Linux Final
In order to determine the IP address of the root name servers, the slave DNS server:
Performs an Internet broadcast.
Queries the master name server.
Downloads the list of root servers from the Internet.
Queries the file specified by the "hint" zone in its bind configuration file.
Given this dig command: "dig @127.0.0.1 www.happy.org", determine which of the following is required?
The bind configuration(/etc/named.conf) must have a forward zone entry for happy.org
The bind server software has to be running on the local machine.
The name service switch (/etc/nsswitch.conf) has to include DNS as a name resolution mechanism.
The client resolver has to be on the same system as the name server.
A forward zone file for happy.org to be created.
The resolver configuration has to be setup (/etc/resolv.conf).
24. Based on the excerpt of the bind configuration below, a client with an IP address of 192.168.1.20 can successfully query this DNS server.
options { directory “/var/named”;
listen-on { 127.0.0.1; };
allow-query { 192.168.1.0/24; }; };
True
False
Root servers answer iterative & recursive queries.
True
False
Your lab partner is about to test your name server when you notice that your resolver configuration on your name server is not properly setup. Do you tell your lab partner to:
Proceed because it will not affect her/his results
Wait because it will affect her/his results
Huh?
Your server is the master of two domains: happy.org & peachy.net. How many configuration/zone files have to be maintained?
Two forward zone files & one bind configuration
One forward zone file & one bind configuration
Two forward zone files & two bind configurations
One forward zone file & two bind configurations
Authoritative hostname resolution can be provided by:
Only the master of a zone
Both the master and the slave of a zone
Only the slave of a zone
Based on this zone file:
$TTL 1D $ORIGIN happy.org. @ 1D IN SOA gw1.happy.org. root.happy.org.
06122401
3H
15M
1W
1D
IN NS gw1.happy.org.
IN NS gw2.happy.org. gw1
IN A 193.168.0.2 gw2
IN A 193.168.0.3
When will the slave’s zone expire?
It will expire after 1 day
It will expire after 3 hours
Unknown based on this zone file
It will expire after 1 week
It will never expire
Assume that another company (managing its own domain sunny.org), has agreed to become a DNS slave for your domain happy.lab. You edit your zone file to add:
An NS record for that slave.
An A record for that slave.
An SOA, an NS records and an A record for the slave
An SOA record for that slave.
An NS record and an A record for the slave
Based on the following excerpt of a zone file, select all additional records that need to be added to this zone file from the list of records given below:
$TTL 1D $ORIGIN happy.org. @ 1D IN SOA ns1.happy.org. root.happy.org.
06122401
3H
15M
1W
1D
IN NS ns1.happy.org.
IN NS ns2.sunny.org.
IN MX 10 mail.happy.org.
An A record for ns1.happy.org.
A PTR record for ns1.happy.org.
A PTR record for mail.happy.org.
A PTR record for ns2.sunny.org.
An A record for ns2.sunny.org.
An A record for mail.happy.org.
Zone transfer timing parameters are determined by the following:
NS record in the zone file
SOA record in the zone file
Zone transfer information as recorded in /var/named/transfer
Bind configuration file: /etc/named.conf.
Based on this zone file:
$TTL 1D $ORIGIN happy.org. @ 1D IN SOA gw1.happy.org. root.happy.org.
06122401
3H
15M
1W
1D
IN NS gw1.happy.org.
IN NS gw2.happy.org. gw1
IN A 193.168.0.2 gw2
IN A 193.168.0.3
What is the IP address of the primary name server?
193.168.0.1
193.168.0.2
193.168.0.3
193.168.0.4
It is impossible to determine with the information provided.
To perform reverse hostname resolution for the 172.16.30.167 you use the following dig command:
Dig –x 172.16.30.167
Dig 172.16.30.167
Dig –r 172.16.30.167
Dig –x @172.16.30.167
Dig @172.16.30.167
Identify the utility used to configure and display network devices.
Ip route / route
None of these answers
Ip neighbor / arp
Ip addr / ifconfig
Ss / netstat
Identify the utility used to display the ports that the services are listening on?
Ss / netstat
Ip neighbor / arp
Ip addr / ifconfig
Ip route / route
None of these answers
When encountering an error message when dealing with services you attempt the following before describing the problem to your lab partner:
Check service status
Check the network setup
Check log files
In the client-server paradigm the server is listening on a port and initiating the connection to a client.
True
False
Identify the utility that can be used to test an active (listening) service that implements a text-based protocol.
Http
Ssh
Dig
Nc
What is missing in the following static IP address interface configuration?
TYPE=Ethernet
DEVICE=ens3344
BOOTPROTO=none
ONBOOT=yes
IPADDR=192.168.2.200
NETMASK=255.255.255.0
GATEWAY=192.168.2.1
NETWORKING=YES
HOSTS=DNS
Nothing is missing
ROUTE=192.168.2.0
In the Iptables filter table, the INPUT chain identifies all network packets that pass through the firewall system.
