Make your own quiz Manage my Quizzes Plans / Features Guides and Help Contact Privacy & Security

Linux Final

In order to determine the IP address of the root name servers, the slave DNS server:

Performs an Internet broadcast.

Queries the master name server.

Downloads the list of root servers from the Internet.

Queries the file specified by the "hint" zone in its bind configuration file.

Given this dig command: "dig @127.0.0.1 www.happy.org", determine which of the following is required?

The bind configuration(/etc/named.conf) must have a forward zone entry for happy.org

The bind server software has to be running on the local machine.

The name service switch (/etc/nsswitch.conf) has to include DNS as a name resolution mechanism.

The client resolver has to be on the same system as the name server.

A forward zone file for happy.org to be created.

The resolver configuration has to be setup (/etc/resolv.conf).

24. Based on the excerpt of the bind configuration below, a client with an IP address of 192.168.1.20 can successfully query this DNS server.

options { directory “/var/named”;

listen-on { 127.0.0.1; };

allow-query { 192.168.1.0/24; }; };

True

False

Root servers answer iterative & recursive queries.

True

False

Your lab partner is about to test your name server when you notice that your resolver configuration on your name server is not properly setup. Do you tell your lab partner to:

Proceed because it will not affect her/his results

Wait because it will affect her/his results

Huh?

Your server is the master of two domains: happy.org & peachy.net. How many configuration/zone files have to be maintained?

Two forward zone files & one bind configuration

One forward zone file & one bind configuration

Two forward zone files & two bind configurations

One forward zone file & two bind configurations

Authoritative hostname resolution can be provided by:

Only the master of a zone

Both the master and the slave of a zone

Only the slave of a zone

Based on this zone file:

$TTL 1D $ORIGIN happy.org. @ 1D IN SOA gw1.happy.org. root.happy.org.

06122401

15M

IN NS gw1.happy.org.

IN NS gw2.happy.org. gw1

IN A 193.168.0.2 gw2

IN A 193.168.0.3

When will the slave’s zone expire?

It will expire after 1 day

It will expire after 3 hours

Unknown based on this zone file

It will expire after 1 week

It will never expire

Assume that another company (managing its own domain sunny.org), has agreed to become a DNS slave for your domain happy.lab. You edit your zone file to add:

An NS record for that slave.

An A record for that slave.

An SOA, an NS records and an A record for the slave

An SOA record for that slave.

An NS record and an A record for the slave

Based on the following excerpt of a zone file, select all additional records that need to be added to this zone file from the list of records given below:

$TTL 1D $ORIGIN happy.org. @ 1D IN SOA ns1.happy.org. root.happy.org.

06122401

15M

IN NS ns1.happy.org.

IN NS ns2.sunny.org.

IN MX 10 mail.happy.org.

An A record for ns1.happy.org.

A PTR record for ns1.happy.org.

A PTR record for mail.happy.org.

A PTR record for ns2.sunny.org.

An A record for ns2.sunny.org.

An A record for mail.happy.org.

Zone transfer timing parameters are determined by the following:

NS record in the zone file

SOA record in the zone file

Zone transfer information as recorded in /var/named/transfer

Bind configuration file: /etc/named.conf.

Based on this zone file:

$TTL 1D $ORIGIN happy.org. @ 1D IN SOA gw1.happy.org. root.happy.org.

06122401

15M

IN NS gw1.happy.org.

IN NS gw2.happy.org. gw1

IN A 193.168.0.2 gw2

IN A 193.168.0.3

What is the IP address of the primary name server?

193.168.0.1

193.168.0.2

193.168.0.3

193.168.0.4

It is impossible to determine with the information provided.

To perform reverse hostname resolution for the 172.16.30.167 you use the following dig command:

Dig –x 172.16.30.167

Dig 172.16.30.167

Dig –r 172.16.30.167

Dig –x @172.16.30.167

Dig @172.16.30.167

Identify the utility used to configure and display network devices.

Ip route / route

None of these answers

Ip neighbor / arp

Ip addr / ifconfig

Ss / netstat

Identify the utility used to display the ports that the services are listening on?

Ss / netstat

Ip neighbor / arp

Ip addr / ifconfig

Ip route / route

None of these answers

When encountering an error message when dealing with services you attempt the following before describing the problem to your lab partner:

Check service status

Check the network setup

Check log files

In the client-server paradigm the server is listening on a port and initiating the connection to a client.

True

False

Identify the utility that can be used to test an active (listening) service that implements a text-based protocol.

Http

Ssh

Dig

What is missing in the following static IP address interface configuration?

