
303-300問題集には練習試験問題解答
303-300はLPIC-3実際の無料試験練習テスト
質問 # 12
Which of the following commands adds users using SSSD's local service?
- A. sss-addlocaluser
- B. sss_useradd
- C. sss_add
- D. sss_local_adduser
- E. sss_adduser
正解:B
質問 # 13
What is the purpose of the Linux Audit system?
- A. To automate host scans
- B. To detect intrusions and system changes
- C. To manage installed packages
- D. To manage system log files
正解:B
質問 # 14
What is the purpose of rkhunter?
- A. To automate host scans
- B. To manage installed packages
- C. To manage system log files
- D. To detect rootkits and other security threats
正解:D
質問 # 15
Which of the following information, within a DNSSEC- signed zone, is signed by the key signing key?
- A. The DS records pointing to the zone.
- B. The zone signing key of the zone.
- C. The RRSIG records of the zone.
- D. The non-DNSSEC records like A, AAAA or MX.
- E. The NSEC or NSEC3 records of the zone.
正解:B
質問 # 16
What command is used to update NVTs from the OpenVAS NVT feed?
(Specify ONLY the command without any path or parameters).
Solution: openvas-nvt-sync
Determine whether the given solution is correct?
- A. Incorrect
- B. Correct
正解:B
質問 # 17
Which of the following commands makes the contents of the eCryptfs encrypted directory ~/Private available to the user?
- A. ecryptfsclient
- B. ecryptfs.mount
- C. decryptfs
- D. ecryptfs-mount-private
- E. ecryptfs-manage-directory
正解:D
質問 # 18
What is Cryptography?
- A. The art of decoding messages
- B. The art of sending public messages
- C. The art of sending secret messages
- D. The art of sending anonymous messages
正解:C
質問 # 19
What effect does the following command have on TCP packets?
iptables- A INPUT d 10.142.232.1 p tcp --dport 20:21 j ACCEPT
- A. Forward all TCP traffic not on port 20 or 21 to the IP address 10.142.232.1
- B. Accept all TCP traffic on port 20 and 21 for the IP address 10.142.232.1
- C. Accept only TCP traffic from 10.142.232.1 destined for port 20 or 21.
- D. Drop all TCP traffic coming from 10.142.232.1 destined for port 20 or 21.
正解:B
質問 # 20
What is OCSP stapling?
- A. A mechanism that allows a server to provide proof of a client's identity to other servers
- B. A mechanism that allows a server to provide proof of the revocation status of its own SSL/TLS certificate
- C. A mechanism that allows a server to provide proof of the revocation status of all certificates issued by a particular Certificate Authority
- D. A mechanism that allows a server to provide proof of its own identity to clients
正解:B
質問 # 21
What is a Certificate Revocation List (CRL)?
- A. A list of X.509 certificates that have been revoked by a particular CA
- B. A list of private keys that have been compromised
- C. A list of public keys that have been compromised
- D. A list of X.509 certificates that have been issued by a particular CA
正解:A
質問 # 22
What is the purpose of a DNSKEY record in DNSSEC?
- A. To provide information about a DNS server
- B. To sign a DNS zone
- C. To map an IP address to a hostname
- D. To verify the authenticity of a DNS query
正解:B
質問 # 23
Which of the following statements are true regarding the certificate of a Root CA?
(Choose THREE correct answers.)
- A. It is a self-signed certificate.
- B. It has an infinite lifetime and never expires.
- C. It does not include the private key of the CA.
- D. It must contain a host name as the common name.
- E. It must contain an X509v3 Authority extension.
正解:A、C、E
質問 # 24
What is social engineering?
- A. A type of denial-of-service attack
- B. A type of virus
- C. A type of malware that disguises itself as legitimate software
- D. A type of attack that exploits human psychology to gain access to sensitive information
正解:D
質問 # 25
Which command is used to set the owner and group of a file in Linux?
- A. chmod
- B. chgrp
- C. setfacl
- D. chown
正解:D
質問 # 26
Which command is used to view the access control list of a file?
- A. chmod
- B. ls
- C. setfacl
- D. getfacl
正解:D
質問 # 27
Which of the following lines in an OpenSSL configuration adds an X 509v3 Subject Alternative Name extension for the host names example.org and www.example.org to a certificate?
- A. subjectAltName: www.example.org, subjectAltName: example.org
- B. subject= CN= www.example.org, CN=example.org
- C. subjectAltName = DNS: www.example.org, DNS:example.org
- D. commonName = subjectAltName= www.example.org, subjectAltName = example.org
- E. extension= SAN: www.example.org, SAN:example.org
正解:C
質問 # 28
How are SELinux permissions related to standard Linux permissions?
(Choose TWO correct answers.)
- A. SELinux permissions are verified before standard Linux permissions.
- B. SELinux permissions override standard Linux permissions.
- C. SELinux permissions are verified after standard Linux permissions.
- D. Standard Linux permissions override SELinux permissions.
正解:C、D
質問 # 29
What is an asymmetric key?
- A. A key used for both encryption and decryption that is generated in a pair
- B. A key used for encryption that is different from the key used for decryption
- C. A key used for encryption and decryption that is the same
- D. A key used for decryption that is different from the key used for encryption
正解:A
質問 # 30
What is a honeypot?
- A. A type of denial-of-service attack
- B. A type of phishing scam
- C. A type of virus
- D. A network security tool designed to lure attackers into a trap
正解:D
質問 # 31
What is a ciphertext?
- A. The encrypted message
- B. The original message before encryption
- C. The algorithm used to encrypt the message
- D. The key used to encrypt the message
正解:A
質問 # 32
What is a rootkit?
- A. A type of malware that disguises itself as legitimate software
- B. A type of denial-of-service attack
- C. A type of phishing scam
- D. A type of virus
正解:A
質問 # 33
What effect does the configuration SSLStrictSNIVHostCheck on have on an Apache HTTPD virtual host?
- A. The virtual host is used as a fallback default for all clients that do not support SNI.
- B. Despite its configuration, the virtual host is served only on the common name and Subject Alternative
- C. All of the names of the virtual host must be within the same DNS zone.
- D. The virtual host is served only to clients that support SNI.
- E. The clients connecting to the virtual host must provide a client certificate that was issued by the same CA that issued the server's certificate.
正解:D
質問 # 34
Which of the following commands defines an audit rule that monitors read and write operations to the file/ etc/firewall/rules and associates the rule with the name firewall?
- A. auditctl --read /etc/firewall/rules --write /etc/firewall/rules --label firewall
- B. auditctl -N firewall -r r: /etc/firewall/rules -r w: etc/firewall/rules
- C. echo "n: firewall r:/etc/firewall/rules: w:/etc/firewall/rules:" | auditctl ~
- D. auditctl -A -f /etc/firewall/rules -o r -o w -l firewall
- E. auditctl -w /etc/firewall/rules -p rw -k firewall
正解:E
質問 # 35
What is the purpose of TSIG in DNS?
- A. To map a domain name to an IP address
- B. To sign DNS messages for secure communication
- C. To encrypt DNS queries
- D. To provide information about DNS servers
正解:B
質問 # 36
Which option of the openvpn command should be used to ensure that ephemeral keys are not written to the swap space?
- A. --root-swap
- B. --keys-no-swap
- C. --mlock
- D. --no-swap
正解:C
質問 # 37
......
無料LPIC-3 303-300試験問題:https://jp.fast2test.com/303-300-premium-file.html