303-200 LPIC-3 Exam 303: Security, 2.0

Page 1   
Question 1

Which PAM module checks new passwords against dictionary words and enforces
complexity? (Specially the module name only without any path.)



Answer : pam_cracklib http;//www-deer-run.com/~hal/sysadmin/pam_cracklib.html

Question 2

Which command, included in BIND, generates DNSSEC keys? (Specify ONLY the
command without any path or parameters.)



Answer : dnssec-keygen //ripe60.ripe.net/pres entations/Damas-BiND_9.7_-_DNSSE_for_humans.pdf

Question 3

Which directive is used in an OpenVPN server configuration in order to send network
configuration information to the client? (Specify ONLY the option name without any values
or parameters.)



Answer : push https;//community.openvpn.net/openvpn/wiki/RoutedLans

Question 4

Which of the following types can be specified within the Linux Audit system? (Choose
THREE correct answers)

  • A. Control rules
  • B. File system rules
  • C. Network connection rules
  • D. Console rules
  • E. System call rules


Answer : A,B,E

Question 5

Which of the following resources of a shell and its child processes can be controlled by the
Bash build-in command ulimit? (Choose THREE correct answers.)

  • A. The maximum size of written files
  • B. The maximum number of open file descriptors
  • C. The maximum number of newly created files
  • D. The maximum number of environment variables
  • E. The maximum number of user processes


Answer : A,B,E

Question 6

Which of the following commands defines an audit rule that monitors read and write
operations to the file/ etc/firewall/rules and associates the rule with the name firewall?

  • A. auditctl -N firewall –r r: /etc/firewall/rules –r w: etc/firewall/rules
  • B. auditctl -A –f /etc/firewall/rules –o r– o w –l firewall
  • C. auditctl –w /etc/firewall/rules -p rw -k firewall
  • D. auditctl -_read /etc/firewall/rules -_write /etc/firewall/rules --label firewall
  • E. echo "n: firewall r:/etc/firewall/rules: w:/ etc/firewall/rules:" | auditctl ~


Answer : C

Question 7

What option of mount.cifs specifies the user that appears as the local owner of the files of a
mounted CIFS share when the server does not provide ownership information? (Specify
ONLY the option name without any values or parameters.)



Answer : uld=arg //linux.die.net/man/8/mount.cifs

Question 8

Given a proper network and name resolution setup, which of the following commands
establishes a trust between a FreelPA domain and an Active Directory domain?

  • A. ipa trust-add --type ad addom --admin Administrator --password
  • B. ipa-ad -add-trust --account ADDOM\Administrator--query-password
  • C. net ad ipajoin addom -U Administrator -p
  • D. trustmanager add -_domain ad: //addom --user Administrator -w
  • E. ipa ad join addom -U Administrator -w


Answer : A

Question 9

Which of the following practices are important for the security of private keys? (Choose
TWO correct answers.)

  • A. Private keys should be created on the systems where they will be used and should never leave them.
  • B. private keys should be uploaded to public key servers.
  • C. Private keys should be included in X509 certificates.
  • D. Private keys should have a sufficient length for the algorithm used for key generation.
  • E. Private keys should always be stored as plain text files without any encryption.


Answer : C,D

Question 10

Which of the following commands makes the contents of the eCryptfs encrypted directory -
/Private available to the user?

  • A. ecryptfsclient
  • B. ecryptfs.mount
  • C. ecryptfs-mount-private
  • D. decryptfs
  • E. ecryptfs-manage-di rectory


Answer : C

Question 11

Which of the following commands adds users using SSSD's local service?

  • A. sss_adduser
  • B. sss_useradd
  • C. sss_add
  • D. sss-addlocaluser
  • E. sss_local_adduser


Answer : B

Question 12

Which of the following are differences between AppArmor and SELinux? (Choose TWO
correct answers).

  • A. AppArmor is implemented in user space only. SELinux is a Linux Kernel Module.
  • B. AppArmor is less complex and easier to configure than SELinux.
  • C. AppArmor neither requires nor allows any specific configuration. SELinux must always be manually configured.
  • D. SELinux stores information in extended file attributes. AppArmor does not maintain file specific information and states.
  • E. The SELinux configuration is loaded at boot time and cannot be changed later on AppArmor provides user space tools to change its behavior.


Answer : B,D

Question 13

What effect does the following command have on TCP packets?
iptables- A INPUT -d 10 142 232.1 -p tcp -dport 20:21 -j ACCEPT

  • A. Forward all TCP traffic not on port 20 or 21 to the IP address 10.142 232.1
  • B. Drop all TCP traffic coming from 10 142 232.1 destined for port 20 or 21.
  • C. Accept only TCP traffic from 10.142 232.1 destined for port 20 or 21.
  • D. Accept all TCP traffic on port 20 and 21 for the IP address 10.142.232.1


Answer : C

Question 14

Which command included in the Linux Audit system provides searching and filtering of the
audit log? (Specify ONLY the command without any path or parameters.)



Answer : ausearch

Question 15

Which of the following components are part of FreeIPA? (Choose THREE correct
answers.)

  • A. DHCP Server
  • B. Kerberos KDC
  • C. Intrusion Detection System
  • D. Public Key Infrastructure
  • E. Directory Server


Answer : B,D,E

Page 1