Linux Networking Administration

QUESTION NO: 1

According to the dhcpd.conf file below, which domain name will clients in the 172.16.87.0/24 network get?

default-lease-time 1800;

max-lease-time 7200;

option domain-name "example.com"

subnet 172.16.87.0 netmask 255.255.255.0 {

range 172.16.87.128 172.16.87.254;

option broadcast-address 172.16.87.255;

option domain-name-servers 172.16.87.1;

option domain-name "lab.example.com";

}

subnet 172.16.88.0 netmask 255.255.255.0 {

range 172.16.88.128 172.16.88.254;

option broadcast-address 172.16.88.255;

option domain-name-servers 172.16.88.1;

}

Answer: LAB.EXAMPLE.COM

QUESTION NO: 2

Which of the following sentences is true about ISC DHCP?

A. It can't be configured to assign addresses to BOOTP clients.

B. Its default behavior is to send DHCPNAK to clients that request inappropriate addresses.

C. It can't be used to assign addresses to X - terminals.

D. It can be configured to only assign addresses to known clients.

E. None of the above.

Answer: D

QUESTION NO: 3

The host, called "lpi", with the MAC address "08:00:2b:4c:59:23" should always be given the IP address of 192.168.1.2 by the DHCP server. Which of the following configurations will achieve this?

A.host lpi {

hardware-ethernet 08:00:2b:4c:59:23;

fixed-address 192.168.1.2;

}

B.host lpi {

mac=08:00:2b:4c:59:23;

ip=192.168.1.2;

}

C.host lpi = 08:00:2b:4c:59:23 192.168.1.2

D.host lpi {

hardware ethernet 08:00:2b:4c:59:23;

fixed-address 192.168.1.2;

}

E.host lpi {

hardware-address 08:00:2b:4c:59:23;

fixed-ip 192.168.1.2;

}

Answer: D

QUESTION NO: 4

Which dhcpd.conf option defines the DNS server address(es) to be sent to the DHCP clients?

A. domainname

B. domain-name-servers

C. domain-nameserver

D. domain-name-server

Answer: B

QUESTION NO: 5

What is a significant difference between host and zone keys generated by dnssec-keygen?

A. There is no difference.

B. Both zone key files ( .key/.private ) contain a public and private key.

C. Both host keys files ( .key/. private) contain a public and private key.

D. Host Keys must always be generated if DNSSEC is used; zone keys are optional

E. Zone Keys must always be generated if is used; host keys are optional

Answer: B

QUESTION NO: 6

According to the configuration below, what is the e-mail address of the administrator for this domain?

$TTL 86400

$ORIGIN example.com

@ IN SOA mars.example.com. hostmaster.example.com (

2005020801

10800 3600

604800 86400 )

Answer: HOSTMASTER@EXAMPLE.COM

QUESTION NO: 7

Which of these would be the simplest way to configure BIND to return a different version number to queries?

A. Compile BIND with the option -blur-version=my version.

B. Set version-string "my version" in BIND's configuration file.

C. Set version "my version" in BIND's configuration file.

D. Set version=my version in BIND's configuration file.

E. Ser version-bind "my version" in BIND's configuration file.

Answer: C

QUESTION NO: 8

A. Any host, from any network, may use this server as its main DNS server.

B. If the server doesn't know the answer to a query, it sends a recursive query to 192.168.0.4.

C. If the server doesn't know the answer to a query, it sends a query to a root DNS server.

D. Hosts in the network 10.0.0.0/24 will be able to ask for zone transfers.

E. If the server doesn't know the answer to a query, it sends a recursive query to 192.168.0.4 and, if this fails, it returns a failure.

Answer: B

QUESTION NO: 9

A BIND server should be upgraded to use TSIG. Which configuration parameters should be added, if the server should use the algorithm hmac-md5 and the key skrKc4DoTzi/tAkllPi7JZA== ?

A. TSIG server.example.com.

algorithm hmac-md5;

secret "skrKc4DoTzi/tAkllPi7JZA==";

};

B. key server.example.com. {

algorithm hmac-md5;

secret skrKc4DoTzi/tAkllPi7JZA==;

};

C. key server.example.com. {

algorithm hmac-md5;

secret "skrKc4DoTzi/tAkllPi7JZA==";

};

D. key server.example.com. {

algorithm=hmac-md5;

secret="skrKc4DoTzi/tAkllPi7JZA==";

};

E. key server.example.com. {

algorithm hmac-md5

secret "skrKc4DoTzi/tAkI1Pi7JZA=="

};

Answer: C

QUESTION NO: 10

DNSSEC is used for?

A. Encrypted DNS queries between nameservers.

B. Cryptographic authentication of DNS zones.

C. Secondary DNS queries for local zones.

D. Defining a secure DNS section.

E. Querying a secure DNS section.

Answer: B

QUESTION NO: 11

Using only commands included with named, what is the command, with options or parameters, to make named re-read its zone files?

