リリースCisco 202-450日本語更新された問題PDF
202-450日本語問題集と練習テスト(120試験問題)
質問 # 16
以下のイカコンフィギュレーション抜粋文が与えられる:
cache_dir ufs /var/spool/squid3/ 1024 16 256
以下のディレクトリのうちのどれがディレクトリ/バール/スプール/squid3/に直接存在するか?( 2を選びなさい。)
- A. A0
- B. FF
- C. 0F
- D. 0b
- E. 00
正解:C、E
解説:
Explanation
The cache_dir directive in the Squid configuration file specifies the type, location, size, and structure of the cache directory. The ufs type indicates that Squid uses the UNIX file system to store the cache files. The
/var/spool/squid3/ is the path to the cache directory. The 1024 is the size of the cache in megabytes. The 16 and 256 are the number of first-level and second-level subdirectories that Squid creates under the cache directory.
Squid uses hexadecimal numbers to name the subdirectories, from 00 to FF. Therefore, there will be 16 first-level subdirectories, named 00, 01, 02, ..., 0E, 0F. Under each first-level subdirectory, there will be 256 second-level subdirectories, named 00, 01, 02, ..., FE, FF. For example, the subdirectory
/var/spool/squid3/0F/FF will contain the cache files whose hash values end with 0FFF.
Therefore, the correct answer is A. 0F and E. 00, as they are the names of the first-level subdirectories that will exist directly within the directory /var/spool/squid3/. The other options are either invalid or second-level subdirectories that will not exist directly within the directory /var/spool/squid3/.
質問 # 17
ISC DHCPD構成の次のステートメントのどれを使用して、構成内の対応するホストセクションを持つノードがアドレスプールを使用できるかどうかを指定しますか?
- A. missing-peers
- B. unknown-clients
- C. unconfigured-hosts
- D. unmatched-hwaddr
- E. identified-nodes
正解:B
解説:
Explanation
The unknown-clients statement in the ISC DHCPD configuration is used to specify whether or not an address pool can be used by nodes which have a corresponding host section in the configuration. A host section is a declaration that defines a static IP address for a specific client based on its MAC address or other identifier.
An unknown client is a client that does not have a host section. The unknown-clients statement can be either allow, deny, or ignore, and it can be applied to a pool, a subnet, or a shared-network. For example, the following configuration allows unknown clients to use the pool of addresses from 192.168.1.100 to
192.168.1.200, but denies them from using the pool of addresses from 192.168.1.201 to 192.168.1.254:
subnet 192.168.1.0 netmask 255.255.255.0 { pool { range 192.168.1.100 192.168.1.200; allow unknown-clients; } pool { range 192.168.1.201 192.168.1.254; deny unknown-clients; } } References:
ISC DHCP 4.4 Manual Pages - dhcpd.conf: The official documentation of ISC DHCPD on how to configure the dhcpd.conf file, which includes the description of the unknown-clients statement and examples.
How To Configure a DHCP Server on Ubuntu 20.04 | DigitalOcean: A tutorial from DigitalOcean on how to configure a DHCP server on Ubuntu 20.04, which includes the use of the unknown-clients statement and host sections.
質問 # 18
次のDNSレコードのどれがグルーレコードですか?
- A. ns1.labNS198.51.100.53
- B. ns1.A198.51.100.53
- C. ns1.labA198.51.100.53
- D. labNS198.51.100.53
- E. ns1.labGLUE198.51.100.53
正解:C
解説:
Explanation
A glue record is a DNS record that provides the IP address of a nameserver that is a subdomain of the domain being queried. For example, if the domain example.com has nameservers ns1.example.com and ns2.example.com, then the .com nameservers will provide glue records for ns1.example.com and ns2.example.com, along with the NS records for example.com. This way, the resolver can find the IP address of the nameservers without having to query them first, which would create a circular dependency12 The format of a glue record is:
nameserver A IP address
where nameserver is the hostname of the nameserver, A is the record type for IPv4 address, and IP address is the IPv4 address of the nameserver3 Therefore, the only option that matches this format is A. ns1.lab A 198.51.100.53. The other options are either missing the record type, the IP address, or the dot after the nameserver name4 References:
DNS Tools - Glue Records
What Is Glue Record: Everything You Wanted To Know
Glue Records and Dedicated DNS - NS1, an IBM Company
DNS Record Types - DNSimple Help
Glue Records and Dedicated DNS - NS1, an IBM Company
質問 # 19 


- A. host allow = 192.168.1.1-255
- B. host allow = 192.168.1.100192.168.2.200localhost
- C. host allow = 192.168.1.0/255.255.255.0192.168.2.0/255.255.255.0 localhost
- D. host deny = 192.168.1.100/255.255.255.0192.168.2.31localhost
- E. host deny = 192.168.2.200/255.255.255.0192.168.2.31localhost
正解:C、E
質問 # 20 


- A. proc.all.show_status = 1 in sysctl.conf or /proc
- B. verbose_proctitle = yes in the Dovecot configuration
- C. sys.ps.allow_descriptions = 1 in sysct1.conf or /proc
- D. --with-linux-extprocnames for ./configure when building Dovecot
- E. process_format = "%u %I %s" in the Dovecot configuration
正解:B
質問 # 21
BINDを同様に他の地帯を再ロードすることなく特定の地帯ファイルの内容を再読させるために、どのサブ命令が、地帯の名前とともに使われることができますか?
