http://https://www.newpassleader.com/Lpi/303-200-exam-preparation-materials.html (60 Q&As Dumps, 30%OFF Special Discount: 30free )

NEW QUESTION NO: 6
What is the purpose of the program snort-stat?
A. It displays statistics from the running Snort process.
B. It returns the status of all configured network devices.
C. It reports whether the Snort process is still running and processing packets.
D. It displays the status of all Snort processes.
E. It reads syslog files containing Snort information and generates port scan statistics.
Answer: E
Explanation/Reference:
http://manpages.ubuntu.com/manpages/trusty/man8/snort-stat.8.html

NEW QUESTION NO: 7
Which of the following types can be specified within the Linux Audit system? (Choose THREE correct answers.)
A. Control rules
B. File system rules
C. Network connection rules
D. Console rules
E. System call rules
Answer: A,B,E
Explanation/Reference:
https://www.digitalocean.com/community/tutorials/how-to-write-custom-system-audit-rules-on-centos-7

NEW QUESTION NO: 8
What effect does the configuration SSLStrictSNIVHostCheck on have on an Apache HTTPD virtual host?
A. The clients connecting to the virtual host must provide a client certificate that was issued by the same CA that issued the server's certificate.
B. The virtual host is served only to clients that support SNI.
C. All of the names of the virtual host must be within the same DNS zone.
D. The virtual host is used as a fallback default for all clients that do not support SNI.
E. Despite its configuration, the virtual host is served only on the common name and Subject Alternative Names of the server certificates.
Answer: B
Explanation/Reference:
http://serverfault.com/questions/510132/apache-sni-namevhosts-always-route-to-first-virtualhost-entry

NEW QUESTION NO: 9
Which of the following expressions are valid AIDE rules? (Choose TWO correct answers.)
A. !/var/run/.*
B. append: /var/log/*
C. /usr=all
D. #/bin/
E. /etc p+i+u+g
Answer: A,E
Explanation/Reference:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=367337
http://aide.sourceforge.net/stable/manual.html

NEW QUESTION NO: 10
SIMULATION
Which directive is used in an OpenVPN server configuration in order to send network configuration information to the client? (Specify ONLY the option name without any values or parameters.)
Answer: 
push
Explanation/Reference:
https://community.openvpn.net/openvpn/wiki/RoutedLans

NEW QUESTION NO: 11
Which of the following information, within a DNSSEC- signed zone, is signed by the key signing key?
A. The non-DNSSEC records like A, AAAA or MX.
B. The zone signing key of the zone.
C. The RRSIG records of the zone.
D. The NSEC or NSEC3 records of the zone.
E. The DS records pointing to the zone.
Answer: B
Explanation/Reference:
https://grepular.com/Understanding_DNSSEC

NEW QUESTION NO: 12
Which DNS label points to the DANE information used to secure HTTPS connections to https:// www.example.com/?
A. example.com
B. dane.www.example.com
C. soa.example.com
D. www.example.com
E. _443_tcp.www.example.com
Answer: E
Explanation/Reference:
http://paginas.fe.up.pt/~jmcruz/ssi/ssi.1112/trabs-als/final/G7T12-digit.cert.altern-final.pdf

NEW QUESTION NO: 13
Which of the following statements are true regarding the certificate of a Root CA? (Choose TWO correct answers.)
A. It is a self-signed certificate.
B. It does not include the private key of the CA.
C. It must contain a host name as the common name.
D. It has an infinite lifetime and never expires.
E. It must contain an X509v3 Authority extension.
Answer: A,B,E
Explanation/Reference:
https://en.wikipedia.org/wiki/Root_certificate

NEW QUESTION NO: 14
Which of the following sections are allowed within the Kerberos configuration file krb5.conf? (Choose THREE correct answers.)
A. [plugins]
B. [crypto]
C. [domain]
D. [capaths]
E. [realms]
Answer: A,D,E
Explanation/Reference:
http://linux.die.net/man/5/krb5.conf

NEW QUESTION NO: 15
Which of the following stanzas is a valid client configuration for FreeRADIUS?
A. client private-network-1 {
ipaddr = 192.0.2.0/24
password = testing123-1
}
B. client private-network-1 {
ip = 192.0.2.0/24
password = testing123-1
}
C. client private-network-1 {
ip = 192.0.2.0/24
passwd = testing123-1
}
D. client private-network-1 {
ip = 192.0.2.0/24
secret = testing123-1
}
E. client private-network-1 {
ipaddr = 192.0.2.0/24
secret = testing123-1
}
Answer: E
Explanation/Reference:
http://linux.die.net/man/5/clients.conf

NEW QUESTION NO: 16
Which of the following components are part of FreeIPA? (Choose THREE correct answers.)
A. DHCP Server
B. Kerberos KDC
C. Intrusion Detection System
D. Public Key Infrastructure
E. Directory Server
Answer: B,D,E
Explanation/Reference:
https://www.freeipa.org/page/Documentation