1. Home
  2. Lpi
  3. 117-202

Linux Advanced Administration - LPI Lever 2

Exam Details

  • Exam Code
    :117-202
  • Exam Name
    :Linux Advanced Administration - LPI Lever 2
  • Certification
    :LPI Certifications
  • Vendor
    :Lpi
  • Total Questions
    :294 Q&As
  • Last Updated
    :Apr 14, 2025

Lpi LPI Certifications 117-202 Questions & Answers

  • Question 101:

    Which of these tools can provide the most information about DNS queries?

    A. dig

    B. nslookup

    C. host

    D. named-checkconf

    E. named-checkzone

  • Question 102:

    An iptables firewall was configured to use the target MASQUERADE to share a dedicated wireless connection to the Internet with a few hosts on the local network.

    The Internet connection becomes very unstable in rainy days and users complain their connections drop when downloading e-mail or large files, while web browsing seems to be working fine.

    Which change to your iptables rules could alleviate the problem?

    A. Change the target MASQUERADE to SNAT

    B. Change the target MASQUERADE to DNAT

    C. Change the target MASQUERADE to BALANCE and provide a backup Internet connection

    D. Change the target MASQUERADE to REDIRECT and provide a backup Internet connection

    E. Change the target MASQUERADE to BNAT

  • Question 103:

    Connecting to a remote host on the same LAN using ssh public-key authentication works but forwarding X11 doesn't. The remote host allows access to both services. Which of the following can be the reason for that behavior?

    A. The remote user's ssh_config file disallows X11 forwarding

    B. The remote server's sshd_config file disallows X11 forwarding

    C. A different public key has to be used for X11

    D. X11 cannot be forwarded if public-key authentication was used

    E. X11 though SSH needs a special X11 server application installed

  • Question 104:

    Which THREE of the following actions should be considered when a FTP chroot jail is created?

    A. Create /dev/ and /etc/ in the chroot enviroment

    B. Create /etc/passwd in the chroot enviroment

    C. Create /var/cache/ftp in the chroot enviroment

    D. Create the user ftp in the chroot enviroment

    E. Create /usr/sbin/ in the chroot enviroment

  • Question 105:

    When the default policy for the iptables INPUT chain is set to DROP, why should a rule allowing traffic to localhost exist?

    A. All traffic to localhost must always be allowed.

    B. It doesn't matter; iptables never affects packets addressed to localhost

    C. Sendmail delivers emails to localhost

    D. Some applications use the localhost interface to communicate with other applications.

    E. syslogd receives messages on localhost

  • Question 106:

    To be able to access the server with the IP address 10.12.34.56 using HTTPS, a rule for iptables has to be written. Given that the client host's IP address is 192.168.43.12, which of the following commands is correct?

    A. iptables - A FORWARD -p tcp -s 0/0 -d 10.12.34.56 --dport 80 -j ACCEPT

    B. iptables - A FORWARD -p tcp -s 192.168.43.12 d 10.12.34.56:443 -j ACCEPT.

    C. iptables - A FORWARD -p tcp -s 192.168.43.12 -d 10.12.34.56 --dport 443 -j ACCEPT.

    D. iptables - A INPUT -p tcp -s 192.168.43.12 - d 10.12.34.56:80 -j ACCEPT.

    E. iptables - A FORWARD -p tcp -s 0/0 -d 10.12.34.56 --dport 443 -j ACCEPT.

  • Question 107:

    A server is being used as a smurf amplifier, whereby it is responding to ICMP Echo-Request packets sent to its broadcast address. To disable this, which command needs to be run?

    A. ifconfig eth0 nobroadcast

    B. echo "0" > /proc/sys/net/ipv4/icmp_echo_accept_broadcasts

    C. iptables -A INPUT -p icmp -j REJECT

    D. echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts

    E. echo "1" > /proc/sys/net/ipv4/icmp_echo_nosmurf

  • Question 108:

    Which of the following can the program tripwire NOT check?

    A. File size.

    B. File signature.

    C. Permissions.

    D. File existence.

    E. Boot sectors.

  • Question 109:

    The following is an excerpt from the output of tcpdump -nli eth1 'udp':

    13:03:17.277327 IP 192.168.123.5.1065 > 192.168.5.112.53: 43653+ A? lpi.org. (25) 13:03:17.598624 IP 192.168.5.112.53 > 192.168.123.5.1065: 43653 1/0/0 A 24.215.7.109 (41)

    Which network service or protocol was used?

    A. FTP

    B. HTTP

    C. SSH

    D. DNS

    E. DHCP

  • Question 110:

    A program, called vsftpd, running in a chroot jail, is giving the following error: /bin/vsftpD. error while loading shared libraries: libc.so.6: cannot open shared object filE. No such file or directory. Which TWO of the following are possible solutions?

    A. Get the vsftp source code and compile it statically.

    B. The file /etc/ld.so.conf must contain the path to the appropriate lib directory in the chroot jail

    C. Create a symbolic link that points to the required library outside the chroot jail

    D. Copy the required library to the appropriate lib directory in the chroot jail.

    E. Run the program using the command chroot and the option --static_libs

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Lpi exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 117-202 exam preparations and Lpi certification application, do not hesitate to visit our Vcedump.com to find your solutions here.