- A. reload
- B. reread
- C. zoneupdate
- D. lookup
- E. fileupdate
正解:A
解説:
Explanation
The rndc sub command that can be used in conjunction with the name of a zone in order to make BIND reread the content of the specific zone file without reloading other zones as well is reload. The reload sub command instructs the BIND server to reload the specified zone or all zones if no zone is specified. The reload sub command is useful for applying changes made to the zone files without restarting the BIND service or affecting other zones. The syntax of the reload sub command is as follows:
rndc reload [zone [class [view]]]
For example, to reload the zone example.com in the IN class and the default view, use the following command:
rndc reload example.com IN
References:
rndc - man pages section 8: System Administration Commands, sub command "reload"
17.2.3. Using the rndc Utility - Red Hat Customer Portal, section "Reloading the Configuration and Zones"
質問 # 22
以下の命令のうちどちらが、OpenLDAPディレクトリでユーザーパスワードを変えるのに用いられますか?
- A. ldpasswd
- B. ldapchpw
- C. setent
- D. ldappasswd
- E. olppasswd
正解:D
解説:
Explanation
The ldappasswd command is used to change user passwords in an OpenLDAP directory. It allows users to change their own passwords or administrators to change other users' passwords. It requires the user to bind to the LDAP server with the current password and then specify the new password using various options. The ldappasswd command follows the same general syntax as the other OpenLDAP tools and supports various options to modify the password operation. The ldappasswd command is part of the OpenLDAP software package and is compliant with the LDAP Password Modify Extended Operation defined in RFC 3062.
References:
How To Change Account Passwords on an OpenLDAP Server
OpenLDAP ACL to allow users to change their password
[ldappasswd(1) - Linux man page]
[RFC 3062 - LDAP Password Modify Extended Operation]
質問 # 23 
- A. Option E
- B. Option A
- C. Option D
- D. Option B
- E. Option C
正解:A
質問 # 24
ISC DHCPD構成ファイル内のどのオプションが、DHCPクライアントに送信されるために、IPv4 DNSサーバー・アドレスを定めますか?
- A. name-server
- B. domain-name-servers
- C. servers
- D. domain-server
正解:B
解説:
Explanation
The option within the ISC DHCPD configuration file that defines the IPv4 DNS server address(es) to be sent to the DHCP clients is domain-name-servers. This option takes one or more IPv4 addresses as arguments and specifies the DNS servers that the client should use for name resolution. The domain-name-servers option is part of the standard DHCP options defined in RFC 2132 and is supported by the ISC DHCP server. The domain-name-servers option can be specified globally, per subnet, per shared network, per group, or per host in the dhcpd.conf file. For example, the following line in the dhcpd.conf file will assign the DNS servers
192.168.1.1 and 192.168.1.2 to all DHCP clients:
option domain-name-servers 192.168.1.1, 192.168.1.2;
References:
ISC DHCP 4.4 Manual Pages - dhcp-options
[RFC 2132 - DHCP Options and BOOTP Vendor Extensions]
isc-dhcp-server - Community Help Wiki - Official Ubuntu Documentation
質問 # 25
単一の呼び出しで、コマンドライン引数を必要とせずに、どのPostfixコマンドを使用してエイリアスデータベースファイルをすべて再構築できますか?
- A. postalias
- B. makealiases
- C. postmapbuild
- D. newaliases
正解:D
解説:
Explanation
The newaliases command is a Postfix command that can be used to rebuild all of the alias database files with a single invocation and without the need for any command line arguments. The newaliases command is equivalent to running the postalias command on each file specified by the alias_database parameter in the Postfix main.cf configuration file. The newaliases command reads the text files that contain the alias definitions and creates the indexed files in dbm or db format that are used for fast lookup by the mail system.
