- Home
- Server Administration
- LPIC-2 Linux Engineer 202
6.
You've prepared an LDIF file ( newusers.ldif ) with several new user definitions, and you
want to add these new users to your LDAP - based account directory for example.com , using
the administrative account called manager . How can you do so, assuming your system is
properly configured to enable such modifications?
- A.ldapadd - D manager@example.com newusers.ldif
- B.ldapadd cn=manager,dc=example,dc=com newusers.ldif
- C.ldapadd - D manager@example.com - W - f newusers.ldif
- D.ldapadd - D cn=manager,dc=example,dc=com - W - f newusers.ldif
- Answer & Explanation
- Report
Answer : [D]
Explanation :
Explanation :
| Option D presents the correct syntax for performing the task specified in the question. Options A and C both incorrectly express the distinguished name (DN) for the account used to perform administrative tasks, and options A and B both omit the - W (prompt for authentication) and - f (to pass a filename) options. |
7.
You want to remove the Z shell ( zsh ) from a computer whose users are all defined via an
LDAP server. Before doing so, though, you want to check that none of these users relies on
zsh as the default shell. How can you check to see whether any users do so?
- A.ldapmodify - - search loginShell=/bin/zsh
- B.ldappasswd - - search loginShell=/bin/zsh
- C.ldap - - search loginShell=/bin/zsh
- D.ldapsearch loginShell=/bin/zsh
- Answer & Explanation
- Report
Answer : [D]
Explanation :
Explanation :
| The ldapsearch utility searches an LDAP directory for records matching the specified field. Option D presents the correct syntax to perform a search for accounts using /bin/zsh as the default shell. The ldapmodify and ldappasswd commands are used to submit a modified LDIF file and change a password, respectively; neither is used to search records. There is no standard utility called ldap . |
8.
What is the default method of encrypting passwords in LDAP?
- A.Cleartext
- B.MD5
- C.SSHA
- D.CRYPT
- Answer & Explanation
- Report
Answer : [C]
Explanation :
Explanation :
| By default, LDAP uses SSHA for password encryption. Cleartext, MD5, and CRYPT are all valid alternatives, but none of them is the default. (Cleartext is also very inadvisable, since this refers to no encryption at all.) |
9.
Which of the following is a disadvantage of using NAT to connect a small business's
network to the Internet?
- A.The business can acquire a smaller block of Internet - accessible IP addresses than might be required without NAT.
- B.A buggy Web server that's accidentally left running on the internal network will be protected from miscreants on the Internet.
- C.It will be difficult to run file and printer sharing servers on the internal network for use by clients on the internal network.
- D.Additional configuration will be required if servers on the internal network should be accessible to the Internet.
- Answer & Explanation
- Report
Answer : [D]
Explanation :
Explanation :
| By its nature, NAT blocks access to the protected network's servers. This feature can be overcome by port redirection, but doing so requires extra configuration effort; thus, option D is correct. Options A and B both describe features of NAT, but these features are advantages, not disadvantages, of NAT. Option C is incorrect because NAT does not affect the ability to run servers on an internal network for use by clients on that same network; only outside access to those servers is affected. |
10.
You want to configure a router for a small network so that external sites cannot connect to
the SSH port on internal computers, but you want no such restriction for the router itself.
What is the best chain to modify to accomplish this goal?
- A.INPUT
- B.OUTPUT
- C.FORWARD
- D.ACCEPT
- Answer & Explanation
- Report
Answer : [C]
Explanation :
Explanation :
| The FORWARD chain controls packets that a router forwards between networks, which is the type of action the question describes; thus, option C is correct. The INPUT and OUTPUT chains affect packets accepted by or sent by the computer, respectively, so modifying those chains would affect the router itself. (You could add rules based on IP addresses or other criteria to accomplish the stated goals using these chains, but that adds complexity, making these chains less desirable choices at best.) There is no standard ACCEPT chain, although this is a common action, meaning that a packet is to be passed. |
|
|
||||||||||||||||||||||||||||
