LPIC-3 Certification is the multi-level professional certification of LPI, which is designed for the enterprise-level Linux professional and represents the highest level of professional, distribution-neutral Linux certification within the industry. Getting LPIC-3 Certification requires you have an active LPIC-2 Certication and pass 303-200 exam successfully. But The LPIC-2 and LPIC-3 Exams may be taken in any order. Do not worry about 303-200 exam, valid LPIC-3 Exam 303: Security 303-200 Exam Questions ensure your success at the first try.
1. Which of the following commands adds a new user usera to FreelPA?
- useradd usera --directory ipa --gecos *User A"
- idap- useradd --H ldaps://ipa-server CN=UserA --attribs "Firstname: User: Lastname: A"
- ipa-admin create user --account usera -_fname User --iname A
- ipa user-add usera --first User --last A
- ipa-user- add usera --name "User A"
2. Which option of the openvpn command should be used to ensure that ephemeral keys are not written to the swap space?
- --mlock
- --no-swap
- --root-swap
- --keys-no-swap
3. Which of the following statements is used in a parameter file for setkey in order to create a new SPD entry?
- spd
- addspd
- newspd
- spdnew
- spdadd
4. Which of the following terms refer to existing scan techniques with nmap? (Choose TWO correct answers.)
- Xmas Scan
- Zero Scan
- FIN Scan
- IP Scan
- UDP SYN Scan
5. When OpenVPN sends a control packet to its peer, it expects an acknowledgement in 2 seconds by default. Which of the following options changes the timeout period to 5 seconds?
- -tls-timeout 5
- -tls- timeout 500
- -tls- timer 5
- -tls- timer 500
6. Which of the following commands makes the contents of the eCryptfs encrypted directory /Private available to the user?
- ecryptfsclient
- ecryptfs.mount
- ecryptfs-mount-private
- decryptfs
- ecryptfs-manage-di rectory
7. Which command revokes ACL-based write access for groups and named users on the file afile?
- setfacI -x group: * : rx, user:*: rx afile
- setfacl -x mask: : rx afile
- setfacl ~m mask: : rx afile
- setfacl ~m group: * : rx, user:*: rx afile
8. How does TSIG authenticate name servers in order to perform secured zone transfers?
- Both servers mutually verify their X509 certificates.
- Both servers use a secret key that is shared between the servers.
- Both servers verify appropriate DANE records for the labels of the NS records used to delegate the transferred zone.
- Both servers use DNSSEC to mutually verify that they are authoritative for the transferred zone.
9. Which of the following are differences between AppArmor and SELinux? (Choose TWO correct answers).
- AppArmor is implemented in user space only. SELinux is a Linux Kernel Module.
- AppArmor is less complex and easier to configure than SELinux.
- AppArmor neither requires nor allows any specific configuration. SELinux must always be manually configured.
- SELinux stores information in extended file attributes. AppArmor does not maintain file specific information and states.
- The SELinux configuration is loaded at boot time and cannot be changed later on AppArmor provides user space tools to change its behavior.
10. Which of the following commands adds users using SSSD's local service?
- sss_adduser
- sss_useradd
- sss_add
- sss-addlocaluser
- sss_local_adduser
11. Which of the following statements are true regarding the certificate? (Choose THREE correct answers.)
- This certificate belongs to a certification authority.
- This certificate may be used to sign certificates of subordinate certification authorities.
- This certificate may never be used to sign any other certificates
- This certificate may be used to sign certificates that are not also a certification authority
- This certificate will not be accepted by programs that do not understand the listed extension
12. Which of the following statements are valid wireshark capture filters? {Choose TWO correct answers.)
- port range 10000:tcp-15000:tcp
- port-range tcp 10000-15000
- tcp portrange 10000-15000
- portrange 10000/tcp-15000/tcp
- portrange 10000-15000 and tcp
13. Which of the following openssl commands generates a certificate signing request (CSR) using the already existing private key contained in the file private/keypair.pem?
- openssl req -key private/keypair.pem -out req/csr.pem
- openssl req - new -key private/keypair.pem -out req/csr.pem
- openssl gencsr -key private/keypair.pem -out req/csr.pem
- openssl gencsr -new- key private/keypair.pem -out req/csr.pem
14. Which of the following command lines sets the administrator password for ntop to testing 123?
- ntop --set-admin-password=testing123
- ntop --set-password-testing123
- ntop --reset-password=testing 123
- ntop --set-new-password=testing123
15. Which of the following statements is true about chroot environments?
- Symbolic links to data outside the chroot path are followed, making files and directories accessible
- Hard links to files outside the chroot path are not followed, to increase security
- The chroot path needs to contain all data required by the programs running in the chroot environment
- Programs are not able to set a chroot path by using a function call, they have to use the command chroot
- When using the command chroot, the started command is running in its own namespace and cannot communicate with other processes
16. CORRECT TEXT
Which option in an Apache HTTPD configuration file enables OCSP stapling? (Specify ONLY the option name without any values or parameters.)
- httpd-ssl.conf
17. CORRECT TEXT
What option of mount.cifs specifies the user that appears as the local owner of the files of a mounted CIFS share when the server does not provide ownership information? (Specify ONLY the option name without any values or parameters.)
- uld=arg
18. Which of the following expressions are valid AIDE rules? (Choose TWO correct answers.)
- !/var/run/.*
- append: /var/log/*
- /usr=all
- #/bin/
- /etc p+i+u+g
19. CORRECT TEXT
Which directive is used in an OpenVPN server configuration in order to send network configuration information to the client? (Specify ONLY the option name without any values or parameters.)
- push
20. Which of the following authentication methods was added to NFS in version 4?
- Kerberos authentication
- SSH hostkey authentication
- Winbind authentication
- SSL certificate authentication
Source: dumpsbase.com
Posts
0 comments:
Post a Comment