202-450 Training & Certification Get Latest LPIC-2 Certified Linux Engineer Updated on May 09, 2024 [Q50-Q74]

202-450 Training & Certification Get Latest LPIC-2 Certified Linux Engineer Updated on May 09, 2024

Certification Training for 202-450 Exam Dumps Test Engine

The LPIC-2 Exam 202, Part 2 of 2, version 4.5 is a challenging exam that requires a solid understanding of Linux systems administration. 202-450 exam consists of 60 multiple-choice and fill-in-the-blank questions, and candidates are given 90 minutes to complete it. To pass the exam, candidates must score at least 500 out of 800.

Linux Professional Institute LPIC-2 202-450. Test Overview

As you already know, LPIC-2 202-450 is the 2nd exam in the sequence of the two (the first one is 201-450) that you need to pass to earn the LPIC-2 certification. It is designed for those test-takers that are passionate about systems administration and networking and are ready to upgrade their skills and boost their career to the next level. The exam lasts for 90 minutes and features 60-multiple choice and fill-in-the-blank questions. The exam cost depends on your location, and if you are going to take it in the USA, for instance, you’ll have to pay $200. Normally the LPI exam costs anything between $90 and $200. These numbers, set by the United Nations Human Development Index, and owe their disparities to the varying economic conditions across the world. To know the precise cost in your region, visit the LPI official website.

The LPIC-2 202-450 exam can be taken at Pearson VUE test centers with a 4-language option- English, Japanese, German, Portuguese. Moreover, the test can be written online via OnVUE. In this case, you are limited to English.

 

NEW QUESTION # 50
Which of the following Samba services handles the membership of a file server in an Active Directory domain?

• A. nmbd
• B. admemb
• C. winbindd
• D. msadd
• E. samba

Answer: C

Explanation:
Explanation
The Samba service that handles the membership of a file server in an Active Directory domain is winbindd.
Winbindd is a daemon that provides a number of services to the Name Service Switch (NSS) capability of the system, such as resolving user and group information from a Windows NT server and authentication. Winbindd can also be used to join a Samba file server to an Active Directory domain and authenticate domain users to access the file shares12 References:
Chapter 4. Using Samba for Active Directory Integration Red Hat Enterprise Linux 7 - Red Hat Customer Portal Winbind: Use of Domain Accounts - SambaWiki

NEW QUESTION # 51
Which of the following authentication mechanisms are supported by Dovecot? (Choose three.)

• A. ldap
• B. digest-md5
• C. krb5
• D. plain
• E. cram-md5

Answer: B,D,E

Explanation:
Explanation
Dovecot supports various authentication mechanisms that can be used to verify the identity of the users who connect to the mail server. Authentication mechanisms are protocols that define how the client and the server exchange the user credentials, such as the username and the password. Some authentication mechanisms are plaintext, which means that the user credentials are sent without any encryption. Others are non-plaintext, which means that the user credentials are protected from eavesdropping or tampering by using some form of encryption or hashing. Dovecot supports the following authentication mechanisms:
B). digest-md5: This is a non-plaintext mechanism that uses a challenge-response scheme based on the MD5 hash function. The client and the server exchange a series of messages that include a nonce (a random number), a realm (a domain name), and a digest (a hashed combination of the username, password, nonce, and realm). This mechanism prevents replay attacks and supports mutual authentication, meaning that both the client and the server can verify each other's identity. However, this mechanism is not widely supported by clients and has some security weaknesses12.
C). cram-md5: This is another non-plaintext mechanism that uses a challenge-response scheme based on the MD5 hash function. The server sends a nonce to the client, and the client responds with the username and a digest of the password and the nonce. This mechanism protects the password from eavesdropping, but does not prevent replay attacks or support mutual authentication. It also requires the server to have access to the plaintext password or a special hashed version of it. This mechanism has somewhat good support in clients12.
D). plain: This is the simplest and most common plaintext mechanism. The client simply sends the username and the password to the server without any encryption. This mechanism is supported by all clients, but it is vulnerable to eavesdropping and tampering. Therefore, it should only be used with SSL/TLS encryption to secure the connection12.
The other options are not supported by Dovecot as authentication mechanisms. A. ldap is not an authentication mechanism, but a protocol for accessing directory services. E. krb5 is not an authentication mechanism, but a network authentication protocol based on Kerberos. Dovecot supports Kerberos authentication through the GSSAPI mechanism

NEW QUESTION # 52
Which tool creates a Certificate Signing Request (CSR) for serving HTTPS with Apache HTTPD?

