LPI Question Set

Question 1

What can be used to link together multiple programs so that the output of one program becomes the input of another?

Answer 1

Pipes enable you to link together multiple programs. At the command line, the pipe character is a vertical bar

Question 2

What command will show you the path of the directory you’re currently working in?

Answer 2

The pwd command will show you the path of the directory you’re currently in.

Question 3

You type ps ax | grep xterm. What is the purpose of the grep xterm portion of this command?

Answer 3

It searches the output for the string xterm. The grep command searches for patterns in input files (the output of the ps ax command, given the pipe in the original command).

Question 4

How can you display all the environment variables that are currently set in your login shell?

Answer 4

Type env

Question 5

How do man pages and info pages differ?

Answer 5

man pages are “flat” documents—that is, single files. By contrast, info pages use hypertext (similar to Web pages) to help organize documents.

Question 6

What does the uniq command do?

Answer 6

By default, it outputs a file without any duplicate lines from the input file.

Question 7

What does the fmt command do?

Answer 7

It reformats the paragraphs within a file

Question 8

You type the command testprog < somefile.txt. What is the effect of the less-than (<) character in this command?

Answer 8

This is an input redirection operator; it causes the contents of somefile.txt to be sent to testprog as if the contents of somefile.txt were typed at the console.

Question 9

How would you read a Linux manual page?

Answer 9

Type man topic, where topic is the name of the command, configuration file, or other topic you want to investigate.

Question 10

What is the function of the tail command?

Answer 10

It displays the last few lines (10 by default) of a file.

Question 11

What is the difference between grep and egrep?

Answer 11

The grep program uses basic regular expressions by default, but egrep uses extended regular expressions by default.

Question 12

What command would you use to combine two text files, each of which contains tab-delimited data with at least one field in common between the two files?

Answer 12

The join command performs this task.

Question 13

How do the exit and logout commands differ?

Answer 13

The logout command works with login shells only, whereas exit is intended for use with non-login shells (such as xterm windows), but in practice works with both login and non-login shells.

Question 14

A text file contains tabs that are expanding into the wrong number of spaces in your chosen text editor. What command can you use to process the text file to substitute multiple spaces for each tab?

Answer 14

The expand command does this job.

Question 15

As root, you type tail -f /var/log/messages. What will be the result of this command?

Answer 15

The command displays the last few lines of /var/log/messages and then continues to monitor the file and display new lines as they’re added to it.

Question 16

As root, you type renice 19 2548. What is the effect of this command?

Answer 16

The priority of the process with a process ID (PID) number 2548, if it’s present, is changed to 19—that is, the process’s priority is set to the lowest possible value.

Question 17

What is the purpose of the nice command?

Answer 17

It allows you to run a program with a specified priority.

Question 18

What does the output of the uptime utility show?

Answer 18

The output of the uptime utility shows the time the system has been running, as well as three load averages (for the past minute, the past 5 minutes, and the past 15 minutes).

Question 19

What are the advantages of shared (aka dynamic) libraries over static libraries?

Answer 19

Shared libraries save disk space and memory, at least when they’re used by multiple programs.

Question 20

What can you learn from the uname utility?

Answer 20

You can learn the kernel name, the network hostname, the kernel release, the kernel version number, the machine name, the processor type, the hardware platform, and the OS name.

Question 21

What are some common solutions to the problem of an unsatisfied dependency when installing a program package?

Answer 21

You can force the installation, install/upgrade the required package, install a different version of the target package, or rebuild the target package from source code.

Question 22

How can you identify processes that consume an inordinate amount of CPU time?

Answer 22

You can use either the top utility or the ps utility with appropriate switches.

Question 23

Sally types rpm -e badprogram as root. What is the effect of this command, if the system uses RPM?

Answer 23

The badprogram package, if it’s installed and not depended on by other programs, is uninstalled from the system.

Question 24

What is the function of the top program?

