최신Lpi LPIC-1 Exam 102, Part 2 of 2, version 5.0 - 102-500무료샘플문제
문제1
What command enables a network interface according to distribution-specific configuration, such as /etc/network/interfaces or /etc/sysconflg/network-scripts/ifcfg-etho?(Specify ONLY the command without any path or parameters.)
What command enables a network interface according to distribution-specific configuration, such as /etc/network/interfaces or /etc/sysconflg/network-scripts/ifcfg-etho?(Specify ONLY the command without any path or parameters.)
정답:
UP
문제2
Which file contains a set of services and hosts that will be allowed to connect to the server by going through a TCP Wrapper program such as tcpd? (Specify the full name of the file, including path.)https://lh3.googleusercontent.com/-5cd-clmKnbk/AAAAAAAAAAI/AAAAAAAAADM/-SXesH19Ido/s46-c-k-no/photo.jpg
Which file contains a set of services and hosts that will be allowed to connect to the server by going through a TCP Wrapper program such as tcpd? (Specify the full name of the file, including path.)https://lh3.googleusercontent.com/-5cd-clmKnbk/AAAAAAAAAAI/AAAAAAAAADM/-SXesH19Ido/s46-c-k-no/photo.jpg
정답:
etchostsallow
Explanation:
The /etc/hosts.allow file contains a set of rules that specify which services and hosts are allowed to connect to the server by going through a TCP Wrapper program such as tcpd. TCP Wrappers are a security mechanism that can filter incoming requests based on the source address, destination address, and service name. TCP Wrappers can also perform logging, redirection, and execution of commands based on the rules.
The /etc/hosts.allow file has the following format:
service_list : host_list [ : option_list ]
The service_list is a comma-separated list of service names, such as sshd, telnet, or ftp. The host_list is a comma-separated list of host names, IP addresses, or network masks that are allowed to access the services. The option_list is an optional list of keywords that can modify the behavior of the rule, such as twist, spawn, deny, or allow.
For example, the following rule in /etc/hosts.allow allows ssh access from any host in the 192.168.1.0/24 network, and logs the connection attempt:
sshd : 192.168.1.0/255.255.255.0 : spawn /bin/echo %a from %h attempted to access %d >> /var/log/sshd.log The /etc/hosts.allow file is processed before the /etc/hosts.deny file, which contains the rules for denying access to the server. If a request matches a rule in /etc/hosts.allow, it is granted access and the processing stops. If it does not match any rule in /etc/hosts.allow, it is checked against the rules in /etc/hosts.deny. If it matches a rule in /etc/hosts.deny, it is denied access and the processing stops. If it does not match any rule in either file, it is granted access by default.
Reference:
LPI 102-500 Exam Objectives, Topic 110.3: Implement host security
LPI 102-500 Study Guide, Chapter 10: Securing Your System, Section 10.3: TCP Wrappers hosts.allow man page
Explanation:
The /etc/hosts.allow file contains a set of rules that specify which services and hosts are allowed to connect to the server by going through a TCP Wrapper program such as tcpd. TCP Wrappers are a security mechanism that can filter incoming requests based on the source address, destination address, and service name. TCP Wrappers can also perform logging, redirection, and execution of commands based on the rules.
The /etc/hosts.allow file has the following format:
service_list : host_list [ : option_list ]
The service_list is a comma-separated list of service names, such as sshd, telnet, or ftp. The host_list is a comma-separated list of host names, IP addresses, or network masks that are allowed to access the services. The option_list is an optional list of keywords that can modify the behavior of the rule, such as twist, spawn, deny, or allow.
For example, the following rule in /etc/hosts.allow allows ssh access from any host in the 192.168.1.0/24 network, and logs the connection attempt:
sshd : 192.168.1.0/255.255.255.0 : spawn /bin/echo %a from %h attempted to access %d >> /var/log/sshd.log The /etc/hosts.allow file is processed before the /etc/hosts.deny file, which contains the rules for denying access to the server. If a request matches a rule in /etc/hosts.allow, it is granted access and the processing stops. If it does not match any rule in /etc/hosts.allow, it is checked against the rules in /etc/hosts.deny. If it matches a rule in /etc/hosts.deny, it is denied access and the processing stops. If it does not match any rule in either file, it is granted access by default.
