Which TWO of the following statements about the tcp_wrappers configuration files are correct?


A.      Both files must be edited, to get tcp_wrappers to work properly

B.      It is possible to configure tcp_wrappers using just one file

C.      (x) inetd requires these files

D.      All programs that provide network services use these files to control access

E.       tcpd uses these files to control access to network services

Answer: B, E


What is the appropriate configuration file entry to allow SSH to run from inetd?


A.      ssh stream tcp nowait root /usr/sbin/tcpd sshd

B.      ssh stream tcp nowait root /usr/sbin/tcpd tcpd

C.      ssh stream tcpd nowait root /usr/sbin/tcpd sshd

D.      ssh data tcpd nowait root /usr/sbin/tcpd sshd

E.       ssh data tcp nowait root /usr/sbin/tcpd sshd

Answer: A


Which of the following sentences is TRUE about FreeS/WAN?


A.        FreeS/WAN doesn’t support remote users (i.e. notebook users with dynamic IP addresses) connecting tothe LAN

B.        FreeS/WAN needs a patch to support NAT traversal for users behind a NAT gateway

C.        FreeS/WAN doesn’t require any Linux kernel 2.4 modules to work properly

D.        FreeS/WAN only enables the use of strong encryption between Linux hosts

E.         FreeS/WAN can’t be used to establish a VPN between a Linux host and a Microsoft Windows 2000 Serverhost

Answer: B


As of Linux kernel 2.4, which software is used to configure a VPN?


A.      IPSec

B.      SSH

C.      net – tools

D.      FreeS/WAN

E.       iproute2

Answer: D


A program, called vsftpd, running in a chroot jail, is giving the following error: /bin/vsftpd: error while loading shared libraries: libc.so.6: cannot open shared object file: No such file or directory. Which TWO of the following are possible solutions?


A.      Get the vsftp source code and compile it statically.

B.      The file /etc/ld.so.conf must contain the path to the appropriate lib directory in the chroot jail

C.      Create a symbolic link that points to the required library outside the chroot jail

D.      Copy the required library to the appropriate lib directory in the chroot jail.

E.       Run the program using the command chroot and the option –static_libs

Answer: A, D


Which of the following can the program tripwire NOT check?


A.      File size.

B.      File signature.

C.      Permissions.

D.      File existence.

E.       Boot sectors.

Answer: E


The following is an excerpt from the output of tcpdump -nli eth1 ‘udp’:

13:03:17.277327 IP > 43653+ A? lpi.org. (25)

13:03:17.598624 IP > 43653 1/0/0 A (41)

Which network service or protocol was used?


A.      FTP

B.      HTTP

C.      SSH

D.      DNS

E.       DHCP

Answer: D


A server is being used as a smurf amplifier, whereby it is responding to ICMP Echo-Request packets sent to its broadcast address. To disable this, which command needs to be run?


A.      ifconfig eth0 nobroadcast

B.      echo “0” > /proc/sys/net/ipv4/icmp_echo_accept_broadcasts

C.      iptables -A INPUT -p icmp -j REJECT

D.      echo “1” > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts

E.       echo “1” > /proc/sys/net/ipv4/icmp_echo_nosmurf

Answer: D


When the default policy for the iptables INPUT chain is set to DROP, why should a rule allowing traffic to localhost exist?


A.      All traffic to localhost must always be allowed.

B.      It doesn’t matter; iptables never affects packets addressed to localhost

C.      Sendmail delivers emails to localhost

D.      Some applications use the localhost interface to communicate with other applications.

E.       syslogd receives messages on localhost

Answer: D


To be able to access the server with the IP address using HTTPS, a rule for iptables has to be written. Given that the client host’s IP address is, which of the following commands is correct?


A.      iptables – A FORWARD -p tcp -s 0/0 -d –dport 80 -j ACCEPT

B.      iptables – A FORWARD -p tcp -s d -j ACCEPT.

C.      iptables – A FORWARD -p tcp -s -d –dport 443 -j ACCEPT.

D.      iptables – A INPUT -p tcp -s – d -j ACCEPT.

E.       iptables – A FORWARD -p tcp -s 0/0 -d –dport 443 -j ACCEPT.

Answer: C



Download Latest LPI 117-202 Real Free Tests , help you to pass exam 100%.

Comments are closed.