Answer 24

top displays an ordered process list, updating it frequently. By default, top orders processes by CPU use, but you can give it commands to order processes by other criteria.

Question 25

Which common package management systems include support for dependency tracking?

Answer 25

The Red Hat Package Manager (RPM) and Debian package systems include such support.

Question 26

What file holds information about the library path the system uses in human-readable form?

Answer 26

The /etc/ld.so.conf file includes this information.

Question 27

What tool does Debian provide that can be used to keep your system automatically up to date with the latest system updates?

Answer 27

You can use the Advanced Package Tools (APT), and particularly apt-get, dselect, and aptitude.

Question 28

What happens when you try to run a program that requires a library that’s not installed?

Answer 28

The program responds with a message saying that it couldn’t find a library file. (The message may not be visible if the program is launched in a GUI environment.)

Question 29

How do you tell kill what process you want to terminate?

Answer 29

Pass kill the target process’s process ID (PID) number.

Question 30

You want to upgrade the bigserver package on an RPM-based system with a new file called bigserver-4.2.3-3.i386.rpm. What should you type?

Answer 30

Type rpm -Uvh bigserver-4.2.3-3.i386.rpm. The v and h options may be omitted if you don’t want a progress display.

Question 31

You want to kill a process by name. What command can you use to do this?

Answer 31

Type killall processname. Alternatively, you can use ps to find the process ID (PID) of the process and use kill.

Question 32

What tools are most commonly used to install or remove Debian packages?

Answer 32

The most commonly used tools are dselect, dpkg, apt-get, and GUI front ends to these.

Question 33

Why might you not want to edit /boot/grub/grub.cfg directly to change your boot loader configuration?

Answer 33

The /boot/grub/grub.cfg file is a GRUB 2 configuration file. GRUB 2 encourages editing files in the /etc/grub.d directory and the /etc/default/grub file and then using scripts to regenerate /boot/grub/grub.cfg.

Question 34

In Linux’s fdisk, you want to create a new partition. What major fdisk command do you use?

Answer 34

Typing n creates a new partition in fdisk.

Question 35

What programs does Linux use to write to optical media?

Answer 35

The mkisofs program creates an ISO-9660 filesystem, which is then burned to the disc by cdrecord. The growisofs program combines these two functions for recordable DVDs.

Question 36

What command is used to create a filesystem?

Answer 36

The mkfs command is used to create a filesystem. This command actually calls filesystem-specific creation tools like mkfs.ext2 (aka mke2fs), which you can call directly if you prefer.

Question 37

What software component determines whether Linux supports a given SCSI host adapter?

Answer 37

The Linux kernel determines this.

Question 38

What is the physical location of the first code an x86 CPU executes when it starts up?

Answer 38

This code is located in the firmware (BIOS or EFI), which is stored on a chip on the motherboard.

Question 39

What GRUB Legacy and GRUB 2 command is used to pass control to another boot loader?

Answer 39

The chainloader command, which passes control to the partition specified by a preceding root or rootnoverify command.

Question 40

On what MBR partition type(s) (primary, extended, or logical) may the Linux root ( / ) partition reside?

Answer 40

The Linux root partition may reside on a primary or logical partition. Extended partitions are “placeholders” for one or more logical partitions.

Question 41

Where do programs installed from source code normally reside?

Answer 41

They reside on /usr/local.

Question 42

In what two forms does Linux swap space generally come?

Answer 42

It may come as a dedicated swap partition or a swap file within a regular filesystem.

Question 43

What GRUB command specifies a background image file to be displayed at boot time?

Answer 43

The splashimage command does this job.

Question 44

Where can the GRUB boot loader code be installed on a BIOS-based computer?

Answer 44

The GRUB boot loader can be installed on the hard disk’s MBR, a Linux partition’s boot sector, or a floppy disk’s boot sector. This code relies on files in the /boot partition as well.

