ccpq/data/lpic1_book_102-400.csv

100 lines
97 KiB
Plaintext
Raw Permalink Normal View History

2021-10-11 21:03:37 +02:00
LEVEL,ANSWER,QUESTION,1,2,3,4,5,EXPLICATION
102-400,1,"When you configure an X server, you need to make changes to configuration files and then start or restart the X server. Which of the following can help streamline this process?","Shut down X by switching to a runlevel in which X doesnt run automatically, and then reconfigure it and use startx to test X startup.","Shut down X by booting into single-user mode, and then reconfigure X and use telinit to start X running again.","Reconfigure X, and then unplug the computer to avoid the lengthy shutdown process before restarting the system and X along with it.",Use the startx utility to check the X configuration file for errors before restarting the X server.,"Connect the Linux computers network port directly to the X server, without using any intervening routers, in order to reduce network latency.","A. On most Linux systems, some runlevels dont run X by default, so using one of them along with the startx program (which starts X running) can be an effective way to test changes to an X configuration quickly, making option A correct. The telinit program changes runlevels, which is a lengthy process compared to using startx, so option B is incorrect. Unplugging the computer to avoid the shutdown process is self-defeating because youll have to suffer through a long startup (if you use a non-journaling file- system), and it can also result in data loss, thus option C is incorrect. The startx utility doesnt check the veracity of an X configuration file; it starts X running from a text-mode login, making option D incorrect. Reconfiguring an X server does not normally require network access; the X server runs on the computer at which you sit. Thus option E is incorrect."
102-400,4,Which of the following summarizes the organization of the X configuration file?,"The file contains multiple sections, one for each screen. Each section includes subsections for individual components (keyboard, video card, and so on).","Configuration options are entered in any order desired. Options relating to specific components (keyboard, video card, and so on) may be interspersed.",The file begins with a summary of individual screens. Configuration options are preceded by a code word indicating the screen to which they apply.,"The file is broken into sections, one or more for each component (keyboard, videocard, and so on). The file also has one or more sections that define how to combine the main sections.",The file is a rare binary configuration file that must be accessed using SQL database tools.,"D. The XF86Config and xorg.conf file design enables you to define variants or multiple components and easily combine or recombine them as necessary, using the structure specified in option D. Options A, B, and C all describe fictitious structures. Option E is incorrect because the X.org-X11 and XFree86 configuration files use a text-mode structure, not a binary structure."
102-400,3,A monitors manual lists its range of acceptable synchronization values as 27kHz96kHz horizontal and 50Hz160Hz vertical. What implications does this have for the resolutions and refresh rates the monitor can handle?,The monitor can run at up to 160Hz vertical refresh rate in all resolutions.,The monitor can handle up to 160Hz vertical refresh rate depending on the color depth.,The monitor can handle up to 160Hz vertical refresh rate depending on the resolution.,"The monitor can handle vertical resolutions of up to 600 lines (96,000 ÷ 160), but no more.","The monitor can handle horizontal resolutions of up to 600 columns (96,000 ÷ 160), but no more.","C. The vertical refresh rate range includes a maximum value, but that value may be reduced when the resolution and vertical refresh rate would demand a higher horizontal refresh rate than the monitor can handle. Thus, option C is correct. Since the resolution affects the maximum refresh rate, option A is incorrect. The color depth is irrelevant to resolution and refresh rate calculations, so option B is incorrect. The computations shown in options D and E are bogus, making these options incorrect."
102-400,5,In what section of XF86Config or xorg.conf do you specify the resolution that you want to run?,"In the ServerLayout section, using the Screen option","In the Monitor section, using the Modeline option","In the Device section, using the Modeline option","In the DefaultResolution section, using the Define option","In the Screen section, subsection Display, using the Modes option","E. Option E describes the correct location for this option. The ServerLayout section (referenced in option A) combines all of the other options together but doesnt set the resolution. The Modeline option in the Monitor section (as described in option B) defines one possible resolution, but there may be several Modeline entries defining many resolutions, and theres no guarantee that any of them will be used. The Modeline option doesnt exist in the Device section (as suggested by option C), nor is that section where the resolution is set. There is no DefaultResolution section (as referenced in option D)."
102-400,2,What is an advantage of a font server?,It provides faster font displays than are otherwise possible.,It can simplify font maintenance on a network with many X servers.,Its the only means of providing TrueType support for XFree86 4.x.,It enables the computer to turn a bitmapped display into an ASCII text file.,"It enables X to use font smoothing, which isnt possible with core fonts.","B. By maintaining fonts on one font server and pointing other X servers to that font server, you can reduce the administrative cost of maintaining the fonts on all of the systems, so option B is correct. Font servers dont produce faster font displays than Xs local font handling; if anything, the opposite is true. Thus, option A is incorrect. XFree86 4.x supports TrueType fonts directly, so option C is incorrect. Converting a bitmapped display into ASCII text is a function of optical character recognition (OCR) software, not a font server, so option D is incorrect. Neither X core fonts nor a font server handles font smoothing; for that, you need Xft. Thus, option E is incorrect."
102-400,3 5,What methods do Linux distributions use to start X automatically when the system boots?(Select two.),Start an XDMCP server from the Start folder.,Start an XDMCP server from an ~/.xinitrc script.,Start an XDMCP server via a system startup script.,Start an XDMCP server via a boot manager.,Start an XDMCP server from init.,"C, E. XDMCP servers are typically launched either from a system startup script or by init (as specified in /etc/inittab), as described in options C and E. The XDMCP server then starts X. The Start folder mentioned in option A is a Windows construct, not a Linux construct. The ~/.xinitrc script mentioned in option B is an X login script used when starting X from the command line via startx; its not used to start X automatically when the system boots. A boot manager, as described in option D, launches the kernel; it doesnt directly start X, so option D is incorrect."
102-400,5,How would you change the text displayed by XDM as a greeting?,"Click Configure ➣ Greeting from the XDM main menu, and edit the text in the resulting dialog box.","Pass greeting=""text"" as a kernel option in the boot loader, changing text to the new greeting.","Edit the /etc/X11/xorg.conf file, and change the Greeting option in the xdm area.","Run xdmconfig, and change the greeting on the Login tab.","Edit the /etc/X11/xdm/Xresources file, and change the text in the xlogin*greeting line.","E. The XDM greeting is a resource set in the /etc/X11/xdm/Xresources file, so option E is correct. XDM doesnt offer many options on its main screen and certainly not one to change its greeting, as described in option A. The kernel doesnt directly handle the login process, nor does it pass options directly to XDM, so option B is incorrect. Although the xorg.conf file mentioned in option C is real, this file provides no XDM configuration options because XDM is a separate program from the X server. There is no standard xdmconfig program, as mentioned in option D."
102-400,3,Which of the following features do KDM and GDM provide that XDM doesnt?,"An encrypted remote X-based access ability, improving network security","The ability to accept logins from remote computers, once properly configured",The ability to select the login environment from a menu on the main login screen,A login screen that shows the username and password simultaneously rather than sequentially,An option to log into text mode if X should fail to start,"C. KDM and GDM add many features, one of which is a menu that enables users to select their desktop environment or window manager when they log in rather than specifying it in a configuration file, as option C states. Option A describes one of the advantages of the Secure Shell (SSH) as a remote-access protocol. Option B describes a feature common to all three XDMCP servers. Option D describes the way both KDM and XDM function; GDM is the one that presents username and password fields in series rather than simultaneously. Although a failure of X to start usually results in a fallback to a text-mode login, this feature is not provided by the XDMCP server, so option E is incorrect."
102-400,1,Which of the following commands tells the X server to accept connections from penguin.example.com?,xhost +penguin.example.com,export DISPLAY=penguin.example.com:0,telnet penguin.example.com,xaccess penguin.example.com,ssh penguin.example.com,"A. The xhost command controls various aspects of the local X server, including the remote computers from which it will accept connections, making option A correct. Option B sets the DISPLAY environment variable, which doesnt directly affect the X server (it does tell X clients which X server to use). Option C initiates a text-mode remote login session with penguin.example.com. Option Ds xaccess is a fictitious program. Although logging into penguin.example.com via ssh may also initiate an X tunnel, this isnt guaranteed, and such a tunnel doesnt cause the local X server to accept direct connections from the remote computer, so option E is incorrect."
102-400,1,"To assist an employee who has trouble with keyboard repeat features, youve disabled this function in /etc/X11/xorg.conf. Why might this step not be sufficient for the goal of disabling keyboard repeat?","GNOME, KDE, or other desktop environment settings for keyboard repeat may override those set in xorg.conf.",The xorg.conf file has been deprecated you should instead adjust the /etc/X11/XF86Config file.,Keyboard settings in xorg.conf apply only to Bluetooth keyboards you must use usbkbrate to adjust keyboard repeat for USB keyboards.,You must also locate and reset the DIP switch on the keyboard to disable keyboard repeat.,"The keyboard repeat options in xorg.conf work only if the keyboards nationality is set incorrectly, which is not often.","A. As stated in option A, GNOME, KDE, and other user programs often override the keyboard repeat settings in the X configuration file. Option B has it almost backward; most Linux distributions have abandoned XFree86, and therefore its XF86Config file, in favor of X.org-X11 and its xorg.conf file. Option C is pure fiction; xorg.conf settings apply to all varieties of keyboards, and there is no standard usbkbrate program. Although some keyboards do have hardware switches, they dont affect Xs ability to control the keyboard repeat rate, contrary to option D. Although you can set a keyboards nationality in xorg.conf, this option is independent of the keyboard repeat rate settings, so option E is incorrect."
102-400,3 5,Which of the following programs may be used to provide computer-generated speech for users who have trouble reading computer displays? (Select two.),SoX,Braille,Orca,talk,Emacspeak,"C, E. The Orca and Emacspeak programs both provide text-to-speech conversion facilities, so options C and E are both correct. Braille is a form of writing that uses bumps or holes in a surface that can be felt by the reader. Although Linux supports Braille output devices, the question specifies computer-generated speech, which Braille is not, so option B is incorrect. SoX (option A) is an audio format converter, but it wont convert from text to speech. The talk program (option D) is an early Unix online text-mode “chat” program, but it has no built-in speech synthesis capabilities."
