303-200 Certification - Valid Exam Dumps Questions Study Guide! (Updated 60 Questions) [Q30-Q49]

Share

303-200 Certification – Valid Exam Dumps Questions Study Guide! (Updated 60 Questions)

303-200 Dumps are Available for Instant Access using Free4Torrent


Lpi 303-200 Exam Syllabus Topics:

TopicDetails
Topic 1
  • Enforce password complexity policies and periodic password changes
  • Revoke certificates and certification authorities
Topic 2
  • Configure Apache HTTPD with mod_ssl to authenticate users using certificates
  • Understand common transport layer security threats, for example Man-in-the-Middle
Topic 3
  • Configure and troubleshoot BIND as an authoritative name server serving DNSSEC secured zones
  • Identify and deal with rogue router advertisements and DHCP messages
Topic 4
  • Configure and use AIDE, including rule management
  • Configure Apache HTTPD with mod_ssl to provide HTTPS service, including SNI and HSTS
Topic 5
  • Understand and configure NFSv4 authentication mechanisms
  • Use dm-crypt with LUKS to encrypt block devices

 

NEW QUESTION 30
Which of the following command lines sets the administrator password for ntop to testing 123?

  • A. ntop --reset-password=testing 123
  • B. ntop --set-new-password=testing123
  • C. ntop --set-password-testing123
  • D. ntop --set-admin-password=testing123

Answer: D

 

NEW QUESTION 31
Which of the following resources of a shell and its child processes can be controlled by the Bash build-in command ulimit? (Choose THREE correct answers.)

  • A. The maximum number of open file descriptors
  • B. The maximum number of user processes
  • C. The maximum number of environment variables
  • D. The maximum size of written files
  • E. The maximum number of newly created files

Answer: A,B,D

 

NEW QUESTION 32
Which of the following practices are important for the security of private keys? (Choose TWO correct answers.)

  • A. Private keys should be uploaded to public key servers.
  • B. Private keys should always be stored as plain text files without any encryption.
  • C. Private keys should have a sufficient length for the algorithm used for key generation.
  • D. Private keys should be created on the systems where they will be used and should never leave them.
  • E. Private keys should be included in X509 certificates.

Answer: C,E

Explanation:
Explanation
Explanation/Reference:
https://www.digitalocean.com/community/tutorials/openssl-essentials-working-with-ssl-certificates-private-keys- and-csrs

 

NEW QUESTION 33
What effect does the configuration SSLStrictSNIVHostCheck on have on an Apache HTTPD virtual host?

  • A. The clients connecting to the virtual host must provide a client certificate that was issued by the same CA that issued the server's certificate.
  • B. The virtual host is served only to clients that support SNI.
  • C. The virtual host is used as a fallback default for all clients that do not support SNI.
  • D. All of the names of the virtual host must be within the same DNS zone.
  • E. Despite its configuration, the virtual host is served only on the common name and Subject Alternative Names of the server certificates.

Answer: B

Explanation:
Explanation/Reference:
http://serverfault.com/questions/510132/apache-sni-namevhosts-always-route-to-first-virtualhost-entry

 

NEW QUESTION 34
What is the purpose of the program snort-stat?

  • A. It returns the status of all configured network devices.
  • B. It displays statistics from the running Snort process.
  • C. It reads syslog files containing Snort information and generates port scan statistics.
  • D. It displays the status of all Snort processes.
  • E. It reports whether the Snort process is still running and processing packets.

Answer: C

Explanation:
Explanation/Reference:
http://manpages.ubuntu.com/manpages/trusty/man8/snort-stat.8.html

 

NEW QUESTION 35
Which of the following statements is true about chroot environments?

  • A. Symbolic links to data outside the chroot path are followed, making files and directories accessible
  • B. Hard links to files outside the chroot path are not followed, to increase security
  • C. When using the command chroot, the started command is running in its own namespace and cannot communicate with other processes
  • D. The chroot path needs to contain all data required by the programs running in the chroot environment
  • E. Programs are not able to set a chroot path by using a function call, they have to use the command chroot

Answer: D

Explanation:
Explanation/Reference:
http://www.computerhope.com/unix/chroot.htm
http://www.computerhope.com/jargon/c/chroot.htm

 

NEW QUESTION 36
Which of the following commands disables the automatic password expiry for the user usera?