Question 45

What command would you use to obtain information on PCI devices installed in your system?

Answer 45

You’d use the lspci command.

Question 46

Your computer has a large hard disk, and you can’t allow extended downtime doing filesystem checks after a power failure. How can you avoid this?

Answer 46

Use a journaling filesystem, such as ReiserFS, ext3fs, ext4fs, XFS, JFS, or Btrfs.

Question 47

What devices must be terminated in a SCSI chain?

Answer 47

The devices at the ends of the chain must be terminated. (One of these may be the SCSI host adapter.

Question 48

Where should you install GRUB on a BIOS-based computer if you want to be able to restore its functionality using DOS’s FDISK after installing DOS or Windows?

Answer 48

Install GRUB on a primary Linux partition’s boot sector (not the disk’s MBR).

Question 49

What does the modprobe command do?

Answer 49

It loads or removes one or more modules, including the module you specify and any on which it depends.

Question 50

What is the function of the sticky bit?

Answer 50

It’s set on directories to alter Linux’s normal file deletion rules. With the sticky bit set, only the file’s owner may delete the files in a directory.

Question 51

What command will show you the numeric value currently being subtracted from the default permissions of newly created files and directories?

Answer 51

The umask command will show you the numeric value currently being subtracted from the default permissions of newly created files and directories.

Question 52

What utility can be used to locate files in common binary, documentation, and configuration directories?

Answer 52

The whereis utility locates files in common binary, documentation, and configuration directories.

Question 53

What utility allows you to edit disk quota information?

Answer 53

The edquota utility allows you to edit disk quota information.

Question 54

What character does Linux use to symbolize the root directory?

Answer 54

The root directory is Linux is represented by /.

Question 55

What text-mode programs might you use to edit the partitions on an MBR disk?

Answer 55

fdisk or parted

Question 56

What command would you type at a shell prompt to view the contents of the /usr/local/bin directory?

Answer 56

Type ls /usr/local/bin.

Question 57

Where do most system configuration files normally reside?

Answer 57

Most system configuration files reside in /etc or its subdirectories.

Question 58

What is the difference between a hard link and a symbolic link?

Answer 58

A hard link is two or more filenames that point to the same inode and hence the same file. A symbolic link is a file that points to another file by name; accessing the symbolic link accesses the linked-to file.

Question 59

An administrator wants to delete /home/baduser but mistakenly types rm -r /home /baduser as root (note the extra space). What will be the consequence?

Answer 59

This command recursively deletes all the files in the /home and /baduser directories, effectively destroying all user’s files (assuming they’re all in /home, as is common).

Question 60

What does the mv command accomplish?

Answer 60

It moves or renames a file or directory.

Question 61

Who may change the owner of a file?

Answer 61

root may change the owner of a file.

Question 62

Why are SUID root programs rare?

Answer 62

They’re a potential security risk because too-powerful programs or bugs could allow unscrupulous users to abuse the program.

Question 63

What does the cp command accomplish?

Answer 63

It copies one or more files.

Question 64

The user sneaky types chown sneaky sensitive.txt. What is the effect?

Answer 64

An error message results. Only root may use chown to change the ownership of a file.

Question 65

Broadly speaking, how do tar and dd differ?

Answer 65

The tar program archives files on a file-by-file basis. The dd program, by contrast, copies all of a file’s or partition’s contents, or at best provides crude controls over what may be copied.

Question 66

Where would you expect to find the executable file jed, a common Linux text-mode file editor that anybody may use?

Answer 66

As a common Linux program provided with many Linux distributions, the jed executable file is most often found in /usr/bin. This is the directory set aside in the FHS for such programs.

Question 67

Where on a hard disk does the BIOS look for code to continue the boot process after the BIOS has initialized the hardware?

Answer 67

The Master Boot Record (MBR), which is the first sector on the hard disk.

Question 68

What is the name of the GRUB Legacy configuration file?

