Lpi 303-200リアル試験問題テストエンジン問題集トレーニングには60問あります
303-200実際の問題解答PDFには100%カバー率リアル試験問題
質問 17
Which of the following commands adds a new user usera to FreelPA?
- A. ipa-user- add usera --name "User A"
- B. ipa-admin create user --account usera -_fname User --iname A
- C. ipa user-add usera --first User --last A
- D. useradd usera --directory ipa --gecos *User A"
- E. idap- useradd --H ldaps://ipa-server CN=UserA --attribs "Firstname: User: Lastname: A"
正解: C
質問 18
CORRECT TEXT
Which command, included in BIND, generates DNSSEC keys? (Specify ONLY the command without any path or parameters.)
正解:
解説:
dnssec-keygen
http://ripe60.ripe.net/presentations/Damas-BiND_9.7_-_DNSSE_for_humans.pdf
質問 19
Which of the following configuration options makes Apache HTTPD require a client certificate for authentication?
- A. Limit valid-x509
- B. SSLPolicy valid-client-cert
- C. SSLRequestClientCert always
- D. Require valid-x509
- E. SSLVerifyClient require
正解: E
解説:
Explanation/Reference:
https://linuxconfig.org/apache-web-server-ssl-authentication
質問 20
Which of the following lines in an OpenSSL configuration adds an X 509v3 Subject Alternative Name extension for the host names example.org and www.example.org to a certificate?
- A. subject= CN= www.example.org, CN=example.org
- B. commonName = subjectAltName= www.example.org,
subjectAltName = example.org - C. subjectAltName: www.example.org, subjectAltName: example.org
- D. extension= SAN: www.example.org, SAN:example.org
- E. subjectAltName = DNS: www.example.org, DNS:example.org
正解: E
解説:
Explanation/Reference:
https://www.openssl.org/docs/manmaster/apps/x509v3_config.html
質問 21
Which of the following parameters to openssl s_client specifies the host name to use for TLS Server Name Indication?
- A. -servername
- B. -tlsname
- C. -host
- D. -vhost
- E. -sniname
正解: A
質問 22
Which DNS label points to the DANE information used to secure HTTPS connections to https:// www.example.com/?
- A. www.example.com
- B. dane.www.example.com
- C. example.com
- D. _443_tcp.www.example.com
- E. soa.example.com
正解: D
解説:
Explanation/Reference:
http://paginas.fe.up.pt/~jmcruz/ssi/ssi.1112/trabs-als/final/G7T12-digit.cert.altern-final.pdf
質問 23
Which of the following statements are true regarding the certificate of a Root CA? (Choose TWO correct answers.)
- A. It is a self-signed certificate.
- B. It must contain a host name as the common name.
- C. It has an infinite lifetime and never expires.
- D. It must contain an X509v3 Authority extension.
- E. It does not include the private key of the CA.
正解: A,D,E
解説:
Explanation/Reference:
https://en.wikipedia.org/wiki/Root_certificate
質問 24
Which of the following commands disables the automatic password expiry for the user usera?
- A. chage --maxdays -1 usera
- B. chage --lastday 0 usera
- C. chage -maxdays 99 usera
- D. chage --maxdays none usera
- E. chage --lastday none usera
正解: A
質問 25
Which of the following statements is true about chroot environments?
- A. The chroot path needs to contain all data required by the programs running in the chroot environment
- B. Hard links to files outside the chroot path are not followed, to increase security
- C. Programs are not able to set a chroot path by using a function call, they have to use the command chroot
- D. Symbolic links to data outside the chroot path are followed, making files and directories accessible
- E. When using the command chroot, the started command is running in its own namespace and cannot communicate with other processes
正解: A
質問 26
Which option of the openvpn command should be used to ensure that ephemeral keys are not written to the swap space?
- A. --root-swap
- B. --mlock
- C. --no-swap
- D. --keys-no-swap
正解: B
質問 27
Which of the following keywords are built-in chairs for the iptables nat table? (Choose THREE correct answers.)
- A. OUTPUT
- B. MASQUERADE
- C. PREROUTING
- D. PROCESSING
- E. POSTROUTING
正解: A,C,E
解説:
Explanation/Reference:
http://linux.die.net/man/8/ebtables
質問 28
CORRECT TEXT
Which command is used to run a new shell for a user changing the SELinux context? (Specify ONLY the command without any path or parameters.)
正解:
解説:
newrole
https://www.centos.ofg/docs/5/html/DeployrnenLGuide-en-US/sec-sel-admincontrol.html
質問 29
Which of the following statements describes the purpose of ndpmon?
- A. It monitors log files for failed login attempts in order to block traffic from offending network nodes.
- B. It monitors the network for IPv4 nodes that have not yet migrated to IPv6.
- C. It monitors the network for neighbor discovery messages from new IPv6 hosts and routers.
- D. It monitors remote hosts by periodically sending echo requests to them.
- E. It monitors the availability of a network link by querying network interfaces.
正解: C
解説:
Explanation/Reference:
https://en.wikipedia.org/wiki/NDPMon
質問 30
SIMULATION
Which command, included in BIND, generates DNSSEC keys? (Specify ONLY the command without any path or parameters.)
正解:
解説:
dnssec-keygen
Explanation/Reference:
http://ripe60.ripe.net/presentations/Damas-BIND_9.7_-_DNSSE_for_humans.pdf
質問 31
in which path is the data, which can be altered by the sysctl command, accessible?
- A. /proc/sys/
- B. /sys/
- C. /sysctl/
- D. /dev/sys/
正解: A
質問 32
Which of the following components are part of FreeIPA? (Choose THREE correct answers.)
- A. DHCP Server
- B. Intrusion Detection System
- C. Public Key Infrastructure
- D. Directory Server
- E. Kerberos KDC
正解: C,D,E
解説:
Explanation/Reference:
https://www.freeipa.org/page/Documentation
質問 33
Which of the following practices are important for the security of private keys? (Choose TWO correct answers.)
- A. private keys should be uploaded to public key servers.
- B. Private keys should be created on the systems where they will be used and should never leave them.
- C. Private keys should be included in X509 certificates.
- D. Private keys should have a sufficient length for the algorithm used for key generation.
- E. Private keys should always be stored as plain text files without any encryption.
正解: C,D
質問 34
CORRECT TEXT
What command is used to update NVTs from the OpenVAS NVT feed? (Specify ONLY the command without any path or parameters).
正解:
解説:
openvas-nvt-sync
http://www.openvas.org/openvas-nvt-feed.html
質問 35
Which of the following are differences between AppArmor and SELinux? (Choose TWO correct answers).
- A. AppArmor neither requires nor allows any specific configuration. SELinux must always be manually configured.
- B. AppArmor is implemented in user space only. SELinux is a Linux Kernel Module.
- C. SELinux stores information in extended file attributes. AppArmor does not maintain file specific information and states.
- D. The SELinux configuration is loaded at boot time and cannot be changed later on. AppArmor provides user space tools to change its behavior.
- E. AppArmor is less complex and easier to configure than SELinux.
正解: C,E
解説:
Explanation/Reference:
http://elinux.org/images/3/39/SecureOS_nakamura.pdf
質問 36
......
JPNTest 303-200試験練習テスト問題:https://www.jpntest.com/shiken/303-200-mondaishu