True
False
To set up static IP addressing you use the following interface configuration (ifcfg-ens33):
TYPE=Ethernet
DEVICE=ens33
BOOTPROTO=none
ONBOOT=yes
IPADDR=192.168.2.200
NETMASK=255.255.255.0
GATEWAY=192.168.2.1
What, if anything, is wrong with this configuration?
Add the line: ROUTE=192.168.2.0
Add the line: HOSTS=DNS
Add the line: NETWORKING=YES
There are no errors or lines missing.
Delete the line: GATEWAY=192.168.2.1
Change the line: BOOTPROTO=none to BOOTPROTO=static
Based on the following output of netstat and netcat commands, identify the reason for the error message.
[user8213 @localhost] netstat –tln Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 127.0.0.1:22 *:*
LISTEN tcp 0 0 127.0.0.1:25 *:*
LISTEN tcp 0 0 127.0.0.1:80 *:*
LISTEN [user8213 @localhost] nc -l 53 nc: Permission denied
Only the root user can open ports numbers less than 1024.
The syntax of the nc command is incorrect.
The port number 53 is not recorded in the /etc/services file, and therefore not recognized by nc.
The port address is already in use
The interface is not currently up.
To view all currently established connections to your service(s) you use the following utility:
Ps
Netstat or ss
Chkconfig
Service
Which command(s) shows all interface configurations?
Ip addr show ens33 ens34
Ip addr show
Ip addr
Ip addr show all
Ip show
Ip
Which utility will best verify basic network connectivity?
Ping
Netstat
Ss
Ip
All of these choices
Match the iptables targets with the description.
1=DROP
2=REJECT
3=RETURN
4=ACCEPT
Reject the packet. Reply with appropriate ICMP message = 1
Reject the packet. Reply with appropriate ICMP message = 2
Reject the packet. Reply with appropriate ICMP message = 3
Reject the packet. Reply with appropriate ICMP message = 4
Drop the packet. No reply to the source. = 1
Drop the packet. No reply to the source. = 2
Drop the packet. No reply to the source. = 3
Drop the packet. No reply to the source. = 4
Let the packet through = 1
Let the packet through = 2
Let the packet through = 3
Let the packet through = 4
The chain policy determines the fate of the packet = 1
The chain policy determines the fate of the packet = 2
The chain policy determines the fate of the packet = 3
The chain policy determines the fate of the packet = 4
Match the options for ss (or netstat) with the description.
1=I
2=p
3=t
4=n
Show TCP ports = 1
Show TCP ports = 2
Show TCP ports = 3
Show TCP ports = 4
Numeric output = 1
Numeric output = 2
Numeric output = 3
Numeric output = 4
Programs & pids = 1
Programs & pids = 2
Programs & pids = 3
Programs & pids = 4
Listening = 1
Listening = 2
Listening = 3
Listening = 4
Based on the list of permissions below, select the correct answer in order to delete a file in a directory:
No permissions on file
Write on the file
Write on the directory
No permissions on directory
Read on the file
Execute on the file
Read on the directory
Execute on the directory
To determine the installed location of the configuration file of a newly installed package, your best option is to:
Query the package for installed files.
Read the man page - man pages always list the files installed by a package.
Ask your lab partner
Google
Which log file typically gives you the best overview of the state of the system?
/var/log/auth
/var/log/passwd
/var/log/messages
/var/log/secure
Which command displays interface configuration for ens33?
Ip addr show ens33
Ip addr ens33
Ip addr
Ip show ens33
Ip ens33
What is the command used to prevent service "foobar" starting automatically upon system boot up?________
Given the only the following two rules, will an incoming connection from 172.16.31.167 be dropped, rejected or accepted? iptables –A INPUT –s 172.16.0.0/16 –j ACCEPT iptables –A INPUT –s 172.16.31.167 –p tcp –j DROP
Dropped
Rejected
Accepted
The rules don't make sense or they are invalid
What is the purpose of this rule? iptables –A INPUT –s 172.16.0.0/16 –p tcp –j ACCEPT
Accept all incoming TCP traffic on all ports destined for the 172.16 subnet
Accept all incoming TCP traffic on all ports
Accept all incoming TCP traffic to any port originating from the 172.16 subnet
None of these answers
Is the default iptables policy applied before or after all other rules are evaluated.
Before
After
The directive found in /etc/sysconfig/network-scripts/ifcfg-ens33 that will determine whether an interface is setup as static or dynamic is:
BOOTPROTO
DEVICE
DHCPPROTO
IPADDR
TYPE
Which command can be used to configure and display network devices?
Service
Netstat or ss
Arp
Ifconfig or ip addr
Match the commands with the description.
