- Home
- Server Administration
- LPIC-1 Linux Administrator 102
86.
The /etc/sudoers file on a computer includes the following line. What is its effect?
%admin ALL=(ALL) ALL
- A.Members of the admin group may run all programs with root privileges by using sudo.
- B.Users in the admin user alias, defined earlier in the file, may run all programs with root privileges by using sudo.
- C.The admin user alias is defined to include all users on the system.
- D.The admin command alias is defined to include all commands.
- E.The user admin may run all programs on the computer as root by using sudo.
- Answer & Explanation
- Report
Answer : [A]
Explanation :
Explanation :
| Option A correctly describes the meaning of the specified line. A percent sign (%) identifies a Linux group name, and the remainder of the line tells sudoers to enable users of that group to run all programs as root by using sudo. The remaining options all misinterpret one or more elements of this configuration file entry. |
87.
Which command would you type, as root, to discover all the open network connections on
a Linux computer?
- A.lsof -c a
- B.netstat -ap
- C.ifconfig eth0
- D.nmap -sT localhost
- E.top -net
- Answer & Explanation
- Report
Answer : [B]
Explanation :
Explanation :
| The netstat command can do what is described in the question. To do so, the -ap options to the command are good choices, so option B is correct. Although lsof can also accomplish the job, the -c a option is incorrect; this option restricts output to processes whose names begin with a. Thus, option A is incorrect. Option C’s ifconfig command doesn’t display open network connections, so it’s incorrect. Although option D’s nmap command will locate ports that are open on the localhost interface, it doesn’t locate all open connections, nor does it locate connections on anything but the localhost interface. Option D’s top command displays a list of processes sorted by CPU use, not open network connections (and -net is an invalid option to top, as well). |
88.
A server/computer combination appears in both hosts.allow and hosts.deny. What’s the
result of this configuration when TCP Wrappers runs?
- A.TCP Wrappers refuses to run and logs an error in /var/log/messages.
- B.The system’s administrator is paged to decide whether to allow access.
- C.hosts.deny takes precedence; the client is denied access to the server.
- D.hosts.allow takes precedence; the client is granted access to the server.
- E.The client is granted access to the server if no other client is currently accessing it.
- Answer & Explanation
- Report
Answer : [D]
Explanation :
Explanation :
| Option D is correct. TCP Wrappers uses this feature to allow you to override broad denials by adding more specific explicit access permissions to hosts.allow, as when setting a default deny policy (ALL : ALL) in hosts.deny. |
89.
When is the bind option of xinetd most useful?
- A.When you want to run two servers on one port
- B.When you want to specify computers by name rather than IP address
- C.When xinetd is running on a system with two network interfaces
- D.When resolving conflicts between different servers
- E.When xinetd manages a DNS server program
- Answer & Explanation
- Report
Answer : [C]
Explanation :
Explanation :
| The bind option of xinetd lets you tie a server to just one network interface rather than link to them all, so option C is correct. It has nothing to do with running multiple servers on one port (option A), specifying computers by hostname (option B), resolving conflicts between servers (option D), or the Berkeley Internet Name Domain (BIND) or any other DNS server (option E). |
90.
You’ve discovered that the Waiter program (a network server) is running inappropriately on
your computer. You therefore locate its SysV startup script and shut it down by removing
that script from your default runlevel. How can you further reduce the risk that the Waiter
program will be abused by outsiders? (Select two.)
- A.By blocking the Waiter program’s port using a firewall rule
- B.By reading the Waiter program’s documentation to learn how to run it in stealth mode
- C.By tunneling the Waiter program’s port through SSH
- D.By uninstalling the Waiter package
- E.By uninstalling any clients associated with Waiter from the server computer
- Answer & Explanation
- Report
Answer : [A, D]
Explanation :
Explanation :
| Using a firewall rule to block Waiter’s port, as in option A, can increase security by providing redundancy; if Waiter is accidentally run in the future, the firewall rule will block access to its port. Uninstalling the program, as in option D, improves security by reducing the risk that the program will be accidentally run in the future. Most programs don’t have a “stealth” mode, so option B is incorrect. (Furthermore, reading the documentation isn’t enough; to improve security, you must change some configuration.) Tunneling Waiter’s connections might have some benefit in some situations, but this configuration requires setup on both client and server computers and by itself leaves the server’s port open, so option C is incorrect. Clients associated with the server program, installed on the server computer, pose little or no risk of abuse of the associated server; it’s clients on other computers that are most likely to be used to abuse a server program, and you can’t control that. Thus, option E is incorrect. |
|
|
||||||||||||||||||||||||||||
