1. Home
  2. LPI
  3. LPIC Level 3
  4. 303-200
  5. LPIC-3 Exam 303: Security, 2.0 Questions and Answers

Pass the LPI LPIC Level 3 303-200 Questions and answers with CertsForce

 LPI Exams      Go to Exam Detail      Get Premium Access
Viewing page 1 out of 2 pages
Viewing questions 1-10 out of questions
Questions # 1:

Which of the following keywords are built-in chairs for the iptables nat table? (Choose THREE correct answers)

Options:
A.

OUTPUT

B.

MASQUERADE

C.

PROCESSING

D.

POSTROUTING

E.

PREROUTING

Questions # 2:

How does TSIG authenticate name servers in order to perform secured zone transfers?

Options:
A.

Both servers mutually verify their X509 certificates.

B.

Both servers use a secret key that is shared between the servers.

C.

Both servers verify appropriate DANE records for the labels of the NS records used to delegate the transferred zone.

D.

Both servers use DNSSEC to mutually verify that they are authoritative for the transferred zone.

Questions # 3:

Which of the following statements describes the purpose of ndpmon?

Options:
A.

it monitors the network for neighbor discovery messages from new IPv6 hosts and routers

B.

it monitors remote hosts by periodically sending echo requests to them.

C.

it monitors the availability of a network link by querying network interfaces.

D.

It monitors the network for IPv4 nodes that have not yet migrated to IPv6.

E.

It monitors log files for failed login attempts in order to block traffic from offending network nodes

Questions # 4:

Which of the following information, within a DNSSEC- signed zone, is signed by the key signing key?

Options:
A.

The non-DNSSEC records like A, AAAA or MX

B.

The zone signing key of the zone.

C.

The RRSIG records of the zone.

D.

The NSEC or NSEC3 records of the zone.

E.

The DS records pointing to the zone

Questions # 5:

Which of the following database names can be used within a Name Service Switch (NSS) configuration file? (Choose THREE correct answers).

Options:
A.

host

B.

shadow

C.

service

D.

passwd

E.

group

Questions # 6:

Which of the following components are part of FreeIPA? (Choose THREE correct answers.)

Options:
A.

DHCP Server

B.

Kerberos KDC

C.

Intrusion Detection System

D.

Public Key Infrastructure

E.

Directory Server

Questions # 7:

Which of the following openssl commands generates a certificate signing request (CSR) using the already existing private key contained in the file private/keypair.pem?

Options:
A.

openssl req -key private/keypair.pem -out req/csr.pem

B.

openssl req - new -key private/keypair.pem -out req/csr.pem

C.

openssl gencsr -key private/keypair.pem -out req/csr.pem

D.

openssl gencsr -new- key private/keypair.pem -out req/csr.pem

Questions # 8:

Which DNS label points to the DANE information used to secure HTTPS connections to https://www.example.com/ ?

Options:
A.

example.com

B.

dane.www.example.com

C.

soa.example com

D.

www.example.com

E.

_443_tcp.www example.com

Questions # 9:

What effect does the configuration SSLStrictSNIVHostCheck on have on an Apache HTTPD virtual host?

Options:
A.

The clients connecting to the virtual host must provide a client certificate that was issued by the same CA that issued the server's certificate.

B.

The virtual host is served only to clients that support SNI.

C.

All of the names of the virtual host must be within the same DNS zone.

D.

The virtual host is used as a fallback default for all clients that do not support SNI.

E.

Despite its configuration, the virtual host is served only on the common name and Subject Alternative Names of the server certificates.

Questions # 10:

What option of mount.cifs specifies the user that appears as the local owner of the files of a mounted CIFS share when the server does not provide ownership information? (Specify ONLY the option name without any values or parameters.)

Viewing page 1 out of 2 pages
Viewing questions 1-10 out of questions