NEW QUESTION 1
In order to protect a directory on an Apache HTTPD web server with a password, this configuration was added to an .htaccess file in the respective directory:

Furthermore, a file /var/www/dir/ .htpasswd was created with the following content: usera:S3cr3t
Given that all these files were correctly processed by the web server processes, which of the following statements is true about requests to the directory?

• A. The user usera can access the site using the password s3cr3t
• B. Accessing the directory as usera raises HTTP error code 442 (User Not Existent)
• C. Requests are answered with HTTP error code 500 (Internal Server Error)
• D. The browser prompts the visitor for a username and password but logins for usera do not seem to work
• E. The web server delivers the content of the directory without requesting authentication

Answer: A

NEW QUESTION 2
The program vsftpd, running in a chroot jail, gives the following error:

Which of the following actions would fix the error?

• A. The file /etc/ld.so.conf in the root filesystem must contain the path to the appropriate lib directory in the chroot jail
• B. Create a symbolic link that points to the required library outside the chroot jail
• C. Copy the required library to the appropriate lib directory in the chroot jail
• D. Run the program using the command chroot and the option--static_libs

Answer: C

NEW QUESTION 3
If there is no access directive, what is the default setting for OpenLDAP?

• A. Option A
• B. Option B
• C. Option C
• D. Option D

Answer: B

NEW QUESTION 4
CORRECT TEXT
What option in the sshd configuration file instructs sshd to permit only specific user names to log in to a system? (Specify ONLY the option name without any values.)

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
sshd_config

NEW QUESTION 5
Which of the following lines in the sshd configuration file should, if present, be changed in order to increase the security of the server? (Choose two.)

• A. Protocol 2, 1
• B. PermitEmptyPasswords no
• C. Port 22
• D. PermitRootLogin yes
• E. IgnoreRhosts yes

Answer: AD

NEW QUESTION 6
CORRECT TEXT
In order to export /usr and /bin via NFSv4, /exports was created and contains working bind mounts to /usr and /bin. The following lines are added to /etc/exports on the NFC server:

After running
mount-tnfsv4 server://mnt
of an NFC-Client, it is observed that /mnt contains the content of the server’s /usr directory instead of the content of the NFSv4 foot folder.
Which option in /etc/exports has to be changed or removed in order to make the NFSv4 root folder appear when mounting the highest level of the server? (Specify ONLY the option name without any
values or parameters.)

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
mount

NEW QUESTION 7
Which of the following statements are true regarding Server Name Indication (SNI)? (Choose two.)

• A. It supports transparent failover of TLS sessions from one web server to another.
• B. It allows multiple SSL/TLS secured virtual HTTP hosts to coexist on the same IP address.
• C. It enables HTTP servers to update the DNS of their virtual hosts’ names using the X 509 certificates of the virtual hosts.
• D. It provides a list of available virtual hosts to the client during the TLS handshake.
• E. It submits the host name of the requested URL during the TLS handshak

Answer: BE

NEW QUESTION 8
What is the name of the network security scanner project which, at the core, is a server with a set of network vulnerability tests?

• A. NetMap
• B. OpenVAS
• C. Smartscan
• D. Wireshark

Answer: B

NEW QUESTION 9
The Samba configuration file contains the following lines:

A workstation is on the wired network with an IP address of 192.168.1.177 but is unable to access the Samba server. A wireless laptop with an IP address 192.168.2.93 can access the Samba server. Additional trouble shooting shows that almost every machine on the wired network is unable to access the Samba server.
Which alternate host allow declaration will permit wired workstations to connect to the Samba server without denying access to anyone else?

• A. host allow = 192.168.1.1-255
• B. host allow = 192.168.1.100192.168.2.200localhost
• C. host deny = 192.168.1.100/255.255.255.0192.168.2.31localhost
• D. host deny = 192.168.2.200/255.255.255.0192.168.2.31localhost
• E. host allow = 192.168.1.0/255.255.255.0192.168.2.0/255.255.255.0 localhost

Answer: DE

NEW QUESTION 10
To which destination will a route appear in the Linux routing table after activating IPv6 on a router’s network interface, even when no global IPv6 addresses have been assigned to the interface?

• A. fe80::/10
• B. 0::/128
• C. 0::/0
• D. fe80::/64
• E. 2000::/3

Answer: A

NEW QUESTION 11
What is the purpose of DANE?

• A. Verify the integrity of name information retrieved via DNS.
• B. Allow secure dynamic DNS updates.
• C. Invalidate name information stored on caching name servers to speed up DNS updates.
• D. Discover which servers within a DNS domain offer a specific service.
• E. Provide a way to verify the association of X 509 certificates to DNS host name

Answer: E

NEW QUESTION 12
In a BIND zone file, what does the @ character indicate?