TYPE=Ethernet

DEVICE=ens3344

BOOTPROTO=none

ONBOOT=yes

IPADDR=192.168.2.200

NETMASK=255.255.255.0

GATEWAY=192.168.2.1

NETWORKING=YES

HOSTS=DNS

Nothing is missing

ROUTE=192.168.2.0

In the Iptables filter table, the INPUT chain identifies all network packets that pass through the firewall system.

True

False

To set up static IP addressing you use the following interface configuration (ifcfg-ens33):

TYPE=Ethernet

DEVICE=ens33

BOOTPROTO=none

ONBOOT=yes

IPADDR=192.168.2.200

NETMASK=255.255.255.0

GATEWAY=192.168.2.1

What, if anything, is wrong with this configuration?

Add the line: ROUTE=192.168.2.0

Add the line: HOSTS=DNS

Add the line: NETWORKING=YES

There are no errors or lines missing.

Delete the line: GATEWAY=192.168.2.1

Change the line: BOOTPROTO=none to BOOTPROTO=static

Based on the following output of netstat and netcat commands, identify the reason for the error message.

[user8213 @localhost] netstat –tln Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 127.0.0.1:22 *:*

LISTEN tcp 0 0 127.0.0.1:25 *:*

LISTEN tcp 0 0 127.0.0.1:80 *:*

LISTEN [user8213 @localhost] nc -l 53 nc: Permission denied

Only the root user can open ports numbers less than 1024.

The syntax of the nc command is incorrect.

The port number 53 is not recorded in the /etc/services file, and therefore not recognized by nc.

The port address is already in use

The interface is not currently up.

To view all currently established connections to your service(s) you use the following utility:

Netstat or ss

Chkconfig

Service

Which command(s) shows all interface configurations?

Ip addr show ens33 ens34

Ip addr show

Ip addr

Ip addr show all

Ip show

Which utility will best verify basic network connectivity?

Ping

Netstat

All of these choices

Which command(s) show all listening TCP ports?

Netstat -lptn

Ss -lptn

Ip listen

Ss listen

Match the iptables targets with the description.

1=DROP

2=REJECT

3=RETURN

4=ACCEPT

Reject the packet. Reply with appropriate ICMP message = 1

Reject the packet. Reply with appropriate ICMP message = 2

Reject the packet. Reply with appropriate ICMP message = 3

Reject the packet. Reply with appropriate ICMP message = 4

Drop the packet. No reply to the source. = 1

Drop the packet. No reply to the source. = 2

Drop the packet. No reply to the source. = 3

Drop the packet. No reply to the source. = 4

Let the packet through = 1

Let the packet through = 2

Let the packet through = 3

Let the packet through = 4

The chain policy determines the fate of the packet = 1

The chain policy determines the fate of the packet = 2

The chain policy determines the fate of the packet = 3

The chain policy determines the fate of the packet = 4

Match the options for ss (or netstat) with the description.

1=I

2=p

3=t

4=n

Show TCP ports = 1

Show TCP ports = 2

Show TCP ports = 3

Show TCP ports = 4

Numeric output = 1

Numeric output = 2

Numeric output = 3

Numeric output = 4

Programs & pids = 1

Programs & pids = 2

Programs & pids = 3

Programs & pids = 4

Listening = 1

Listening = 2

Listening = 3

Listening = 4

Based on the list of permissions below, select the correct answer in order to delete a file in a directory:

No permissions on file

Write on the file

Write on the directory

No permissions on directory

Read on the file

Execute on the file

Read on the directory

Execute on the directory

To determine the installed location of the configuration file of a newly installed package, your best option is to:

Query the package for installed files.

Read the man page - man pages always list the files installed by a package.

Ask your lab partner

Google

Which log file typically gives you the best overview of the state of the system?

/var/log/auth

/var/log/passwd

/var/log/messages

/var/log/secure

Which command displays interface configuration for ens33?

Ip addr show ens33

Ip addr ens33

Ip addr

Ip show ens33

Ip ens33

Which file controls static hostname resolution? _____

What is the command used to prevent service "foobar" starting automatically upon system boot up?________

What is the command used to start service "foobar" upon system boot up?________

Given the only the following two rules, will an incoming connection from 172.16.31.167 be dropped, rejected or accepted? iptables –A INPUT –s 172.16.0.0/16 –j ACCEPT iptables –A INPUT –s 172.16.31.167 –p tcp –j DROP

Dropped

Rejected

Accepted

The rules don't make sense or they are invalid

What is the purpose of this rule? iptables –A INPUT –s 172.16.0.0/16 –p tcp –j ACCEPT

Accept all incoming TCP traffic on all ports destined for the 172.16 subnet

Accept all incoming TCP traffic on all ports

Accept all incoming TCP traffic to any port originating from the 172.16 subnet

None of these answers

Is the default iptables policy applied before or after all other rules are evaluated.