Answer 68

grub.conf or menu.lst, either file in the /boot/grub directory. (On EFI-based systems, this file resides in the same directory as the grub.efi boot loader program.)

Question 69

What methods are most commonly used to shut down a Linux system?

Answer 69

The shutdown command at a command prompt or a shutdown option at a GUI login prompt is most commonly used to shut down a Linux system. The telinit (or init, poweroff, and halt commands can also be used to do this.

Question 70

How can you keep users informed about problems and likely uptimes when you need to shut down a computer on short notice (say, 10 minutes)?

Answer 70

Pass a warning message at the end of a shutdown command, as in shutdown -h +10 “computer needs new disk; up in an hour”.

Question 71

What modes does the Vi editor support, and what are they for?

Answer 71

The Vi editor supports command mode (to enter internal Vi commands), ex mode (to enter external and file-related commands), and insert (aka edit) mode (to edit text).

Question 72

What file directs the Linux boot process after the kernel has loaded on a SysV-based installation?

Answer 72

The boot process is directed by /etc/inittab on a SysV-based computer.

Question 73

What command can you use after Linux has booted to examine the kernel ring buffer?

Answer 73

Use the dmesg command after Linux has booted to examine the kernel ring buffer.

Question 74

What command reveals the computer’s current runlevel?

Answer 74

The runlevel command reveals the computer’s current runlevel.

Question 75

What runlevel is the standard one for a normally running Linux system?

Answer 75

There is no fully standard runlevel; however, runlevel 2 is common on Debian and derivative distributions, and runlevels 3 and 5 are common on Red Hat and related distributions.

Question 76

How would you write a file and exit from the Vi editor?

Answer 76

In command mode, type :wq. (The ZZ command is also equivalent to:wq.)

Question 77

After editing your GRUB Legacy configuration file, what command should you type to ensure your changes take effect?

Answer 77

None; GRUB Legacy reads its configuration file at boot time, so you don’t need to re-install it after editing the configuration file the way you must re-install LILO.

Question 78

How can you undo a change in Vi?

Answer 78

In command mode, type u.

Question 79

What option must you ensure is set in /etc/ssh/sshd config to enable X tunneling in SSH?

Answer 79

You must ensure the X11Forwarding yes option is set.

Question 80

What program does Linux use to convert PostScript into formats suitable for a wide range of non-PostScript printers?

Answer 80

Linux uses Ghostscript for this purpose.

Question 81

Describe the role of a filter in a Linux printing system.

Answer 81

A filter identifies the file type (plan text, PostScript, and so on) and passes the file through appropriate programs to convert it into something the printer can understand.

Question 82

What command-line program displays information about the jobs in a print queue?

Answer 82

The lpq program displays information about the jobs in a print queue.

Question 83

What does the mpage utility do?

Answer 83

It prints several input pages on one output PostScript page to save paper when printing files.

Question 84

When is it most appropriate to set the system clock to Coordinated Universal Time (UTC, aka GMT, Greenwich Mean Time)?

Answer 84

This is most appropriate when Linux is the only OS installed on the computer. Microsoft OSs assume the hardware clock is set to local time, but Linux can cope with local time or UTC.

Question 85

What types of network printers can you use via CUPS?

Answer 85

CUPS can print to printers using the Internet Printing Protocol (IPP), which CUPS uses natively; to systems using the BSD Line Printer Daemon (LPD) printing protocol; and to printers using the Server Message Block/Common Internet Filesystem (SMB/CIFS) protocol used by Windows and Samba.

Question 86

What command is used to submit a print job in Linux?

Answer 86

The lpr command is used to submit a print job in Linux.

Question 87

What command can you use to quickly test a new X configuration after performing a reconfiguration in text mode?

Answer 87

You can use the startx command to do this.

Question 88

Name several major XDMCP servers for Linux.