102-400,2 5,"You manage a computer thats located in Los Angeles, California, but the time zone is misconfigured as being in Tokyo, Japan. What procedure can you follow to fix this problem? (Select two.)",Run hwclock --systohc to update the clock to the correct time zone.,"Delete /etc/localtime, and replace it with an appropriate file from /usr/share/zoneinfo.",Edit the /etc/tzconfig file so that it specifies North_America/Los_Angeles as the time zone.,"Edit /etc/localtime, and change the three-letter time zone code on the TZ line.",Use the tzselect program to select a new (Los Angeles) time zone.,"B, E. Time zones are determined by the /etc/localtime file, so replacing that one with the correct file (a selection is stored in /usr/share/zoneinfo) will fix the problem, making option B correct. (You may also need to edit /etc/timezone or some other file to keep automatic utilities from becoming confused.) Utilities such as tzselect will make these changes for you after prompting you for your location, so option E is also correct. The hwclock program mentioned in option A reads and writes data from the systems hardware clock. Although it relies on time zone data, it cant adjust your systems time zone itself. There is no standard /etc/tzconfig file, although the tzconfig program, like tzselect, can help you set the time zone. Thus, option C is incorrect. The /etc/localtime file is a binary format; you shouldnt attempt to edit it in a text editor, making option D incorrect."
102-400,4,Youre configuring a Linux system that doesnt boot any other OS. What is the recommended time to which the computers hardware clock should be set?,Helsinki time,Local time,US Pacific time,UTC,Internet time,"D. Linux, like Unix, maintains its time internally in Coordinated Universal Time (UTC), so setting the computers hardware clock to UTC (option D) is the recommended procedure for computers that run only Linux. Although Linus Torvalds spent time at the University of Helsinki, Helsinki time (as in option A) has no special place in Linux. Local time (as in option B) is appropriate if the computer dual-boots to an OS, such as Windows, that requires the hardware clock to be set to local time, but this is the second-best option for a Linux-only system. Option Cs US Pacific time, like Helsinki time, has no special significance in Linux. Internet time (option E) is an obscure way to measure time that divides each day into 1,000 “beats.” Its not a time zone and is not an appropriate way to set your hardware clock."
102-400,3,"Youve developed a script that uses several Linux commands and edits their output.You want to be sure that the script runs correctly on a computer in Great Britain, although youre located elsewhere, since the output includes features such as currency symbols and decimal numbers that are different from one nation to another. What might you do to test this?","Enter the BIOS, locate and change the location code, reboot into Linux, and run the script.","Edit /etc/locale.conf, change all the LC_* variables to en_GB.UTF-8, and then reboot and run the script.","Type export LC_ALL=en_GB.UTF-8, and run the script from the same shell you used to type this command.","Type locale_set Great_Britain, and run the script from the same shell you used to type this command.","Type export TZ=:/usr/share/zoneinfo/Europe/London, and run the script from the same shell you used to type this command.","C. When set, the LC_ALL environment variable (option C) adjusts all the locale (LC_*) variables, so setting this and then running the script will make the programs that your script uses work as if on a British computer. The BIOS has no location code data, so option A is incorrect. There is no standard /etc/locale.conf file, so option B is incorrect. There is no standard locale_set utility, so option D is incorrect. Although setting the TZ environment variable, as in option E, will set the time zone for your local shell to that for Great Britain, this wont affect the sort of text formatting options noted in the question. 15. A. The Unicode Transformation Format 8 (UTF-8) standard can encode characters for just about any language on Earth, while looking just like ordinary ASCII to programs that only understand ASCII. Thus UTF-8 (option A) is the preferred method for character encoding when a choice is possible. ASCII (option B) is an old standard thats adequate for English and a few other languages, but it lacks some or all characters needed by most languages. ISO-8859 (options C and D) is a standard that extends ASCII, but it requires separate encodings for different languages and so it is awkward when a computer must process data from multiple languages. ATASCII (option E) is a variant of ASCII used in the 1980s by Atari for its home computers; its obsolete and inadequate today."
102-400,5,Which character set encoding is the preferred method on modern Linux systems?,UTF-8,ASCII,ISO-8859-1 ,ISO-8859-8,ATASCII,"E. The smart filter makes a print queue “smart” in that it can accept different file types (plain text, PostScript, graphics, and so on) and print them all correctly, as in option E. Font smoothing is useful on low-resolution computer monitors, but not on most printers, and adding font smoothing is not a function of a smart filter, so option A is incor- rect. A smart filter doesnt detect confidential information (option B) or prank print jobs (option D). The lpr program can be given a parameter to email a user when the job finishes (option C), but the smart filter doesnt do this."
102-400,2 4,Which of the following describes the function of a smart filter?,It improves the legibility of a print job by adding font smoothing to the text.,It detects information in print jobs that may be confidential as a measure against industrial espionage.,"It sends email to the person who submitted the print job, obviating the need to wait around the printer for a printout.",It detects and deletes prank print jobs that are likely to have been created by troublemakers trying to waste your paper and ink.,It detects the type of a file and passes it through programs to make it printable on a given model of printer.,"B, D. The job ID (option B) and job owner (option D) are both displayed by lpq. Unless the application embeds its own name (option A) in the filename, that information wont be present. Most printers lack Linux utilities to query ink or toner status (option C); certainly lpq cant do this. Although knowing when your job will finish printing (option E) would be handy, providing this information is well beyond lpqs capabilities."
102-400,3,What information about print jobs does the lpq command display? (Select two.),The name of the application that submitted the job,A numerical job ID that can be used to manipulate the job,The amount of ink or toner left in the printer,The username of the person who submitted the job,The estimated time to finish printing the job,"C. The lprm command (option C) deletes a job from the print queue. It can take the -Pqueue option to specify the queue and a print job number or various other parameters to specify which jobs to delete. BSD LPD, LPRng, and CUPS all implement the lprm command, so you can use it with any of these systems, making option A incorrect. Option B presents the correct syntax but the wrong command name; there is no standard lpdel command. The cupsdisable command can be used to disable the whole queue but not to delete a single print job, so option D is incorrect. Because option C is correct, option E obviously is not."
102-400,2,"Youve submitted several print jobs, but youve just realized that you mistakenly submitted a huge document that you didnt want to print. Assuming that you can identify the specific job, that its not yet printing, and that its job ID number is 749, what command would you type to delete it from the okidata print queue?","The answer depends on whether youre using BSD, LPD, LPRng, or CUPS.",Type lpdel -Pokidata 749.,Type lprm -Pokidata 749.,Type cupsdisable -Pokidata 749.,None of the above the task is impossible. ,"B. PostScript is the de facto printing standard for Unix and Linux programs, as specified in option B. Linux programs generally do not send data directly to the printer port (option A); on a multitasking, multiuser system, this would produce chaos because of competing print jobs. Although a few programs include printer driver collections, most forgo this in favor of generating PostScript, making option C incorrect. Printing utilities come standard with Linux; add-on commercial utilities arent required, so option D is incorrect. Verdana is one of several “web fonts” released by Microsoft. Although many Linux programs can use Verdana for printing if the font is installed, most Linux distributions dont install Verdana by default, and few Linux programs use it for printing by default even if its installed, so option E is not correct."
102-400,2,Which of the following is generally true of Linux programs that print?,They send data directly to the printer port.,They produce PostScript output for printing.,They include extensive collections of printer drivers.,They can print only with the help of add-on commercial programs.,They specify use of the Verdana font.,"B. The mpage utility (option B) prints multiple input pages on a single output page, so its ideally suited to the specified task. PAM (option A) is the Pluggable Authentication Modules, a tool for helping to authenticate users. 4Front (option C) is the name of a company that produces commercial sound drivers for Linux. The route command (option D) is used to display or configure a Linux routing table. The 411toppm program (option E) converts files from Sonys 411 image file format to the PPM image file for- mat; it doesnt do the specified task."
102-400,5,"When a user account has been locked using the usermod -L command, you will see what in the /etc/shadow files record for that user?",An x in the password field,An !! in the password field,A blank password field,A zero (0) at the front of the password field,An ! at the front of the password field,"E. When the usermod -L username command is used, the username record in the /etc/shadow file has its password field modified. An exclamation point (!) is placed in front of the password, making the password inoperable and thus locking the account. Therefore, option E is correct. An x exists in the /etc/passwd files records password field, if the /etc/shadow file is used for passwords (which it should be) and does not indicate a locked account. Therefore, option A is incorrect. Option B is only true when an account has not yet had a password set. Therefore, option B is incorrect. Option C is also incorrect. You would never have a blank password field for a user accounts /etc/shadow record, unless the file had been incorrectly manually modified. Manual modifications of the /etc/shadow files are never recommended. A user record could have a zero (0) as the first character in their password field, but this would be due to the password being hashed, not locked. Therefore, option D is incorrect."
102-400,1 2 3,What commands can be used to add user accounts to a Linux system?,useradd username,adduser username,"useradd -c ""full name"" username",usradd username,passwd username,"A, B, C. The useradd command is used to add user accounts to a Linux system, and therefore option A is correct. The adduser command is available on some Linux distributions, and it also allows you to add user accounts to the system. Thus, option B is correct as well. The useradd command has a valid -c option that allows you to enter comments, such as a users full name. Therefore, option C is also correct. There is no usradd command, so option D is incorrect. The passwd command cannot add users to the system. Therefore, option E is incorrect."