• A. httpsgen
• B. openssl
• C. apachect1
• D. certgen

Answer: B

NEW QUESTION # 53
A user requests a "hidden" Samba share, named confidential, similar to the Windows Administration Share. How can this be configured?

• A. Option C
• B. Option E
• C. Option B
• D. Option D
• E. Option A

Answer: B

NEW QUESTION # 54
Which of the following are logging directives in Apache HTTPD? (Choose two.)

• A. ErrorLog
• B. ServerLog
• C. CustomLog
• D. VHostLog
• E. TransferLog

Answer: C,E

Explanation:
Explanation
The TransferLog and CustomLog directives are both used to specify the location and format of the access log file in Apache HTTPD. The access log file records information about each request received by the server, such as the client IP address, the request method, the requested URL, the response status code, and the bytes sent.
The TransferLog directive is a simple way to enable access logging, without any customization. It takes one argument, which is the name of the log file or a pipe to a program that will handle the log data. For example:
TransferLog logs/access_log
The CustomLog directive is a more flexible way to enable access logging, with the ability to customize the log format and conditionally log requests based on environment variables. It takes two or three arguments, which are the name of the log file or a pipe to a program, the log format string or a nickname defined by the LogFormat directive, and optionally an expression that evaluates to true or false for each request. For example:
CustomLog logs/access_log common CustomLog "|/usr/bin/rotatelogs logs/access_log.%Y-%m-%d 86400" combined CustomLog logs/ssl_access_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x "%r" %b" env=HTTPS The ErrorLog directive is another logging directive in Apache HTTPD, but it is used to specify the location and format of the error log file, which records any errors or warnings encountered by the server. For example:
ErrorLog logs/error_log
The ServerLog and VHostLog directives are not valid logging directives in Apache HTTPD. They may be confused with the ServerSignature and VirtualHost directives, which are used for other purposes.
References:
Log Files - Apache HTTP Server Version 2.4
Directive Index - Apache HTTP Server Version 2.4
Apache Logging Basics - The Ultimate Guide To Logging

NEW QUESTION # 55
Which of the following types of IPv6 address assignments does DHCPv6 support? (Choose three.)

• A. Assignments of blacklisted IPv6 addresses that should no longer be used.
• B. Assignments of temporary IPv6 addresses that cannot be renewed.
• C. Assignments of IPv6 prefixes that can be used for routing or further assignments.
• D. Assignments of anonymous IPv6 addresses whose assignment is not logged by the DHCPv6 server.
• E. Assignments of normal IPv6 addresses that can be renewed.

Answer: B,C,E

Explanation:
Explanation
DHCPv6 supports three types of IPv6 address assignments:
Individual address assignment (IA_NA): This is the stateful mode of DHCPv6, where the DHCPv6 server assigns a normal IPv6 address to a client that can be renewed or released. The address is chosen from a pool of prefixes configured on the server and is unique and non-duplicate. The client can request one or more addresses using the IA_NA option in the DHCPv6 messages1 Temporary address assignment (IA_TA): This is similar to the IA_NA mode, but the addresses assigned are temporary and cannot be renewed or released. The temporary addresses are used for privacy reasons and are generated by the client using a random interface identifier. The client can request one or more temporary addresses using the IA_TA option in the DHCPv6 messages2 Prefix delegation (IA_PD): This is the mode where the DHCPv6 server delegates a whole IPv6 prefix to a client, such as a router or a host, that can use it for further subnetting or routing. The client can request one or more prefixes using the IA_PD option in the DHCPv6 messages. The delegated prefixes are also chosen from a pool of prefixes configured on the server3 References: 1: IP Addressing: DHCP Configuration Guide - IPv6 Access Services: DHCPv6 Individual Address Assignment 2: RFC 4941 - Privacy Extensions for Stateless Address Autoconfiguration in IPv6 3: IP Addressing: DHCP Configuration Guide - IPv6 Access Services: DHCPv6 Prefix Delegation