  • A. chage --maxdays none usera
  • B. chage --maxdays -1 usera
  • C. chage -maxdays 99 usera
  • D. chage --lastday 0 usera
  • E. chage --lastday none usera

Answer: B

 

NEW QUESTION 37
Which of the following resources of a shell and its child processes can be controlled by the Bash build-in command ulimit? (Choose THREE correct answers.)

  • A. The maximum number of open file descriptors
  • B. The maximum number of user processes
  • C. The maximum number of environment variables
  • D. The maximum size of written files
  • E. The maximum number of newly created files

Answer: A,B,D

Explanation:
Explanation/Reference:
http://ss64.com/bash/ulimit.html

 

NEW QUESTION 38
Which of the following openssl commands generates a certificate signing request (CSR) using the already existing private key contained in the file private/keypair.pem?

  • A. openssl gencsr -key private/keypair.pem -out req/csr.pem
  • B. openssl req - new -key private/keypair.pem -out req/csr.pem
  • C. openssl gencsr -new- key private/keypair.pem -out req/csr.pem
  • D. openssl req -key private/keypair.pem -out req/csr.pem

Answer: B

 

NEW QUESTION 39
in which path is the data, which can be altered by the sysctl command, accessible?

  • A. /sysctl/
  • B. /sys/
  • C. /dev/sys/
  • D. /proc/sys/

Answer: D

 

NEW QUESTION 40
CORRECT TEXT
Which command included in the Linux Audit system provides searching and filtering of the audit log? (Specify ONLY the command without any path or parameters.)

Answer:

Explanation:
ausearch

 

NEW QUESTION 41
Which of the following database names can be used within a Name Service Switch (NSS) configuration file? (Choose THREE correct answers).

  • A. shadow
  • B. service
  • C. group
  • D. host
  • E. passwd

Answer: B,C,D

 

NEW QUESTION 42
Linux Extended File Attributes are organized in namespaces. Which of the following names correspond to existing attribute namespaces? (Choose THREE correct answers.)

  • A. system
  • B. owner
  • C. default
  • D. user
  • E. trusted

Answer: A,D,E

 

NEW QUESTION 43
CORRECT TEXT
Which command is used to run a new shell for a user changing the SELinux context? (Specify ONLY the command without any path or parameters.)

Answer:

Explanation:
newrole
https://www.centos.ofg/docs/5/html/DeployrnenLGuide-en-US/sec-sel-admincontrol.html

 

NEW QUESTION 44
When OpenVPN sends a control packet to its peer, it expects an acknowledgement in 2 seconds by default. Which of the following options changes the timeout period to 5 seconds?

  • A. -tls- timer 500
  • B. -tls- timeout 500
  • C. -tls-timeout 5
  • D. -tls- timer 5

Answer: C

 

NEW QUESTION 45
Which of the following statements describes the purpose of ndpmon?

  • A. It monitors remote hosts by periodically sending echo requests to them.
  • B. It monitors the availability of a network link by querying network interfaces.
  • C. It monitors the network for neighbor discovery messages from new IPv6 hosts and routers.
  • D. It monitors the network for IPv4 nodes that have not yet migrated to IPv6.
  • E. It monitors log files for failed login attempts in order to block traffic from offending network nodes.

Answer: C

Explanation:
Explanation/Reference:
https://en.wikipedia.org/wiki/NDPMon

 

NEW QUESTION 46
Which of the following parameters to openssl s_client specifies the host name to use for TLS Server Name Indication?

  • A. -servername
  • B. -tlsname
  • C. -sniname
  • D. -host
  • E. -vhost

Answer: A

Explanation:
Explanation/Reference:
https://www.openssl.org/docs/manmaster/apps/s_client.html

 

NEW QUESTION 47
Which of the following components are part of FreeIPA? (Choose THREE correct answers.)

  • A. Directory Server
  • B. DHCP Server
  • C. Kerberos KDC
  • D. Public Key Infrastructure
  • E. Intrusion Detection System

Answer: A,C,D

 

NEW QUESTION 48
Which of the following prefixes could be present in the output of getcifsacl? (Choose THREE correct answers.)

  • A. SID
  • B. ACL
  • C. GRANT
  • D. GROUP
  • E. OWNER

Answer: A,B,D

Explanation:
Explanation/Reference:
https://www.mankier.com/1/getcifsacl

 

NEW QUESTION 49
......

Lpi 303-200 Exam Practice Test Questions: https://www.free4torrent.com/303-200-braindumps-torrent.html