Before

After

The directive found in /etc/sysconfig/network-scripts/ifcfg-ens33 that will determine whether an interface is setup as static or dynamic is:

BOOTPROTO

DEVICE

DHCPPROTO

IPADDR

TYPE

Which command can be used to configure and display network devices?

Service

Netstat or ss

Arp

Ifconfig or ip addr

Match the commands with the description.

1=systemctl list-units

2=systemctl list-unit-files

3=systemctl start service

4=systemctl get-default

5=journalctl –u network

6=journalctl –k

7=systemctl list-units –t service

Display log messages for the network service = 1

Display log messages for the network service =2

Display log messages for the network service = 3

Display log messages for the network service = 4

Display log messages for the network service = 5

Display log messages for the network service = 6

Display log messages for the network service = 7

Displays all active units = 1

Displays all active units = 2

Displays all active units = 3

Displays all active units =4

Displays all active units = 5

Displays all active units = 6

Displays all active units = 7

Display kernel messages = 1

Display kernel messages = 2

Display kernel messages = 3

Display kernel messages = 4

Display kernel messages = 5

Display kernel messages = 6

Display kernel messages = 7

Lists all running services = 1

Lists all running services = 2

Lists all running services = 3

Lists all running services = 4

Lists all running services = 5

Lists all running services = 6

Lists all running services = 7

Start service immediately = 1

Start service immediately = 2

Start service immediately = 3

Start service immediately = 4

Start service immediately = 5

Start service immediately = 6

Start service immediately = 7

Displays all units = 1

Displays all units = 2

Displays all units = 3

Displays all units = 4

Displays all units = 5

Displays all units = 6

Displays all units = 7

Display the default target = 1

Display the default target = 2

Display the default target = 3

Display the default target = 4

Display the default target = 5

Display the default target = 6

Display the default target = 7

Record the command that lists all running services.________

Your organization maintains one DNS server for happy.org. It functions both as the authoritative name server for happy.org and as the preferred name server for its internal clients. When an internal client performs a query to its preferred name server, the name server will first:

None of the above

Check its cache

Contact the root server

Check its zone

When setting up a zone for happy.org:

Www.peachy.org is a host name and happy.org is the zone apex of that host.

Www.happy.org is a host name and peachy.org is the zone apex of that host.

Happy.org is a host name and www.happy.org is the zone apex of that host.

None of these answers

Www.happy.org is a host name and happy.org is the zone apex of that host.

You maintain a DNS server, which functions as the master for happy.org, as the slave for sunny.org, and as the preferred DNS server for all internal clients of happy.org. When an internal client performs a query for www.sunny.org, the name server will first:

Contact the master for sunny.org

Check its zone(s) of authority

Contact the root server

Check its cache

You are asked to manage three virtual hosts for Apache: www.happy.lab, www.peachy.lab, www.sunny.lab. You are also asked to manage DNS for all corresponding domains. Your name server is currently setup with one forward zone file that lists all the hosts for happy.lab. How many additional forward zone files do you have to create?

None (0)

One (1)

Two (2)

Three (3)

When your preferred name server receives a name resolution request it will try to find the answer by checking:

First the zone, then the cache, then the root server

First the root server, then the cache, then the zone

First the cache, then the zone, then the root server

DNS can work with one master and many slave servers. A master/slave scenario typically means that:

The master collects configuration changes from all slaves and redistributes them to the slaves; only slaves service clients.

The master collects configuration changes from all slaves and redistributes them to the slaves; both service clients.

The master maintains the configuration and slaves keep a copy; only slaves service clients.

The master maintains the configuration and slaves keep a copy; both service clients.

Both master and slave configurations can be changed; both service clients.

Based on this zone file:

$TTL 1D $ORIGIN happy.org. @ 1D IN SOA gw1.happy.org. root.happy.org.

06122401

15M

IN NS gw1.happy.org.

IN NS gw2.happy.org. gw1

IN A 193.168.0.2 gw2

IN A 193.168.0.3

The reverse zone for happy.org is called 193.168.0.in-addr.arpa.

True

False

What is the corresponding PTR record for this A record: www.happy.org. A 74.168.0.2

2.0.168.74 PTR www

74.168.0.2 PTR www.happy.org

None of these answers is correct

74.168.0.2. PTR www.happy.org.

Www.happy.org. PTR 74.168.0.2

2. PTR www.happy.org.

What must be done to set up a slave zone on a slave DNS server:

Create an zone file on the slave that is identical to the master's zone file

Initiate a zone transfer in the bind configuration of the master

Initiate a zone transfer in the bind configuration of the slave

Copy the master's zone file to the slave using any standard file copying utility

None of these choices is correct

An authoritative answer for "hostX" can only be received from a master DNS server of the zone to which hostX belongs as well as:

Any caching DNS server that has the record of hostX in its cache

A DNS server of a different zone that contains the A record of hostX

None of the above: only the master can provide an authoritative answer

A slave DNS server of the zone to which hostX belongs

Generally, you should put an IPv4 entry and IPv6 entry for your localhost in you hosts file.