1=systemctl list-units
2=systemctl list-unit-files
3=systemctl start service
4=systemctl get-default
5=journalctl –u network
6=journalctl –k
7=systemctl list-units –t service
Display log messages for the network service = 1
Display log messages for the network service =2
Display log messages for the network service = 3
Display log messages for the network service = 4
Display log messages for the network service = 5
Display log messages for the network service = 6
Display log messages for the network service = 7
Displays all active units = 1
Displays all active units = 2
Displays all active units = 3
Displays all active units =4
Displays all active units = 5
Displays all active units = 6
Displays all active units = 7
Display kernel messages = 1
Display kernel messages = 2
Display kernel messages = 3
Display kernel messages = 4
Display kernel messages = 5
Display kernel messages = 6
Display kernel messages = 7
Lists all running services = 1
Lists all running services = 2
Lists all running services = 3
Lists all running services = 4
Lists all running services = 5
Lists all running services = 6
Lists all running services = 7
Start service immediately = 1
Start service immediately = 2
Start service immediately = 3
Start service immediately = 4
Start service immediately = 5
Start service immediately = 6
Start service immediately = 7
Displays all units = 1
Displays all units = 2
Displays all units = 3
Displays all units = 4
Displays all units = 5
Displays all units = 6
Displays all units = 7
Display the default target = 1
Display the default target = 2
Display the default target = 3
Display the default target = 4
Display the default target = 5
Display the default target = 6
Display the default target = 7
Your organization maintains one DNS server for happy.org. It functions both as the authoritative name server for happy.org and as the preferred name server for its internal clients. When an internal client performs a query to its preferred name server, the name server will first:
None of the above
Check its cache
Contact the root server
Check its zone
When setting up a zone for happy.org:
Www.peachy.org is a host name and happy.org is the zone apex of that host.
Www.happy.org is a host name and peachy.org is the zone apex of that host.
Happy.org is a host name and www.happy.org is the zone apex of that host.
None of these answers
Www.happy.org is a host name and happy.org is the zone apex of that host.
You maintain a DNS server, which functions as the master for happy.org, as the slave for sunny.org, and as the preferred DNS server for all internal clients of happy.org. When an internal client performs a query for www.sunny.org, the name server will first:
Contact the master for sunny.org
Check its zone(s) of authority
Contact the root server
Check its cache
You are asked to manage three virtual hosts for Apache: www.happy.lab, www.peachy.lab, www.sunny.lab. You are also asked to manage DNS for all corresponding domains. Your name server is currently setup with one forward zone file that lists all the hosts for happy.lab. How many additional forward zone files do you have to create?
None (0)
One (1)
Two (2)
Three (3)
When your preferred name server receives a name resolution request it will try to find the answer by checking:
First the zone, then the cache, then the root server
First the root server, then the cache, then the zone
First the cache, then the zone, then the root server
DNS can work with one master and many slave servers. A master/slave scenario typically means that:
The master collects configuration changes from all slaves and redistributes them to the slaves; only slaves service clients.
The master collects configuration changes from all slaves and redistributes them to the slaves; both service clients.
The master maintains the configuration and slaves keep a copy; only slaves service clients.
The master maintains the configuration and slaves keep a copy; both service clients.
Both master and slave configurations can be changed; both service clients.
Based on this zone file:
$TTL 1D $ORIGIN happy.org. @ 1D IN SOA gw1.happy.org. root.happy.org.
06122401
3H
15M
1W
1D
IN NS gw1.happy.org.
IN NS gw2.happy.org. gw1
IN A 193.168.0.2 gw2
IN A 193.168.0.3
The reverse zone for happy.org is called 193.168.0.in-addr.arpa.
True
False
What is the corresponding PTR record for this A record: www.happy.org. A 74.168.0.2
2.0.168.74 PTR www
74.168.0.2 PTR www.happy.org
None of these answers is correct
74.168.0.2. PTR www.happy.org.
Www.happy.org. PTR 74.168.0.2
2. PTR www.happy.org.
What must be done to set up a slave zone on a slave DNS server:
Create an zone file on the slave that is identical to the master's zone file
Initiate a zone transfer in the bind configuration of the master
Initiate a zone transfer in the bind configuration of the slave
Copy the master's zone file to the slave using any standard file copying utility
None of these choices is correct
An authoritative answer for "hostX" can only be received from a master DNS server of the zone to which hostX belongs as well as:
Any caching DNS server that has the record of hostX in its cache
A DNS server of a different zone that contains the A record of hostX
None of the above: only the master can provide an authoritative answer
A slave DNS server of the zone to which hostX belongs
Generally, you should put an IPv4 entry and IPv6 entry for your localhost in you hosts file.
True
False
Which command displays the default route?
Ip route
Ip default
Ss route
Ss show route
Which command displays interface configuration for all interfaces?
