202-450 Exam Dumps - LPIC-2 Certified Linux Engineer Questions and Answers

 OpenVAS is a network security scanner project that, at the core, is a server with a set of network vulnerability tests (NVTs) to detect security problems in remote systems and applications. It is an open-source tool that was forked from Nessus, a popular commercial scanner. OpenVAS can perform comprehensive scans of networks and hosts, as well as web application scanning and compliance testing. It also provides a graphical user interface (GUI) and a command-line interface (CLI) for managing scans and reports. References:

• Greenbone Vulnerability Management - Gentoo wiki
• The Best Network Vulnerability Scanners Tested in 2023 - Comparitech

mount-tnfsv4 server://mnt

of an NFC-Client, it is observed that /mnt contains the content of the server’s /usr directory instead of the content of the NFSv4 foot folder.

Which option in /etc/exports has to be changed or removed in order to make the NFSv4 root folder appear when mounting the highest level of the server? (Specify ONLY the option name without any values or parameters.)

Answer:  fsid

The fsid option in /etc/exports is used to specify a unique identifier for each exported filesystem. For NFSv4, there is a distinguished filesystem which is the root of all exported filesystems, and it is specified with fsid=root or fsid=0, both of which mean the same thing. If this option is used for the /exports directory, then it will be the root of the NFSv4 hierarchy, and any subdirectories under it will be mounted relative to it. This means that when mounting the highest level of the server, the client will see the content of /exports instead of the NFSv4 root folder. To avoid this, the fsid option should be removed or changed to a different value for the /exports directory, so that it is not the NFSv4 root. The other options in /etc/exports are not relevant for this question.

The command that displays NFS kernel statistics is nfsstat. This command can be used to show information about the number and type of NFS and RPC calls made by the NFS client or server. It can also be used to reset the statistics to zero, or to display information about mounted NFS file systems. The nfsstat command is part of the nfs-utils package and can be installed on most Linux distributions. For more information about the nfsstat command, you can refer to the following resources:

• 1: A Microsoft Learn article that explains the syntax and usage of the nfsstat command on Windows Server.
• 2: A Bing search result page that shows various links and snippets related to the nfsstat command.
• 3: A Red Hat article that demonstrates how to use the nfsstat and nfsiostat commands to troubleshoot NFS performance issues on Linux.

A zone file is a text file that defines a portion of the DNS namespace, called a zone. A zone file contains resource records that map domain names to IP addresses or other information. A zone file must follow the rules of the DNS hierarchy, which means that it can only contain records for names that are within the zone’s domain. For example, a zone file for example.com can only contain records for names that end with example.com, such as www.example.com or mail.example.com. It cannot contain records for names that are outside the zone’s domain, such as google.com or example.net. This is because the DNS server that hosts the zone file is only authoritative for the zone’s domain, and not for any other domains. If a zone file contains records for names that are outside the zone’s hierarchy, it will cause errors and inconsistencies in the DNS resolution process.  References: LPIC-2 202 exam objectives, DNS zone file format, DNS hierarchy

 The ldappasswd command is an OpenLDAP client tool that can be used to change the password for an LDAP entry. It can be used to change the password of the user who is binding to the LDAP server, or the password of another user if the bind user has sufficient privileges. The ldappasswd command requires the user to specify the LDAP server location, the bind DN and password, the old password, and the new password. The old and new passwords can be given on the command line, through prompts, or from files. The ldappasswd command can also use SASL authentication mechanisms instead of simple authentication. The ldappasswd command follows the general syntax of:

ldappasswd [options] [user]

where user is the DN of the entry whose password is to be changed. If omitted, the bind DN is used.