True

False

Which command displays the default route?

Ip route

Ip default

Ss route

Ss show route

Which file contains your default name servers? _____

Which command displays interface configuration for all interfaces?

Ip addr show ens33

Ip addr ens33

Ip addr

Ip show ens33

Ip ens33

What is needed to perform hostname resolution using DNS?

The hostname of the name server in the resolver configuration

The hostname of the name server in the hosts file

The IP address of the name server in the resolver configuration

The hosts file, installed locally

The IP address of the name server in your ARP cache

In the client-server paradigm the server is listening on a port and initiating the connection to a client.

True

False

From a client system you are trying to connect to a remote web server but you get an error message. Which of the following will you NOT try?

Use ping (or other simple utility) to try and reach the server on the network

Check to see if your hostname resolution is setup

Check to see if your network service is running

Use netstat/ss to check the status of the web service on your system

To add a PTR record for the host www.happy.lab to the zone file "happy.lab" the proper syntax for is:

Www.happy.lab. PTR 172.16.30.167

None of these choices

172.16.30.167 PTR www.happy.lab

Www PTR 172.16.30.167

167.30.16.172.in-addr.arpa. PTR www.happy.lab.

What is the rpm command line that lists all the files that are part of the installed package "foobar"?

Record the command used to verify that the service "foobar" is currently running.________

A delegation creates a link between two domains that are directly connected (parent-child) in the DNS tree. The delegation to the child domain is included in the parent domain.

True

False

The address record: ns1 IN A 74.168.0.2 for the domain "happy.org" can be rewritten as: ns1.happy.org IN A 74.168.0.2

True

False

The syntax for an NS record for the server ns1.happy.org is:

Happy.org. NS A ns1.happy.org.

Ns1.happy.org. NS A 172.16.30.167

Happy.org. NS A 172.16.30.167

172.16.30.167 NS A ns1.happy.org.

In the iptables filter table the OUTPUT chain identifies all network packets that are destined for the firewall system.

True

False

The three explicit security objectives of the CIA triad model are:

Consistency, Integrity, Accountability

Confidentiality, Integrity, Availability

Control, Identification, Authorization

Confidentiality, Incorruptibility, Authenticity

To exchange a shared key for symmetric encryption the following cryptographic method is typically used:

Message code hashing

Asymmetric encryption

Symmetric encryption

Enter the command line to look up the PTR record for "172.16.30.167" using the dig command.

Which command will check the validity of the sshd configuration file and sanity of the keys?

Sshd -t

Ssh -t

Ssh --verify

Sshd --verify

Ssh_check

Sshd_check

How many keys does asymmetric encryption use?

To provide data integrity, the best method to use is to:

Encrypt the message with asymmetric encryption

Encrypt the message with symmetric encryption

Encrypt the message with a cryptographic hash function

Add a message authentication code to the message

Enter the command line to resolve the A record for "www.happy.org" using your default resolver configuration.

Which file must be modified on the master DNS to allow master/slave operation for the package bind?

/etc/sysconfig/named.conf

/etc/bind.conf

/etc/named.conf

/etc/sysconfig/bind.conf

Symmetric encryption is predominantly used to achieve confidentiality.

True

False

The default sshd_config shipped with OpenSSH is to specify options with their default values commented.

True

False

Enter the command line to resolve the A record for "www.happy.org" using your partner's DNS at 172.16.30.167 using your preferred command.

To provide data integrity the preferred cryptographic method is a:

HMAC, hash-based message authentication code

Message digest

MAC, Message authentication code

Enter the command line to look up the PTR record for "172.16.31.167" on your master DNS (172.16.30.167) using the dig command from another Linux machine.

Which of these command line utilities can be used to perform DNS lookups?

Host

Dns

Lookup

Dig

Nslookup

Which sshd configuration options control the use of public key authentication?

PasswordAuthentication

RSAAuthentication

PermitRootLogin

AuthorizedKeysFile

PubkeyAuthentication

Symmetric cryptography uses two keys, while asymmetric cryptography uses one key.

True

False

Enter the command line to look up the NS record for the domain "happy.org" using the nslookup command.

Which of these issues may cause the slave DNS not to synchronize with the master DNS?

Not having a file specified in the client configuration

Network connectivity

Zone serial number not higher than last sync

Incorrect specification in master or slave configuration file

How many keys does symmetric encryption use?

Which file contains configuration for the DNS client (resolver)?

