Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

LPI 303-200 - 303-200: LPIC-3 Exam 303: Security, version 2.0

LPI 303-200 Premium Access     Download Demo    
Page: 1 / 2
Total 60 questions

What effect does the configuration SSLStrictSNIVHostCheck on have on an Apache HTTPD virtual host?

A.

The clients connecting to the virtual host must provide a client certificate that was issued by the same CA that issued the server's certificate.

B.

The virtual host is served only to clients that support SNI.

C.

All of the names of the virtual host must be within the same DNS zone.

D.

The virtual host is used as a fallback default for all clients that do not support SNI.

E.

Despite its configuration, the virtual host is served only on the common name and Subject Alternative Names of the server certificates.

Which of the following statements is used in a parameter file for setkey in order to create a new SPD entry?

A.

spd

B.

addspd

C.

newspd

D.

spdnew

E.

spdadd

Given that this device has three different keys, which of the following commands deletes only the first key?

A.

cryptsetup luksDelKey /dev/sda 1 0

B.

cryptsetup luksDelkey /dev/sda 1 1

C.

cryptsetup luksDelKey / dev /mapper/crypt- vol 1

D.

cryptsetup luksDelKey / dev /mapper/crypt- vol 0

Which of the following statements are true regarding the certificate of a Root CA? (Choose TWO correct answers.)

A.

It is a self-signed certificate.

B.

It does not include the private key of the CA

C.

It must contain a host name as the common name.

D.

It has an infinite lifetime and never expires.

E.

It must contain an X509v3 Authority extension.

Which of the following methods can be used to deactivate a rule in Snort? (Choose TWO correct answers.)

A.

By placing a # in front of the rule and restarting Snort

B.

By placing a pass rule in local.rules and restarting Snort.

C.

By deleting the rule and waiting for Snort to reload its rules files automatically.

D.

By adding a pass rule to /etc/snort/rules.deactivated and waiting for Snort to reload its rules files automatically.

Which option of the openvpn command should be used to ensure that ephemeral keys are not written to the swap space?

A.

--mlock

B.

--no-swap

C.

--root-swap

D.

--keys-no-swap

Which of the following are differences between AppArmor and SELinux? (Choose TWO correct answers).

A.

AppArmor is implemented in user space only. SELinux is a Linux Kernel Module.

B.

AppArmor is less complex and easier to configure than SELinux.

C.

AppArmor neither requires nor allows any specific configuration. SELinux must always be manually configured.

D.

SELinux stores information in extended file attributes. AppArmor does not maintain file specific information and states.

E.

The SELinux configuration is loaded at boot time and cannot be changed later on AppArmor provides user space tools to change its behavior.

Which of the following practices are important for the security of private keys? (Choose TWO correct answers.)

A.

Private keys should be created on the systems where they will be used and should never leave them.

B.

private keys should be uploaded to public key servers.

C.

Private keys should be included in X509 certificates.

D.

Private keys should have a sufficient length for the algorithm used for key generation.

E.

Private keys should always be stored as plain text files without any encryption.

Which of the following lines in an OpenSSL configuration adds an X 509v3 Subject Alternative Name extension for the host names example.org and www.example.org to a certificate'?

A.

subjectAltName = DNS: www example.org, DNS:example.org

B.

extension= SAN: www.example.org , SAN:example.org

C.

subjectAltName: www.example.org , subjectAltName: example.org

D.

commonName = subjectAltName= www.example.org , subjectAltName = example.org

E.

subject= CN= www.example.org , CN=example.org

Given a proper network and name resolution setup, which of the following commands establishes a trust between a FreelPA domain and an Active Directory domain?

A.

ipa trust-add --type ad addom --admin Administrator --password

B.

ipa-ad -add-trust --account ADDOM\Administrator--query-password

C.

net ad ipajoin addom -U Administrator -p

D.

trustmanager add -_domain ad: //addom --user Administrator -w

E.

ipa ad join addom -U Administrator -w