The newaliases command should be executed whenever the alias database is changed, in order to update the indexed files. For example:
newaliases
The other commands are not equivalent to the newaliases command. The makealiases command is not a valid Postfix command. The postalias command can be used to rebuild a single alias database file, but it requires the file name as an argument. The postmapbuild command is not a valid Postfix command.
References:
LPIC-2 Exam 202 Objectives, Objective 205.3: Managing a postfix server
Postfix Basic Configuration, Postfix Documentation
Postfix manual - aliases(5), Postfix Documentation
Postfix manual - newaliases(1), Postfix Documentation
Postfix manual - postalias(1), Postfix Documentation
質問 # 26
CORRECT TEXT

正解:
解説:
/etc/postfix/main.cf
質問 # 27
Nginxサーバー構成ブロックのどの指令がバーチャル・ホストが利用できるTCPポートを定めて、そして、それはどのプロトコルを使う?
(何のないオプション名でも評価するONLYを指定してください。)
正解:
解説:
listen
Explanation:
The listen directive in a Nginx server configuration block defines the TCP ports on which the virtual host will be available, and which protocols it will use. The listen directive takes one or more parameters, such as the port number, the IP address, and the protocol name. For example, the following directive tells Nginx to listen for HTTP requests on port 80 on all network interfaces:
listen 80;
The following directive tells Nginx to listen for HTTPS requests on port 443 on the 192.0.2.1 IP address:
listen 192.0.2.1:443 ssl;
The following directive tells Nginx to listen for both TCP and UDP traffic on port 53 on the 192.0.2.2 IP address:
listen 192.0.2.2:53 udp tcp;
The listen directive can also take some options, such as default_server, which specifies that the server block should act as the default server for the given port, or backlog, which sets the maximum number of pending connections for the socket.
References:
Server Block Examples | NGINX
NGINX Docs | Configuring HTTP Servers
Which directive in a Nginx server configuration block defines the TCP ports on which the virtual host will be available, and which protocols it will use?
質問 # 28
会社のメールサーバーがオープンリレーとして構成されていることが判明しました。企業メールを受信する可能性を維持しながらメールサーバーがオープンリレーとして使用されないようにするには、次のうちどれが役立っていますか? (2つを選択してください)
- A. メールボックス形式をmboxからmaildirにアップグレードする
- B. パブリックネットワーク上のポート25トラフィックを許可しないようにnetfilterを設定する
- C. Postfixが内部ネットワークからの送信SMTPのみを中継するように制限する
- D. Postfixがこのサーバでホストされているドメインの電子メールのみを受け入れるように制限する
- E. IMAP接続をサポートするようにDovecotを設定する
正解:C、D
解説:
Explanation
An open relay is a mail server that allows anyone to send e-mail through it without authentication or authorization. This can expose the mail server to spam, abuse, and blacklisting. To prevent the mail server from being used as an open relay, while maintaining the possibility to receive company mails, the following actions would help:
Restrict Postfix to only accept e-mail for domains hosted on this server. This can be done by setting the mydestination parameter in the /etc/postfix/main.cf file to include the company domains, and the smtpd_recipient_restrictions parameter to reject_unauth_destination. This will ensure that Postfix will only accept mail for the domains that it is responsible for, and reject mail for other domains unless the sender is authenticated or authorized. For example:
mydestination = example.com, example.net, localhost smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination Restrict Postfix to only relay outbound SMTP from the internal network. This can be done by setting the mynetworks parameter in the /etc/postfix/main.cf file to include the IP addresses or networks of the internal hosts that are allowed to relay mail through Postfix, and the smtpd_relay_restrictions parameter to permit_mynetworks. This will ensure that Postfix will only relay mail from the trusted internal hosts, and reject mail from external hosts unless the sender is authenticated or authorized. For example:
mynetworks = 192.168.0.0/24, 127.0.0.0/8 smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination The other actions would not help prevent the mail server from being used as an open relay, or they would affect the functionality of the mail server. Configuring Dovecot to support IMAP connectivity would not affect the SMTP relay, but it would allow users to access their mailboxes remotely. Configuring netfilter to not permit port 25 traffic on the public network would prevent the mail server from receiving any mail from the outside world, which would defeat the purpose of having a mail server. Upgrading the mailbox format from mbox to maildir would not affect the SMTP relay, but it would change the way the mail messages are stored on the disk.