/etc/sysconfig/resolve.conf

/etc/resolver.conf

~/resolv.conf

/etc/resolv.conf

Enter the command line to look up the NS record for the domain "happy.org" using the dig command.

Which key is used to encrypt in order to prove authenticity using public key cryptography?

Private key

Public key

Foreign key

Shared key

Which command(s) verify bind(DNS) is listening of the configured port(s)?

Netstat -lptn

Ss -lptn

Ip listen

Ss listen

Enter the command line to look up the NS record for the domain "happy.org" on the teacher's DNS (172.16.30.167) using the dig command.

Enter the command line to look up the NS record for the domain "happy.org" on the teacher's DNS (172.16.30.167) using the host command.

Enter the command line to look up the PTR record for "172.16.30.167" using the nslookup command.

Enter the command line to look up the PTR record for "172.16.31.167" on your slave DNS (172.16.31.167) using the dig command from another Linux machine.

DNS can work with one master and many slave servers. A master/slave scenario typically means that:

The master maintains the configuration and slaves keep a copy; both service clients.

Both master and slave configurations can be changed; both service clients.

The master collects configuration changes from all slaves and redistributes them to the slaves; only slaves service clients.

The master collects configuration changes from all slaves and redistributes them to the slaves; both service clients.

The master maintains the configuration and slaves keep a copy; only slaves service clients.

Enter the command line to look up the PTR record for "172.16.31.167" on the teacher's slave DNS (172.16.31.167) using the nslookup command.

Which sshd configuration options control the use of password authentication?

PasswordAuthentication

RSAAuthentication

PermitRootLogin

AuthorizedKeysFile

PubkeyAuthentication

To provide confidentiality the following cryptographic method is used:

Message code hashing

Symmetric encryption

Asymmetric encryption

Enter the command line to look up the PTR record for "172.16.30.167" using the host command.

Enter the command line to look up the PTR record for "172.16.31.167" on the teacher's master DNS (172.16.30.167) using the host command.

Which file must be modified on the slave DNS to allow master/slave operation for the package bind?

/etc/sysconfig/named.conf

/etc/bind.conf

/etc/sysconfig/bind.conf

/etc/named.conf

To provide source integrity, asymmetric encryption is used. The private key is used to:

Encrypt

Decrypt

Which command(s) verify sshd is listening of the configured port(s)?

Netstat -lptn

Ss -lptn

Ip listen

Ss listen

Enter the command line to look up the NS record for the domain "happy.org" using the host command.

Enter the command line to look up the NS record for the domain "happy.org" on the teacher's DNS (172.16.30.167) using the nslookup command.

Which apache configuration directive configures logging of all website accesses?

Access

AccessLog

Transfer

TransferLog

Which command is used to show or set your hostname?

Enter the command line to look up the NS record for the domain "happy.org" on the teacher's DNS (172.16.30.167) using the host command.

Enter the command line to look up the NS record for the domain "happy.org" on the teacher's DNS (172.16.30.167) using the dig command.

The aliasing feature is used to forward email of a local user to a different email account. The /etc/aliases file is consulted by which mail server?

Inbound

Outbound

Which sshd configuration options control the use of password authentication?

PasswordAuthentication

RSAAuthentication

PermitRootLogin

AuthorizedKeysFile

PubkeyAuthentication

Which command can be used to verify the HTTPD service is listening on the correct port?

Netstat

Ipconfig

Ifconfig

Match the iptables commands with the description.

1 = -I

2 = -A

3 = -R

4 = -L

5 = -F

6 = -h

Insert rule = 1

Insert rule = 2

Insert rule = 3

Insert rule = 4

Insert rule = 5

Insert rule = 6

Append rule = 1

Append rule = 2

Append rule = 3

Append rule = 4

Append rule = 5

Append rule = 6

Help = 1

Help = 2

Help = 3

Help = 4

Help = 5

Help = 6

Replace rule = 1

Replace rule = 2

Replace rule = 3

Replace rule = 4

Replace rule = 5

Replace rule = 6

List rules = 1

List rules = 2

List rules = 3

List rules = 4

List rules = 5

List rules = 6

Flush rules = 1

Flush rules = 2

Flush rules = 3

Flush rules = 4

Flush rules = 5

Flush rules = 6

Which of these commands will let you view the mail queue?

Postqueue -v

Postqueue -p

Mailq

Mailq -p

Mailq -v

Which command will check the validity of the sshd configuration file and sanity of the keys?

Sshd -t

Ssh -t

Ssh --verify

Sshd --verify

Ssh_check

Sshd_check

Match the iptables parameters with the description.