Ip addr show ens33
Ip addr ens33
Ip addr
Ip show ens33
Ip ens33
What is needed to perform hostname resolution using DNS?
The hostname of the name server in the resolver configuration
The hostname of the name server in the hosts file
The IP address of the name server in the resolver configuration
The hosts file, installed locally
The IP address of the name server in your ARP cache
In the client-server paradigm the server is listening on a port and initiating the connection to a client.
True
False
From a client system you are trying to connect to a remote web server but you get an error message. Which of the following will you NOT try?
Use ping (or other simple utility) to try and reach the server on the network
Check to see if your hostname resolution is setup
Check to see if your network service is running
Use netstat/ss to check the status of the web service on your system
To add a PTR record for the host www.happy.lab to the zone file "happy.lab" the proper syntax for is:
Www.happy.lab. PTR 172.16.30.167
None of these choices
172.16.30.167 PTR www.happy.lab
Www PTR 172.16.30.167
167.30.16.172.in-addr.arpa. PTR www.happy.lab.
What is the rpm command line that lists all the files that are part of the installed package "foobar"?
A delegation creates a link between two domains that are directly connected (parent-child) in the DNS tree. The delegation to the child domain is included in the parent domain.
True
False
The address record: ns1 IN A 74.168.0.2 for the domain "happy.org" can be rewritten as: ns1.happy.org IN A 74.168.0.2
True
False
The syntax for an NS record for the server ns1.happy.org is:
Happy.org. NS A ns1.happy.org.
Ns1.happy.org. NS A 172.16.30.167
Happy.org. NS A 172.16.30.167
172.16.30.167 NS A ns1.happy.org.
In the iptables filter table the OUTPUT chain identifies all network packets that are destined for the firewall system.
True
False
The three explicit security objectives of the CIA triad model are:
Consistency, Integrity, Accountability
Confidentiality, Integrity, Availability
Control, Identification, Authorization
Confidentiality, Incorruptibility, Authenticity
To exchange a shared key for symmetric encryption the following cryptographic method is typically used:
Message code hashing
Asymmetric encryption
Symmetric encryption
Which command will check the validity of the sshd configuration file and sanity of the keys?
Sshd -t
Ssh -t
Ssh --verify
Sshd --verify
Ssh_check
Sshd_check
How many keys does asymmetric encryption use?
0
1
2
3
4
5
To provide data integrity, the best method to use is to:
Encrypt the message with asymmetric encryption
Encrypt the message with symmetric encryption
Encrypt the message with a cryptographic hash function
Add a message authentication code to the message
Enter the command line to resolve the A record for "www.happy.org" using your default resolver configuration.
Which file must be modified on the master DNS to allow master/slave operation for the package bind?
/etc/sysconfig/named.conf
/etc/bind.conf
/etc/named.conf
/etc/sysconfig/bind.conf
Symmetric encryption is predominantly used to achieve confidentiality.
True
False
The default sshd_config shipped with OpenSSH is to specify options with their default values commented.
True
False
Enter the command line to resolve the A record for "www.happy.org" using your partner's DNS at 172.16.30.167 using your preferred command.
To provide data integrity the preferred cryptographic method is a:
HMAC, hash-based message authentication code
Message digest
MAC, Message authentication code
Enter the command line to look up the PTR record for "172.16.31.167" on your master DNS (172.16.30.167) using the dig command from another Linux machine.
Which sshd configuration options control the use of public key authentication?
PasswordAuthentication
RSAAuthentication
PermitRootLogin
AuthorizedKeysFile
PubkeyAuthentication
Symmetric cryptography uses two keys, while asymmetric cryptography uses one key.
True
False
Enter the command line to look up the NS record for the domain "happy.org" using the nslookup command.
Which of these issues may cause the slave DNS not to synchronize with the master DNS?
Not having a file specified in the client configuration
Network connectivity
Zone serial number not higher than last sync
Incorrect specification in master or slave configuration file
How many keys does symmetric encryption use?
1
2
3
4
5
0
Which file contains configuration for the DNS client (resolver)?
/etc/sysconfig/resolve.conf
/etc/resolver.conf
~/resolv.conf
/etc/resolv.conf
Which key is used to encrypt in order to prove authenticity using public key cryptography?
Private key
Public key
Foreign key
Shared key
Which command(s) verify bind(DNS) is listening of the configured port(s)?
Netstat -lptn
Ss -lptn
Ip listen
Ss listen
Enter the command line to look up the NS record for the domain "happy.org" on the teacher's DNS (172.16.30.167) using the dig command.
Enter the command line to look up the NS record for the domain "happy.org" on the teacher's DNS (172.16.30.167) using the host command.
Enter the command line to look up the PTR record for "172.16.31.167" on your slave DNS (172.16.31.167) using the dig command from another Linux machine.
DNS can work with one master and many slave servers. A master/slave scenario typically means that:
The master maintains the configuration and slaves keep a copy; both service clients.