102-400,1,An administrator types chage -M 7 time. What is the effect of this command?,The time accounts password must be changed at least once every seven days.,All users must change their passwords at least once every seven days.,All users are permitted to change their passwords at most seven times.,The time accounts age is set to seven months.,The account databases time stamp is set to seven months ago.,"A. The chage command changes various account expiration options. The -M parameter sets the maximum number of days for which a password is valid, and in the context of the given command, time is a username. Thus, option A is correct. Options B, C, D, and E are all made up."
102-400,4,What is wrong with the following /etc/passwd file entry? sally:x:1029:Sally Jones:/home/myhome:/bin/passwd,"The default shell is set to /bin/passwd, which is an invalid shell.",The username is invalid. Linux usernames cant be all lowercase letters.,The home directory doesnt match the username.,Either the UID or the GID field is missing.,The hashed password is missing.,"D. The /etc/passwd entries have third and fourth fields of the UID and the GID, but this line has only one of those fields (which one is intended is impossible to determine); this example lines fourth field is clearly the fifth field of a valid entry. Thus, option D is the correct answer. Option A is incorrect because, although /bin/passwd is an unorthodox login shell, its perfectly valid. This configuration might be used on, say, a Samba file server or a POP mail server to enable users to change their passwords via SSH without granting login shell access. The sally username is valid and thus, Option B is not a correct answer. You may have usernames that are all lowercase letters. Option C is a correct observation, but an incorrect answer; the username and the users home directory name need not match. The hashed password is officially stored in the second field, but in practice, most Linux computers place the hashed passwords in the /etc/shadow file. An x value for the password is consistent with this use, so option E is incorrect."
102-400,5,"You want sally, who is already a member of the Production group, also to be a member of the Development group. What is the best way to accomplish this?",Use the groupadd Development sally command.,Use the groupadd Production sally command.,"Manually edit the /etc/group file, and change the Development groups record to Development:501:sally.",Use the usermod -G Development sally command.,Use the usermod -a -G Development sally command.,"E. Option E is the best way to accomplish the task, because it will add sally to the Development group without removing her from any other groups or potentially damaging the /etc/group file. Option A would attempt to add the groups Development and sally to the system, thus it is not even a valid choice. Option B, also not a valid choice, would attempt to add the groups Production and sally. Option C would work, but it is very dangerous to edit an account configuration file manually instead of using account tools. Therefore, option C is not the best choice. Option D would work, but it would remove sally from all of her other groups, including the Production group. Therefore, option D is not the best choice either."
102-400,2 3 4,What types of files might you expect to find in /etc/skel? (Select three.),A copy of the /etc/shadow file,An empty set of directories to encourage good file management practices,A README or similar welcome file for new users,A starting .bashrc file,The RPM or Debian package management database,"B, C, D. Files in /etc/skel are copied from this directory to the new users home directories by certain account-creation tools. Thus, files that you want in all new users home directories should reside in /etc/skel. Options B, C, and D all describe reasonable possibilities, although none is absolutely required. Including a copy of /etc/ shadow in /etc/skel (option A) would be a very bad idea because this would give all users access to all other users hashed passwords, at least as of the moment of account creation. You wouldnt likely find package management databases (option E) in /etc/skel, since users dont need privileged access to this data, nor do they need individualized copies of it."
102-400,3,What would a Linux system administrator type to remove the nemo account and its home directory?,userdel nemo,userdel -f nemo,userdel -r nemo,rm -r /home/nemo,usermod -D nemo,"C. The userdel command deletes an account, and the -r option to userdel (option C) causes it to delete the users home directory and mail spool, thus satisfying the terms of the question. Option A deletes the account but leaves the users home directory intact. Option B does the same; the -f option forces account deletion and file removal under some circumstances, but its meaningful only when -r is also used. Option Ds rm command deletes the users home directory (assuming that its located in the conventional place, given the username) but doesnt delete the users account. Option Es usermod command can modify accounts, including locking them, but it cant delete accounts. Furthermore, the -D option to usermod is fictitious."
102-400,5,Which of the following system logging codes represents the highest priority?,info,warning,crit,debug,emerg,"E. The emerg priority code (option E) is the highest code available and so is higher than all the other options. From highest to lowest priorities, the codes given as options are emerg, crit, warning, info, and debug."
102-400,1,Which of the following configuration files does the logrotate program consult for its settings?,/etc/logrotate.conf,/usr/sbin/logrotate/logrotate.conf,/usr/src/logrotate/logrotate.conf,/etc/logrotate/.conf,~/.logrotate,"A. The logrotate program consults a configuration file called /etc/logrotate.conf (option A), which includes several default settings and typically refers to files in /etc/logrotate.d to handle specific log files. The remaining options are all fictitious, at least as working log files for logrotate."
102-400,4,"You want to create a log file entry noting that youre manually shutting down the system to add a new network card. How might you create this log entry, just prior to using shutdown?","dmesg -l ""shutting down to add network card""",syslog shutting down to add network card,"rsyslogd ""shutting down to add network card""",logger shutting down to add network card,"wall ""shutting down to add network card""","D. The logger utility can be used to create a one-time log file entry that you specify. In its simplest form, it takes no special arguments, just a message to be inserted in the log file, as in option D. The dmesg utility in option A is used to review the kernel ring buffer; it doesnt create log file entries. Option Bs syslog command isnt a Linux usermode command, although it is the name of the logging system generically as well as a programming language command name. Option Cs rsyslogd is the name of one of several system logging daemons; it maintains the system log, but isnt used to manually insert log entries. Option Es wall command writes a message to all users logged into virtual console terminals. It wont create a log file entry as the question requires and is not installed on all distributions."
102-400,3,"Your manager has asked that you configure logrotate to run on a regular, unattended basis. What utility/feature should you configure to make this possible?",at,logrotate.d,cron,inittab,ntpd,"C. The logrotate program can be started automatically—and unattended—on a regular basis by adding an entry for it in cron, so option C is correct. The at utility (option A) would be used if you wanted the program to run only once. Option B, logrotate.d, is a file stored in the /etc directory, which defines how the program is to handle specific log files. The inittab file (option D) is used for services and startup and not for individual programs. The ntpd program (option E) is the Network Time Protocol daemon, which synchronizes the systems clock with outside time sources."
102-400,5,"Youve set your system (software) clock on a Linux computer to the correct time, and now you want to set the hardware clock to match. What command might you type to accomplish this goal?",date --sethwclock,ntpdate,sysclock --tohc,time --set hw,hwclock --systohc,"E. The hwclock utility is used to view or set the hardware clock. The systohc sets the hardware clock based on the current value of the software clock, thus option E is correct. Option As date utility can be used to set the software clock but not the hardware clock; it has no sethwclock option. Option Bs ntpdate is used to set the software clock to the time maintained by an NTP server; it doesnt directly set the hardware clock. Option Cs sysclock utility is fictitious. Option Ds time command is used to time how long a command takes to complete; it has no set or hw option and does not set the hardware clock."
102-400,1,"As root, you type date What will be the effect?",The software clock will be set to 7:10 a.m. on December 11 of the current year.,The software clock will be set to 12:11 p.m. on October 7 of the current year.,The software clock will be set to 7:10 a.m. on November 12 of the current year.,The software clock will be set to 12:11 p.m. on July 10 of the current year.,The software clock will be set to July 10 in the year 1211.,"A. The format of the date commands date code is [MMDDhhmm[[CC]YY][.ss]]. Given that the question specified an eight-digit code, this means that the ordering of the items, in two-digit blocks, is month-day-hour-minute. Option A correctly parses this order, whereas options B, C, D, and E do not."
102-400,3,What will be the effect of a computer having the following two lines in /etc/ntp.conf? server pool.ntp.org server tardis.example.org,The local computers NTP server will poll a server in the public NTP server pool the first server option overrides subsequent server options. ,The local computers NTP server will poll the tardis.example.org time server the last server option overrides earlier server options. ,The local computers NTP server will poll both a server in the public NTP server pool and the server at tardis.example.org and use whichever site provides the cleanest time data.,The local computers NTP server will refuse to run because of a malformed server specification in /etc/ntp.conf.,The local computers NTP server will poll a computer in the public NTP server pool but will fall back on tardis.example.org if and only if the public pool server is down.,"C. Multiple server entries in /etc/ntp.conf tell the system to poll all of the named servers and to use whichever one provides the best time data. Thus option C is correct. (The pool.ntp.org subdomain and numbered computers within that subdomain give round-robin access to a variety of public time servers.) Options A and B both incor- rectly state that one server statement overrides another, when in fact this isnt the case. The server statements shown in the question are properly formed. These server entries are properly formed, so option D is incorrect. Although it is true that this con- figuration will result in use of tardis.example.com should the public-pool server be unavailable, as option E states, this is not the only reason the NTP server will use tardis.example.com; this could happen if the public-pool server provides an inferior time signal, for instance. Thus option E is incorrect."
102-400,4,Youve configured one computer (gateway.pangaea.edu) on your five-computer network as an NTP server that obtains its time signal from ntp.example.com. What computer(s) should your networks other computers use as their time source(s)?,You should consult a public NTP server list to locate the best server for you.,Both gateway.pangaea.edu and ntp.example.com,Only ntp.example.com,Only gateway.pangaea.edu,"None. NTP should be used on the Internet, not on small local networks.","D. Once youve configured one computer on your network to use an outside time source and run NTP, the rest of your computers should use the first computer as their time reference. This practice reduces the load on the external time servers as well as your own external network traffic. Thus option D is correct. (Very large networks might configure two or three internal time servers that refer to outside servers for redundancy, but this isnt necessary for the small network described in the question.) Option A describes the procedure to locate a time server for the first computer configured (gateway.pangaea.edu) but not for subsequent computers. Although configuring other computers to use ntp.example.com instead of or in addition to gateway.pangaea.edu is possible, doing so will needlessly increase your network traffic and the load on the ntp.example.com server. Thus options B and C are both incorrect. Contrary to option E, NTP is suitable for use on small local networks, and in fact its very helpful if you use certain protocols, such as Kerberos."
