Lpi LPIC Level3 117-303
1. An administrator has just configured an OpenVPN client. Upon starting the service, the following
message is displayed:
TLS Error: TLS key negotiation failed to occur within 60 seconds
Which of the following statements is true?
A. The client was unable to establish a network connection with the server.
B. The client was able to establish a network connection with the server, however TLS key negotiation
failed, resulting in a fallback to SSL.
C. The client was able to establish a network connection with the server, however TLS and SSL security
are not enabled.
D. The client was able to establish a network connection with the server, however TLS key negotiation
took longer than 60 seconds, indicating that there may be a problem with network performance.
Answer: A
2. SELinux has just been installed on a Linux system and the administrator wants to use SELinux in
permissive mode in order to audit the various services on the system. What command will switch
SELinux into permissive mode?
A. setenforce 0
B. /etc/init.d/selinux stop
C. selinux passive
D. /etc/init.d/selinux startpassive
Answer: A
3. Which of the following export options, when specified in /etc/exports, will tell the server to use the
NFSv4 Pseudofilesystem?
A. fsid=2
B. fsid=0
C. fsid=3
D. fsid=1
Answer: B
4. Which of the following are common techniques for securing a sendmail server? (Select THREE correct
answers)
A. Maintain user accounts in an LDAP directory.
B. Enable TLS.
C. Disable VRFY.
D. Run sendmail in a chroot'd environment.
E. Disable USRLKUP.
Answer: BCD
5. What does ntop use for data collection?
A. Network packets
B. Log files
C. Frame relay
D. SNMP
Answer: A
6. An administrator has successfully configured a cryptographic volume for dmcrypt, and has added the
following line to /etc/fstab:
/dev/mapper/cryptvol /media/crypt auto defaults 0 0
Upon booting the system, the error message "mount: special device /dev/mapper/cryptvol does not exist"
is displayed. What configuration file has the administrator forgotten to edit? (Provide the full path and
filename)
Answer: /etc/crypttab
7. What command will remove the dmcrypt mapping named cryptvol? (Provide the command with any
options and parameters)
Answer: /sbin/cryptsetup remove crypt-vol cryptsetup remove crypt-vol
8. Which LUKS action, when supplied to the cryptsetup command, will initialize a LUKS partition and set
the initial key? (Provide only the action name)
Answer: luksFormat
9. An administrator has created a mapping with the following command:
cryptsetup luksOpen /dev/sda1 cryptvol
and has set three different keys. Which command below will delete the first key?
A. cryptsetup luksDelKey /dev/sda1 0
B. cryptsetup luksDelKey /dev/sda1 1
C. cryptsetup luksDelKey /dev/mapper/cryptvol 1
D. cryptsetup luksDelKey /dev/mapper/cryptvol 0
Answer: A
10. What command will list basic information about all targets available to cryptmount? (Provide the
command with any options or parameters)
Answer: cryptmount --list /usr/bin/cryptmount -l /usr/bin/cryptmount --list cryptmount -l
11. Which of the following are valid dmcrypt modes? (Choose THREE correct answers)
A. XTS
B. ESSIV
C. GMR
D. KWG
E. LRW
Answer: ABE
12. Which directive in the OpenVPN client.conf specifies the remote server and port that the client should
connect to? (Provide only the directive, without any options or parameters)
Answer: remote
13. You are certain that your kernel has been compiled with ACL support, however, when you try to set an
ACL on a file, you get the following output:
% setfacl m user:hugh:r afile.txt
setfacl: afile.txt: Operation not supported
What is the most likely reason for this problem?
A. There is an error in the command line parameters.
B. There is no user on the system named hugh.
C. The partition has not been mounted with the acl option.
D. The file afile.txt doesn't exist.
Answer: C
1. An administrator has just configured an OpenVPN client. Upon starting the service, the following
message is displayed:
TLS Error: TLS key negotiation failed to occur within 60 seconds
Which of the following statements is true?
A. The client was unable to establish a network connection with the server.
B. The client was able to establish a network connection with the server, however TLS key negotiation
failed, resulting in a fallback to SSL.
C. The client was able to establish a network connection with the server, however TLS and SSL security
are not enabled.
D. The client was able to establish a network connection with the server, however TLS key negotiation
took longer than 60 seconds, indicating that there may be a problem with network performance.
Answer: A
2. SELinux has just been installed on a Linux system and the administrator wants to use SELinux in
permissive mode in order to audit the various services on the system. What command will switch
SELinux into permissive mode?
A. setenforce 0
B. /etc/init.d/selinux stop
C. selinux passive
D. /etc/init.d/selinux startpassive
Answer: A
3. Which of the following export options, when specified in /etc/exports, will tell the server to use the
NFSv4 Pseudofilesystem?
A. fsid=2
B. fsid=0
C. fsid=3
D. fsid=1
Answer: B
4. Which of the following are common techniques for securing a sendmail server? (Select THREE correct
answers)
A. Maintain user accounts in an LDAP directory.
B. Enable TLS.
C. Disable VRFY.
D. Run sendmail in a chroot'd environment.
E. Disable USRLKUP.
Answer: BCD
5. What does ntop use for data collection?
A. Network packets
B. Log files
C. Frame relay
D. SNMP
Answer: A
6. An administrator has successfully configured a cryptographic volume for dmcrypt, and has added the
following line to /etc/fstab:
/dev/mapper/cryptvol /media/crypt auto defaults 0 0
Upon booting the system, the error message "mount: special device /dev/mapper/cryptvol does not exist"
is displayed. What configuration file has the administrator forgotten to edit? (Provide the full path and
filename)
Answer: /etc/crypttab
7. What command will remove the dmcrypt mapping named cryptvol? (Provide the command with any
options and parameters)
Answer: /sbin/cryptsetup remove crypt-vol cryptsetup remove crypt-vol
8. Which LUKS action, when supplied to the cryptsetup command, will initialize a LUKS partition and set
the initial key? (Provide only the action name)
Answer: luksFormat
9. An administrator has created a mapping with the following command:
cryptsetup luksOpen /dev/sda1 cryptvol
and has set three different keys. Which command below will delete the first key?
A. cryptsetup luksDelKey /dev/sda1 0
B. cryptsetup luksDelKey /dev/sda1 1
C. cryptsetup luksDelKey /dev/mapper/cryptvol 1
D. cryptsetup luksDelKey /dev/mapper/cryptvol 0
Answer: A
10. What command will list basic information about all targets available to cryptmount? (Provide the
command with any options or parameters)
Answer: cryptmount --list /usr/bin/cryptmount -l /usr/bin/cryptmount --list cryptmount -l
11. Which of the following are valid dmcrypt modes? (Choose THREE correct answers)
A. XTS
B. ESSIV
C. GMR
D. KWG
E. LRW
Answer: ABE
12. Which directive in the OpenVPN client.conf specifies the remote server and port that the client should
connect to? (Provide only the directive, without any options or parameters)
Answer: remote
13. You are certain that your kernel has been compiled with ACL support, however, when you try to set an
ACL on a file, you get the following output:
% setfacl m user:hugh:r afile.txt
setfacl: afile.txt: Operation not supported
What is the most likely reason for this problem?
A. There is an error in the command line parameters.
B. There is no user on the system named hugh.
C. The partition has not been mounted with the acl option.
D. The file afile.txt doesn't exist.
Answer: C