Both master and slave configurations can be changed; both service clients.
The master collects configuration changes from all slaves and redistributes them to the slaves; only slaves service clients.
The master collects configuration changes from all slaves and redistributes them to the slaves; both service clients.
The master maintains the configuration and slaves keep a copy; only slaves service clients.
Enter the command line to look up the PTR record for "172.16.31.167" on the teacher's slave DNS (172.16.31.167) using the nslookup command.
Which sshd configuration options control the use of password authentication?
PasswordAuthentication
RSAAuthentication
PermitRootLogin
AuthorizedKeysFile
PubkeyAuthentication
To provide confidentiality the following cryptographic method is used:
Message code hashing
Symmetric encryption
Asymmetric encryption
Enter the command line to look up the PTR record for "172.16.31.167" on the teacher's master DNS (172.16.30.167) using the host command.
Which file must be modified on the slave DNS to allow master/slave operation for the package bind?
/etc/sysconfig/named.conf
/etc/bind.conf
/etc/sysconfig/bind.conf
/etc/named.conf
To provide source integrity, asymmetric encryption is used. The private key is used to:
Encrypt
Decrypt
Which command(s) verify sshd is listening of the configured port(s)?
Netstat -lptn
Ss -lptn
Ip listen
Ss listen
Enter the command line to look up the NS record for the domain "happy.org" on the teacher's DNS (172.16.30.167) using the nslookup command.
Which apache configuration directive configures logging of all website accesses?
Access
AccessLog
Transfer
TransferLog
Enter the command line to look up the NS record for the domain "happy.org" on the teacher's DNS (172.16.30.167) using the host command.
Enter the command line to look up the NS record for the domain "happy.org" on the teacher's DNS (172.16.30.167) using the dig command.
The aliasing feature is used to forward email of a local user to a different email account. The /etc/aliases file is consulted by which mail server?
Inbound
Outbound
Which sshd configuration options control the use of password authentication?
PasswordAuthentication
RSAAuthentication
PermitRootLogin
AuthorizedKeysFile
PubkeyAuthentication
Which command can be used to verify the HTTPD service is listening on the correct port?
Ss
Ip
Netstat
Ipconfig
Ifconfig
Match the iptables commands with the description.
1 = -I
2 = -A
3 = -R
4 = -L
5 = -F
6 = -h
Insert rule = 1
Insert rule = 2
Insert rule = 3
Insert rule = 4
Insert rule = 5
Insert rule = 6
Append rule = 1
Append rule = 2
Append rule = 3
Append rule = 4
Append rule = 5
Append rule = 6
Help = 1
Help = 2
Help = 3
Help = 4
Help = 5
Help = 6
Replace rule = 1
Replace rule = 2
Replace rule = 3
Replace rule = 4
Replace rule = 5
Replace rule = 6
List rules = 1
List rules = 2
List rules = 3
List rules = 4
List rules = 5
List rules = 6
Flush rules = 1
Flush rules = 2
Flush rules = 3
Flush rules = 4
Flush rules = 5
Flush rules = 6
Which of these commands will let you view the mail queue?
Postqueue -v
Postqueue -p
Mailq
Mailq -p
Mailq -v
Which command will check the validity of the sshd configuration file and sanity of the keys?
Sshd -t
Ssh -t
Ssh --verify
Sshd --verify
Ssh_check
Sshd_check
Match the iptables parameters with the description.
1 = -s
2 = -d
3 = -p
4 = -i
5 = -o
Destination = 1
Destination = 2
Destination = 3
Destination = 4
Destination = 5
In-bound interface = 1
In-bound interface = 2
In-bound interface = 3
In-bound interface = 4
In-bound interface = 5
Port = 1
Port = 2
Port = 3
Port = 4
Port = 5
Out-bound interface = 1
Out-bound interface = 2
Out-bound interface = 3
Out-bound interface = 4
Out-bound interface = 5
Source = 1
Source = 2
Source = 3
Source = 4
Source = 5
Which of these issues may cause the slave DNS not to syncronize with the master DNS?
Incorrect specification in master or slave configuration file
Network connectivity
Not having a file specified in the client configuration
Zone serial number not higher than last sync
Which of these are valid ways to send mail on the command line?
Mail -s Test Email user8213@cst8213.lab
Mail -s TestEmail user8213@cst8213.lab
Mail -s Test Email user8213@172.16.30.167
Mail -s TestEmail user8213@172.16.30.167
Mail -s Test Email user8213@[172.16.30.167]
Mail -s TestEmail user8213@[172.16.30.167]
Mail -s Test Email user8213@host.cst8213.lab
Mail -s TestEmail user8213@host.cst8213.lab
Which apache configuration option specifies the port Apache listens on?
ListenPort
Listen
Port
80
Which apache block directive is used to configure virtual hosts?