102-400,2 4,Which of the following tasks are most likely to be handled by a cron job? (Select two.),Starting an important server when the computer boots,Finding and deleting old temporary files,Scripting supervised account creation,Monitoring disk partition space status and emailing a report,Sending files to a printer in an orderly manner,"B, D. The cron utility is a good tool for performing tasks that can be done in an unsupervised manner, such as deleting old temporary files (option B) or checking to see that disk space is not low (option D). Tasks that require interaction or do not occur on a scheduled basis, such as creating accounts (option C), arent good candidates for cron jobs, which must execute unsupervised and on a schedule. Although a cron job could restart a crashed server, its not normally used to start a server when the system boots (option A); thats done through system startup scripts or a super server. Sending files to a printer (option E) is generally handled by a print server such as the cupsd daemon."
102-400,2,"Which of the following lines, if used in a user cron job, will run /usr/local/bin/cleanup twice a day?","15 7,19 * * * tbaker /usr/local/bin/cleanup","15 7,19 * * * /usr/local/bin/cleanup",15 */2 * * * tbaker /usr/local/bin/cleanup,15 */2 * * * /usr/local/bin/cleanup,2 * * * * /usr/local/bin/cleanup,"B. User cron jobs dont include a username specification (tbaker in options A and C). The */2 specification for the hour in options C and D causes the job to execute every other hour; the 7,19 specification in options A and B causes it to execute twice a day, on the 7th and 19th hours (in conjunction with the 15 minute specification, that means at 7:15 a.m. and 7:15 p.m.). Thus, option B provides the correct syntax and runs the job twice a day, as the question specifies, whereas options A, C, and D all get something wrong. Option E causes the job to run once an hour, not twice a day."
102-400,2,Youre installing Linux on a critical business system. Which of the following programs might you want to add to ensure that a daily backup job is handled correctly?,tempus,anacron,crontab,ntpd,syslog-ng,"B. The anacron program is a supplement to cron that helps ensure that log rotation, daily backups, and other traditional cron tasks are handled even when the computer is shut down (and, hence, when cron isnt running) for extended periods of time. This is the program to add to the system to achieve the stated goal, and option B is correct. There is no common Linux utility called tempus, so option A is incorrect. Option Cs crontab is the name of a file or program for controlling cron, which is likely to be an unreliable means of log rotation on a laptop computer. The ntpd program (option D) is the NTP daemon, which helps keep the system clock in sync with an external source. Although running ntpd on a laptop computer is possible, it wont directly help with the task of scheduling log rotation. The syslog-ng package is an alternative system log daemon, but this program doesnt help solve the problem of missed daily backups when using standard cron utilities, so option E is incorrect."
102-400,5,What do the following commands accomplish? (The administrator presses Ctrl+D after typing the second command.) # at teatime at> /usr/local/bin/system-maintenance,"Nothing, these commands arent valid. ","Nothing, teatime isnt a valid option to at. ","Nothing, you may only type valid bash built-in commands at the at> prompt. ","Nothing, at requires you to pass it the name of a script, which teatime is not. ",The /usr/local/bin/system-maintenance program or script is run at 4:00 p.m.,"E. The at command runs a specified program at the stated time in the future. This time may be specified in several ways, one of which is teatime, which stands for 4:00 p.m. Thus, option E is correct. The objections stated in options A, B, C, and D are all invalid. (You may pass a script to at with the -f parameter, but this isnt required, contrary to option D.)"
102-400,1 3,How might you schedule a script to run once a day on a Linux computer? (Select two.),"Place the script, or a link to it, in /etc/cron.daily.",Use the at command to schedule the specified script to run on a daily basis at a time of your choosing.,"Create a user cron job that calls the specified script once a day at a time of your choosing, and install that cron job using crontab.",Use run-parts to schedule the specified script to run on a daily basis.,"Type crontab -d scriptname, where scriptname is the name of your script.","A, C. The contents of /etc/cron.daily are automatically run on a daily basis in most Linux distributions, and the crontab utility can create user cron jobs that run programs at arbitrary time intervals, so both A and C are correct. The at command noted in option B can be used to run a program a single time, but not on a regular basis (such as daily). Option Ds run-parts utility is used by some distributions as a tool to help run programs in the /etc/cron.* subdirectories, but its not used to schedule jobs. Although the crontab program can maintain user crontabs, its not used as shown in option E and it has no -d parameter at all."
102-400,1 2 5,Which types of network hardware does Linux support? (Select three.),Token Ring,Ethernet,DHCP,NetBEUI,Fibre Channel,"A, B, E. Ethernet (option B) is currently the most common type of wired network hardware for local networks. Linux supports it very well, and Linux also includes support for Token Ring (option A) and Fibre Channel (option E) network hardware. DHCP (option C) is a protocol used to obtain a TCP/IP configuration over a TCP/IP network. Its not a type of network hardware, but it can be used over hardware that supports TCP/IP. NetBEUI (option D) is a network stack that can be used instead of or in addition to TCP/IP over various types of network hardware. Linux doesnt support NetBEUI directly."
102-400,2,Which of the following is a valid IPv4 address for a single computer on a TCP/IP network?,202.9.257.33,63.63.63.63,107.29.5.3.2,98.7.104.0/24,255.255.255.255,"B. IP addresses consist of four 1-byte numbers (0255). Theyre normally expressed in base 10 and separated by periods. 63.63.63.63 meets these criteria, so option B is correct. 202.9.257.33 includes one value (257) thats not a 1-byte number, so option A is incorrect. 107.29.5.3.2 includes five 1-byte numbers, so option C is incorrect. 98.7.104.0/24 (option D) is a network address—the trailing /24 indicates that the final byte is a machine identifier, and the first 3 bytes specify the network. Option E, 255.255.255.255, meets the basic form of an IP address, but its a special case—this is a broadcast address that refers to all computers rather than to the single computer specified by the question."
102-400,3,"You want to set up a computer on a local network via a static TCP/IP configuration, but you lack a gateway address. Which of the following is true?","Because the gateway address is necessary, no TCP/IP networking functions will work.","TCP/IP networking will function, but youll be unable to convert hostnames to IP addresses or vice versa.",Youll be able to communicate with machines on your local network segment but not with other systems.,"Since a gateway is needed only for IPv6, youll be able to use IPv4 but not IPv6 protocols.","Without a gateway address available, youll be unable to use DHCP to simplify configuration.","C. The gateway computer is a router that transfers data between two or more network segments. As such, if a computer isnt configured to use a gateway, it wont be able to communicate beyond its local network segment, making option C correct. A gateway is not necessary for communicating with other systems on the local network segment, so option A is incorrect. If your DNS server is on a different network segment, name resolution via DNS wont work, as stated in option B; however, other types of name resolution, such as /etc/hosts file entries, will still work, and the DNS server might be on the local network segment, so option B is incorrect. Gateways perform the same function in both IPv4 and IPv6 networking, so option D is incorrect. DHCP functions fine without a gateway, provided that a DHCP server is on the same local network segment as its clients (as is normally the case), so option E is incorrect."
102-400,4,"Using a packet sniffer, you notice a lot of traffic directed at TCP port 22 on a local computer. What protocol does this traffic use, assuming its using the standard port?",HTTP,SMTP,Telnet,SSH,NNTP,"D. The Secure Shell (SSH) protocol uses port 22, so if the traffic to port 22 is using the correct protocol, its SSH traffic and option D is correct. The Hypertext Transfer Protocol (HTTP; option A) is conventionally bound to port 80; the Simple Mail Transfer Protocol (SMTP; option B) uses port 25; Telnet (option C) uses port 23; and the Network News Transfer Protocol (NNTP; option E) uses port 119. None of these would normally be directed to port 22."
102-400,4,What network port would an IMAP server normally use for IMAP exchanges?,21,25,110,143,443,"D. The Interactive Mail Access Protocol (IMAP) is assigned to TCP port 143. Ports 21, 25, 110, and 443 are assigned to the File Transfer Protocol (FTP), the Simple Mail Transfer Protocol (SMTP), the Post Office Protocol version 3 (POP3), and the Hypertext Transfer Protocol over SSL (HTTPS), respectively. Although some IMAP server programs also support POP3 and might therefore listen to both ports 110 and 143, the question specifies IMAP exchanges, so option D is the only correct answer."
102-400,3 5,Which of the following are not Linux DHCP clients? (Select two.),pump,dhcpcd,dhcpd,dhclient,ifconfig,"C, E. Option C, dhcpd, is the Linux DHCP server. Option E, ifconfig, can be used for network configuration but is not itself a DHCP client. The others are all DHCP clients. Any given computer will use just one DHCP client (or none at all), but any one of A, B, or D will be available choices."
102-400,2 3,Which of the following types of information are returned by typing ifconfig eth0?(Select two.),The names of programs that are using eth0,The IP address assigned to eth0,The hardware address of eth0,The hostname associated with eth0,The kernel driver used by eth0,"B, C. When used to display information on an interface, ifconfig shows the hardware and IP addresses (options B and C) of the interface, the protocols (such as TCP/IP) bound to the interface, and statistics on transmitted and received packets. This command does not return information about programs using the interface (option A), the hostname associated with the interface (option D), or the kernel driver used by the interface (option E)."
102-400,1,Which of the following programs is conventionally used to perform a DNS lookup?,host,dnslookup,pump,ifconfig,netstat,"A. The host program (option A) is a commonly used program to perform a DNS lookup. There is no standard dnslookup program (option B), although the nslookup program is a deprecated program for performing DNS lookups. pump (option C) is a DHCP client. ifconfig (option D) is used for configuration of networking parameters and cards. netstat (option E) is a general-purpose network diagnostic tool."