Answer 88

XDM, KDM, and GDM are some major XDMCP servers for Linux. These servers manage the Linux GUI login screen and can be configured to support network logins as well.

Question 89

What command removes a print job from a print queue?

Answer 89

The lprm command removes a print job from a print queue.

Question 90

How do you specify the printer to which you want to print with lpr?

Answer 90

You use the -P option, as in lpr -Plexmark test.ps, to print test.ps to the lexmark printer.

Question 91

What three factors does X use to compute the refresh rate you’ll see?

Answer 91

X uses the monitor’s maximum horizontal refresh rate, the monitor’s maximum vertical refresh rate, and the resolution to compute the refresh rate.

Question 92

How do you change the locale for a limited purpose (to run a single program, for instance)?

Answer 92

Set the LC ALL environment variable to the desired locale. For completeness, you should also set LANG.

Question 93

How can you set the master font for all X-based programs to a larger size?

Answer 93

You can’t. Although GNOME and KDE both provide means to set default fonts, not all applications honor these settings.

Question 94

You want to ensure that your computer’s clock is set to the correct time at all times. What software should you run?

Answer 94

The Network Time Protocol (NTP) will keep your computer’s clock synchronized with an accurate external source.

Question 95

The root user types passwd sandra. Assuming that the user sandra exists, what information will root then have to enter?

Answer 95

root must then enter a new password for sandra twice to be sure it was entered correctly. The root user does not need to enter the current password.

Question 96

How can you locate stray files belonging to a user when deleting that user’s account?

Answer 96

Use the find command with its -uid parameter, as in find / -uid 504, to find all files owned by the user whose UID is 504.

Question 97

Where do network servers typically record error messages?

Answer 97

Network servers typically record error messages in a log file, such as /var/log/messages, or a server-specific log file.

Question 98

What user ID (UID) numbers do ordinary user accounts use?

Answer 98

Depending on the distribution, ordinary user accounts receive UIDs starting at 100, 500, 1000, or higher.

Question 99

What is the importance of the /etc/skel directory?

Answer 99

It holds template configuration files that are copied to new users’ home directories when those directories are created.

Question 100

In what file is group membership recorded?

Answer 100

Group membership is recorded in the /etc/group file.

Question 101

How do you create a user cron job?

Answer 101

Use the crontab program.

Question 102

What are the most important general-purpose log files on most Linux system

Answer 102

/var/log/messages, /var/log/syslog, and /var/log/secure are the most important general-purpose log files on most Linux systems. (Not all distributions use all three of these, though.)

Question 103

What types of errors will leave traces in system log files?

Answer 103

Errors related to programs that log errors in system log files, such as many servers, the kernel (and hence some hardware problems), and user login processes, leave traces in system log files.

Question 104

How would you delete a user account (jlumic) without deleting the user’s files?

Answer 104

Type userdel jlumic; without the -r option, userdel doesn’t delete user files. Alternatively, you could edit /etc/passwd and /etc/shadow and delete jlumic ‘s lines in those files.

Question 105

How can you prevent a single user from using the cron utility?

Answer 105

Add that user’s name to /etc/cron.deny. That user will then be unable to create cron jobs, but other users will still be able to do so.

Question 106

What is the NTP server pool?

Answer 106

The NTP server pool is a collection of publicly accessible NTP servers that may be accessed via the pool.ntp.org domain name or numbered machines within that domain, such as 0.pool.ntp.org.

Question 107

What does klogd do?

Answer 107

It intercepts and logs kernel messages via the overall system log daemon.

Question 108

What utility can you use to send a single packet to a target system, which should reply, confirming the existence of a basic network connection?

Answer 108

The ping utility sends a single packet to a target system and can be used to confirm the existence of a basic network connection.

Question 109

If you’re using static routing, what command can you use to add an entry to the routing table?

Answer 109

The route add command is used to add an entry to the routing table.

Question 110

What program can help identify slow or unreliable routers between you and a target system on the Internet?