1 = -s

2 = -d

3 = -p

4 = -i

5 = -o

Destination = 1

Destination = 2

Destination = 3

Destination = 4

Destination = 5

In-bound interface = 1

In-bound interface = 2

In-bound interface = 3

In-bound interface = 4

In-bound interface = 5

Port = 1

Port = 2

Port = 3

Port = 4

Port = 5

Out-bound interface = 1

Out-bound interface = 2

Out-bound interface = 3

Out-bound interface = 4

Out-bound interface = 5

Source = 1

Source = 2

Source = 3

Source = 4

Source = 5

Which of these issues may cause the slave DNS not to syncronize with the master DNS?

Incorrect specification in master or slave configuration file

Network connectivity

Not having a file specified in the client configuration

Zone serial number not higher than last sync

Which of these are valid ways to send mail on the command line?

Mail -s Test Email user8213@cst8213.lab

Mail -s TestEmail user8213@cst8213.lab

Mail -s Test Email user8213@172.16.30.167

Mail -s TestEmail user8213@172.16.30.167

Mail -s Test Email user8213@[172.16.30.167]

Mail -s TestEmail user8213@[172.16.30.167]

Mail -s Test Email user8213@host.cst8213.lab

Mail -s TestEmail user8213@host.cst8213.lab

Which apache configuration option specifies the port Apache listens on?

ListenPort

Listen

Port

Which apache block directive is used to configure virtual hosts?

Host

Virtual

Multi

MultiHost

VirtualHost

Which of these firewalls are available on CENTOS 7?

Firewalld

Iptables

Secured

Ipchains

Which file your hostname resolution order? _____

The default sshd_config shipped with OpenSSH is to specify options with their default values commented.

True

False

Which mail server is the masquerading feature setup on?

Inbound

Outbound

Which file contains configuration for the DNS client (resolver)?

/etc/sysconfig/resolve.conf

/etc/resolver.conf

~/resolv.conf

/etc/resolv.conf

Generally, you should put an IPv4 entry and IPv6 entry for your localhost in you hosts file.

True

False

What is the default "ServerRoot" for apache?

/home/apache

/etc/httpd

/var/www/

/var/httpd

/var/www/httpd

You use DNS or /etc/hosts to test your apache virtual hosts locally.

True

False

Symmetric cryptography uses two keys, while asymmetric cryptography uses one key.

True

False

Which file contains the main configuration file for apache?

/etc/httpd/conf/httpd.conf

/etc/http/conf/httpd.conf

/etc/http/conf/http.conf

/etc/httpd/conf/http.conf

By default, which interface(s) does postfix listen?

The first ethernet adapter

Localhost or 127.0.0.1

All the ethernet adapters

All the ethernet adapters and localhost

What is the default user used by apache while running?

Apache

The user that started apache

Nobody

Cst8213

Root

You wish to configure apache to serve two "Virtual Hosts", happy.lab & grumpy.lab. What is the minimum number of zone files required in your DNS?

One

Two

Three

Four

Which utility is used to add entries to LDAP from a properly configured LDIF file?

Assuming you do not configure the configuration file to allow other users, who is allowed to add/modify/delete entries in the LDAP database?

Without further configuration, all users can add/modify/delete entries

The LDAP adminstrator

Root

Ldapadm

User8213

Which of these utility programs can add entries to an LDAP DIT?

Ldapadd

Ditmodify

Ditdelete

Ldapmodify

Ditadd

Ldapdelete

What is DIT an abbreviation for?

Which key is used to encrypt in order to prove authenticity using public key cryptography?

Private key

Public key

Foreign key

Shared key

Which of these utility programs can modify entries to an LDAP DIT?

Ldapadd

Ldapmodify

Ldapdelete

Ditadd

Ditmodify

Ditdelete

You use DNS or /etc/hosts to test your apache virtual hosts remotely.

True

False

What is the default document root for apache?

/etc/httpd/html

/etc/httpd

/etc/httpd/www

/var

/var/www

/var/www/html

/etc/httpd/www/html

What is the name of the default error log in Apache?

Errorlog

Error.log

Error_log

Errorlog.log

Error_log.log

Which utility is used to search the LDAP DIT?

Which module must be loaded in order to use the DirectoryIndex option?

Mod_base

Mod_data

Mod_dir

Mod_access

Mod_cache

Mod_index

Which of these utility programs can delete entries to an LDAP DIT?

Ditdelete

Ldapadd

Ditadd

Ldapdelete

Ldapmodify

Ditmodify

What does the error message "mail loops back to me" typically indicate is wrong in the postfix configuration file?

"mydestination" is incorrectly configured

Postfix is listening only on the loopback interface

The MX record is incorrect (missing or pointing to an incorrect host

Postfix is listening only on port 25

"relay_domains" is incorrectly set

Which sshd configuration options control the use of public key authentication?

