LPI 202-450 Exam Questions

Question 6 of 120

What option in the client configuration file would tell OpenVPN to use a dynamic source port when making a connection to a peer?

src-port

remote

source-port

nobind

dynamic-bind

Correct Answer: D

To tell OpenVPN to use a dynamic source port when making a connection to a peer, you should use the 'nobind' option in the client configuration file. This directive instructs OpenVPN not to bind to a specific local port, allowing the operating system to choose an available port dynamically.

Question 7 of 120

Which Linux user is used by vsftpd to perform file system operations for anonymous FTP users?

The Linux user which runs the vsftpd process

The Linux user that owns the root FTP directory served by vsftpd

The Linux user with the same user name that was used to anonymously log into the FTP server

The Linux user root, but vsftpd grants access to anonymous users only to globally read-/writeable files

The Linux user specified in the configuration option ftp_username

Correct Answer: E

The Linux user specified in the configuration option ftp_username is used by vsftpd to perform file system operations for anonymous FTP users. This user is defined in the vsftpd configuration file, and its home directory is typically the root of the anonymous FTP area.

Question 8 of 120

Which of the following sshd configuration should be set to no in order to fully disable password based logins? (Choose two.)

PAMAuthentication

ChallengegeResponseAuthentication

PermitPlaintextLogin

UsePasswords

PasswordAuthentication

Correct Answer: B, E

To fully disable password-based logins in the sshd configuration file, you should set both `PasswordAuthentication` and `ChallengeResponseAuthentication` to 'no'. `PasswordAuthentication` directly controls whether password authentication is allowed, while `ChallengeResponseAuthentication` controls whether challenge-response authentication methods (often involving passwords) are permitted. Setting these two options to 'no' ensures that all password-based methods of authentication are disabled.

Question 9 of 120

When the default policy for the netfilter INPUT chain is set to DROP, why should a rule allowing traffic to localhost exist?

All traffic to localhost must always be allowed

It doesn't matter; netfilter never affects packets addressed to localhost

Some applications use the localhost interface to communicate with other applications

syslogd receives messages on localhost

The iptables command communicates with the netfilter management daemon netfilterd on localhost to create and change packet filter rules

Correct Answer: C

When the default policy for the netfilter INPUT chain is set to DROP, allowing traffic to localhost is essential because some applications use the localhost interface to communicate with other applications. Without this rule, inter-application communication on the same machine that relies on the localhost might be disrupted, causing various issues in operation and functionality.

Question 10 of 120

FILL BLANK -
What command creates a SSH key pair? (Specify ONLY the command without any path or parameters)

Correct Answer:

The command to create an SSH key pair, without any path or parameters, is 'ssh-keygen'. This command generates a new pair of SSH keys for securing communication between systems.