References:

• LPIC-2 Exam 202 Objectives, Objective 207.3: LDAP Operations
• How To Change Account Passwords on an OpenLDAP Server, DigitalOcean
• ldappasswd: change the password of an LDAP entry, openldap-clients Manual Page
• How To Change an OpenLDAP Password, Tyler’s Guides

The commands nc and telnet can be used to connect and interact with remote TCP network services. nc stands for netcat, a utility that can read and write data across network connections using TCP or UDP protocols. telnet is a client-server protocol that allows a user to communicate with a remote host using a virtual terminal. Both commands can be used to test the connectivity and functionality of network services such as web servers, mail servers, FTP servers, etc. by specifying the host name or IP address and the port number of the service. References:

• LPIC-2 exam 201 topics, section 205.1, “Use and configure network monitoring tools”.
• LPIC-2 exam 202 topics, section 208.1, “Implementing a web server”.
• Linux Essentials 010 exam objectives, section 4.3, “Basic network configuration and troubleshooting”.

The .htaccess file in the directory is configured to require a valid user. The .htpasswd file contains the username and password for usera. Therefore, usera can access the site using the password s3cr3t. References:

• LPIC-2 Overview
• LPIC-2 202-450
• Password Protecting Your Pages with htaccess

The command that creates a SSH key pair is ssh-keygen. This command generates a public and a private key file that can be used for SSH authentication. The command can take various options to specify the algorithm, the file name, the passphrase, and other parameters for the key pair. For more information, see the web search results below or the man page of ssh-keygen.

How to Use ssh-keygen to Generate a New SSH Key?

The netfilter table that contains built-in chains called INPUT, OUTPUT and FORWARD is the filter table. The filter table is the default table for netfilter and iptables, and it is used to filter packets based on their source, destination, protocol, port, state, etc. The filter table has three built-in chains, which correspond to the netfilter hooks that trigger them:

• INPUT: This chain is used to process incoming packets that are destined for the local system. The packets must have passed through the PREROUTING chain and the routing decision before reaching this chain.
• OUTPUT: This chain is used to process outgoing packets that are originated from the local system. The packets must have passed through the routing decision before reaching this chain.
• FORWARD: This chain is used to process packets that are neither originated from nor destined for the local system, but are routed through the system. The packets must have passed through the PREROUTING and POSTROUTING chains and the routing decision before reaching this chain.

The filter table can have user-defined chains as well, which can be created with the -N option of the iptables command. User-defined chains can be used to organize rules and simplify the management of the firewall. Rules can be added to any chain in the filter table with the -A option of the iptables command, and they can specify the target action to take if the packet matches the rule. The target can be one of the following:

• ACCEPT: This target allows the packet to pass through the chain and continue to the next netfilter hook.
• DROP: This target drops the packet and stops its processing.
• REJECT: This target drops the packet and sends back an error message to the sender.
• LOG: This target logs the packet information to the kernel log and continues to the next rule in the chain.
• RETURN: This target returns from the current chain to the calling chain, or to the default policy if there is no calling chain.
• A user-defined chain name: This target jumps to the user-defined chain and executes its rules until a terminal target (ACCEPT, DROP, REJECT, or RETURN) is reached or the end of the chain is reached.

References:

• A Deep Dive into Iptables and Netfilter Architecture
• Iptables Tutorial 1.2.2
• How To List and Delete Iptables Firewall Rules

When the rootdn and rootpw directives are not present in the slapd.conf file, the LDAP administrator account is defined in the file /etc/ldap.secret. This file contains the password for the LDAP root user, which is usually cn=admin,dc=example,dc=com. The file should be owned by root and have permissions of 600 to prevent unauthorized access. The file is referenced by the olcRootPW directive in the cn=config database, which is used to configure the LDAP server. The olcRootPW directive can also be set by using the ldappasswd command with the -Y EXTERNAL option, which allows the LDAP server to authenticate itself to itself using the SASL EXTERNAL mechanism12.

References:

• How To Configure OpenLDAP and Perform Administrative LDAP Tasks | DigitalOcean: A tutorial from DigitalOcean on how to configure OpenLDAP and perform administrative LDAP tasks, which includes the use of the /etc/ldap.secret file and the ldappasswd command.
• OpenLDAP Software 2.6 Administrator’s Guide: Configuring slapd: The official documentation of OpenLDAP on how to configure the slapd daemon, which includes the description of the olcRootPW directive and the SASL EXTERNAL mechanism.