102-400,2,Which of the following commands should you type to add to host 192.168.0.10 a default gateway of 192.168.0.1?,route add default gw 192.168.0.10 192.168.0.1,route add default gw 192.168.0.1,route add 192.168.0.10 default 192.168.0.1,route 192.168.0.10 gw 192.168.0.1,route host gw 192.168.0.1,"B. To add a default gateway of 192.168.0.1, the command would be route add default gw 192.168.0.1, as in option B. Specifying the IP address of the host system (as in options A, C, and D) is not necessary and in fact will confuse the route command. Although route provides a -host option, using host (without a dash), as in option E, is incorrect. Furthermore, option E omits the critical add parameter."
102-400,1 2,Which of the following commands might bring up an interface on eth1? (Select two.),dhclient eth1,ifup eth1,ifconfig eth1,network eth1,netstat -up eth1,"A, B. The dhclient utility, if installed, attempts to configure and bring up the network(s) passed to it as options (or all networks if its given no options) using a DHCP server for guidance. Thus option A may work, although it wont work if no DHCP server is available. Option B applies whatever network options are configured using distribution-specific tools and brings up the network. Thus options A and B both may work, although neither is guaranteed to work. Option C displays the network status of eth1, but it wont activate eth1 if its not already active. There is no standard network utility in Linux, so option D wont work. The netstat utility is a network diagnostic tool; it wont bring up a network interface, so option E is incorrect."
102-400,5,"What is the purpose of /etc/hostname, if its present on the system?",It holds the hostname of a package repository server.,It holds a list of servers that resolve hostnames.,It holds a list of IP addresses and associated hostnames.,It holds the hostname of the local gateway computer.,It holds the computers default hostname.,"E. Although not all systems use /etc/hostname, option E correctly describes it for those systems that use it. The file or files that hold information on package repository servers vary from one package system to another, so option A is incorrect. Option B describes the purpose of /etc/resolv.conf. Option C describes the purpose of /etc/hosts. Option D doesnt describe any standard Linux configuration file, although the gateway computers IP address is likely to appear in a distribution-specific configuration file."
102-400,3,"Network accesses to parts of the Internet work fine, but several common sites have stopped responding (even when addressed via raw IP addresses). Which of the following tools will be most helpful in diagnosing the source of this problem?",netstat,ping,traceroute,ifconfig,dig,"C. The traceroute command (option C) identifies the computers that lie between your own computer and a destination computer, along with some very basic information about network packet travel time and reliability. Thus, traceroute can help you track down the source of the described problem—perhaps a router thats critical to reaching all of the non-responsive systems has failed. The netstat and ifconfig utilities of options A and D both provide information about local network configuration options, but they most likely wont be of much help in diagnosing a problem that affects only some sites. The ping utility (option B) may help you quickly identify sites that have failed but wont be of much use beyond that. You can use dig (option E) to obtain information on the mapping of hostnames to IP addresses, but it wont help in resolving basic connectivity problems."
102-400,2,What value identifies an IPv6 address as a link-local address?,The address uses the MAC address of the system.,The address starts with fe80.,The address starts with fee.,The address starts with 2001.,,"B. Both global and link-local IPv6 addresses can use the system MAC address as part of the IPv6 address, thus option A is incorrect. The fee network address identifies a site-local address but not a link-local address, so option C is also incorrect. An address that starts with 2001 would be a normal global address, making option D incorrect. IPv6 link-local addresses start with fe80, thus C is the correct answer."
102-400,3,How can you learn what programs are currently accessing the network on a Linux system?,Type ifconfig -p eth0.,Examine /proc/network/programs.,Type netstat -p.,Examine /etc/xinetd.conf.,Type dmesg | less.,"C. The netstat program produces various network statistics, including the process IDs (PIDs) and names of programs currently accessing the network when its passed the -p parameter, thus option C is correct. The ifconfig program cant produce this information, and the -p option to this program is fictitious, so option A is incorrect. Option Bs /proc/network/programs file is also fictitious. Option Ds /etc/xinetd.conf file is real and may provide some information about some servers that are using the network (as described in Chapter 10), but this file wont provide information about all servers, much less about clients that are accessing the network. The dmesg command displays the kernel ring buffer, which doesnt contain information on programs that are currently accessing the network, so option E is incorrect."
102-400,1 4,"To diagnose a problem with an IMAP server (imap.example.com), you type telnet imap.example.com 143 from a remote client. How can this procedure help you?(Select two.)",You can verify basic connectivity between the client computer and the server program.,"By examining the output, you can locate intermediate routers that are misbehaving.","By using an encrypted protocol, you ensure that a packet-sniffing intruder doesnt cause problems.","Once connected, you can type IMAP commands to test the servers response to them.","Once youve logged into the remote system, you can examine its IMAP log files.","A, D. If you get any response at all, you know that the basic network connection is working, including that the server is responding to the client. With basic knowledge of IMAP commands, telnet enables you to test the servers responses in more detail than most IMAP clients (mail readers) permit. Thus options A and D are both correct. Option B describes the functionality of traceroute or tracepath; telnet provides no information about intermediate routers functionality, so option B is incorrect. Because neither telnet nor IMAP on port 143 uses encryption, option C is incorrect. Furthermore, a packet sniffer is likely to have no effect on the transfer of data; it just copies the data so that the packet sniffers user can see it. Although telnet can be used for remote access in a way that could make option E correct, the question specifies using telnet to connect to port 143, which is the IMAP port, not the Telnet port. Thus, option E is incorrect. (Furthermore, using telnet for remote administration is very risky because telnet is an unencrypted protocol.)"
102-400,2,"Youre configuring a new system, and your network administrator scribbles its IP address (172.25.78.89), netmask (255.255.255.0), gateway address (172.25.79.1), and DNS server address (10.24.89.201) on a piece of paper. You enter this information into your configuration files and type ifup eth0, but you find that you cant access the Internet with this computer. Which of the following is definitely true?","Because the DNS server is on a completely different network, it wont function properly for your system. You should ask for the local networks DNS servers IP address.","The netmask identifies the gateway as being on a different network segment than the computer youre configuring, so the two cant communicate directly. You most likely misread one address.","Because the IP addresses involved are private IP addresses, theres no way for them to access the Internet. You must ask for public IP addresses for this system or use only your local private network.","The computers IP address is a Class B address, but the netmask is for a Class C address. This combination cant work together, so you must obtain a new IP address or netmask.","The ifup utility works only for computers that use DHCP, so using a static IP address as specified in the question wont work correctly.","B. The computers IP address (172.25.78.89) and netmask (255.255.255.0) mean that the computer can directly address computers with IP addresses in the range of 172.25.78.1 to 172.25.78.254, but the gateway address (172.25.79.1) is outside of this range. Thus, either the IP address or the gateway address is wrong, and option B is correct. Nothing about the way DNS operates necessitates that the DNS server be on the same network segment as the DNS client, so option A is incorrect. Although private IP addresses are often isolated from the Internet, as option C specifies, Network Address Translation (NAT) can get around this limitation. Thus, although there could be some truth to option C, its not certain to be true. The Class A/B/C distinctions are just guidelines that can be overridden by specific configurations. Thus option D is incorrect. Option Es assertion that ifup is used only on computers that use DHCP is incorrect; ifup can work on computers that use static IP addresses provided the relevant information is entered correctly."
102-400,5,What is the purpose of the -n option to route?,"It causes no operation to be performed, route reports what it would do if -n were omitted. ",It precedes the specification of a netmask when setting the route.,It limits routes output to descriptions of non-Internet routes.,It forces interpretation of a provided address as a network address rather than a host address.,It causes machines to be identified by IP address rather than hostname in output.,"E. The -n option is used when you want to use route to display the current routing table, and it does as option E specifies. There is no route parameter that behaves as options A or C specify. Option B describes the purpose of the netmask parameter to route. Option D describes the purpose of the -net parameter to route."
102-400,5,What is the purpose of /etc/resolv.conf?,It holds the names of network protocols and the port numbers with which theyre associated.,It controls whether the computers network options are configured statically or via a DHCP server.,It specifies the IP address of a DHCP server from which the computer attempts to obtain an IP address.,"It holds the routing table for the computer, determining the route that network packets take to other computers.",It sets the computers default search domain and identifies (by IP address) the name servers that the computer may use.,"E. Option E correctly identifies the function of /etc/resolv.conf. Option A describes the purpose of /etc/services. Various distribution-specific configuration files perform the function described in option B, but /etc/resolv.conf is not one of these files. A DHCP client sends a broadcast to locate a DHCP server; there is no client configuration file that holds the DHCP servers address, as option C describes. The routing table is maintained internally, although basic routing information may be stored in distribution-specific configuration files, so option D is also incorrect."
102-400,2,Which of the following entries are found in the /etc/hosts file?,A list of hosts allowed to access this one remotely,Mappings of IP addresses to hostnames,A list of users allowed to access this host remotely,Passwords for remote web administration,A list of port numbers and their associated protocols,"B. The /etc/hosts file holds mappings of IP addresses to hostnames, on a one-line-per-mapping basis. Thus option B is correct. The file does not list the users (option C) or other hosts (option A) allowed to access this one remotely, affect remote administration through a web browser (option D), or map port numbers to protocols (option E)."
102-400,4,How can you reconfigure Linux to use DNS queries prior to consulting /etc/hosts?,"Edit the /etc/resolv.conf file, and be sure the nameserver dns line comes before the nameserver files line.","As root, type nslookup dns.","Edit the /etc/named.conf file, and change the preferred-resolution option from files to dns.","Edit /etc/nsswitch.conf, and change the order of the files and dns options on the hosts: line.","As root, type dig local dns.","D. The /etc/nsswitch.conf file controls the order of name resolution, among other things. Option D correctly describes the procedure for changing the order in which Linux performs name resolution. The /etc/resolv.conf file mentioned in option A controls the DNS servers that Linux consults, but it doesnt control access to /etc/hosts. Option Bs nslookup command resolves a hostname, so option B will return the IP address of the computer called dns, if Linux can find such a system. The /etc/named.conf file of option C is the configuration file for the standard name server. This server isnt likely to be installed on most Linux systems, and even if it is, the procedure described in option C is invalid. Like option Bs nslookup, option Es dig looks up hostname-to-IP-address mappings, so option E will display such mappings for the computers called local and dns, if they exist."