PasswordAuthentication

RSAAuthentication

PermitRootLogin

AuthorizedKeysFile

PubkeyAuthentication

Which file must be modified on the master DNS to allow master/slave operation for the package bind?

/etc/bind.conf

/etc/sysconfig/bind.conf

/etc/sysconfig/named.conf

/etc/named.conf

Root servers answer iterative & recursive queries.

True

False

"Aliasing" is used to redirect email addressed to a generic account such as "webmaster" to a user account such as "arnold". As such the recipient address is rewritten by the receiving mail server

True

False

To provide source integrity, asymmetric encryption is used. The private key is used to:

Encrypt

Decrypt

The LDAP protocol is used to:

Maintain and share directory information

None of the above

Resolve host names into IP addresses

Share resources, such as files and printers, between Windows and Linux platforms

Manage network configuration, such as IP addresses, for client systems

To setup the resolver on the client system to provide hostname resolution with LDAP in addition to static and DNS-style host name resolution, the following client configuration file has to be edited:

/etc/services

/etc/nsswitch.conf

/etc/resolv.conf

/etc/hosts

Assume that name-based virtual hosting is setup for the IP address 172.16.30.199 on a server with more than one interface. You want to display a web site when your web server is accessed using a different (and valid) IP address. To accomplish this you should:

Setup a separate Apache to listen on the different IP address after making sure that the current Apache is not listening on that IP address

Setup a "default" site in the virtual site section

It cannot be done: you cannot setup a site for another interface when setting up virtual hosting for a given interface

Do nothing: the site of the first virtual host will automatically be displayed.

Assuming you are already serving two domains, how many additional virtual hosts have to be set up in Apache to provide websites for the domains happy.org, peachy.org and sunny.org?

Zero (0)

One (1)

Three (3)

It cannot be done

Identify the error in the following LDIF entry:
dn: cn=Sarah Jones,ou=people,dc=example.com
objectclass: inetorgperson
cn: Sarah Jones
sn: Jones
mail: Sarah.Jones@example.com
mail: sjones@example.com

The dc attribute does not have a valid value

The syntax for the attributes should use an = sign, not a colon, as in sn=Jones

There can only be one mail attribute, not two

There is no error

An "outbound" only mail server typically "hosts" email for its domain.

True

False

Practically, who should be able to look up a public DNS MX record?

The sending email server

The receiving email server

The user sending the email

The user receiving the email

None of these answers

Consistency of directory information across replicated LDAP servers is crucial while consistency of data stored in transactional databases is not.

True

False

HTTPS is:

HTTP that includes additional security modules defined by the HTTPS protocol

A different application layer protocol from HTTP

A newer version of the HTTP protocol

HTTP that uses the TLS/SSL layer for security services

The base/suffix for happy.org can be setup using the following object class:

InetOrgPerson

Domain

Top

Person

An object is created based on one object class. The object class must be:

Abstract

Auxiliary

Structural

There is only one type of object class

To locate an object in the DIT you use the _____________ of the object.

FQDN

None of these choices

RDN

DNS

The SMTP protocol is used to:

Manage network configuration for client systems

Share resources, such as files and printers, between Windows and Linux platforms

Maintain and share directory information

Resolve host names into IP addresses

None of these choices

If a directive in your Apache configuration is not recognized by Apache, the most likely reason is that the module that supports the directive is missing.

True

False

The apache server implements the following protocol:

None of these choices

URI

APACHE

HTTP

To send mail using the form user@domain.tld, where the mail server for the domain is mx.domain.tld, the A record for mx.domain.tld in the zone file for the domain is sufficient.

True

False

When setting up name-based virtual hosts, the Apache configuration requires:

One DocumentRoot directive for each virtual host and one ServerName directive for each virtual host

One DocumentRoot directive for each virtual host and one ServerName directive

One DocumentRoot directive and one ServerName directive

One DocumentRoot directive and one ServerName directive for each virtual host

The only source for web documents that a server can map a URL to is given by the DocumentRoot directive.

True

False

Which mail servers "need" to look up a public DNS MX record?

The receiving email server

The user sending the email

None of these answers

The user receiving the email

The sending email server

Based on the excerpt of the bind configuration below, a client with an IP address
of 192.168.1.20 can successfully query this DNS server.
options {
directory “/var/named”;
listen-on { 127.0.0.1; };
allow-query { 192.168.1.0/24; };
};

True

False

An LDAP client, such as ldapsearch, requires at a minimum the following information to search an LDAP directory server.