Host
Virtual
Multi
MultiHost
VirtualHost
The default sshd_config shipped with OpenSSH is to specify options with their default values commented.
True
False
Which mail server is the masquerading feature setup on?
Inbound
Outbound
Which file contains configuration for the DNS client (resolver)?
/etc/sysconfig/resolve.conf
/etc/resolver.conf
~/resolv.conf
/etc/resolv.conf
Generally, you should put an IPv4 entry and IPv6 entry for your localhost in you hosts file.
True
False
What is the default "ServerRoot" for apache?
/home/apache
/etc/httpd
/var/www/
/var/httpd
/var/www/httpd
You use DNS or /etc/hosts to test your apache virtual hosts locally.
True
False
Symmetric cryptography uses two keys, while asymmetric cryptography uses one key.
True
False
Which file contains the main configuration file for apache?
/etc/httpd/conf/httpd.conf
/etc/http/conf/httpd.conf
/etc/http/conf/http.conf
/etc/httpd/conf/http.conf
By default, which interface(s) does postfix listen?
The first ethernet adapter
Localhost or 127.0.0.1
All the ethernet adapters
All the ethernet adapters and localhost
What is the default user used by apache while running?
Apache
The user that started apache
Nobody
Cst8213
Root
You wish to configure apache to serve two "Virtual Hosts", happy.lab & grumpy.lab. What is the minimum number of zone files required in your DNS?
One
Two
Three
Four
Assuming you do not configure the configuration file to allow other users, who is allowed to add/modify/delete entries in the LDAP database?
Without further configuration, all users can add/modify/delete entries
The LDAP adminstrator
Root
Ldapadm
User8213
Which of these utility programs can add entries to an LDAP DIT?
Ldapadd
Ditmodify
Ditdelete
Ldapmodify
Ditadd
Ldapdelete
Which key is used to encrypt in order to prove authenticity using public key cryptography?
Private key
Public key
Foreign key
Shared key
Which of these utility programs can modify entries to an LDAP DIT?
Ldapadd
Ldapmodify
Ldapdelete
Ditadd
Ditmodify
Ditdelete
You use DNS or /etc/hosts to test your apache virtual hosts remotely.
True
False
What is the default document root for apache?
/etc/httpd/html
/etc/httpd
/etc/httpd/www
/var
/var/www
/var/www/html
/etc/httpd/www/html
What is the name of the default error log in Apache?
Errorlog
Error.log
Error_log
Errorlog.log
Error_log.log
Which module must be loaded in order to use the DirectoryIndex option?
Mod_base
Mod_data
Mod_dir
Mod_access
Mod_cache
Mod_index
Which of these utility programs can delete entries to an LDAP DIT?
Ditdelete
Ldapadd
Ditadd
Ldapdelete
Ldapmodify
Ditmodify
What does the error message "mail loops back to me" typically indicate is wrong in the postfix configuration file?
"mydestination" is incorrectly configured
Postfix is listening only on the loopback interface
The MX record is incorrect (missing or pointing to an incorrect host
Postfix is listening only on port 25
"relay_domains" is incorrectly set
Which sshd configuration options control the use of public key authentication?
PasswordAuthentication
RSAAuthentication
PermitRootLogin
AuthorizedKeysFile
PubkeyAuthentication
Which file must be modified on the master DNS to allow master/slave operation for the package bind?
/etc/bind.conf
/etc/sysconfig/bind.conf
/etc/sysconfig/named.conf
/etc/named.conf
Root servers answer iterative & recursive queries.
True
False
"Aliasing" is used to redirect email addressed to a generic account such as "webmaster" to a user account such as "arnold". As such the recipient address is rewritten by the receiving mail server
True
False
To provide source integrity, asymmetric encryption is used. The private key is used to:
Encrypt
Decrypt
The LDAP protocol is used to:
Maintain and share directory information
None of the above
Resolve host names into IP addresses
Share resources, such as files and printers, between Windows and Linux platforms
Manage network configuration, such as IP addresses, for client systems
To setup the resolver on the client system to provide hostname resolution with LDAP in addition to static and DNS-style host name resolution, the following client configuration file has to be edited:
/etc/services
/etc/nsswitch.conf
/etc/resolv.conf
/etc/hosts
Assume that name-based virtual hosting is setup for the IP address 172.16.30.199 on a server with more than one interface. You want to display a web site when your web server is accessed using a different (and valid) IP address. To accomplish this you should:
Setup a separate Apache to listen on the different IP address after making sure that the current Apache is not listening on that IP address
Setup a "default" site in the virtual site section
It cannot be done: you cannot setup a site for another interface when setting up virtual hosting for a given interface
Do nothing: the site of the first virtual host will automatically be displayed.
Assuming you are already serving two domains, how many additional virtual hosts have to be set up in Apache to provide websites for the domains happy.org, peachy.org and sunny.org?
