LPI 303-200 - LPIC-3 Exam 303: Security, 2.0 Exam
Page: 2 / 12
Total 60 questions
Question #6 (Topic: )
Which command installs and configures a new FreelPA server, including all sub-
components, and creates a new FreelPA domain? (Specially ONLY the command without
any path or parameters).
components, and creates a new FreelPA domain? (Specially ONLY the command without
any path or parameters).
Answer: ipa-server-install
//www.freeipa.org/images/2/2b/lnstallation_and_Deployment.Guidep.pdf
Question #7 (Topic: )
Which of the following statements is true regarding eCryptfs?
A. For every file in an eCryptfs directory there exists a corresponding file that contains the encrypted content.
B. The content of all files in an eCryptfs directory is stored in an archive file similar to a tar file with an additional index to improve performance.
C. After unmounting an eCryptfs directory, the directory hierarchy and the original file names are still visible, although, it is not possible to view the contents of the files.
D. When a user changes his login password, the contents of his eCryptfs home directory has to be re-encrypted using his new login password.
E. eCryptfs cannot be used to encrypt only directories that are the home directory of a regular Linux user.
Answer: E
Question #8 (Topic: )
What effect does the configuration SSLStrictSNIVHostCheck on have on an Apache
HTTPD virtual host?
HTTPD virtual host?
A. The clients connecting to the virtual host must provide a client certificate that was issued by the same CA that issued the server's certificate.
B. The virtual host is served only to clients that support SNI.
C. All of the names of the virtual host must be within the same DNS zone.
D. The virtual host is used as a fallback default for all clients that do not support SNI.
E. Despite its configuration, the virtual host is served only on the common name and Subject Alternative Names of the server certificates.
Answer: B
Question #9 (Topic: )
Which option of the openvpn command should be used to ensure that ephemeral keys are
not written to the swap space?
not written to the swap space?
A. --mlock
B. --no-swap
C. --root-swap
D. --keys-no-swap
Answer: A
Question #10 (Topic: )
Which of the following keywords are built-in chairs for the iptables nat table? (Choose
THREE correct answers)
THREE correct answers)
A. OUTPUT
B. MASQUERADE
C. PROCESSING
D. POSTROUTING
E. PREROUTING
Answer: A,D,E
