LPI 303-200 - LPIC-3 Exam 303: Security, 2.0 Exam
Page: 1 / 12
Total 60 questions
Question #1 (Topic: )
Which of the following statements is true about chroot environments?
A. Symbolic links to data outside the chroot path are followed, making files and directories accessible
B. Hard links to files outside the chroot path are not followed, to increase security
C. The chroot path needs to contain all data required by the programs running in the chroot environment
D. Programs are not able to set a chroot path by using a function call, they have to use the command chroot
E. When using the command chroot, the started command is running in its own namespace and cannot communicate with other processes
Answer: C
Question #2 (Topic: )
Which of the following DNS record types can the command dnssec-signzone add to a
zone? (Choose THREE correct answers.)
zone? (Choose THREE correct answers.)
A. ASIG
B. NSEC
C. NSEC3
D. NSSIG
E. RRSIG
Answer: B,C,E
Question #3 (Topic: )
Which of the following prefixes could be present in the output of getcifsacl? (Choose
THREE correct answers.)
THREE correct answers.)
A. ACL
B. GRANT
C. GROUP
D. OWNER
E. SID
Answer: A,C,E
Question #4 (Topic: )
Which of the following commands changes the source IP address to 192.0.2.11 for all IPv4
packets which go through the network interface eth0?
j SNAT -to-source 192.0.2.11
eth0 -j SNAT -to-source 192.0.2.11
C. iptables -t nat -A POSTROUTING H eth0 -j DNAT -to-source 192.0.2.11
D. iptables -t mangle -A POSTROUTING -i eth0 -j SNAT -to-source 192.0.2.11
E. iptables -t mangle -A POSTROUTING -0 eth0 -j SNAT -to-source 192.0.2.11
packets which go through the network interface eth0?
j SNAT -to-source 192.0.2.11
eth0 -j SNAT -to-source 192.0.2.11
C. iptables -t nat -A POSTROUTING H eth0 -j DNAT -to-source 192.0.2.11
D. iptables -t mangle -A POSTROUTING -i eth0 -j SNAT -to-source 192.0.2.11
E. iptables -t mangle -A POSTROUTING -0 eth0 -j SNAT -to-source 192.0.2.11
Answer: A
Question #5 (Topic: )
Which of the following statements describes the purpose of ndpmon?
A. it monitors the network for neighbor discovery messages from new IPv6 hosts and routers
B. it monitors remote hosts by periodically sending echo requests to them.
C. it monitors the availability of a network link by querying network interfaces.
D. It monitors the network for IPv4 nodes that have not yet migrated to IPv6.
E. It monitors log files for failed login attempts in order to block traffic from offending network nodes
Answer: A