New & Valid 303-200 Exam Questions from PassLeader 303-200 PDF dumps! Welcome to download the newest PassLeader 303-200 VCE dumps: http://www.passleader.com/303-200.html (70 Q&As)
Keywords: 303-200 exam dumps, 303-200 exam questions, 303-200 VCE dumps, 303-200 PDF dumps, 303-200 practice tests, 303-200 study guide, 303-200 braindumps, LPIC-3 Exam 303: Security Exam
P.S. New 303-200 dumps PDF: https://drive.google.com/open?id=0B-ob6L_QjGLpNGtMZFVyU1dvRVk
P.S. New 304-200 dumps PDF: https://drive.google.com/open?id=0B-ob6L_QjGLpajFKM1hKeEUxQzQ
QUESTION 26
Given a proper network and name resolution setup, which of the following commands establishes a trust between a FreelPA domain and an Active Directory domain?
A. ipa trust-add –type ad addom –admin Administrator –password
B. ipa-ad -add-trust –account ADDOM\Administrator–query-password
C. net ad ipajoin addom -U Administrator -p
D. trustmanager add -_domain ad: //addom –user Administrator -w
E. ipa ad join addom -U Administrator –w
Answer: A
QUESTION 27
Which of the following resources of a shell and its child processes can be controlled by the Bash build-in command ulimit? (Choose THREE correct answers.)
A. The maximum size of written files
B. The maximum number of open file descriptors
C. The maximum number of newly created files
D. The maximum number of environment variables
E. The maximum number of user processes
Answer: ABE
QUESTION 28
Linux Extended File Attributes are organized in namespaces. Which of the following names correspond to existing attribute namespaces? (Choose THREE correct answers.)
A. default
B. system
C. owner
D. trusted
E. user
Answer: BDE
QUESTION 29
Which of the following stanzas is a valid client configuration for Free RADIUS?
A. client pnvate-network-1 { ipaddr = 192 0 2.0/24 password = testing123-1 }
B. client private-network-1 { ip = 192.0.2.0/24 password = testing123-1 }
C. client private-network-1 { ip = 192 0 2.0/24 passwd = testing123-1 }
D. client private-network-1 { ip = 192 0.2.0/24 secret = testing123-1 }
E. client private-network-1 { ipaddr = 192 0 2.0/24 secret = testing123-1 }
Answer: E
QUESTION 30
Which of the following practices are important for the security of private keys? (Choose TWO correct answers.)
A. Private keys should be created on the systems where they will be used and should never leave them.
B. private keys should be uploaded to public key servers.
C. Private keys should be included in X509 certificates.
D. Private keys should have a sufficient length for the algorithm used for key generation.
E. Private keys should always be stored as plain text files without any encryption.
Answer: CD
QUESTION 31
Given that this device has three different keys, which of the following commands deletes only the first key?
A. cryptsetup luksDelKey /dev/sda 1 0
B. cryptsetup luksDelkey /dev/sda 1 1
C. cryptsetup luksDelKey / dev /mapper/crypt- vol 1
D. cryptsetup luksDelKey / dev /mapper/crypt- vol 0
Answer: A
QUESTION 32
What command is used to update NVTs from the OpenVAS NVT feed? (Specify ONLY the command without any path or parameters.)
Answer: openvas-nvt-sync
QUESTION 33
Which command included in the Linux Audit system provides searching and filtering of the audit log? (Specify ONLY the command without any path or parameters.)
Answer: ausearch
QUESTION 34
Which of the following types can be specified within the Linux Audit system? (Choose THREE correct answers.)
A. Control rules
B. File system rules
C. Network connection rules
D. Console rules
E. System call rules
Answer: ABE
QUESTION 35
Which of the following sections are allowed within the Kerberos configuration file krb5.conf? (Choose THREE correct answers.)
A. [plugins]
B. [crypto]
C. [domain]
D. [capaths]
E. [realms]
Answer: ADE
QUESTION 36
Which of the following parameters to openssl s_client specifies the host name to use for TLS Server Name Indication?
A. -tlsname
B. -servername
C. -sniname
D. -vhost
E. -host
Answer: B
QUESTION 37
Which of the following statements is true regarding eCryptfs?
A. For every file in an eCryptfs directory there exists a corresponding file that contains the encrypted content.
B. The content of all files in an eCryptfs directory is stored in an archive file similar to a tar file with an additional index to improve performance.
C. After unmounting an eCryptfs directory, the directory hierarchy and the original file names are still visible, although, it is not possible to view the contents of the files.
D. When a user changes his login password, the contents of his eCryptfs home directory has to be re-encrypted using his new login password.
E. eCryptfs cannot be used to encrypt only directories that are the home directory of a regular Linux user.
Answer: E
QUESTION 38
Which of the following methods can be used to deactivate a rule in Snort? (Choose TWO correct answers.)
A. By placing a # in front of the rule and restarting Snort.
B. By placing a pass rule in local.rules and restarting Snort.
C. By deleting the rule and waiting for Snort to reload its rules files automatically.
D. By adding a pass rule to /etc/snort/rules.deactivated and waiting for Snort to reload its rules files automatically.
Answer: BC
QUESTION 39
What happens when the command getfattr afile is run while the file afile has no extended attributes set?
