202-450 Exam Dumps - LPIC-2 Certified Linux Engineer Questions and Answers

 After running ssh-keygen and accepting the default values, the following files are changed or created in the user’s home directory under the .ssh subdirectory:

• ~/.ssh/id_rsa: This file contains the private key of the user, which is used for authenticating the user to a remote server. The private key is encrypted with a passphrase, which can be left empty for convenience, but this is not recommended for security reasons. The private key should be kept secret and protected by the user, and should not be copied or shared with anyone else.
• ~/.ssh/id_rsa.pub: This file contains the public key of the user, which is used for verifying the user’s identity by the remote server. The public key can be copied and distributed to any server that the user wants to access via SSH. The public key can also be appended to the ~/.ssh/authorized_keys file on the remote server, which allows the user to log in without entering a password.

The other options are not correct. There is no file called ~/.ssh/id_rsa.key, ~/.ssh/id_rsa.prv, or ~/.ssh/id_rsa.crt created by ssh-keygen. The .key, .prv, and .crt extensions are not used by ssh-keygen, and they may be confused with other types of keys or certificates.

References:

• How to Use ssh-keygen to Generate a New SSH Key?
• How To Set Up SSH Keys
• SSH Essentials: Working with SSH Servers, Clients, and Keys

When using a web server certificate that is signed by an intermediate certification authority, the web server must also send the intermediate certificate to the client browser, so that the browser can verify the whole chain of trust. To do this, the web server must have both the web server certificate and the intermediate certificate in one file, which is specified in the SSLCertificateFile directive of Apache HTTPD. This way, the web server can send both certificates to the client in one response. The order of the certificates in the file is important: the web server certificate must come first, followed by the intermediate certificate. The file can be created by concatenating the two certificates with a text editor or the cat command. References:

• LPIC-2 202 exam objectives, topic 218.1: Implementing HTTPS
• Apache HTTPD documentation, section: SSLCertificateFile Directive
• How to install an Intermediate SSL Certificate on Apache

The verbose_proctitle parameter in the Dovecot configuration file controls whether Dovecot adds extra information to its process titles. When this parameter is set to yes, Dovecot will show the username, IP address of the peer, and the connection status for each process. This can help to associate the processes with users and peers, and to monitor the activity of the mail server. For example, the process titles may look like this:

dovecot/imap-login user@domain.com [192.168.0.1] dovecot/imap user@domain.com [192.168.0.1] IDLE

The verbose_proctitle parameter can be set in the /etc/dovecot/dovecot.conf file or in the /etc/dovecot/conf.d/10-master.conf file. The default value is no, which means that Dovecot will only show the process name and the command state. For example:

dovecot/imap-login dovecot/imap [idling]

The other options are not related to the process titles. The --with-linux-extprocnames option for ./configure when building Dovecot is not a valid option. The sys.ps.allow_descriptions and proc.all.show_status parameters in sysctl.conf or /proc are not valid parameters. The process_format parameter in the Dovecot configuration is used to specify the format of the process name, not the process title.

References:

• LPIC-2 Exam 202 Objectives, Objective 205.4: Managing a dovecot server
• Process Titles — Dovecot documentation, Dovecot Documentation
• Dovecot Configuration Parameters: verbose_proctitle, Dovecot Documentation
• Dovecot Configuration Parameters: process_name, Dovecot Documentation
• How to monitor dovecot processes? - Server Fault, Forum

The Samba service that handles the membership of a file server in an Active Directory domain is winbindd. Winbindd is a daemon that provides a number of services to the Name Service Switch (NSS) capability of the system, such as resolving user and group information from a Windows NT server and authentication. Winbindd can also be used to join a Samba file server to an Active Directory domain and authenticate domain users to access the file shares12 References:

• Chapter 4. Using Samba for Active Directory Integration Red Hat Enterprise Linux 7 - Red Hat Customer Portal
• Winbind: Use of Domain Accounts - SambaWiki