Answer: rndc reload

QUESTION NO: 12

Which type of DNS record defines which server(s) email for a domain should be sent to?

Answer: MX

QUESTION NO: 13

Some users are unable to connect to specific local hosts by name, while accessing hosts in other zones works as expected. Given that the hosts are reachable by their IP addresses, which is the default log file that could provide hints about the problem?

A. /var/named/log

B. /var/lib/named/dev/log

C. /var/log/bind_errors

D. /var/log/bind/errors

E. /var/log/messages

Answer: E

QUESTION NO: 14

A BIND server should never answer queries from certain networks or hosts. Which configuration directive could be used for this purpose?

A. deny-query { ...; };

B. no-answer { ...; };

C. deny-answer { ...; };

D. deny-access { ...; };

E. blackhole { ...; };

Answer: E

QUESTION NO: 15

What is the purpose of a PTR record?

A. To provide name to IP resolution.

B. To provide IP to name resolution.

C. To direct email to a specific host.

D. To provide additional host information.

E. To direct clients to another nameserver.

Answer: B

QUESTION NO: 16

Performing a DNS lookup with dig results in this answer: What might be wrong in the zone definition?

A. Nothing. All seems to be good.

B. There's no "." after linuserv.example.net in the PTR record in the forward lookup zone file.

C. There's no "." after linuserv in the PTR record in the forward lookup zone file.

D. There's no "." after linuserv.example.net in the PTR record in the reverse lookup zone file.

E. The "." in the NS definition in reverse lookup zone has to be removed.

Answer: D

QUESTION NO: 17

What directive can be used in named.conf to restrict zone transfers to the 192.168.1.0/24 network?

A. allow-transfer { 192.168.1.0/24; };

B. allow-transfer { 192.168.1.0/24 };

C. allow-axfr { 192.168.1.0/24; };

D. allow-axfr { 192.168.1.0/24 };

E. allow-xfer { 192.168.1.0/24; };

Answer: A

QUESTION NO: 18

To securely use dynamic DNS updates, the use of TSIG is recommended. Which TWO statements about TSIG are true?

A. TSIG is used for zone data encryption

B. TSIG is a signal to start a zone update

C. TSIG is used in zone files

D. TSIG is used only in server configuration

E. Servers using TSIG must be in sync (time zone!)

Answer: DE

QUESTION NO: 19

In which configuration file can a key-file be defined to enable secure DNS zone transfers? (Please enter the file name without the path)

Answer: named.conf

QUESTION NO: 20

The users of the local network complain that name resolution is not fast enough. Enter the command, without the path or any options, that shows the time taken to resolve a DNS query.

Answer: dig

QUESTION NO: 21

Which option is used to configure pppd to use up to two DNS server addresses provided by the remote server?

A. ms-dns

B. nameserver

C. usepeerdns

D. dns

E. None of the above

Answer: E

QUESTION NO: 22

A DNS server has the IP address 192.168.0.1. Which TWO of the following need to be done on a client machine to use this DNS server?

A. Add nameserver 192.168.0.1 to /etc/resolv.conf.

B. Run route add nameserver 192.168.0.1.

C. Run ifconfig eth0 nameserver 192.168.0.1.

D. Ensure that the dns service is listed in the hosts entry in the /etc/nsswitch.conf file.

E. Run bind add nameserver 192.168.0.1.

Answer: AD

QUESTION NO: 23

The mailserver is currently called fred, while the primary MX record points to mailhost.example.org. What must be done to direct example.org email towards fred?

A. Add an A record for mailhost to fred's IP address.

B. Add a CNAME record from mailhost to fred

C. Add another MX record pointing to fred's IP address.

D. Add a PTR record from mailhost to fred.

Answer: A

QUESTION NO: 24

Which port must be open on a firewall, to allow a DNS server to receive queries? (Enter only the port number).

Answer: 53

QUESTION NO: 25

Which of these ways can be used to only allow access to a DNS server from specified networks/hosts?

A. Using the limit{...;};statement in the named configuration file.

B. Using the allow-query{...;};statement in the named configuration file.

C. Using the answer only{...;};statement in the named configuration file.

D. Using the answer{...;};statement in the named configuration file.

E. Using the query access{...;};statement in the named configuration file.

Answer: B

QUESTION NO: 27

There is a restricted area in an Apache site, which requires users to authenticate against the file /srv/www/security/site-passwd. Which command is used to CHANGE the password of existing users, without losing data, when Basic authentication is being used.

A. htpasswd -c /srv/www/security/site passwd user

B. htpasswd /srv/www/security/site-passwd user

C. htpasswd -n /srv/www/security/site-passwd user

D. htpasswd -D /srv/www/security/site-passwd user

E. None of the above.

Answer: B

QUESTION NO: 28

Consider the following / srv/www/ default/html/ restricted/.htaccess

AuthType Basic

AuthUserFile / srv/www/ security/ site-passwd

AuthName Restricted

Require valid-user

Order deny,allow

Deny from all

Allow from 10.1.2.0/24

Satisfy any

Considering that DocumentRoot is set to /srv/www/default/html, which TWO of the following sentences are true?