• A. It’s the fully qualified host name of the DNS server
• B. It’s an alias for the e-mail address of the zone master
• C. It’s the name of the zone as defined in the zone statement in named.conf
• D. It’s used to create an alias between two CNAME entries

Answer: C

NEW QUESTION 13
Which http_access directive for Squid allows users in the ACL named sales_net to only access the Internet at times specified in the time_acl named sales_time?

• A. http_access deny sales_time sales_net
• B. http_access allow sales_net sales_time
• C. http_access allow sales_net and sales-time
• D. allow http_access sales_net sales_time
• E. http_access sales_net sales_time

Answer: B

NEW QUESTION 14
When the default policy for the netfilter INPUT chain is set to DROP, why should a rule allowing traffic to localhost exist?

• A. All traffic to localhost must always be allowed
• B. It doesn’t matter; netfilter never affects packets addressed to localhost
• C. Some applications use the localhost interface to communicate with other applications
• D. syslogd receives messages on localhost
• E. The iptables command communicates with the netfilter management daemon netfilterd on localhost to create and change packet filter rules

Answer: C

NEW QUESTION 15
On a Linux router, packet forwarding for IPv4 has been enabled. After a reboot, the machine no longer forwards IP packets from other hosts. The command:
echo 1 > /proc/sys/net/ipv4/ip_forward temporarily resolves this issue.
Which one of the following options is the best way to ensure this setting is saved across system restarts?

• A. Add echo 1 > /proc/sys/net/ipv4/ip_forward to the root user login script
• B. Add echo 1 > /proc/sys/net/ipv4/ip_forward to any user login script
• C. In /etc/sysct1.conf change net.ipv4.ip_forward to 1
• D. In /etc/rc.local add net.ipv4.ip_forward = 1
• E. In /etc/sysconfig/iptables-config add ipv4.ip_forward = 1

Answer: C

NEW QUESTION 16
Which Apache HTTPD configuration directive is used to specify the method of authentication, e.g. None or Basic?

• A. AuthUser
• B. AllowedAuthUser
• C. AuthType
• D. AllowAuth

Answer: C

NEW QUESTION 17
Using its standard configuration, how does fail2ban block offending SSH clients?

• A. By rejecting connections due to its role as a proxy in front of SSHD.
• B. By modifying and adjusting the SSHD configuration.
• C. By creating and maintaining netfilter rules.
• D. By creating null routes that drop any answer packets sent to the client.
• E. By modifying and adjusting the TCP Wrapper configuration for SSH

Answer: B

NEW QUESTION 18
How are PAM modules organized and stored?

• A. As plain text files in /etc/security/
• B. A statically linked binaries in /etc/pam.d/bin/
• C. As Linux kernel modules within the respective sub directory of /lib/modules/
• D. As shared object files within the /lib/ directory hierarchy
• E. As dynamically linked binaries in /usr/lib/pam/sbin/

Answer: E

NEW QUESTION 19
After the installation of Dovecot, it is observed that the dovecot processes are shown in ps ax like this:

In order to associate the processes with users and peers, the username, IP address of the peer and the connection status, which of the following options must be set?

• A. --with-linux-extprocnames for ./configure when building Dovecot
• B. sys.ps.allow_descriptions = 1 in sysct1.conf or /proc
• C. proc.all.show_status = 1 in sysctl.conf or /proc
• D. verbose_proctitle = yes in the Dovecot configuration
• E. process_format = “%u %I %s” in the Dovecot configuration

Answer: D

NEW QUESTION 20
CORRECT TEXT
Which doveadm sub-command displays a list of connections of Dovecot in the following format? (Specify ONLY the command without any parameters.)

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
who

NEW QUESTION 21
What information can be found in the file specified by the status parameter in an OpenVPN server configuration file? (Choose two.)

• A. Errors and warnings generated by the openvpn daemon
• B. Routing information
• C. Statistical information regarding the currently running openvpn daemon
• D. A list of currently connected clients
• E. A history of all clients who have connected at some point

Answer: BD

NEW QUESTION 22
Which of the following authentication mechanisms are supported by Dovecot? (Choose three.)

• A. ldap
• B. digest-md5
• C. cram-md5
• D. plain
• E. krb5

Answer: BCD

NEW QUESTION 23
Which command is used to configure which file systems a NFS server makes available to clients?

• A. exportfs
• B. mkfs.nfs
• C. mount
• D. nfsservct1
• E. telinit

Answer: A

NEW QUESTION 24
Which Linux user is used by vsftpd to perform file system operations for anonymous FTP users?

• A. The Linux user which runs the vsftpd process
• B. The Linux user that owns the root FTP directory served by vsftpd
• C. The Linux user with the same user name that was used to anonymously log into the FTP server
• D. The Linux user root, but vsftpd grants access to anonymous users only to globally read-/writeable files
• E. The Linux user specified in the configuration option ftp_username

Answer: E

NEW QUESTION 25
Which of the following nmap parameters scans a target for open TCP ports? (Choose two.)

• A. -sO
• B. -sZ
• C. -sT
• D. -sU
• E. -sS

Answer: CE

NEW QUESTION 26
......