1. Home
  2. Lpi
  3. 303-200

LPIC-3 Exam 303: Security, 2.0

Exam Details

  • Exam Code
    :303-200
  • Exam Name
    :LPIC-3 Exam 303: Security, 2.0
  • Certification
    :LPIC-3
  • Vendor
    :Lpi
  • Total Questions
    :60 Q&As
  • Last Updated
    :May 08, 2024

Lpi LPIC-3 303-200 Questions & Answers

  • Question 21:

    Which command, included in BlND, generates DNSSEC keys? (Specify ONLY the command without any path or parameters.)

  • Question 22:

    Which of the following practices are important for the security of private keys? (Choose TWO correct answers.)

    A. Private keys should be created on the systems where they will be used and should never leave them.

    B. Private keys should be uploaded to public key servers.

    C. Private keys should be included in X509 certificates.

    D. Private keys should have a sufficient length for the algorithm used for key generation.

    E. Private keys should always be stored as plain text files without any encryption.

  • Question 23:

    Which of the following information, within a DNSSEC- signed zone, is signed by the key signing key?

    A. The non-DNSSEC records like A, AAAA or MX.

    B. The zone signing key of the zone.

    C. The RRSlG records of the zone.

    D. The NSEC or NSEC3 records of the zone.

    E. The DS records pointing to the zone.

  • Question 24:

    Which of the following configuration options makes Apache HTTPD require a client certificate for authentication?

    A. Limit valid-x509

    B. SSLRequestClientCert always

    C. Require valid-x509

    D. SSLVerifyClient require

    E. SSLPolicy valid-client-cert

  • Question 25:

    Which option in an Apache HTTPD configuration file enables OCSP stapling? (Specify ONLY the option name without any values or parameters.)

  • Question 26:

    Which of the following statements is true regarding eCryptfs?

    A. For every file in an eCryptfs directory there exists a corresponding file that contains the encrypted content.

    B. The content of all files in an eCryptfs directory is stored in an archive file similar to a tar file with an additional index to improve performance.

    C. After unmounting an eCryptfs directory, the directory hierarchy and the original file names are still visible, although, it is not possible to view the contents of the files.

    D. When a user changes his login password, the contents of his eCryptfs home directory has to be re-encrypted using his new login password.

    E. eCryptfs cannot be used to encrypt only directories that are the home directory of a regular Linux user.

  • Question 27:

    Which of the following lines in an OpenSSL configuration adds an X 5o9v3 Subject Alternative Name extension for the host names example.org and www.example.org to a certificate'?

    A. subjectAltName = DNS: www example.org, DNS:example.org

    B. extension= SAN: www.example.org, SAN:example.org

    C. subjectAltName: www.example.org, subjectAltName: example.org

    D. commonName = subjectAltName= www.example.org, subjectAltName = example.org

    E. subject= CN= www.example.org, CN=example.org

  • Question 28:

    Given that this device has three different keys, which of the following commands deletes only the first key?

    A. cryptsetup luksDelKey/dev/sda 10

    B. cryptsetup luksDelkey /dev/sda 11

    C. cryptsetup luksDelKey/dev /mapper/crypt- vol 1

    D. cryptsetup luksDelKey /dev/mapper/crypt- vol 0

  • Question 29:

    Which of the following statements are true regarding the certificate? (Choose THREE correct answers.)

    A. This certificate belongs to a certification authority.

    B. This certificate may be used to sign certificates of subordinate certification authorities.

    C. This certificate may never be used to sign any other certificates.

    D. This certificate may be used to sign certificates that are not also a certification authority.

    E. This certificate will not be accepted by programs that do not understand the listed extension.

  • Question 30:

    Which of the following parameters to openssl s_client specifies the host name to use for TLS Server Name lndication?

    A. -tlsname

    B. -servername

    C. -sniname

    D. -vhost

    E. -host

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Lpi exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 303-200 exam preparations and Lpi certification application, do not hesitate to visit our Vcedump.com to find your solutions here.