102-400,4,Which environment variable stores the format for the command prompt?,PROMPT,PSI,PAGER,PS1,None of these variables store the format for the command prompt.,"D. The PS1 environment variable contains various formatting codes preceded by a backslash (\) as well as text to be included in the primary command prompt. Therefore, option D is correct. There is no environment variable called PROMPT, nor is there an environment variable called PSI, so options A and B are incorrect. Programs that use a pager, such as less or more, use the PAGER environment variable. If the variable is set, the programs use the pager listed in the variable. Therefore, option C is incorrect. Option D is correct, so option E is incorrect."
102-400,1,"You want to create a shortcut command for the command cd ~/papers/trade. Which of the following lines, if entered in a bash startup script, will accomplish this goal?",alias cdpt='cd ~/papers/trade',export cdpt='cd ~/papers/trade',alias cdpt 'cd ~/papers/trade',alias cd 'cdpt ~/papers/trade',env cdpt `cd ~/papers/trade`,"A. The alias built-in command creates a duplicate name for a (potentially much longer) command. Option A shows the correct syntax for using this built-in command. It causes the new alias cdpt to work like the much longer cd ~/papers/trade. The export command in option B creates an environment variable called cdpt that holds the value cd ~/papers/trade. This will have no useful effect. Option C, if placed in a bash startup script, will cause an error because it uses incorrect alias command syntax, as does option D. Although env is a valid command, its used incorrectly in option E, and so this option is incorrect."
102-400,5,What is the purpose of the EDITOR environment variable?,"If its set to Y (the default), the shell environment permits editing of commands if its set to N, such editing is disallowed. ",It specifies the filename of the text editor that bash uses by default while youre entering commands at its prompt.,"If you type edit filename at a command prompt, the program specified by EDITOR will be launched.","If its set to GUI, programs call a GUI editor, if its set to TEXT, programs call a textbased editor. ",Some programs refer to EDITOR to determine what external editor to launch when they need to launch one.,"E. Some programs use the EDITOR environment variable as described in option E. Contrary to option A, the EDITOR environment variable has nothing to do with command-line editing. When youre typing at a bash command prompt, bash itself provides simple editing features, so option B is incorrect. (You can launch the editor specified by $EDITOR by typing Ctrl+X followed by Ctrl+E, though.) The edit command doesnt behave as option C suggests. (This command may be configured differently on different systems.) You can create links called GUI and TEXT to have the EDITOR environment variable behave as option D suggests, but this isnt a normal configuration."
102-400,3,In what environment variable is the current working directory stored?,PATH,CWD,PWD,PRESENT,WORKING,"C. The PWD environment variable holds the present working directory, so option C is correct. The PATH environment variable (option A) holds a colon-delimited list of directories in which executable programs are stored so that they may be run without specifying their complete pathnames. There are no standard CWD, PRESENT, or WORKING environment variables, so options B, D, and E are all incorrect."
102-400,1 3,"If typed in a bash shell, which of the following commands will create an environment variable called MYVAR with the contents mystuff that will be accessible to any created subshells? (Choose all that apply.)",export MYVAR='mystuff',MYVAR='mystuff',MYVAR='mystuff'; export MYVAR ,echo $MYVAR mystuff,setenv MYVAR mystuff,"A, C. Option A creates the desired environment variable. Option C also creates the desired environment variable. It combines the variable setting and the export of the MYVAR variable using a different method than option A uses. It combines the two commands on one line using a semicolon (;). Option B creates a local variable—but not an environment variable—called MYVAR, holding the value mystuff. After typing option B, you can also type export MYVAR to achieve the desired goal, but option B by itself is insufficient. Option D displays the contents of the MYVAR variable and also echoes mystuff to the screen, but it doesnt change the contents of any environment variable. Option Es setenv isnt a valid bash command, but it will set an environ- ment variable in tcsh."
102-400,5,What file might a user modify to alter their own bash environment?,/etc/inputrc,/etc/bashrc,$HOME/bashrc,$HOME/.profile_bash,~/.bashrc,"E. The ~/.bashrc file is a non-login bash startup script file. As such, it can be used to alter a users bash environment, and option E is correct. The /etc/inputrc file is a global bash configuration file for keyboard customization and setting terminal behavior. The ~/.inputrc file is for users to create or modify their own keyboard configuration file. Therefore, option A is incorrect. The /etc/bashrc file is a global bash startup script. Editing it will modify users bash environments, but an individual user should not be able to modify it, so option B is incorrect. There is no standard $HOME/bashrc file because the filename is missing its prefixed period (.). Thus, option C is incorrect. Likewise, option Ds $HOME/.profile_bash doesnt refer to a users con- figuration file and is incorrect. However, there is a $HOME/.bash_profile bash configuration file."
102-400,1 4,What commands might you use (along with appropriate options) to learn the value of a specific environment variable? (Select two.),env,DISPLAY,export,echo,cat,"A, D. The env command displays all defined environment variables, so option A satisfies the question. (In practice, you might pipe the results through grep to find the value of a specific environment variable.) The echo command, when passed the name of a specific environment variable, displays its current value, so option D is also correct. DISPLAY is an environment variable, but its not a command for displaying environment variables, so option B is incorrect. You can use the export command to create an envi- ronment variable but not to display the current settings for one, so option C is incor- rect. Option Es cat command concatenates files or displays the contents of a file to the screen, but it doesnt display environment variables."
102-400,2,"Immediately after creating a shell script called a_script.sh in a text editor, which method will not work to run the script?",Typing bash a_script.sh at the command line.,Typing ./a_script.sh at the command line.,Typing . a_script.sh at the command line.,Typing source a_script.sh at the command line.,Any of the above will work.,"B. Before using the ./ execution method, the script must have at least one executable bit set. Therefore, an error will be generated since chmod was not used to modify the execute permissions on the a_script file. Thus Option B is the correct choice since it would not work. Option A uses the bash command to execute a script, and this will work fine without any file permission changes. Likewise, when you source a file using either the source command or a dot (.) and a space, there is no need to modify a scripts permission bits before executing the file. Therefore, option C and option D are incorrect because they also work fine."
102-400,3,"Describe the effect of the following short script, cp1.sh, if its called as cp1.sh big.c big.cc: #!/bin/bash cp $2 $1",It has the same effect as the cp command—copying the contents of big.c to big.cc.,It compiles the C program big.c and calls the result big.cc.,"It copies the contents of big.cc to big.c, eliminating the old big.c.",It converts the C program big.c into a C++ program called big.cc.,It interprets the big.c and big.cc files as bash scripts.,"C. The cp command is the only one called in the script, and that command copies files. Because the script passes the arguments ($1 and $2) to cp in reverse order, their effect is reversed—where cp copies its first argument to the second name, the cp1.sh script copies the second argument to the first name. Thus, option C is correct. Because the order of arguments to cp is reversed, option A is incorrect. The cp command has nothing to do with compiling (option B) or converting (option D) C or C++ programs, so neither does the script. The reference to /bin/bash in the first line of the script identifies the script itself as being a bash script; it does not cause the arguments to the script to be run as bash scripts, so option E is incorrect."
102-400,5,Where are the commands iterated by the loop located within the loop?,Within the then statement section,Between the double semicolons (;;),Within the case and esac constructs,Within the test statement,Between do and done constructs,"E. The commands iterated by the for, while, and until loops are located between the do and done constructs. Therefore, option E is correct. Commands in the then statement section are for an if-then construct, not a loop, thus option A is incorrect. Double semicolons are used for case constructs, but not loops, and so option B is incorrect. The case and esac keywords begin and end a case construct, and thus option C is incorrect. A test statement can be used to determine whether or not a loops commands should iterate or not. However, it does not contain the actual commands to be iterated, and therefore option D is incorrect."
102-400,2 3,Which of the following lines identify valid shell scripts on a normally configured system? (Select two.),#!/bin/script,#!/bin/bash,#!/bin/tcsh,!#/bin/sh,!#/bin/zsh,"B, C. Valid shell scripts begin with the characters #! and the complete path to a program that can run the script. Options B and C both meet this description, because /bin/bash is a shell program thats installed on virtually all Linux systems and /bin/tcsh is often also available. There is no standard /bin/script program, so option A is incorrect. Options D and E are both almost correct; /bin/sh is typically linked to a valid shell and /bin/zsh is a valid shell on many systems, but the order of the first two characters is reversed, so these options are incorrect."
102-400,1 2 4,Which of the following are valid looping statements in bash shell scripting? (Select all that apply.),for,while,if-then,until,case,"A, B, D. The for, while, and until statements are all valid looping statements in bash, so options A, B, and D are all correct. The if-then statement in bashs scripting language tests a condition and, if it is true, executes its commands one time only. Therefore, option C is incorrect. The case statement is a conditional, not a looping statement in bash, so option E is incorrect."
102-400,2,"Your SMTP email server receives a message addressed to postmaster. The postmaster username has an alias of john on this computer. Assuming that the system is properly configured, who will receive the email message?",postmaster,john,The account listed in ~/.forward,root,"No user, because an alias was set","B. When aliases are properly configured, any email addresses sent to the email with an alias is received by the alias account. Therefore, option B is correct. The postmaster username would not receive the email because the alias is set to john, and so option A is incorrect. The ~/.forward file is associated with email forwarding, not aliases. Therefore, option C is incorrect. There is no reason for root to receive this email, so option D is incorrect. An alias does allow email to be sent to the alias account, so the statement in Option E does not make sense and is incorrect."
102-400,3,Which of the following is not a popular SMTP server for Linux?,Postfix,Sendmail,Fetchmail,Exim,qmail,"C. The Fetchmail program is a tool for retrieving email from remote POP or IMAP servers and injecting it into a local (or remote) SMTP email queue. As such, its not an SMTP server, so option C is correct. Postfix (option A), sendmail (option B), Exim (option D), and qmail (option E) are all popular SMTP email servers for Linux."
