NEW QUESTION 1
Which of the following PAM modules allows the system administrator to use an arbitrary file containing a list of user and group names with restrictions on the system resources available to them?

• A. pam_filter
• B. pam_limits
• C. pam_listfile
• D. pam_unix

Answer: B

NEW QUESTION 2
In a BIND zone file, what does the @ character indicate?

• A. It’s the fully qualified host name of the DNS server
• B. It’s an alias for the e-mail address of the zone master
• C. It’s the name of the zone as defined in the zone statement in named.conf
• D. It’s used to create an alias between two CNAME entries

Answer: C

NEW QUESTION 3
Which tool creates a Certificate Signing Request (CSR) for serving HTTPS with Apache HTTPD?

• A. apachect1
• B. certgen
• C. cartool
• D. httpsgen
• E. openssl

Answer: E

NEW QUESTION 4
Which FTP names are recognized as anonymous users in vsftp when the option anonymous_enable is set to yes in the configuration files? (Choose two.)

• A. anonymous
• B. ftp
• C. In the described configuration, any username which neither belongs to an existing user nor has another special meaning is treated as anonymous user.
• D. nobody
• E. guest

Answer: AB

NEW QUESTION 5
Which BIND option should be used to limit the IP addresses from which slave name servers may connect?

• A. allow-zone-transfer
• B. allow-transfer
• C. allow-secondary
• D. allow-slaves
• E. allow-queries

Answer: B

NEW QUESTION 6
What is the standard port used by OpenVPN?

• A. 1723
• B. 4500
• C. 500
• D. 1194

Answer: D

NEW QUESTION 7
Which of the following lines is valid in a configuration file in /etc/pam.d/?

• A. authrequired pam_unix.sotry_first_pass nullok
• B. authtry_first_pass nullok, require pam_unix.so
• C. authrequired:pam_unix.so(try_first_pass nullok)
• D. authpam_unix.so(required try_first_pass nullok)

Answer: A

NEW QUESTION 8
To which destination will a route appear in the Linux routing table after activating IPv6 on a router’s network interface, even when no global IPv6 addresses have been assigned to the interface?

• A. fe80::/10
• B. 0::/128
• C. 0::/0
• D. fe80::/64
• E. 2000::/3

Answer: A

NEW QUESTION 9
How are PAM modules organized and stored?

• A. As plain text files in /etc/security/
• B. A statically linked binaries in /etc/pam.d/bin/
• C. As Linux kernel modules within the respective sub directory of /lib/modules/
• D. As shared object files within the /lib/ directory hierarchy
• E. As dynamically linked binaries in /usr/lib/pam/sbin/

Answer: E

NEW QUESTION 10
Which of the following is correct about this excerpt from an LDIF file?

• A. dn is the domain name.
• B. o is the operator name.
• C. cn is the common name.
• D. dn is the relative distinguished name.
• E. DC is the delegation containe

Answer: D

NEW QUESTION 11
Which of the following authentication mechanisms are supported by Dovecot? (Choose three.)

• A. ldap
• B. digest-md5
• C. cram-md5
• D. plain
• E. krb5

Answer: BCD

NEW QUESTION 12
Which Linux user is used by vsftpd to perform file system operations for anonymous FTP users?

• A. The Linux user which runs the vsftpd process
• B. The Linux user that owns the root FTP directory served by vsftpd
• C. The Linux user with the same user name that was used to anonymously log into the FTP server
• D. The Linux user root, but vsftpd grants access to anonymous users only to globally read-/writeable files
• E. The Linux user specified in the configuration option ftp_username

Answer: E

NEW QUESTION 13
When the default policy for the netfilter INPUT chain is set to DROP, why should a rule allowing traffic to localhost exist?

• A. All traffic to localhost must always be allowed
• B. It doesn’t matter; netfilter never affects packets addressed to localhost
• C. Some applications use the localhost interface to communicate with other applications
• D. syslogd receives messages on localhost
• E. The iptables command communicates with the netfilter management daemon netfilterd on localhost to create and change packet filter rules

Answer: C

NEW QUESTION 14
How must Samba be configured such that it can check CIFS passwords against those found in
/etc/passwd and /etc/shadow?

• A. Set the parameters “encrypt passwords = yes” and “password file = /etc/passwd”
• B. Set the parameters “encrypt passwords = yes”, “password file = /etc/passwd” and “password algorithm = crypt”
• C. Delete the smbpasswd file and create a symbolic link to the passwd and shadow file
• D. It is not possible for Samba to use /etc/passwd and /etc/shadow directly
• E. Run smbpasswd to convert /etc/passwd and /etc/shadow to a Samba password file

Answer: D

NEW QUESTION 15
Which option within the ISC DHCPD configuration file defines the IPv4 DNS server address(es) to be sent to the DHCP clients?

• A. domain-name-servers
• B. domain-server
• C. name-server
• D. servers

Answer: A

NEW QUESTION 16
The program vsftpd, running in a chroot jail, gives the following error:

Which of the following actions would fix the error?

• A. The file /etc/ld.so.conf in the root filesystem must contain the path to the appropriate lib directory in the chroot jail
• B. Create a symbolic link that points to the required library outside the chroot jail
• C. Copy the required library to the appropriate lib directory in the chroot jail
• D. Run the program using the command chroot and the option--static_libs

Answer: C

NEW QUESTION 17
CORRECT TEXT
Which action in a Sieve filter forwards a message to another email address without changing the message? (Specify ONLY the action’s name without any parameters.)

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
redirect

NEW QUESTION 18
Which Apache HTTPD configuration directive is used to specify the method of authentication, e.g. None or Basic?

• A. AuthUser
• B. AllowedAuthUser
• C. AuthType
• D. AllowAuth

Answer: C

NEW QUESTION 19
CORRECT TEXT
According to this LDIF excerpt, which organizational unit is Robert Smith part of? (Specify only the organizational unit.)

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
people

NEW QUESTION 20
Which of the following information has to be submitted to a certification authority in order to request a web server certificate?

• A. The web server’s private key.
• B. The IP address of the web server.
• C. The list of ciphers supported by the web server.
• D. The web server’s SSL configuration file.
• E. The certificate signing reques

Answer: E

NEW QUESTION 21
Which of the following sshd configuration should be set to no in order to fully disable password
based logins? (Choose two.)

• A. PAMAuthentication
• B. ChallengegeResponseAuthentication
• C. PermitPlaintextLogin
• D. UsePasswords
• E. PasswordAuthentication

Answer: BE

NEW QUESTION 22
......