist?

All traffic to localhost must always be allowed

It doesn’t matter; netfilter never affects packets addressed to localhost

Some applications use the localhost interface to communicate with other applications

syslogd receives messages on localhost

The iptables command communicates with the netfilter management daemon netfilterd on localhost to create and change packet filter rules

Explanation
The localhost interface, also known as the loopback interface, is a virtual network interface that allows a host to communicate with itself. It has the IP address 127.0.0.1 for IPv4 and ::1 for IPv6. Some applications use the localhost interface to communicate with other applications running on the same host, such as database servers, web servers, or inter-process communication. Therefore, when the default policy for the netfilter INPUT chain is set to DROP, which means that all incoming packets that do not match any rule are dropped, a rule allowing traffic to localhost should exist to avoid breaking these applications. The rule can be something like this:
iptables -A INPUT -i lo -j ACCEPT
This rule appends a new rule to the INPUT chain that accepts any packet that comes from the loopback interface (lo). The other options are incorrect for the following reasons:
A). All traffic to localhost must always be allowed. This is false because there may be situations where traffic to localhost should be restricted or filtered, such as for security or performance reasons. For example, some malware may try to exploit vulnerabilities in applications listening on localhost, or some applications may generate excessive traffic on localhost that affects the system resources. Therefore, allowing all traffic to localhost is not always necessary or desirable.
B). It doesn’t matter; netfilter never affects packets addressed to localhost. This is false because netfilter does affect packets addressed to localhost, unless they are explicitly allowed by a rule or the default policy. Netfilter processes all packets that enter or leave the network stack, regardless of their source or destination address. Therefore, packets addressed to localhost are subject to the same rules and policies as packets addressed to any other host.
D). syslogd receives messages on localhost. This is false because syslogd does not necessarily receive messages on localhost. Syslogd is a daemon that handles system logging, and it can receive messages from various sources, such as local processes, files, pipes, or remote hosts. Syslogd can be configured to listen on a network socket, such as UDP port 514, but it does not have to listen on localhost. Therefore, allowing traffic to localhost is not required for syslogd to function properly.
E). The iptables command communicates with the netfilter management daemon netfilterd on localhost to create and change packet filter rules. This is false because there is no such daemon as netfilterd, and the iptables command does not communicate with any daemon on localhost to create and change packet filter rules. The iptables command is a user-space tool that interacts directly with the netfilter kernel module through the netlink socket. Therefore, allowing traffic to localhost is not needed for the iptables command to work.
References: LPIC-2 202 exam objectives, LPIC-2 202-450 Exam Prep: Network Configuration, Netfilter – Wikipedia, Iptables Essentials: Common Firewall Rules and Commands

QUESTION 41
Which rdncsub command can be used in conjunction with the name of a zone in order to make BIND reread the content of the specific zone file without reloading other zones as well?

lookup

reload

fileupdate

reread

zoneupdate

QUESTION 42
FILL BLANK
Which directive in a Nginx server configuration block defines the TCP ports on which the virtual host will be available, and which protocols it will use? (Specify ONLY the option name without any values.)

QUESTION 43
Which command is used to administer IPv6 netfilter rules?

iptables

iptablesv6

iptables6

ip6tables

ipv6tables

QUESTION 44
In order to export /usr and /bin via NFSv4, /exports was created and contains working bind mounts to /usr and /bin.
The following lines are added to /etc/exports on the NFC server:

After running mount-tnfsv4 server://mnt of an NFC-Client, it is observed that /mnt contains the content of the server’s /usr directory instead of the content of the NFSv4 foot folder.
Which option in /etc/exports has to be changed or removed in order to make the NFSv4 root folder appear when mounting the highest level of the server?
(Specify ONLY the option name without any values or parameters.)

QUESTION 45
A host, called lpi, with the MAC address 08:00:2b:4c:59:23 should always be given the IP address of
192.168.1.2 by a DHCP server running ISC DHCPD.
Which of the following configurations will achieve this?

Option A

Option B

Option C

Option D

Option E

QUESTION 46
Which of the following commands displays an overview of the Postfix queue content to help identify remote sites that are causing excessive mail traffic?

mailtraf

queuequery

qshape

postmap

poststats

QUESTION 47
Which option within the ISC DHCPD configuration file defines the IPv4 DNS server address(es) to be sent to the DHCP clients?

domain-name-servers

domain-server

name-server

servers

QUESTION 48
In order to specify alterations to an LDAP entry, what keyword is missing from the following LDIF file excerpt?

Specify the keyword only and no other information.

QUESTION 49
Which command is used to administer IPv6 netfilter rules?

iptables

iptablesv6

iptables6

ip6tables

ipv6tables

QUESTION 50
The Samba configuration file contains the following lines:

A workstation is on the wired network with an IP address of 192.168.1.177 but is unable to access the Samba server. A wireless laptop with an IP address 192.168.2.93 can access the Samba server. Additional trouble shooting shows that almost every machine on the wired network is unable to access the Samba server.
Which alternate host allow declaration will permit wired workstations to connect to the Samba server without denying access to anyone else?

host allow = 192.168.1.1-255

host allow = 192.168.1.100192.168.2.200localhost

host deny = 192.168.1.100/255.255.255.0192.168.2.31localhost

host deny = 192.168.2.200/255.255.255.0192.168.2.31localhost

host allow = 192.168.1.0/255.255.255.0192.168.2.0/255.255.255.0 localhost

QUESTION 51
When using mod_authz_core, which of the following strings can be used as an argument to Require in an Apache HTTPD configuration file to specify the authentication provider? (Choose three.)

method

all

regex

header

expr

QUESTION 52
Which of these sets of entries does the following command return?

Entries that don’t have a cn of marie or don’t have a telephoneNumber that begins with 9.

Entries that have a cn of marie or don’t have a telephoneNumber beginning with 9.

Entries that have a cn of marie and a telephoneNumber that ending with 9.

Entries that don’t have a cn of marie and don’t have a telephoneNumber beginning with 9.

Entries that have a cn of marie or have a telephoneNumber beginning with 9.

QUESTION 53
A host, called lpi, with the MAC address 08:00:2b:4c:59:23 should always be given the IP address of
192.168.1.2 by a DHCP server running ISC DHCPD.
Which of the following configurations will achieve this?

host lpi = 08:00:2b:4c:59:23 192.168.1.2

QUESTION 54
Which tool creates a Certificate Signing Request (CSR) for serving HTTPS with Apache HTTPD?

apachect1

certgen

cartool

httpsgen

openssl

The LPI 202-450 is the standard exam that requires the individual to know about the networking related areas within the IT field. If you are passionate to pursue your career in the IT sector, this can be a lifetime opportunity for you. You can get the LPIC-2 certification if you pass 201-450 and 202-450 tests. So, now let’s get to know more about the second validation.

202-450 certification dumps – LPIC-2 Certified Linux Engineer 202-450 guides – 100% valid: https://www.validexam.com/202-450-latest-dumps.html