NEW QUESTION # 56
Which of the following PAM modules sets and unsets environment variables?

• A. pam_shell
• B. pam-vars
• C. pam-env
• D. pam_export
• E. pam_set

Answer: C

NEW QUESTION # 57
Which of these sets of entries does the following command return?

• A. Entries that have a cn of marie or have a telephoneNumber beginning with 9.
• B. Entries that don't have a cn of marie or don't have a telephoneNumber that begins with 9.
• C. Entries that have a cn of marie or don't have a telephoneNumber beginning with 9.
• D. Entries that don't have a cn of marie and don't have a telephoneNumber beginning with 9.
• E. Entries that have a cn of marie and a telephoneNumber that ending with 9.

Answer: E

NEW QUESTION # 58
When using mod_authz_core, which of the following strings can be used as an argument to Require in an Apache HTTPD configuration file to specify the authentication provider? (Choose three.)

• A. all
• B. method
• C. header
• D. regex
• E. expr

Answer: A,B,E

NEW QUESTION # 59
CORRECT TEXT
What command creates a SSH key pair? (Specify ONLY the command without any path or parameters)

Answer:

Explanation:
ssh-keygen

NEW QUESTION # 60
According to the configuration below, what is the full e-mail address of the administrator for this domain?

Answer:

Explanation:
[email protected]
Explanation:
According to the configuration, the postmaster address is set to [email protected]. This means that any system-generated messages or notifications sent to the administrator of this domain will use this address as the sender. The postmaster address is also used to receive messages from external senders who need to contact the administrator for any reason, such as reporting spam or abuse. The postmaster address is a mandatory requirement for any mail server, as specified by the RFC 5321 standard. References:
LPIC-2 exam 202 objectives, topic 207.3, Manage the postfix mail system RFC 5321, section 4.5.1, Postmaster Role

NEW QUESTION # 61
Which of the following nmap parameters scans a target for open TCP ports? (Choose two.)

• A. -sU
• B. -sS
• C. -sT
• D. -sZ
• E. -sO

Answer: B,C

NEW QUESTION # 62
With fail2ban, what is a 'jail'?

• A. A netfilter rules chain blocking offending IP addresses for a particular service
• B. A filter definition and a set of one or more actions to take when the filter is matched
• C. A group of services on the server which should be monitored for similar attack patterns in the log files
• D. The chroot environment in which fail2ban runs

Answer: B

NEW QUESTION # 63
Which global option in squid.confsets the port number or numbers that Squid will use to listen for client requests?

• A. http_port
• B. port
• C. server_port
• D. client_port
• E. squid_port

Answer: A

NEW QUESTION # 64
What is the path to the global Postfix configuration file? (Specify the full name of the file, including path.)

Answer:

Explanation:
/etc/postfix/main.cf

NEW QUESTION # 65
It has been discovered that the company mail server is configured as an open relay. Which of the following actions would help prevent the mail server from being used as an open relay while maintaining the possibility to receive company mails? (Choose two.)

• A. Upgrade the mailbox format from mbox to maildir
• B. Configure Dovecot to support IMAP connectivity
• C. Restrict Postfix to only relay outbound SMTP from the internal network
• D. Restrict Postfix to only accept e-mail for domains hosted on this server
• E. Configure netfilter to not permit port 25 traffic on the public network

Answer: C,E

Explanation:
Explanation/Reference:

NEW QUESTION # 66
FILL BLANK
Which OpenLDAP client command can be used to change the password for an LDAP entry? (Specify ONLY the command without any path or parameters.)