102-400,2,"You see the following line in a script: mail -s ""Error"" -c abort < /tmp/msg root What is the effect of this line, if and when it executes?","An email is sent to the user Error, the script is aborted using root privileges, and error messages are written to /tmp/msg.",An email with the subject of Error and the contents from /tmp/msg is sent to the local users root and abort.,"An email with the subject of Error and the contents of /tmp/msg is sent to the local user root, and then the script is aborted.","An email is sent with Error priority to the local user root, and the email system is then shut down with error messages being stored in /tmp/msg.","An email with the subject of Error and contents of /tmp/msg is sent to root, and information on this is logged with priority abort.","B. The -s option to mail sets the message subject line, and -c sets carbon copy (cc:) recipients. Input redirection (via <) reads the contents of a line into mail as a message. A mail command line normally terminates with the primary recipient. Thus, option B correctly describes the effect of the specified line. Options A, C, D, and E are all confused in their interpretation of the effects of mail parameters. Options A, B, and D also confuse input and output redirection, and option A incorrectly suggests that a script (or the mail program) can elevate its run status to root privileges."
102-400,4,Your Internet connection has gone down for several hours. What command can you use to check if there is a long list of jobs in the email queue?,service sendmail status,lp -d queue ~/Maildir,sendmail -bq,mailq,ls /var/spool,"D. To view your mail queue, use the mailq command (option D). The service sendmail status command is a SysV service status command and does not show mail queues, so option A is incorrect. Option B is a printer command and is therefore incorrect. Option C is close, but the correct command is sendmail -bp not -bq. Option E will show you the various directories within /var/spool and is therefore not the correct command."
102-400,2,You examine your /etc/aliases file and find that it contains the following line: root: jody What can you conclude from this?,Email addressed to jody on this system will be sent to the local user root.,Email addressed to root on this system will be sent to the local user jody.,The local user jody has broken into the system and has acquired root privileges.,The local user jody has permission to read email directly from roots mail queue.,The administrator may log in using either username: root or jody.,"B. The /etc/aliases file configures system-wide email forwarding. The specified line does as option B describes. A configuration like this one is common. Option A has things reversed. Option C is not a valid conclusion from this evidence alone, although an intruder conceivably may be interested in redirecting roots email, so if jody shouldnt be receiving roots email, this should be investigated further. Although the effect of option D (jody reading roots email) is nearly identical to the correct answers effect, they are different; jody cannot directly access the file or directory that is roots email queue. Instead, the described configuration redirects roots email into jodys email queue. Thus, option D is incorrect. Because /etc/aliases is an email configuration file, not an account configuration file, it cant have the effect described in option E."
102-400,2,Youve just installed MySQL and run it by typing mysql. How would you create a database called fish to store data on different varieties of fish?,Type NEW DATABASE fish; at the mysql> prompt. ,Type CREATE DATABASE fish; at the mysql> prompt.,Type NEW DATABASE FISH; at the mysql> prompt.,Type DATABASE CREATE fish; at the mysql> prompt. ,Type DB CREATE fish; at the mysql> prompt. ,"B. The CREATE DATABASE command creates a new database with the specified name. Because SQL commands are case insensitive, this command may be typed in uppercase or lowercase, and option B is correct. Options A and C both use the incorrect com- mand NEW rather than CREATE, and option C specifies the database name as FISH rather than fish. (Database names are case sensitive.) Option D reverses the order of the CREATE and DATABASE keywords. Option E uses the fictitious command DB."
102-400,1 4,Which of the following are true statements about SQL tables? (Select two.),Multiple tables may exist in a single SQL database.,Tables may be combined for cross-table searches using the DROP command.,"Tables consist of rows, each of which holds attributes, and columns, each of which defines a specific database item.",Careful table design can reduce the amount of data entry and database storage size.,Tables are stored on disk using a lossy compression algorithm.,"A, D. A single database may hold multiple tables, as option A suggests. Option D is also correct; if data is split across tables (such as into tables describing objects generically and specifically), databases can be more space efficient. Option B is incorrect because the DROP command doesnt combine tables—it deletes a table! Option C is incorrect because it reverses the meaning of rows and columns in a SQL table. A lossy compression algorithm, as the name suggests, deliberately corrupts or loses some data—an unacceptable option for a text database, making option E incorrect. (Lossy compression is used for some audio and video file formats, though.)"
102-400,3,"What is the effect of the following SQL command, assuming the various names and data exist? mysql> UPDATE stars SET magnitude=2.25 WHERE starname='Mintaka';",It returns database entries from the stars table for all stars with magnitude of 2.25 and starname of Mintaka.,"It sets the value of the stars field in the magnitude set to Mintaka, using a precision of 2.25.",It sets the value of the magnitude field to 2.25 for any item in the stars table with the starname value of Mintaka.,"It combines the stars and magnitude=2.25 tables, returning all items for which the starname is Mintaka.","It updates the stars database, creating a new entry with a starname value of Mintaka and a magnitude of 2.25.","C. The UPDATE command modifies existing database table entries, and in this case it does so as option C describes. Option B also describes an update operation, but in a confused and incorrect way. Options A and D both describe database retrieval operations, but UPDATE doesnt retrieve data. Option E mistakenly identifies stars as a database name, but its a table name, and it mistakenly identifies the operation as adding a new entry (INSERT in SQL) rather than as modifying an existing entry (UPDATE in SQL)."
102-400,5,"Typing lsof -i | grep LISTEN as root produces three lines of output, corresponding to the sendmail, sshd, and proftpd servers. What can you conclude about the security of this system?","Everything is OK, the presence of sshd ensures that data are being encrypted via SSH. ","The sendmail and sshd servers are OK, but the FTP protocol used by proftpd is insecure and should never be used.","The sendmail server should be replaced by Postfix or qmail for improved security, but sshd and proftpd are fine.","Because sendmail and proftpd both use unencrypted text-mode data transfers, neither is appropriate on a network-connected computer.","No conclusion can be drawn without further information, the listed servers may or may not be appropriate or authentic. ","E. The server names alone are insufficient to determine whether theyre legitimate. The computer in question may or may not need to run any of these servers, and their presence may or may not be intentional, accidental, or the sign of an intrusion. Thus, option E is correct. Contrary to option A, the mere presence of an SSH server does not ensure security. Although, as option B asserts, FTP is not a secure protocol, its still useful in some situations, so the mere presence of an FTP server is not, by itself, grounds for suspicion. Similarly, in option C, although some administrators prefer Postfix or qmail to sendmail for security reasons, sendmail isnt necessarily bad, and the names alone dont guarantee that the sshd and proftpd servers are legitimate. As option D states, sendmail and proftpd both use unencrypted text-mode transfers, but this is appropriate in some situations, so option D is incorrect."
102-400,3,"As part of a security audit, you plan to use Nmap to check all of the computers on your network for unnecessary servers. Which of the following tasks should you do prior to running your Nmap check?",Back up /etc/passwd on the target systems to eliminate the possibility of it being damaged.,Obtain the root passwords to the target systems so that you can properly configure them to accept the Nmap probes.,Obtain written permission from your boss to perform the Nmap sweep.,"Configure /etc/sudoers on the computer you intend to use for the sweep, to give yourself the ability to run Nmap.",Disable any firewall between the computer thats running Nmap and the servers you intend to scan.,"C. Although Nmap and other port scanners are useful security tools, troublemakers also use them, and many organizations have policies restricting their use. Thus, you should always obtain permission to use such tools prior to using them, as option C specifies. A port scanner cant cause damage to /etc/passwd, so theres no need to back it up, contrary to option A. A port scanner also doesnt need the root password on a target system to operate, so you dont need this information, making option B incorrect. (In fact, asking for the root password could be seen as extremely suspicious!) Although you could use sudo to run Nmap, theres no need to do so to perform a TCP scan, and you can perform a UDP scan by running Nmap as root in other ways (such as via a direct login or by using su). Thus, option D isnt strictly necessary, although you might want to tweak /etc/sudoers as a matter of system policy. Because a firewall is part of your networks security, you probably want it running when you perform a network scan, contrary to option E. Furthermore, it would be safer to leave the firewall running and scan from behind it if you want to test the security of the network in case of a firewall breach."
102-400,3,"Your login server is using PAM, and you want to limit users access to system resources. Which configuration file will you need to edit?",/etc/limits.conf,/etc/pam/limits.conf,/etc/security/limits.conf,/etc/security/pam/limits.conf,/usr/local/limits.conf,C. The /etc/security/limits.conf (option C) file holds the configuration settings that allow you to limit users access. The other options listed dont give the correct path to this file.
102-400,1 2 3,Which of the following tools might you use to check for open ports on a local computer? (Select three.),Nmap,netstat,lsof,portmap,services,"A, B, C. Nmap (option A) is usually used to perform scans of remote computers, but it can scan the computer on which its run as well. The netstat (option B) and lsof (option C) utilities can both identify programs that are listening for connections (that is, open ports) on the local computer. The Network File System (NFS) and some other servers use the portmap program (option D), but its not used to identify open ports. There is no standard Linux services program (option E), although the /etc/services file holds a mapping of port numbers to common service names."
102-400,2,Which of the following commands will locate all of the program files on a computer on which the SUID bit is set?,find / -type SUID,find / -perm +4000 -type f,find / -perm +SUID -type f,find / -type +4000,find / -suid,"B. The -perm option to find locates files with the specified permissions, and +4000 is a permission code that matches SUID files. The -type f option restricts matches to files in order to avoid false alarms on directories. Option B uses these features correctly. Options A, C, and D use these features incorrectly. Option E specifies a fictitioussuid parameter to find."