Zero (0)
One (1)
Three (3)
It cannot be done
Identify the error in the following LDIF entry:
dn: cn=Sarah Jones,ou=people,dc=example.com
objectclass: inetorgperson
cn: Sarah Jones
sn: Jones
mail: Sarah.Jones@example.com
mail: sjones@example.com
dn: cn=Sarah Jones,ou=people,dc=example.com
objectclass: inetorgperson
cn: Sarah Jones
sn: Jones
mail: Sarah.Jones@example.com
mail: sjones@example.com
The dc attribute does not have a valid value
The syntax for the attributes should use an = sign, not a colon, as in sn=Jones
There can only be one mail attribute, not two
There is no error
An "outbound" only mail server typically "hosts" email for its domain.
True
False
Practically, who should be able to look up a public DNS MX record?
The sending email server
The receiving email server
The user sending the email
The user receiving the email
None of these answers
Consistency of directory information across replicated LDAP servers is crucial while consistency of data stored in transactional databases is not.
True
False
HTTPS is:
HTTP that includes additional security modules defined by the HTTPS protocol
A different application layer protocol from HTTP
A newer version of the HTTP protocol
HTTP that uses the TLS/SSL layer for security services
The base/suffix for happy.org can be setup using the following object class:
InetOrgPerson
Domain
Top
Person
An object is created based on one object class. The object class must be:
Abstract
Auxiliary
Structural
There is only one type of object class
To locate an object in the DIT you use the _____________ of the object.
FQDN
None of these choices
RDN
DNS
The SMTP protocol is used to:
Manage network configuration for client systems
Share resources, such as files and printers, between Windows and Linux platforms
Maintain and share directory information
Resolve host names into IP addresses
None of these choices
If a directive in your Apache configuration is not recognized by Apache, the most likely reason is that the module that supports the directive is missing.
True
False
The apache server implements the following protocol:
None of these choices
URI
APACHE
HTTP
To send mail using the form user@domain.tld, where the mail server for the domain is mx.domain.tld, the A record for mx.domain.tld in the zone file for the domain is sufficient.
True
False
When setting up name-based virtual hosts, the Apache configuration requires:
One DocumentRoot directive for each virtual host and one ServerName directive for each virtual host
One DocumentRoot directive for each virtual host and one ServerName directive
One DocumentRoot directive and one ServerName directive
One DocumentRoot directive and one ServerName directive for each virtual host
The only source for web documents that a server can map a URL to is given by the DocumentRoot directive.
True
False
Which mail servers "need" to look up a public DNS MX record?
The receiving email server
The user sending the email
None of these answers
The user receiving the email
The sending email server
Based on the excerpt of the bind configuration below, a client with an IP address
of 192.168.1.20 can successfully query this DNS server.
options {
directory “/var/named”;
listen-on { 127.0.0.1; };
allow-query { 192.168.1.0/24; };
};
of 192.168.1.20 can successfully query this DNS server.
options {
directory “/var/named”;
listen-on { 127.0.0.1; };
allow-query { 192.168.1.0/24; };
};
True
False
An LDAP client, such as ldapsearch, requires at a minimum the following information to search an LDAP directory server.
An IP address (or hostname) for the LDAP server
A DN for the object to search
A DNS record for the server
A base/suffix for the DIT
The apache server implements the following protocol:
HTML
APACHE
None of these choices
URL
The three required components to have a functional email service are:
Mail User Agent, Mail Transfer Agent, Mail Delivery Agent
Mail User Agent, Mail Submission Agent, Mail Transfer Agent
Mail Submission Agent, Mail Transfer Agent, Mail Delivery Agent
Mail User Agent, Mail Submission Agent, Mail Delivery Agent
If object class inetOrgPerson is a subclass of object class person, the following applies:
Object class inheritance is not part of the LDAP protocol
All attributes of person are inherited by inetOrgPerson, except the required attributes
All attributes of person are inherited by inetOrgPerson, including the required attributes
All attributes of inetOrgPerson are inherited by person
When data is downloaded from a web server to a client browser, the type of data (text, image, audio, etc.) is determined by the:
Content-Type header based on MIME types
DocType directive in the Apache configuration
File extension of the downloaded document
Symmetric encryption is predominantly used to achieve confidentiality.
