56.
You want to connect an NFS client to a Kerberized NFS server. The mount
can be made, but users do not get access to the share. Which of the following
is the most likely explanation?
- A.The client is not using the same Kerberos mount option as the server.
- B.The nfs-secure process is not running on the client
- C.The user did not get a Kerberos ticket
- D.The nfs-secure-server process is not running on the server.
- Answer & Explanation
- Report
Answer : [C]
Explanation :
Explanation :
| To configure a Kerberized NFS setup, you need to get Kerberos credentials for the NFSv4 server, which is accomplished by providing a keytab file. The second step is that the user needs to get Kerberos credentials as well. |
57.
Which statement about the keytab file is correct?
- A.A Kerberized NFS server needs to have a keytab file containing the Kerberos credentials of the NFS server.
- B.A client that wants to access a Kerberized NFS server needs to have access to a keytab file containing the Kerberos credentials of the NFS server.
- C.The keytab file must be created from the NFS server.
- D.A keytab file is not necessary provided that all users are working from Kerberized sessions.
- Answer & Explanation
- Report
Answer : [A]
Explanation :
Explanation :
| In Kerberos, servers need to authenticate against the Kerberos server. If users want to authenticate, they send a username and password. The alternative for a user to do the same is to use a keytab file that contains the server credentials. The client that needs to access the Kerberized NFS share needs to do this by using a keytab that is specific for the host on which they are and needs to get credentials for the user as well, which means that the user authentication procedure has to be Kerberized as well. |
58.
What is the name of the file where you create NFS exports?
- A./etc/sysconfig/nfs
- B./etc/nfs/nfs.conf
- C./etc/exports
- D./etc/shares
- Answer & Explanation
- Report
Answer : [C]
Explanation :
Explanation :
| The /etc/exports file is the default file where NFS shares are created. Alternatively, on RHEL 7, you can create snap-in files that define the export settings and put these files in the directory /etc/exports.d. |
59.
Which statement about user access to shares is not true?
- A.To set up a Kerberized connection, it is enough if the NFS server has access to a keytab file.
- B.By default users will have read-only access to NFS shares.
- C.If you want to synchronize user accounts between NFS server and client, you need to run the rpc.idmap process.
- D.The user nfsnobody can be used in a minimal security scenario.
- Answer & Explanation
- Report
Answer : [B]
Explanation :
Explanation :
| There is no default security setting; it needs to be configured using the appropriate options in the export. |
60.
Which port should be open in the firewall to allow access to an NFSv4 server?
- A.2049
- B.Dynamic ports that have to be specified in /etc/sysconfig/nfs on the server
- C.2048 and Kerberos port 416
- D.The entire dynamic port range
- Answer & Explanation
- Report
Answer : [A]
Explanation :
Explanation :
| Port 2049 gives access to the NFS server. It does not allow old utilities such as showmount, which use RPC calls, to traverse the firewall. To allow them, you need to add the mountd as well as the rpc-bind services to the firewall also, which open ports 111 and 30048 also. |
|
|
||||||||||||||||||||||||||||
