LPIC-3 Exam 303: Security, 2.0 v7.0 (303-200)

Page:    1 / 4   
Total 63 questions

Which of the following database names can be used within a Name Service Switch (NSS) configuration file? (Choose THREE correct answers).

  • A. host
  • B. shadow
  • C. service
  • D. passwd
  • E. group

Answer : A,C,E

Which of the following command lines sets the administrator password for ntop to testing

  • A. ntop --set-admin-password=testing123
  • B. ntop --set-password-testing123
  • C. ntop --reset-password=testing 123
  • D. ntop --set-new-password=testing123

Answer : A

What is the purpose of IP sets?

  • A. They group together IP addresses that are assigned to the same network interfaces.
  • B. They group together IP addresses and networks that can be referenced by the network routing table.
  • C. They group together IP addresses that can be referenced by netfilter rules.
  • D. They group together IP and MAC addresses used by the neighbors on the local network.
  • E. They group together IP addresses and user names that can be referenced from /etc/hosts allow and /etc/hosts deny

Answer : C

What command is used to update NVTs from the OpenVAS NVT feed? (Specify ONLY the command without any path or parameters).

Answer : openvas-nvt-sync //www.openvas.org/openvas-nvt-feed.html

Which of the following lines in an OpenSSL configuration adds an X 509v3 Subject
Alternative Name extension for the host names example.org and www.example.org to a certificate'?

  • A. subjectAltName = DNS: www example.org, DNS:example.org
  • B. extension= SAN: www.example.org, SAN:example.org
  • C. subjectAltName: www.example.org, subjectAltName: example.org
  • D. commonName = subjectAltName= www.example.org, subjectAltName = example.org
  • E. subject= CN= www.example.org, CN=example.org

Answer : A

Which of the following information, within a DNSSEC- signed zone, is signed by the key signing key?

  • A. The non-DNSSEC records like A, AAAA or MX
  • B. The zone signing key of the zone.
  • C. The RRSIG records of the zone.
  • D. The NSEC or NSEC3 records of the zone.
  • E. The DS records pointing to the zone

Answer : B

Which of the following commands displays all ebtable rules contained in the table filter including their packet and byte counters?

  • A. ebtables -t nat -L -v
  • B. ebtables-L-t filter -Lv
  • C. ebtables-t filter-L-Lc
  • D. ebtables -t filter -Ln -L
  • E. ebtables-L -Lc-t filter

Answer : C

Which of the following access control models is established by using SELinux?

  • A. Security Access Control (SAC)
  • B. Group Access Control (GAC)
  • C. User Access Control (UAC)
  • D. Discretionary Access Control (DAC)
  • E. Mandatory Access Control (MAC)

Answer : E

What is the purpose of the program snort-stat?

  • A. It displays statistics from the running Snort process.
  • B. It returns the status of all configured network devices.
  • C. It reports whether the Snort process is still running and processing packets.
  • D. It displays the status of all Snort processes.
  • E. It reads syslog files containing Snort information and generates port scan statistics.

Answer : E

Which of the following methods can be used to deactivate a rule in Snort? (Choose TWO correct answers.)

  • A. By placing a # in front of the rule and restarting Snort
  • B. By placing a pass rule in local.rules and restarting Snort.
  • C. By deleting the rule and waiting for Snort to reload its rules files automatically.
  • D. By adding a pass rule to /etc/snort/rules.deactivated and waiting for Snort to reload its rules files automatically.

Answer : B,C

When OpenVPN sends a control packet to its peer, it expects an acknowledgement in 2 seconds by default. Which of the following options changes the timeout period to 5 seconds?

  • A. -tls-timeout 5
  • B. -tls- timeout 500
  • C. -tls- timer 5
  • D. -tls- timer 500

Answer : A

Which command revokes ACL-based write access for groups and named users on the file afile?

  • A. setfacI -x group: * : rx, user:*: rx afile
  • B. setfacl -x mask: : rx afile
  • C. setfacl ~m mask: : rx afile
  • D. setfacl ~m group: * : rx, user:*: rx afile

Answer : C

Which of the following statements are true regarding the certificate of a Root CA? (Choose
TWO correct answers.)

  • A. It is a self-signed certificate.
  • B. It does not include the private key of the CA
  • C. It must contain a host name as the common name.
  • D. It has an infinite lifetime and never expires.
  • E. It must contain an X509v3 Authority extension.

Answer : A,B,E

Linux Extended File Attributes are organized in namespaces. Which of the following names correspond to existing attribute namespaces? (Choose THREE correct answers.)

  • A. default
  • B. system
  • C. owner
  • D. trusted
  • E. user

Answer : B,D,E

Which of the following statements are valid wireshark capture filters? {Choose TWO correct answers.)

  • A. port range 10000:tcp-15000:tcp
  • B. port-range tcp 10000-15000
  • C. tcp portrange 10000-15000
  • D. portrange 10000/tcp-15000/tcp
  • E. portrange 10000-15000 and tcp

Answer : C,E

Page:    1 / 4   
Total 63 questions