Answer 110

The traceroute or tracepath program can help identify slow or unreliable routers between you and a target system.

Question 111

What system associates IP addresses with hostnames?

Answer 111

The Domain Name System (DNS), which is a distributed set of name server computers, associates IP addresses with hostnames

Question 112

What’s the most common type of local wired network hardware today?

Answer 112

Ethernet is most common type of local wired network hardware.

Question 113

What is PPPoE?

Answer 113

PPPoE is a variant of the Point-to-Point Protocol (PPP) that’s used over Ethernet connections. It’s most often used in conjunction with digital subscriber line (DSL) Internet connections.

Question 114

When you configure a system to use a static IP address, what information do you enter manually?

Answer 114

You enter the IP address, the netmask (aka the network mask or subnet mask), the IP addresses of one to three DNS servers, and the gateway (router) address. The last two items are technically optional, but they’re usually a practical necessity.

Question 115

Name a common Linux Web server package.

Answer 115

Apache, Roxen, and thttpd are all Linux Web servers. (Of these, Apache is the most common.)

Question 116

What will happen if you enter the incorrect gateway (router) address when you’re configuring networking?

Answer 116

You’ll be able to access systems on your local network, but you won’t be able to access systems on other networks or the Internet.

Question 117

What conditions must be met to use DHCP?

Answer 117

Your network must include a DHCP server, and your computer must have appropriate hardware to connect to the network.

Question 118

You type ifconfig on a Linux system and see a report that includes the abbreviation wlan0, but you don’t see the abbreviation eth0 anywhere. What can you conclude about this system’s network interface(s)?

Answer 118

The system has a wireless network device that’s active, but there’s either no Ethernet device installed or it’s not currently active.

Question 119

A computer has a server running on port 53. Assuming a standard use of this port, what type of server is this?

Answer 119

It’s a Domain Name System (DNS) server, such as the Berkeley Internet Name Domain (BIND).

Question 120

What is a major advantage of UDP over TCP?

Answer 120

The User Datagram Protocol (UDP) is a simpler protocol than the Transmission Control Protocol (TCP). Because of this simplicity, UDP requires less overhead than TCP, which can result in better speed when simple transfers are involved.

Question 121

What tool can link computers on a private IPv4 network address space to the Internet?

Answer 121

Network Address Translation (NAT), aka IP masquerading, can do this. NAT is often implemented in broadband routers intended for homes and small offices. Proxy servers can function in a similar way.

Question 122

Why should you not run a Telnet server?

Answer 122

Telnet is an insecure login protocol that provides no encryption, which means that passwords and other data sent via Telnet are easily intercepted should a local network or intervening router be compromised.

Question 123

What file would you edit to have mail addressed to postmaster delivered to you?

Answer 123

You would edit the aliases file, which is usually located in /etc or /etc/mail.

Question 124

What is accomplished by the command chmod a+x scriptfile?

Answer 124

The command adds execute permissions for the owner, group, and world to scriptfile —the file is made executable.

Question 125

In what files can you set global bash options (that is, for all users)?

Answer 125

/etc/bashrc, /etc/bash.bashrc, /etc/profile, and files in /etc/profile.d are the most common locations.

Question 126

What symbol identifies variables when they’re used (but not when they’re assigned values) in a bash shell script?

Answer 126

$ (preceding the variable name) identifies variables when they’re used in a bash shell script.

Question 127

What does the TERM environment variable control?

Answer 127

TERM determines the types of codes sent to a terminal (either a local or remote login) to control such features as bold text, colors, and cursor positioning.

Question 128

What is the difference between a SQL database and a SQL table?

Answer 128

A database consists of one or more tables; each table holds a two-dimensional array of data.

Question 129

bash script includes an if clause. How is this clause terminated?

Answer 129

An if clause in bash is terminated by a line consisting of the keyword fi (if spelled backward).