Reference:
LPI 102-500 Exam Objectives, Topic 110.3: Implement host security
LPI 102-500 Study Guide, Chapter 10: Securing Your System, Section 10.3: TCP Wrappers hosts.allow man page
문제3
Which of the following are valid host addresses for the subnet 203.0.113.64/28? (Choose TWO correct answers.)
Which of the following are valid host addresses for the subnet 203.0.113.64/28? (Choose TWO correct answers.)
정답: A,C
문제4
Which of the following fields can be found in the /etc/group file? (Choose THREE correct answers.)
Which of the following fields can be found in the /etc/group file? (Choose THREE correct answers.)
정답: A,D,E
설명: (ExamPassdump 회원만 볼 수 있음)
문제5
What is true regarding the command sendmail?
What is true regarding the command sendmail?
정답: A
설명: (ExamPassdump 회원만 볼 수 있음)
문제6
The X11 configuration file xorg.conf is grouped into sections. How is the content of the section SectionName associated with that section?
The X11 configuration file xorg.conf is grouped into sections. How is the content of the section SectionName associated with that section?
정답: B
설명: (ExamPassdump 회원만 볼 수 있음)
문제7
On a Linux system with shadow passwords enabled, which file in the file system contains the password hashes of all local users? (Specify the full name of the file, including path.)
On a Linux system with shadow passwords enabled, which file in the file system contains the password hashes of all local users? (Specify the full name of the file, including path.)
정답:
etcshadow
Explanation:
On a Linux system with shadow passwords enabled, the file that contains the password hashes of all local users is /etc/shadow. This file is a replacement for the password field in /etc/passwd, which is a world-readable file that contains basic information about users. The /etc/shadow file is not readable by regular users, and it stores the encrypted passwords (or hashes) of each user, along with other information such as password expiration dates, minimum and maximum password ages, and password warning periods. The /etc/shadow file has nine colon-delimited fields for each user:
Username: The name used when the user logs into the system.
Password: The encrypted password of the user, or a special character that indicates the password status. For example, an asterisk (*) means the account is locked, and an exclamation mark (!) means the password is expired.
Last Password Change: The date of the last password change, expressed as the number of days since January 1, 1970.
Minimum Password Age: The minimum number of days required between password changes. A zero means the password can be changed anytime.
Maximum Password Age: The maximum number of days the password is valid. After this number of days, the password must be changed. A zero means the password never expires.
Password Warning Period: The number of days before the password expires that the user will be warned. A zero means no warning is given.
Password Inactivity Period: The number of days after the password expires that the account will be disabled. A negative value means the account is never disabled.
Account Expiration Date: The date when the account will be disabled, expressed as the number of days since January 1, 1970. A zero means the account never expires.
Reserved Field: A field for future use.
The /etc/shadow file can be modified by using the commands passwd and chage, which are used to change the password and the password aging information of a user, respectively. The /etc/shadow file should not be edited directly, but always through the tools provided by the distribution. For more details, see the shadow manual page.
Reference:
LPIC-1 Exam 102 Objectives, Topic 110: Security, Subtopic 110.2: Use sudo to manage access to the root account, Weight: 2, Key Knowledge Areas: Configure sudo and sudoers. Use sudo to execute commands as another user.
LPIC-1 Exam 102 Learning Materials, Topic 110: Security, Subtopic 110.2: Use sudo to manage access to the root account, Section 110.2.1: sudo and sudoers, Page 3-5.
Explanation:
On a Linux system with shadow passwords enabled, the file that contains the password hashes of all local users is /etc/shadow. This file is a replacement for the password field in /etc/passwd, which is a world-readable file that contains basic information about users. The /etc/shadow file is not readable by regular users, and it stores the encrypted passwords (or hashes) of each user, along with other information such as password expiration dates, minimum and maximum password ages, and password warning periods. The /etc/shadow file has nine colon-delimited fields for each user:
Username: The name used when the user logs into the system.