Answer:

Explanation:
ldappasswd

NEW QUESTION # 67
When the default policy for the netfilter INPUT chain is set to DROP, why should a rule allowing traffic to localhost exist?

• A. syslogd receives messages on localhost
• B. Some applications use the localhost interface to communicate with other applications
• C. The iptables command communicates with the netfilter management daemon netfilterd on localhost to create and change packet filter rules
• D. It doesn't matter; netfilter never affects packets addressed to localhost
• E. All traffic to localhost must always be allowed

Answer: B

Explanation:
Explanation
The localhost interface, also known as the loopback interface, is a virtual network interface that allows a host to communicate with itself. It has the IP address 127.0.0.1 for IPv4 and ::1 for IPv6. Some applications use the localhost interface to communicate with other applications running on the same host, such as database servers, web servers, or inter-process communication. Therefore, when the default policy for the netfilter INPUT chain is set to DROP, which means that all incoming packets that do not match any rule are dropped, a rule allowing traffic to localhost should exist to avoid breaking these applications. The rule can be something like this:
iptables -A INPUT -i lo -j ACCEPT
This rule appends a new rule to the INPUT chain that accepts any packet that comes from the loopback interface (lo). The other options are incorrect for the following reasons:
A). All traffic to localhost must always be allowed. This is false because there may be situations where traffic to localhost should be restricted or filtered, such as for security or performance reasons. For example, some malware may try to exploit vulnerabilities in applications listening on localhost, or some applications may generate excessive traffic on localhost that affects the system resources. Therefore, allowing all traffic to localhost is not always necessary or desirable.
B). It doesn't matter; netfilter never affects packets addressed to localhost. This is false because netfilter does affect packets addressed to localhost, unless they are explicitly allowed by a rule or the default policy. Netfilter processes all packets that enter or leave the network stack, regardless of their source or destination address. Therefore, packets addressed to localhost are subject to the same rules and policies as packets addressed to any other host.
D). syslogd receives messages on localhost. This is false because syslogd does not necessarily receive messages on localhost. Syslogd is a daemon that handles system logging, and it can receive messages from various sources, such as local processes, files, pipes, or remote hosts. Syslogd can be configured to listen on a network socket, such as UDP port 514, but it does not have to listen on localhost. Therefore, allowing traffic to localhost is not required for syslogd to function properly.
E). The iptables command communicates with the netfilter management daemon netfilterd on localhost to create and change packet filter rules. This is false because there is no such daemon as netfilterd, and the iptables command does not communicate with any daemon on localhost to create and change packet filter rules. The iptables command is a user-space tool that interacts directly with the netfilter kernel module through the netlink socket. Therefore, allowing traffic to localhost is not needed for the iptables command to work.
References: LPIC-2 202 exam objectives, LPIC-2 202-450 Exam Prep: Network Configuration, Netfilter - Wikipedia, Iptables Essentials: Common Firewall Rules and Commands

NEW QUESTION # 68
It has been discovered that the company mail server is configured as an open relay. Which of the following actions would help prevent the mail server from being used as an open relay while maintaining the possibility to receive company mails? (Choose two.)

• A. Upgrade the mailbox format from mbox to maildir
• B. Configure Dovecot to support IMAP connectivity
• C. Restrict Postfix to only relay outbound SMTP from the internal network
• D. Restrict Postfix to only accept e-mail for domains hosted on this server
• E. Configure netfilter to not permit port 25 traffic on the public network

Answer: C,E

NEW QUESTION # 69
Which of the following PAM modules allows the system administrator to use an arbitrary file containing a list of user and group names with restrictions on the system resources available to them?

• A. pam_unix
• B. pam_limits
• C. pam_filter
• D. pam_listfile

Answer: B

NEW QUESTION # 70
Which directive in a Nginx server configuration block defines the TCP ports on which the virtual host will be available, and which protocols it will use? (Specify ONLY the option name without any values.)

