Lpi 303-300 Practice Exams
Last updated on Apr 07,2025- Exam Code: 303-300
- Exam Name: LPIC-3 Security
- Certification Provider: Lpi
- Latest update: Apr 07,2025
Which of the following statements is true regarding eCryptfs?
- A . For every file in an eCryptfs directory there exists a corresponding file that contains the encrypted content.
- B . The content of all files in an eCryptfs directory is stored in an archive file similar to a tar file with an additional index to improve performance.
- C . After unmounting an eCryptfs directory, the directory hierarchy and the original file names are still visible, although, it is not possible to view the contents of the files.
- D . When a user changes his login password, the contents of his eCryptfs home directory has to be re-encrypted using his new login password.
- E . eCryptfs cannot be used to encrypt only directories that are the home directory of a regular Linux user.
Which of the following is a best practice for implementing HID?
- A . Install HID on every computer in the network
- B . Configure HID to block all incoming traffic
- C . Configure HID to alert security personnel of potential security incidents
- D . Disable HID when not actively monitoring for security incidents
Which of the following commands changes the source IP address to 192.0.2.11 for all IPv4 packets which go through the network interface eth0?
- A . iptables ~t nat ~A POSTROUTING ~o eth0 ~j SNAT –to~source 192.0.2.11
- B . iptables ~t nat ~A PREROUTING ~i eth0 ~j SNAT –to~source 192.0.2.11
- C . iptables ~t nat ~A POSTROUTING ~i eth0 ~j DNAT –to~source 192.0.2.11
- D . iptables ~t mangle ~A POSTROUTING ~i eth0 ~j SNAT Cto~source 192.0.2.11
- E . iptables ~t mangle ~A POSTROUTING ~0 eth0 ~j SNAT Cto~source 192.0.2.11
Which of the following access control models is established by using SELinux?
- A . Security Access Control (SAC)
- B . Group Access Control (GAC)
- C . User Access Control (UAC)
- D . Discretionary Access Control (DAC)
- E . Mandatory Access Control (MAC)
Which of the following sections are allowed within the Kerberos configuration file krb5.conf?
(Choose THREE correct answers.)
- A . [plugins]
- B . [crypto]
- C . [domain]
- D . [capaths]
- E . [realms]
What is the purpose of an access control list in Linux?
- A . To specify fine-grained permissions for users and groups
- B . To encrypt a file for secure transmission
- C . To compress a file to save disk space
- D . To mark a file as executable
Which of the following expressions are valid AIDE rules?
(Choose TWO correct answers.)
- A . !/var/run/.*
- B . append: /var/log/*
- C . /usr=all
- D . #/bin/
- E . /etc p+i+u+g
Which option in an Apache HTTPD configuration file enables OCSP stapling?
(Specify ONLY the option name without any values or parameters.)
Solution: httpd-ssl.conf
Determine whether the given solution is correct?
- A . Correct
- B . Incorrect
Which of the following types can be specified within the Linux Audit system?
(Choose THREE correct answers.)
- A . Control rules
- B . File system rules
- C . Network connection rules
- D . Console rules
- E . System call rules
Which of the following parameters to openssl s_client specifies the host name to use for TLS Server Name Indication?
- A . -tlsname
- B . -servername
- C . -sniname
- D . -vhost
- E . -host