Password: The encrypted password of the user, or a special character that indicates the password status. For example, an asterisk (*) means the account is locked, and an exclamation mark (!) means the password is expired.
Last Password Change: The date of the last password change, expressed as the number of days since January 1, 1970.
Minimum Password Age: The minimum number of days required between password changes. A zero means the password can be changed anytime.
Maximum Password Age: The maximum number of days the password is valid. After this number of days, the password must be changed. A zero means the password never expires.
Password Warning Period: The number of days before the password expires that the user will be warned. A zero means no warning is given.
Password Inactivity Period: The number of days after the password expires that the account will be disabled. A negative value means the account is never disabled.
Account Expiration Date: The date when the account will be disabled, expressed as the number of days since January 1, 1970. A zero means the account never expires.
Reserved Field: A field for future use.
The /etc/shadow file can be modified by using the commands passwd and chage, which are used to change the password and the password aging information of a user, respectively. The /etc/shadow file should not be edited directly, but always through the tools provided by the distribution. For more details, see the shadow manual page.
Reference:
LPIC-1 Exam 102 Objectives, Topic 110: Security, Subtopic 110.2: Use sudo to manage access to the root account, Weight: 2, Key Knowledge Areas: Configure sudo and sudoers. Use sudo to execute commands as another user.
LPIC-1 Exam 102 Learning Materials, Topic 110: Security, Subtopic 110.2: Use sudo to manage access to the root account, Section 110.2.1: sudo and sudoers, Page 3-5.
문제8
What is the lowest numbered unprivileged TCP port? (Specify the number in digits only.)
What is the lowest numbered unprivileged TCP port? (Specify the number in digits only.)
정답:
1024
Explanation:
The lowest numbered unprivileged TCP port is 1024. A port number is a 16-bit unsigned integer, thus ranging from 0 to 65535. The port numbers in the range from 0 to 1023 are the well-known ports or system ports. They are used by system processes that provide widely used types of network services. On Unix-like operating systems, a process must execute with superuser privileges to be able to bind a network socket to an IP address using one of the well-known ports. Therefore, the lowest numbered port that can be used by a normal user without root access is 1024, which is the first unprivileged port123 Reference:
1: How to bind to port number less than 1024 with non root access?
2: lowest numbered unprivileged TCP port - Bing
3: List of TCP and UDP port numbers - Wikipedia
4: Privileged Ports - World Wide Web Consortium (W3C)
5: What is the lowest TCP port number? - TeachersCollegesj
Explanation:
The lowest numbered unprivileged TCP port is 1024. A port number is a 16-bit unsigned integer, thus ranging from 0 to 65535. The port numbers in the range from 0 to 1023 are the well-known ports or system ports. They are used by system processes that provide widely used types of network services. On Unix-like operating systems, a process must execute with superuser privileges to be able to bind a network socket to an IP address using one of the well-known ports. Therefore, the lowest numbered port that can be used by a normal user without root access is 1024, which is the first unprivileged port123 Reference:
1: How to bind to port number less than 1024 with non root access?
2: lowest numbered unprivileged TCP port - Bing
3: List of TCP and UDP port numbers - Wikipedia
4: Privileged Ports - World Wide Web Consortium (W3C)
5: What is the lowest TCP port number? - TeachersCollegesj
문제9
Please specify the top directory containing the configuration files for the CUPS printing system. (Specify the full path to the directory.)
Please specify the top directory containing the configuration files for the CUPS printing system. (Specify the full path to the directory.)