A. Apache will only grant access to http://server/restricted/to authenticated users connecting from clients in the 10.1.2.0/24 network

B. This setup will only work if the directory /srv/www/default/html/restricted/ is configured with AllowOverride AuthConfig Limit

C. Apache will require authentication for every client requesting connections to http://server/restricted/

D. Users connecting from clients in the 10.1.2.0/24 network won't need to authenticate themselves to access http://server/restricted/

E. The Satisfy directive could be removed without changing Apache behaviour for this directory

Answer: BD

QUESTION NO: 29

A web server is expected to handle approximately 200 simultaneous requests during normal use with an occasional spike in activity and is performing slowly. Which directives in httpd.conf need to be adjusted?

A. MinSpareServers & MaxSpareServers. B. MinSpareServers, MaxSpareServers, StartServers & MaxClients.

C. MinServers, MaxServers & MaxClients.

D. MinSpareServers, MaxSpareServers, StartServers, MaxClients & KeepAlive.

Answer: B

QUESTION NO: 30

Which statements about the Alias and Redirect directives in Apache's configuration file are true?

A. Alias can only reference files under DocumentRoot

B. Redirect works with regular expressions

C. Redirect is handled on the client side

D. Alias is handled on the server side

E. Alias is not a valid configuration directive

Answer: CD

QUESTION NO: 31

Which file, in the local file-system, is presented when the client requests http://server/~joe/index.html and the following directive is present in server's Apache configuration file?

UserDir site/html Given that all users have their home directory in /home, please type in the FULL file name including the path.

Answer: /home/joe/site/html/index.html

QUESTION NO: 32

When Apache is configured to use name-based virtual hosts:

A. it's also necessary to configure a different IP address for each virtual host.

B. the Listen directive is ignored by the server.

C. it starts multiple daemons (one for each virtual host).

D. it's also necessary to create a VirtualHost block for the main host.

E. only the directives ServerName and DocumentRoot may be used inside a block.

Answer: D

QUESTION NO: 33

Enter one of the Apache configuration file directives that defines where log files are stored.

Answer: ErrorLog

QUESTION NO: 34

Which Apache directive is used to configure the main directory for the site, out of which it will serve documents?

A. ServerRoot

B. UserDir

C. DirectoryIndex

D. Location

E. DocumentRoot

Answer: E

QUESTION NO: 35

Which Apache directive allows the use of external configuration files defined by the directive

AaccessFileName?

A. AllowExternalConfig

B. AllowAccessFile

C. AllowConfig

D. IncludeAccessFile

E. AllowOverride

Answer: E

QUESTION NO: 36

Which of the following is recommended to reduce Squid's consumption of disk resources?

A. Disable the use of access lists.

B. Reduce the size of cache_dir in the configuration file.

C. Rotate log files regularly.

D. Disable logging of fully qualified domain names.

E. Reduce the number of child processes to be started in the configuration file.

Answer: B

QUESTION NO: 37

Which ACL type in Squid's configuration file is used for authentication purposes?

A. proxyAuth

B. proxy_auth

C. proxy_passwd

D. auth

E. auth_required

Answer: B

QUESTION NO: 38

The listing below is an excerpt from a Squid configuration file:

A. Users connecting from localhost will be able to access web sites through this proxy.

B. It's necessary to include a http_access rule denying access to all, at the end of the rules.

C. It's possible to use this proxy to access SSL enabled web sites listening on any port.

D. This proxy can't be used to access FTP servers listening on the default port.

E. This proxy is misconfigured and no user will be able to access web sites through it.

Answer: D

QUESTION NO: 39

In the file /var/squid/url_blacklist is a list of URLs that users should not be allowed to access. What is the correct entry in Squid's configuration file to create an acl named blacklist based on this file?

A. acl blacklist urlpath_regex /var/squid/url_blacklist

B. acl blacklist file /var/squid/url_blacklist

C. acl blacklist "/var/squid/url_blacklist"

D. acl blacklist urlpath_regex "/var/squid/url_blacklist"

E. acl urlpath_regex blacklist /var/squid/url_blacklist

Answer: D

QUESTION NO: 40

Users in the acl named 'sales_net' must only be allowed to access to the Internet at times specified in the time_acl named 'sales_time'. Which is the correct http_access directive, to configure this?

A. http_access deny sales_time sales_net

B. http_access allow sales_net sales_time

C. http_access allow sales_net and sales_time

D. allow http_access sales_net sales_time

E. http_access sales_net sales_time

Answer: B

Site Search:

Close

Close
Download Free Demo of VCE
Exam Simulator

Experience Avanset VCE Exam Simulator for yourself.


Simply submit your e-mail address below to get started with our interactive software demo of your free trial.


Enter Your Email Address

Free Demo Limits: In the demo version you will be able to access only first 5 questions from exam.