Question 1

On a Linux router, packet forwarding for IPv4 has been enabled. After a reboot, the machine no
longer forwards IP packets from other hosts. The command:
echo 1 > /proc/sys/net/ipv4/ip_forward
temporarily resolves this issue.
Which one of the following options is the best way to ensure this setting is saved across system
restarts?

• A. Add echo 1 > /proc/sys/net/ipv4/ip_forward to the root user login script
• B. Add echo 1 > /proc/sys/net/ipv4/ip_forward to any user login script
• C. In /etc/sysct1.conf change net.ipv4.ip_forward to 1
• D. In /etc/rc.local add net.ipv4.ip_forward = 1
• E. In /etc/sysconfig/iptables-config add ipv4.ip_forward = 1

Question 2

What information can be found in the file specified by the status parameter in an OpenVPN server
configuration file? (Choose two.)

• A. Errors and warnings generated by the openvpn daemon
• B. Routing information
• C. Statistical information regarding the currently running openvpn daemon
• D. A list of currently connected clients
• E. A history of all clients who have connected at some point

Question 3

Which of the following lines in the sshd configuration file should, if present, be changed in order to
increase the security of the server? (Choose two.)

• A. Protocol 2, 1
• B. PermitEmptyPasswords no
• C. Port 22
• D. PermitRootLogin yes
• E. IgnoreRhosts yes

Question 4

Which of the following nmap parameters scans a target for open TCP ports? (Choose two.)

• A. -sO
• B. -sZ
• C. -sT
• D. -sU
• E. -sS

Question 5

Which of the statements below are correct regarding the following commands, which are executed
on a Linux router? (Choose two.)

• A. Packets with source or destination addresses from fe80::/64 will never occur in the FORWARD chain
• B. The rules disable packet forwarding because network nodes always use addresses from fe80::/64 to identify routers in their routing tables
• C. ip6tables returns an error for the second command because the affected network is already part of another rule
• D. Both ip6tables commands complete without an error message or warning
• E. The rules suppress any automatic configuration through router advertisements or DHCPv6

Question 6

What option in the client configuration file would tell OpenVPN to use a dynamic source port when
making a connection to a peer?

• A. src-port
• B. remote
• C. source-port
• D. nobind
• E. dynamic-bind

Question 7

Which Linux user is used by vsftpd to perform file system operations for anonymous FTP users?

• A. The Linux user which runs the vsftpd process
• B. The Linux user that owns the root FTP directory served by vsftpd
• C. The Linux user with the same user name that was used to anonymously log into the FTP server
• D. The Linux user root, but vsftpd grants access to anonymous users only to globally read-/writeable files
• E. The Linux user specified in the configuration option ftp_username

Question 8

Which of the following sshd configuration should be set to no in order to fully disable password
based logins? (Choose two.)

• A. PAMAuthentication
• B. ChallengegeResponseAuthentication
• C. PermitPlaintextLogin
• D. UsePasswords
• E. PasswordAuthentication

Question 9

When the default policy for the netfilter INPUT chain is set to DROP, why should a rule allowing
traffic to localhost exist?

• A. All traffic to localhost must always be allowed
• B. It doesn’t matter; netfilter never affects packets addressed to localhost
• C. Some applications use the localhost interface to communicate with other applications
• D. syslogd receives messages on localhost
• E. The iptables command communicates with the netfilter management daemon netfilterd on localhost to create and change packet filter rules

Question 10

CORRECT TEXT
What command creates a SSH key pair? (Specify ONLY the command without any path or
parameters)

Question 11

The content of which local file has to be transmitted to a remote SSH server in order to be able to log
into the remote server using SSH keys?

• A. ~/.ssh/authorized_keys
• B. ~/.ssh/config
• C. ~/.ssh/id_rsa.pub
• D. ~/.ssh/id_rsa
• E. ~./ssh/known_hosts

Question 12

What is the name of the network security scanner project which, at the core, is a server with a set of
network vulnerability tests?

• A. NetMap
• B. OpenVAS
• C. Smartscan
• D. Wireshark

Question 13

With fail2ban, what is a ‘jail’?

• A. A netfilter rules chain blocking offending IP addresses for a particular service
• B. A group of services on the server which should be monitored for similar attack patterns in the log files
• C. A filter definition and a set of one or more actions to take when the filter is matched
• D. The chroot environment in which fail2ban runs

Question 14

The program vsftpd, running in a chroot jail, gives the following error:

Which of the following actions would fix the error?

• A. The file /etc/ld.so.conf in the root filesystem must contain the path to the appropriate lib directory in the chroot jail
• B. Create a symbolic link that points to the required library outside the chroot jail
• C. Copy the required library to the appropriate lib directory in the chroot jail
• D. Run the program using the command chroot and the option--static_libs

Question 15

Which of the following Samba configuration parameters is functionally identical to the parameter
read only=yes?

• A. browseable=no
• B. read write=no
• C. writeable=no
• D. write only=no
• E. write access=no