정답:
etccupsetccups
Explanation:
The top directory containing the configuration files for the CUPS printing system is /etc/cups. This directory stores various files that control the behavior and functionality of the CUPS scheduler, cupsd (8), such as cups-files.conf (5), cupsd.conf (5), mime.convs (5), mime.types (5), printers.conf (5), and subscriptions.conf (5). The /etc/cups directory also contains subdirectories for classes, interfaces, ppd, and ssl, which store information about printer classes, device interfaces, printer drivers, and encryption certificates, respectively12. The /etc/cups directory is part of the LPI's multi-level Linux professional certification program, and it is covered in the topic 105.5 Print service of the exam 102 objectives3. Reference: 1: cups-files (5) - Linux Manuals 2: cupsd.conf - server configuration file for cups 3: Exam 102 Objectives
Explanation:
The top directory containing the configuration files for the CUPS printing system is /etc/cups. This directory stores various files that control the behavior and functionality of the CUPS scheduler, cupsd (8), such as cups-files.conf (5), cupsd.conf (5), mime.convs (5), mime.types (5), printers.conf (5), and subscriptions.conf (5). The /etc/cups directory also contains subdirectories for classes, interfaces, ppd, and ssl, which store information about printer classes, device interfaces, printer drivers, and encryption certificates, respectively12. The /etc/cups directory is part of the LPI's multi-level Linux professional certification program, and it is covered in the topic 105.5 Print service of the exam 102 objectives3. Reference: 1: cups-files (5) - Linux Manuals 2: cupsd.conf - server configuration file for cups 3: Exam 102 Objectives
문제10
Fill in Blanks
The ________ command is used to add a group to the system.
Fill in Blanks
The ________ command is used to add a group to the system.
정답:
groupaddusrsbingroupadd
Explanation:
The groupadd command creates a new group using the options specified on the command line and the default values from the /etc/login.defs file. It adds an entry for the new group to the /etc/group and /etc/gshadow files. Only the root user or a user with sudo privileges can create new groups using this command. The general syntax for the groupadd command is as follows:
groupadd [OPTIONS] GROUPNAME
Some of the common options for the groupadd command are:
-g, --gid GID: Specify the numeric group ID for the new group. If not given, the system will assign the next available GID from the range of group IDs specified in the login.defs file.
-r, --system: Create a system group with a GID chosen from the range of system group IDs specified in the login.defs file. System groups are usually used for some special system operation purposes, like creating backups or doing system maintenance.
-f, --force: Suppress the error message if the group already exists and exit successfully. This option is useful for scripts that need to ensure the existence of a group.
-K, --key KEY=VALUE: Override the default values from the /etc/login.defs file. The valid keys are GROUP_MIN_ID, GROUP_MAX_ID, SYS_GROUP_MIN_ID, SYS_GROUP_MAX_ID, and GID_INCREMENT.
Reference:
https://linuxize.com/post/how-to-create-groups-in-linux/
https://linuxhandbook.com/groupadd-command/
Explanation:
The groupadd command creates a new group using the options specified on the command line and the default values from the /etc/login.defs file. It adds an entry for the new group to the /etc/group and /etc/gshadow files. Only the root user or a user with sudo privileges can create new groups using this command. The general syntax for the groupadd command is as follows:
groupadd [OPTIONS] GROUPNAME
Some of the common options for the groupadd command are:
-g, --gid GID: Specify the numeric group ID for the new group. If not given, the system will assign the next available GID from the range of group IDs specified in the login.defs file.
-r, --system: Create a system group with a GID chosen from the range of system group IDs specified in the login.defs file. System groups are usually used for some special system operation purposes, like creating backups or doing system maintenance.
-f, --force: Suppress the error message if the group already exists and exit successfully. This option is useful for scripts that need to ensure the existence of a group.
-K, --key KEY=VALUE: Override the default values from the /etc/login.defs file. The valid keys are GROUP_MIN_ID, GROUP_MAX_ID, SYS_GROUP_MIN_ID, SYS_GROUP_MAX_ID, and GID_INCREMENT.
Reference:
https://linuxize.com/post/how-to-create-groups-in-linux/
https://linuxhandbook.com/groupadd-command/
문제11
Which of the following commands display the number of bytes transmitted and received via the etho network interface? (Choose TWO correct answer.)
Which of the following commands display the number of bytes transmitted and received via the etho network interface? (Choose TWO correct answer.)
정답: A,B
문제12
What command is used to add OpenSSH private keys to a running ssh-agen . instance? (Specify the command name only without any path.)
What command is used to add OpenSSH private keys to a running ssh-agen . instance? (Specify the command name only without any path.)
정답:
sshadd