True
False
To provide data integrity the preferred cryptographic method is a:
Message digest
HMAC, hash-based message authentication code
MAC, Message authentication code
iptables –F
iptables –P INPUT ACCEPT
iptables –A INPUT –s 172.16.0.0/16 –p tcp –-dport 23 –j ACCEPT
iptables –A INPUT –s 172.16.0.0/16 –p tcp –-dport 22 –j ACCEPT
iptables –A INPUT –s 172.16.0.0/16 –j REJECT
What will happen to a packet with source IP 172.16.32.167 trying to connect to the DNS server currently running only the above iptables rules?
iptables –P INPUT ACCEPT
iptables –A INPUT –s 172.16.0.0/16 –p tcp –-dport 23 –j ACCEPT
iptables –A INPUT –s 172.16.0.0/16 –p tcp –-dport 22 –j ACCEPT
iptables –A INPUT –s 172.16.0.0/16 –j REJECT
What will happen to a packet with source IP 172.16.32.167 trying to connect to the DNS server currently running only the above iptables rules?
Rejected
Accepted
Dropped
When trying to add an LDAP directory entry the operation is unsuccessful. One of the possible problems could be that the corresponding schema file is not included in the LDAP server configuration.
True
False
Virtual hosts in Apache are used to:
Host web sites without the need to setup DNS entries for multiple domain names
Setup referrals to other web servers
Have web sites for multiple sites on the same server system
Create multiple copies of the same web site on multiple server systems
Apache fails to start due to an unknown directive in the configuration file. One possibility could be that the corresponding module is not loaded.
True
False
Postfix is considered to be primarily a:
Mail Submission Agent
Mail Transfer Agent
Mail User Agent
Mail Delivery Agent
Based on the following list of criteria determine which ones have to be satisfied for an inbound mail server.
The server has to be setup to "relay" for the domain.
The server has to be setup to "host" for the domain.
An MX record has to point to the mail server.
Masquerading is applied on all received email.
An attribute is defined by a set of object classes.
True
False
To verify the mail server of the domain example.lab based on the MX record the following dig command is used:
Dig mx.example.lab
Dig MX example.lab
Dig MX mail.example.lab
Dig mail.example.lab
An object can be created using exactly one auxiliary class and any number, including zero, structural classes.
True
False
iptables –A INPUT –s 172.16.0.0/16 –j ACCEPT
iptables –A INPUT –s 172.16.31.167 –p tcp –j DROP
Based only on the two rules above, an incoming connection from interface 172.16.31.167 will be dropped.
iptables –A INPUT –s 172.16.31.167 –p tcp –j DROP
Based only on the two rules above, an incoming connection from interface 172.16.31.167 will be dropped.
True
False
Based on this zone file:
$TTL 1D
$ORIGIN happy.org.
@ 1D IN SOA gw1.happy.org. root.happy.org. 06122401 3H 15M 1W 1D
IN NS gw1.happy.org.
IN NS gw2.happy.org.
gw1 IN A 193.168.0.2
gw2 IN A 193.168.0.3
What is the IP address of the primary name server?
$TTL 1D
$ORIGIN happy.org.
@ 1D IN SOA gw1.happy.org. root.happy.org. 06122401 3H 15M 1W 1D
IN NS gw1.happy.org.
IN NS gw2.happy.org.
gw1 IN A 193.168.0.2
gw2 IN A 193.168.0.3
What is the IP address of the primary name server?
193.168.0.1
193.168.0.2
193.168.0.3
193.168.0.4
It is impossible to determine with the information provided.
To provide confidentiality the following cryptographic method is used:
Symmetric encryption
Message code hashing
Asymmetric encryption
A delegation creates a link between two domains that are directly connected (parent-child) in the DNS tree. The delegation to the child domain is included in the parent domain.
True
False
A delegation creates a link between two domains that are directly connected (parent-child) in the DNS tree. The delegation to the child domain is included in the parent domain.
True
False
Name-based virtual hosting is possible because:
The client connection to the server is based on IP address and port number, and the hostname is included in the client request.
The client connection to the server is based on hostname and port number.
Name-based virtual hosting is possible because:
The client connection to the server is based on IP address and port number, and the hostname is included in the client request.
The client connection to the server is based on hostname and port number.
{"name":"Linux Final", "url":"https://www.quiz-maker.com/QPREVIEW","txt":"In order to determine the IP address of the root name servers, the slave DNS server:, Given this dig command: \"dig @127.0.0.1 www.happy.org\", determine which of the following is required?, 24. Based on the excerpt of the bind configuration below, a client with an IP address of 192.168.1.20 can successfully query this DNS server. options { directory “\/var\/named”; listen-on { 127.0.0.1; }; allow-query { 192.168.1.0\/24; }; };","img":"https://www.quiz-maker.com/3012/images/ogquiz.png"}
More Quizzes
Q and A
100
Primary 1 Singular and Plural (Third term) D3CBT2
1050
How well do you know me?
20100
ASEAN WAR Readiness by C asean (English v2)
26130
Knowledge quiz
100
Tepa legendary Awards 2017/2018
630
HAir
100
Primary 3 Mathematics (FW1) Day 3 CBT 2 (tklesson.com)
1050
420
Miss Kowalick's EPIC Viking quiz
15818
Game Show
740
Assess Your Self-Talk
840