Answer:

Explanation:
listen
Explanation:
The listen directive in a Nginx server configuration block defines the TCP ports on which the virtual host will be available, and which protocols it will use. The listen directive takes one or more parameters, such as the port number, the IP address, and the protocol name. For example, the following directive tells Nginx to listen for HTTP requests on port 80 on all network interfaces:
listen 80;
The following directive tells Nginx to listen for HTTPS requests on port 443 on the 192.0.2.1 IP address:
listen 192.0.2.1:443 ssl;
The following directive tells Nginx to listen for both TCP and UDP traffic on port 53 on the 192.0.2.2 IP address:
listen 192.0.2.2:53 udp tcp;
The listen directive can also take some options, such as default_server, which specifies that the server block should act as the default server for the given port, or backlog, which sets the maximum number of pending connections for the socket.
References:
Server Block Examples | NGINX
NGINX Docs | Configuring HTTP Servers
Which directive in a Nginx server configuration block defines the TCP ports on which the virtual host will be available, and which protocols it will use?

NEW QUESTION # 71
A user requests a "hidden" Samba share, named confidential, similar to the Windows Administration Share.
How can this be configured?

• A. Option C
• B. Option E
• C. Option B
• D. Option D
• E. Option A

Answer: B

NEW QUESTION # 72
In order to export /usr and /bin via NFSv4, /exports was created and contains working bind mounts to /usr and
/bin. The following lines are added to /etc/exports on the NFC server:

After running
Explanation
mount-tnfsv4 server://mnt
of an NFC-Client, it is observed that /mnt contains the content of the server's /usr directory instead of the content of the NFSv4 foot folder.
Which option in /etc/exports has to be changed or removed in order to make the NFSv4 root folder appear when mounting the highest level of the server? (Specify ONLY the option name without any values or parameters.)

Answer:

Explanation:
fsid
The fsid option in /etc/exports is used to specify a unique identifier for each exported filesystem.
For NFSv4, there is a distinguished filesystem which is the root of all exported filesystems, and it is specified with fsid=root or fsid=0, both of which mean the same thing. If this option is used for the /exports directory, then it will be the root of the NFSv4 hierarchy, and any subdirectories under it will be mounted relative to it. This means that when mounting the highest level of the server, the client will see the content of /exports instead of the NFSv4 root folder. To avoid this, the fsid option should be removed or changed to a different value for the /exports directory, so that it is not the NFSv4 root. The other options in /etc/exports are not relevant for this question.

NEW QUESTION # 73
When trying to reverse proxy a web server through Nginx, what keyword is missing from the following configuration sample?

• A. reverse_proxy
• B. proxy_pass
• C. proxy_reverse
• D. forward_to
• E. remote_proxy

Answer: B

Explanation:
Explanation
In the context of configuring Nginx for reverse proxy, the proxy_pass directive is used to specify the protocol and address of a proxied server and an optional URI to which a location should be mapped. So, in the provided configuration sample, "proxy_pass" is the missing keyword that should precede "http://proxiedserver:8080;".
References:
[NGINX Docs | NGINX Reverse Proxy]: The official documentation of Nginx on how to set up a reverse proxy with Nginx.
[How To Configure Nginx as a Web Server and Reverse Proxy for Apache on One Ubuntu 20.04 Server
| DigitalOcean]: A tutorial from DigitalOcean on how to configure Nginx as a web server and reverse proxy for Apache on Ubuntu 20.04, which includes the use of the proxy_pass directive.

NEW QUESTION # 74
......

Step by Step Guide to Prepare for 202-450 Exam: https://www.actual4labs.com/Lpi/202-450-actual-exam-dumps.html

LPIC-2 Certified Linux Engineer 202-450 Real Exam Questions and Answers FREE Updated: https://drive.google.com/open?id=1aaB7lFgVwRJkB1usvXHFCk6XZZrrhn2T