01. What is the purpose of IP sets?
a) They group together IP addresses that are assigned to the same network interfaces.
b) They group together IP addresses and networks that can be referenced by the network routing table.
c) They group together IP addresses that can be referenced by netfilter rules.
d) They group together IP and MAC addresses used by the neighbors on the local network.
e) They group together IP addresses and user names that can be referenced from /etc/hosts.allow and /etc/hosts.deny
02. Linux Extended File Attributes are organized in namespaces. Which of the following names correspond to existing attribute namespaces?
(Choose THREE correct answers.)
a) default
b) system
c) owner
d) trusted
e) user
03. In which path is the data, which can be altered by the sysctl command, accessible?
a) /dev/sys/
b) /sys/
c) /proc/sys/
d) /sysctl/
04. Which DNS label points to the DANE information used to secure HTTPS connections to https://www.example.com/?
a) example.com
b) dane.www.example.com
c) soa.example.com
d) www.example.com
e) _443_tcp.www.example.com
05. What happens when the command getfattr afile is run while the file afile has no extended attributes set?
a) getfattr prints a warning and exits with a values of 0.
b) No output is produced and getfattr exits with a value of 0.
c) getfattr prints a warning and exits with a value of 1.
d) No outputs is produced and getfattr exits with a value of 1.
06. Given a proper network and name resolution setup, which of the following commands establishes a trust between a FreeIPA domain and an Active Directory domain?
a) ipa trust-add --type ad addom --admin Administrator --password
b) ipa-ad –add-trust --account ADDOM\Administrator--query-password
c) net ad ipajoin addom –U Administrator -p
d) trustmanager add –-domain ad: //addom --user Administrator –w
e) ipa ad join addom -U Administrator -w
07. An X509 certificate contains the following information:
X509v3 Basic Constraints: critical CA:TRUE, pathlen:0
Which of the following statements are true regarding the certificate?
(Choose THREE correct answers.)
a) This certificate belongs to a certification authority.
b) This certificate may be used to sign certificates of subordinate certification authorities.
c) This certificate may never be used to sign any other certificates.
d) This certificate may be used to sign certificates that are not also a certification authority.
e) This certificate will not be accepted by programs that do not understand the listed extension.
08. Which of the following sections are allowed within the Kerberos configuration file krb5.conf?
(Choose THREE correct answers.)
a) [plugins]
b) [crypto]
c) [domain]
d) [capaths]
e) [realms]
09. What effect does the configuration SSLStrictSNIVHostCheck on have on an Apache HTTPD virtual host?
a) Despite its configuration, the virtual host is served only on the common name and Subject Alternative Names of the server certificates.
b) The virtual host is used as a fallback default for all clients that do not support SNI.
c) All of the names of the virtual host must be within the same DNS zone.
d) The virtual host is served only to clients that support SNI.
e) The clients connecting to the virtual host must provide a client certificate that was issued by the same CA that issued the server’s certificate.
10. How does TSIG authenticate name servers in order to perform secured zone transfers?
a) Both servers mutually verify their X509 certificates.
b) Both servers use a secret key that is shared between the servers.
c) Both servers verify appropriate DANE records for the labels of the NS records used to delegate the transferred zone.
d) Both servers use DNSSEC to mutually verify that they are authoritative for the transferred zone.