Which TWO of the following statements about the tcp_wrappers configuration files are correct?
A. Both files must be edited, to get tcp_wrappers to work properly
B. It is possible to configure tcp_wrappers using just one file
C. (x) inetd requires these files
D. All programs that provide network services use these files to control access
E. tcpd uses these files to control access to network services
Answer: B, E
What is the appropriate configuration file entry to allow SSH to run from inetd?
A. ssh stream tcp nowait root /usr/sbin/tcpd sshd
B. ssh stream tcp nowait root /usr/sbin/tcpd tcpd
C. ssh stream tcpd nowait root /usr/sbin/tcpd sshd
D. ssh data tcpd nowait root /usr/sbin/tcpd sshd
E. ssh data tcp nowait root /usr/sbin/tcpd sshd
Which of the following sentences is TRUE about FreeS/WAN?
A. FreeS/WAN doesn’t support remote users (i.e. notebook users with dynamic IP addresses) connecting tothe LAN
B. FreeS/WAN needs a patch to support NAT traversal for users behind a NAT gateway
C. FreeS/WAN doesn’t require any Linux kernel 2.4 modules to work properly
D. FreeS/WAN only enables the use of strong encryption between Linux hosts
E. FreeS/WAN can’t be used to establish a VPN between a Linux host and a Microsoft Windows 2000 Serverhost
As of Linux kernel 2.4, which software is used to configure a VPN?
C. net – tools
A program, called vsftpd, running in a chroot jail, is giving the following error: /bin/vsftpd: error while loading shared libraries: libc.so.6: cannot open shared object file: No such file or directory. Which TWO of the following are possible solutions?
A. Get the vsftp source code and compile it statically.
B. The file /etc/ld.so.conf must contain the path to the appropriate lib directory in the chroot jail
C. Create a symbolic link that points to the required library outside the chroot jail
D. Copy the required library to the appropriate lib directory in the chroot jail.
E. Run the program using the command chroot and the option –static_libs
Answer: A, D
Which of the following can the program tripwire NOT check?
A. File size.
B. File signature.
D. File existence.
E. Boot sectors.
The following is an excerpt from the output of tcpdump -nli eth1 ‘udp’:
13:03:17.277327 IP 192.168.123.5.1065 > 192.168.5.112.53: 43653+ A? lpi.org. (25)
13:03:17.598624 IP 192.168.5.112.53 > 192.168.123.5.1065: 43653 1/0/0 A 18.104.22.168 (41)
Which network service or protocol was used?
A server is being used as a smurf amplifier, whereby it is responding to ICMP Echo-Request packets sent to its broadcast address. To disable this, which command needs to be run?
A. ifconfig eth0 nobroadcast
B. echo “0” > /proc/sys/net/ipv4/icmp_echo_accept_broadcasts
C. iptables -A INPUT -p icmp -j REJECT
D. echo “1” > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
E. echo “1” > /proc/sys/net/ipv4/icmp_echo_nosmurf
When the default policy for the iptables INPUT chain is set to DROP, why should a rule allowing traffic to localhost exist?
A. All traffic to localhost must always be allowed.
B. It doesn’t matter; iptables never affects packets addressed to localhost
C. Sendmail delivers emails to localhost
D. Some applications use the localhost interface to communicate with other applications.
E. syslogd receives messages on localhost
To be able to access the server with the IP address 10.12.34.56 using HTTPS, a rule for iptables has to be written. Given that the client host’s IP address is 192.168.43.12, which of the following commands is correct?
A. iptables – A FORWARD -p tcp -s 0/0 -d 10.12.34.56 –dport 80 -j ACCEPT
B. iptables – A FORWARD -p tcp -s 192.168.43.12 d 10.12.34.56:443 -j ACCEPT.
C. iptables – A FORWARD -p tcp -s 192.168.43.12 -d 10.12.34.56 –dport 443 -j ACCEPT.
D. iptables – A INPUT -p tcp -s 192.168.43.12 – d 10.12.34.56:80 -j ACCEPT.
E. iptables – A FORWARD -p tcp -s 0/0 -d 10.12.34.56 –dport 443 -j ACCEPT.
Download Latest LPI 117-202 Real Free Tests , help you to pass exam 100%.