References:
LPIC-2 Exam 202 Objectives, Objective 205.3: Managing a postfix server
Postfix Basic Configuration, Postfix Documentation
Postfix SMTP relay and access control, Postfix Documentation
How to disable open relay on Postfix? - Howtoforge, Forum
Postfix SMTP relay without authentication | Guide - Bobcares, Blog
質問 # 29 
- A. fastcgi_proxy
- B. proxy_fastcgi
- C. proxy_fastcgi_pass
- D. fastcgi_forward
- E. fastcgi_pass
正解:E
質問 # 30
chroot jailで実行中のプログラムvsftpdは、次のエラーを出します:
次のうち、どれアクションがエラーを修正するか?
- A. chrootコマンドと-static_libsオプションを使用してプログラムを実行します。
- B. chroot jail以外の必要なライブラリを指すシンボリックリンクを作成する
- C. ルートファイルシステムの/etc/ld.so.confファイルには、chroot jail内の適切なlibディレクトリへのパスが含まれていなければなりません
- D. 必要なライブラリをchroot jailの適切なlibディレクトリにコピーします
正解:D
解説:
Explanation
The error message in the image is saying that the program vsftpd is unable to find the required shared library file. This is because the program is running in a chroot jail, which restricts the program's access to the file system. To fix this error, the required library file must be copied to the appropriate lib directory in the chroot jail. This will allow the program to access the file and run properly. References:
LPIC-2 Overview
LPIC-2 201-450
LPIC-2 202-450
質問 # 31 

- A. There is no . after linuserv.example.net in the PTR record in the reverse lookup zone file
- B. The . in the NS definition in the reverse lookup zone has to be removed
- C. There is no . after linuserv.example.net in the PTR record in the forward lookup zone file
- D. There is no . after linuserv in the PTR record in the forward lookup zone file
正解:A
質問 # 32
According to this LDIF excerpt, which organizational unit is Robert Smith part of? (Specify only the organizational unit.)
正解:
解説:
people
Explanation:
The LDIF excerpt shows the distinguished name (dn) of Robert Smith as "cn=Robert Smith, ou=people, dc=example, dc=com". The organizational unit (ou) attribute is used to represent an organizational unit in which an entry resides. In this case, Robert Smith is part of the "people" organizational unit.
References:
[OpenLDAP Software 2.6 Administrator's Guide: The LDIF File Format]: The official documentation of OpenLDAP on the LDIF file format, which explains the syntax and structure of LDIF entries and attributes.
[LDAP Data Interchange Format (LDIF) - Version 1]: The RFC 2849 document that defines the LDAP Data Interchange Format (LDIF), which is a common format for exchanging LDAP data.
質問 # 33 


- A. Option A
- B. Option D
- C. Option B
- D. Option C
正解:D
質問 # 34
サーバのセキュリティを高めるために、sshd設定ファイルのどのの行を変更するべきであるか(存在する場合)? (2つを選択してください)
- A. IgnoreRhosts yes
- B. Port 22
- C. PermitRootLogin yes
- D. PermitEmptyPasswords no
- E. Protocol 2, 1
正解:C、E
解説:
Explanation
The sshd configuration file is used to customize the behavior of the SSH server daemon. Some of the lines in the file can affect the security of the server and should be modified accordingly. The following are two examples of such lines:
Protocol 2, 1: This line specifies the SSH protocol versions that are supported by the server. The possible values are 1 and 2, where 1 is the older and less secure version and 2 is the newer and more secure version. The recommended value is 2, as it provides stronger encryption, authentication, and integrity mechanisms. Allowing protocol 1 can expose the server to various attacks, such as man-in-the-middle, replay, and insertion attacks. Therefore, this line should be changed to Protocol 2 or commented out (as protocol 2 is the default value).
PermitRootLogin yes: This line determines whether root login is allowed on the server. The possible values are yes, no, prohibit-password, and without-password. The value yes allows root login with any authentication method, including password. This can pose a serious security risk, as root is the most privileged user on the system and can perform any action. If an attacker manages to guess or obtain the root password, they can gain full control over the server. Therefore, this line should be changed to no or prohibit-password (which allows root login only with public key authentication) or commented out (as no is the default value).
References: LPIC-2 202 exam objectives, LPIC-2 202-450 Exam Prep: Network Configuration, The Best Ways to Secure Your SSH Server, Configure the /etc/ssh/sshd_config file Linux SSH Server (sshd) Configuration and Security Options With ...1
The Best Ways to Secure Your SSH Server - How-To Geek
質問 # 35
......
202-450日本語試験問題集合格させるのは更新されたのは2024年年最新の認証済み試験問題:https://jp.fast2test.com/202-450-JPN-premium-file.html