102-400,1,The /etc/sudoers file on a computer includes the following line. What is its effect? %admin ALL=(ALL) ALL,Members of the admin group may run all programs with root privileges by using sudo.,"Users in the admin user alias, defined earlier in the file, may run all programs with root privileges by using sudo.",The admin user alias is defined to include all users on the system.,The admin command alias is defined to include all commands.,The user admin may run all programs on the computer as root by using sudo.,"A. Option A correctly describes the meaning of the specified line. A percent sign (%) identifies a Linux group name, and the remainder of the line tells sudoers to enable users of that group to run all programs as root by using sudo. The remaining options all misinterpret one or more elements of this configuration file entry."
102-400,2,"Which command would you type, as root, to discover all the open network connections on a Linux computer?",lsof -c a,netstat -ap,ifconfig eth0,nmap -sT localhost,top -net,"B. The netstat command can do what is described in the question. The -ap options to the command are good choices to discover all the open network connections, so option B is correct. Although lsof can also accomplish the job, the -c a option is incorrect; this option restricts output to processes whose names begin with a. Thus, option A is incorrect. Option Cs ifconfig command doesnt display open network connections, so its incorrect. Although option Ds nmap command will locate ports that are open on the localhost interface, it doesnt locate all open connections, nor does it locate connections on anything but the localhost interface. Option Es top command displays a list of processes sorted by CPU use, not open network connections (-net is an invalid option to top as well)."
102-400,4,A server/computer combination appears in both hosts.allow and hosts.deny. Whats the result of this configuration when TCP wrappers runs?,TCP wrappers refuses to run and logs an error in /var/log/messages.,The systems administrator is paged to decide whether to allow access.,"hosts.deny takes precedence, the client is denied access to the server.","hosts.allow takes precedence, the client is granted access to the server.",The client is granted access to the server if no other client is currently accessing it.,"D. Option D is correct. TCP wrappers uses this feature to allow you to override broad denials by adding more specific access permissions to hosts.allow, as when setting a default deny policy (ALL : ALL) in hosts.deny."
102-400,3,When is the bind option of xinetd most useful?,When you want to run two servers on one port,When you want to specify computers by name rather than IP address,When xinetd is running on a system with two network interfaces,When resolving conflicts between different servers,When xinetd manages a DNS server program,"C. The bind option of xinetd lets you tie a server to just one network interface rather than link to them all, so option C is correct. It has nothing to do with running multiple servers on one port (option A), specifying computers by hostname (option B), resolving conflicts between servers (option D), or the Berkeley Internet Name Domain (BIND) or any other DNS server (option E)."
102-400,1 4,Youve discovered that the Waiter program (a network server) is running inappropriately on your computer. You therefore locate its startup script and shut it down by removing that script. How can you further reduce the risk that outsiders will abuse the Waiter program? (Select two.),By blocking the Waiter programs port using a firewall rule,By reading the Waiter programs documentation to learn how to run it in stealth mode,By tunneling the Waiter programs port through SSH,By uninstalling the Waiter package,By uninstalling any clients associated with Waiter from the server computer,"A, D. Using a firewall rule to block Waiters port, as in option A, can increase security by providing redundancy; if Waiter is accidentally run in the future, the firewall rule will block access to its port. Uninstalling the program, as in option D, improves security by reducing the risk that the program will be accidentally run in the future. Most programs dont have a “stealth” mode, so option B is incorrect. (Furthermore, reading the documentation isnt enough; to improve security, you must change some configuration.) Tunneling Waiters connections might have some benefit in some situations, but this configuration requires setup on both client and server computers and by itself leaves the servers port open, so option C is incorrect. Clients associated with the server program, installed on the server computer, pose little or no risk of abuse of the associated server; the clients on other computers are most likely to be used to abuse a server program, and you cant control that. Thus option E is incorrect."
102-400,2,"You want to use xinetd access controls to limit who may access a server thats launched via xinetd. Specifically, only users on the 192.168.7.0/24 network block should be able to use that server. How may you do this?",Enter hosts_allowed = 192.168.7.0/24 in the /etc/xinetd.conf configuration file for the server in question.,Enter only_from = 192.168.7.0/24 in the /etc/xinetd.conf configuration file for the server in question.,"Enter server : 192.168.7., where server is the servers name, in the /etc/hosts.allow file.","Enter server : 192.168.7., where server is the servers name, in the /etc/hosts.deny file.",Type iptables -L 192.168.7.0 to enable only users of 192.168.7.0/24 to access the server.,"B. Option B correctly describes how to accomplish this goal. Option A is incorrect because the hosts_allowed option isnt a legal xinetd configuration file option. Option C correctly describes how to configure the described restriction using TCP wrappers, which is generally used with inetd, but its not the way this is done using xinetd. Option D is also a TCP wrappers description, but it reverses the meaning. Option Es iptables utility configures a firewall. Although a firewall rule could be a useful redundant measure, the question specifies an xinetd configuration, and option Es use of iptables is incorrect."
102-400,2,"Of the following, which is the best password?",Odysseus,iA71Oci^My~~~~~~,pickettomato,Denver2Colorado,123456,"B. Ideally, passwords should be completely random but still memorable. Option Bs password was generated from a personally meaningful acronym and then modified to change the case of some letters, add random numbers and symbols, and extend its length using a repeated character. This creates a password thats close to random but still memorable. Option A uses a well-known mythological figure, who is likely to be in a dictionary. Option C uses two common words, which is arguably better than option A, but not by much. Option D uses two closely related words separated by a single number, which is also a poor choice for a password. Option E uses a sequential series of numbers, which is a poor (but sadly common) password choice."
102-400,1,Which of the following types of attacks involves sending bogus email to lure unsuspecting individuals into divulging sensitive financial or other information?,Phishing,Script kiddies,Spoofing,Ensnaring,Hacking,A. Phishing (option A) involves sending bogus email or setting up fake websites that lure unsuspecting individuals into divulging sensitive financial information or other sensitive information. Script kiddies (option B) are intruders who use root kits. Spoof- ing (option C) involves pretending that data is coming from one computer when its coming from another. Ensnaring (option D) isnt a type of attack. Hacking (option E) refers to either lawful use of a computer for programming or other advanced tasks or breaking into computers.
102-400,3,"Ordinary users report being unable to log onto a computer, but root has no problems doing so. What might you check to explain this situation?",A misbehaving syslogd daemon,A login process thats running as root,The presence of an /etc/nologin file,The presence of an SUID bit on /bin/login,Inappropriate use of shadow passwords,"C. The /etc/nologin file, if present, prevents logins from ordinary users; only root may log in. You might set this file when performing maintenance and then forget to remove it, thus explaining the symptoms in the question. Thus, option C is correct. The syslogd daemon mentioned in option A records system messages, and it is unlikely to produce the specified symptoms. The login process ordinarily runs as root and is normally SUID root, so options B and D are also incorrect. Shadow passwords, as in option E, are used on almost all modern Linux systems and are not likely to cause these symptoms."
102-400,2 3,Which servers might you consider retiring after activating an SSH server? (Select two.),SMTP,Telnet,FTP,NTP,Samba,"B, C. SSH is most directly a replacement for Telnet (option B), but SSH also includes file-transfer features that enable it to replace FTP (option C) in many situations. SSH is not a direct replacement for the Simple Mail Transfer Protocol (SMTP, option A), the Network Time Protocol (NTP, option D), or Samba (option E). "
102-400,1,You find that the ssh_host_dsa_key file in /etc/ssh has 0666 (-rw-rw-rw-) permissions. Your SSH server has been in operation for several months. Should you be concerned?,Yes,No,Only if the ssh_host_dsa_key.pub file is also world-readable,Only if youre launching SSH from a super server,Only if youre using a laptop computer,"A. The ssh_host_dsa_key file holds one of three critical private keys for SSH. The fact that this key is readable (and writeable!) to the entire world is disturbing, so option A is correct. In principle, a troublemaker who has acquired this file might be able to redirect traffic and masquerade as your system, duping users into delivering passwords and other sensitive data. Because of this, option B (no) is an incorrect response, and the conditions imposed by options C, D, and E are all irrelevant, making all of these options incorrect."
102-400,2,"For best SSH server security, how should you set the Protocol option in /etc/ssh/sshd_config?",Protocol 1,Protocol 2,"Protocol 1,2","Protocol 2,1",Protocol *,B. SSH protocol level 2 is more secure than protocol level 1; thus option B (specifying acceptance of level 2 only) is the safest approach. Option A is the least safe approach because it precludes the use of the safer level 2. Options C and D are exactly equivalent in practice; both support both protocol levels. Option E is invalid.
102-400,5,Why is it unwise to allow root to log on directly using SSH?,"Disallowing direct root access means that the SSH server may be run by a non-root user, improving security.","The root password should never be sent over a network connection, allowing root logins in this way is inviting disaster. ","SSH stores all login information, including passwords, in a publicly readable file.","When logged on using SSH, roots commands can be easily intercepted and duplicated by undesirable elements.",Somebody with the root password but no other password can then break into the computer.,"E. Allowing only normal users to log in via SSH effectively requires two passwords for any remote root maintenance, improving security, so option E is correct. Whether or not you permit root logins, the SSH server must normally run as root, since SSH uses port 22, a privileged port. Thus, option A is incorrect. SSH encrypts all connections, so its unlikely that the password, or commands issued during an SSH session, will be intercepted, so option B isnt a major concern. (Nonetheless, some administrators prefer not to take even this small risk.) SSH doesnt store passwords in a file, so option C is incorrect. Because SSH employs encryption, option D is incorrect (this option better describes Telnet than SSH)."
102-400,4,Youve downloaded a GPG public key from a website into the file fredkey.pub. What must you do with this key to use it?,Type inspect-gpg fredkey.pub.,Type gpg --readkey fredkey.pub.,Type import-gpg fredkey.pub.,Type gpg --import fredkey.pub.,Type gpg-import fredkey.pub.,"D. Option D provides the correct command to import fredkey.pub prior to use. The inspect-gpg, import-gpg, and gpg-import commands of options A, C, and E are fictitious, and there is no --readkey option to gpg, as option B suggests."