LPIC-3 Exam 303: Security, 2.0 v7.0

Page:    1 / 4   
Exam contains 60 questions

Which of the following database names can be used within a Name Service Switch (NSS) configuration file? (Choose THREE correct answers).

  • A. host
  • B. shadow
  • C. service
  • D. passwd
  • E. group

Answer : A,C,E

Which of the following command lines sets the administrator password for ntop to testing

  • A. ntop --set-admin-password=testing123
  • B. ntop --set-password-testing123
  • C. ntop --reset-password=testing 123
  • D. ntop --set-new-password=testing123

Answer : A

What is the purpose of IP sets?

  • A. They group together IP addresses that are assigned to the same network interfaces.
  • B. They group together IP addresses and networks that can be referenced by the network routing table.
  • C. They group together IP addresses that can be referenced by netfilter rules.
  • D. They group together IP and MAC addresses used by the neighbors on the local network.
  • E. They group together IP addresses and user names that can be referenced from /etc/hosts allow and /etc/hosts deny

Answer : C

What command is used to update NVTs from the OpenVAS NVT feed? (Specify ONLY the command without any path or parameters).

Answer : openvas-nvt-sync //www.openvas.org/openvas-nvt-feed.html

Which of the following lines in an OpenSSL configuration adds an X 509v3 Subject
Alternative Name extension for the host names example.org and www.example.org to a certificate'?

  • A. subjectAltName = DNS: www example.org, DNS:example.org
  • B. extension= SAN: www.example.org, SAN:example.org
  • C. subjectAltName: www.example.org, subjectAltName: example.org
  • D. commonName = subjectAltName= www.example.org, subjectAltName = example.org
  • E. subject= CN= www.example.org, CN=example.org

Answer : A

Which of the following information, within a DNSSEC- signed zone, is signed by the key signing key?

  • A. The non-DNSSEC records like A, AAAA or MX
  • B. The zone signing key of the zone.
  • C. The RRSIG records of the zone.
  • D. The NSEC or NSEC3 records of the zone.
  • E. The DS records pointing to the zone

Answer : B

Which of the following commands displays all ebtable rules contained in the table filter including their packet and byte counters?

  • A. ebtables -t nat -L -v
  • B. ebtables-L-t filter -Lv
  • C. ebtables-t filter-L-Lc
  • D. ebtables -t filter -Ln -L
  • E. ebtables-L -Lc-t filter

Answer : C

Which of the following access control models is established by using SELinux?

  • A. Security Access Control (SAC)
  • B. Group Access Control (GAC)
  • C. User Access Control (UAC)
  • D. Discretionary Access Control (DAC)
  • E. Mandatory Access Control (MAC)

Answer : E

What is the purpose of the program snort-stat?

  • A. It displays statistics from the running Snort process.
  • B. It returns the status of all configured network devices.
  • C. It reports whether the Snort process is still running and processing packets.
  • D. It displays the status of all Snort processes.
  • E. It reads syslog files containing Snort information and generates port scan statistics.

Answer : E

Which of the following methods can be used to deactivate a rule in Snort? (Choose TWO correct answers.)

  • A. By placing a # in front of the rule and restarting Snort
  • B. By placing a pass rule in local.rules and restarting Snort.
  • C. By deleting the rule and waiting for Snort to reload its rules files automatically.
  • D. By adding a pass rule to /etc/snort/rules.deactivated and waiting for Snort to reload its rules files automatically.

Answer : B,C

When OpenVPN sends a control packet to its peer, it expects an acknowledgement in 2 seconds by default. Which of the following options changes the timeout period to 5 seconds?

  • A. -tls-timeout 5
  • B. -tls- timeout 500
  • C. -tls- timer 5
  • D. -tls- timer 500

Answer : A

Which command revokes ACL-based write access for groups and named users on the file afile?

  • A. setfacI -x group: * : rx, user:*: rx afile
  • B. setfacl -x mask: : rx afile
  • C. setfacl ~m mask: : rx afile
  • D. setfacl ~m group: * : rx, user:*: rx afile

Answer : C

Which of the following statements are true regarding the certificate of a Root CA? (Choose
TWO correct answers.)

  • A. It is a self-signed certificate.
  • B. It does not include the private key of the CA
  • C. It must contain a host name as the common name.
  • D. It has an infinite lifetime and never expires.
  • E. It must contain an X509v3 Authority extension.

Answer : A,B,E

Linux Extended File Attributes are organized in namespaces. Which of the following names correspond to existing attribute namespaces? (Choose THREE correct answers.)

  • A. default
  • B. system
  • C. owner
  • D. trusted
  • E. user

Answer : B,D,E

Which of the following statements are valid wireshark capture filters? {Choose TWO correct answers.)

  • A. port range 10000:tcp-15000:tcp
  • B. port-range tcp 10000-15000
  • C. tcp portrange 10000-15000
  • D. portrange 10000/tcp-15000/tcp
  • E. portrange 10000-15000 and tcp

Answer : C,E

Page:    1 / 4   
Exam contains 60 questions

Talk to us!

Have any questions or issues ? Please dont hesitate to contact us

Certlibrary doesn't offer Real Microsoft Exam Questions.
Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.