A. getfattr prints a warning and exits with a values of 0.
B. getfattr prints a warning and exits with a value of 1.
C. No output is produced and getfattr exits with a value of 0.
D. No outputs is produced and getfattr exits with a value of 1.
Answer: C
QUESTION 40
What effect does the configuration SSLStrictSNIVHostCheck on have on an Apache HTTPD virtual host?
A. The clients connecting to the virtual host must provide a client certificate that was issued by the same CA that issued the server’s certificate.
B. The virtual host is served only to clients that support SNI.
C. All of the names of the virtual host must be within the same DNS zone.
D. The virtual host is used as a fallback default for all clients that do not support SNI.
E. Despite its configuration, the virtual host is served only on the common name and Subject Alternative Names of the server certificates.
Answer: B
QUESTION 41
What is the purpose of IP sets?
A. They group together IP addresses that are assigned to the same network interfaces.
B. They group together IP addresses and networks that can be referenced by the network routing table.
C. They group together IP addresses that can be referenced by netfilter rules.
D. They group together IP and MAC addresses used by the neighbors on the local network.
E. They group together IP addresses and user names that can be referenced from /etc/hosts allow and /etc/hosts deny
Answer: C
QUESTION 42
Which of the following components are part of FreeIPA? (Choose THREE correct answers.)
A. DHCP Server
B. Kerberos KDC
C. Intrusion Detection System
D. Public Key Infrastructure
E. Directory Server
Answer: BDE
QUESTION 43
What is the purpose of the program snort-stat?
A. It displays statistics from the running Snort process.
B. It returns the status of all configured network devices.
C. It reports whether the Snort process is still running and processing packets.
D. It displays the status of all Snort processes.
E. It reads syslog files containing Snort information and generates port scan statistics.
Answer: E
QUESTION 44
Which of the following access control models is established by using SELinux?
A. Security Access Control (SAC)
B. Group Access Control (GAC)
C. User Access Control (UAC)
D. Discretionary Access Control (DAC)
E. Mandatory Access Control (MAC)
Answer: E
QUESTION 45
Which of the following prefixes could be present in the output of getcifsacl? (Choose THREE correct answers.)
A. ACL
B. GRANT
C. GROUP
D. OWNER
E. SID
Answer: ACE
QUESTION 46
What effect does the following command have on TCP packets?
iptables- A INPUT -d 10 142 232.1 -p tcp -dport 20:21 -j ACCEPT
A. Forward all TCP traffic not on port 20 or 21 to the IP address 10.142 232.1
B. Drop all TCP traffic coming from 10 142 232.1 destined for port 20 or 21
C. Accept only TCP traffic from 10.142 232.1 destined for port 20 or 21
D. Accept all TCP traffic on port 20 and 21 for the IP address 10.142.232.1
Answer: C
QUESTION 47
How are SELinux permissions related to standard Linux permissions? (Choose TWO correct answers.)
A. SELinux permissions overnde standard Linux permissions.
B. standard Linux permissions override SELinux permissions.
C. SELinux permissions are verified before standard Linux permissions.
D. SELinux permissions are verified after standard Linux permissions.
Answer: BD
QUESTION 48
Which of the following commands disables the automatic password expiry for the user usera?
A. chage –maxdays none usera
B. chage –maxdays 99 usera
C. chage –maxdays -1 usera
D. chage –lastday none usera
E. chage –lastday 0 usera
Answer: C
QUESTION 49
Which of the following commands changes the source IP address to 192.0.2.11 for all IPv4 packets which go through the network interface eth0?
A. iptables ~t nat -A POSTROUTING ~o eth0 -j SNAT -to-source 192.0.2.11
B. iptables ~t nat -A PREROUT1NG -\ eth0 -j SNAT -to-source 192.0.2.11
C. iptables -t nat -A POSTROUTING H eth0 -j DNAT -to-source 192.0.2.11
D. iptables -t mangle -A POSTROUTING -i eth0 -j SNAT -to-source 192.0.2.11
E. iptables -t mangle -A POSTROUTING -0 eth0 -j SNAT -to-source 192.0.2.11
Answer: A
QUESTION 50
Which command, included in BIND, generates DNSSEC keys? (Specify ONLY the command without any path or parameters.)
Answer: dnssec-keygen
Download the newest PassLeader 303-200 dumps from passleader.com now! 100% Pass Guarantee!
303-200 PDF dumps & 303-200 VCE dumps: http://www.passleader.com/303-200.html (70 Q&As) (New Questions Are 100% Available and Wrong Answers Have Been Corrected! Free VCE simulator!)
P.S. New 303-200 dumps PDF: https://drive.google.com/open?id=0B-ob6L_QjGLpNGtMZFVyU1dvRVk
P.S. New 304-200 dumps PDF: https://drive.google.com/open?id=0B-ob6L_QjGLpajFKM1hKeEUxQzQ