An IP address (or hostname) for the LDAP server

A DN for the object to search

A DNS record for the server

A base/suffix for the DIT

The apache server implements the following protocol:

HTML

APACHE

None of these choices

URL

The three required components to have a functional email service are:

Mail User Agent, Mail Transfer Agent, Mail Delivery Agent

Mail User Agent, Mail Submission Agent, Mail Transfer Agent

Mail Submission Agent, Mail Transfer Agent, Mail Delivery Agent

Mail User Agent, Mail Submission Agent, Mail Delivery Agent

If object class inetOrgPerson is a subclass of object class person, the following applies:

Object class inheritance is not part of the LDAP protocol

All attributes of person are inherited by inetOrgPerson, except the required attributes

All attributes of person are inherited by inetOrgPerson, including the required attributes

All attributes of inetOrgPerson are inherited by person

When data is downloaded from a web server to a client browser, the type of data (text, image, audio, etc.) is determined by the:

Content-Type header based on MIME types

DocType directive in the Apache configuration

File extension of the downloaded document

Symmetric encryption is predominantly used to achieve confidentiality.

True

False

To provide data integrity the preferred cryptographic method is a:

Message digest

HMAC, hash-based message authentication code

MAC, Message authentication code

iptables –F
iptables –P INPUT ACCEPT
iptables –A INPUT –s 172.16.0.0/16 –p tcp –-dport 23 –j ACCEPT
iptables –A INPUT –s 172.16.0.0/16 –p tcp –-dport 22 –j ACCEPT
iptables –A INPUT –s 172.16.0.0/16 –j REJECT
What will happen to a packet with source IP 172.16.32.167 trying to connect to the DNS server currently running only the above iptables rules?

Rejected

Accepted

Dropped

When trying to add an LDAP directory entry the operation is unsuccessful. One of the possible problems could be that the corresponding schema file is not included in the LDAP server configuration.

True

False

Virtual hosts in Apache are used to:

Host web sites without the need to setup DNS entries for multiple domain names

Setup referrals to other web servers

Have web sites for multiple sites on the same server system

Create multiple copies of the same web site on multiple server systems

Apache fails to start due to an unknown directive in the configuration file. One possibility could be that the corresponding module is not loaded.

True

False

Postfix is considered to be primarily a:

Mail Submission Agent

Mail Transfer Agent

Mail User Agent

Mail Delivery Agent

Based on the following list of criteria determine which ones have to be satisfied for an inbound mail server.

The server has to be setup to "relay" for the domain.

The server has to be setup to "host" for the domain.

An MX record has to point to the mail server.

Masquerading is applied on all received email.

An attribute is defined by a set of object classes.

True

False

To verify the mail server of the domain example.lab based on the MX record the following dig command is used:

Dig mx.example.lab

Dig MX example.lab

Dig MX mail.example.lab

Dig mail.example.lab

An object can be created using exactly one auxiliary class and any number, including zero, structural classes.

True

False

iptables –A INPUT –s 172.16.0.0/16 –j ACCEPT
iptables –A INPUT –s 172.16.31.167 –p tcp –j DROP
Based only on the two rules above, an incoming connection from interface 172.16.31.167 will be dropped.

True

False

With "masquerading" the following addresses are typically rewritten.

Based on this zone file:
$TTL 1D
$ORIGIN happy.org.
@ 1D IN SOA gw1.happy.org. root.happy.org. 06122401 3H 15M 1W 1D
IN NS gw1.happy.org.
IN NS gw2.happy.org.
gw1 IN A 193.168.0.2
gw2 IN A 193.168.0.3
What is the IP address of the primary name server?

193.168.0.1

193.168.0.2

193.168.0.3

193.168.0.4

It is impossible to determine with the information provided.

To provide confidentiality the following cryptographic method is used:

Symmetric encryption

Message code hashing

Asymmetric encryption

A delegation creates a link between two domains that are directly connected (parent-child) in the DNS tree. The delegation to the child domain is included in the parent domain.

True

False

A delegation creates a link between two domains that are directly connected (parent-child) in the DNS tree. The delegation to the child domain is included in the parent domain.

True

False

Name-based virtual hosting is possible because:

The client connection to the server is based on IP address and port number, and the hostname is included in the client request.

The client connection to the server is based on hostname and port number.

Name-based virtual hosting is possible because:

The client connection to the server is based on IP address and port number, and the hostname is included in the client request.

The client connection to the server is based on hostname and port number.

{"name":"Linux Final", "url":"https://www.quiz-maker.com/QPREVIEW","txt":"In order to determine the IP address of the root name servers, the slave DNS server:, Given this dig command: \"dig @127.0.0.1 www.happy.org\", determine which of the following is required?, 24. Based on the excerpt of the bind configuration below, a client with an IP address of 192.168.1.20 can successfully query this DNS server. options { directory “\/var\/named”; listen-on { 127.0.0.1; }; allow-query { 192.168.1.0\/24; }; };","img":"https://www.quiz-maker.com/3012/images/ogquiz.png"}