Question 130

How can you check to see whether an SMTP email server has delivered a message you’ve just sent?

Answer 130

Type mailq to view the contents of the mail queue and see whether the message in question is still queued.

Question 131

What is the purpose of the newaliases command?

Answer 131

It forces certain mail servers to parse the text-mode /etc/aliases file into a binary form that the mail server uses in practice.

Question 132

How do you set an alias in bash?

Answer 132

The format is alias=’ commands ‘, where commands are the commands you want to alias. Such lines typically appear in bash startup scripts.

Question 133

What is the purpose of the while statement in a bash script?

Answer 133

The while statement begins a loop that continues for as long as its condition (enclosed in square braces, []) remains true.

Question 134

What SQL command would you use to delete an individual item from a table?

Answer 134

The DELETE command deletes an individual item from a table.

Question 135

How can you check your account for new email using the mail command?

Answer 135

Type mail with no options. (You can optionally add -u user to check user’s mail or use -f file to read the contents of a specific mail spool, assuming you have sufficient permissions.)

Question 136

How do the ∼/.profile and ∼/.bashrc files differ in purpose?

Answer 136

The ∼/.profile file is a bash login file; it’s executed only at login shells. The ∼/.bashrc file, by contrast, is a non-login file; it’s executed whenever bash is run, including when logging in or when bash is run in an xterm or for other reasons.

Question 137

How are functions identified in bash?

Answer 137

Function names end in parentheses, as in myfunction(), and they’re optionally preceded by the keyword function. Their bodies are surrounded by curly braces ({}). When called, all of these identifiers are omitted, and functions look like ordinary internal or external commands, as in myfunction.

Question 138

What option must you ensure is set in /etc/ssh/sshd config to enable X tunneling in SSH?

Answer 138

Be sure X11Forwarding yes is set.

Question 139

You’ve installed a server that includes a configuration file in /etc/xinetd.d and restarted the xinetd server, but the server you’ve just installed isn’t responding. What should you check first?

Answer 139

Look for a disable = yes line in the /etc/xinetd.d configuration file for the new server. If it’s present, remove it or change it to disable = no; then restart xinetd.

Question 140

What command can be used to execute a single program with alternative permission?

Answer 140

The sudo command can be used to execute a single program with alternative permission.

Question 141

What is the purpose of the /etc/nologin file?

Answer 141

If present, this file prevents logins via most text-mode methods, except by root. Most servers and login tools display the contents of the /etc/nologin file instead.

Question 142

What types of manipulations can you perform on a password base to make it more secure?

Answer 142

You can insert random numbers and letters into the base, vary the case of the base, reverse the order of the base or one of its component words, and add characters (even a repeating character) to make a longer password.

Question 143

What does the /etc/inetd.conf file control?

Answer 143

/etc/inetd.conf controls the inetd server, which launches other servers only when those servers are needed.

Question 144

When should you use shadow passwords?

Answer 144

You should almost always use shadow passwords; they substantially improve local security.

Question 145

What advantage does using SSH have over using Telnet for initiating a remote X session?

Answer 145

SSH can tunnel the X session, thus applying encryption to all X data, including the initial username and password and all data sent via X protocols. Telnet can’t do this.

Question 146

What type of software can block access to any or all network ports on a computer?

Answer 146

A firewall (typically implemented in Linux with iptables) can block access to any or all network ports on a computer.

Question 147

Describe the most important difference between inetd and xinetd.

Answer 147

The xinetd program includes security features that aren’t present in inetd; with inetd, TCP Wrappers must be used to achieve similar effects. There are also configuration file format differences.

Question 148

How should you treat the security of public versus private keys in GPG encryption?

Answer 148

GPG public keys are meant to be distributed widely, so you can give them to anybody. GPG private keys, on the other hand, should be carefully guarded to prevent others from impersonating you.

Question 149

You use Nmap to scan a computer on your local network for open ports and find none; yet you can log into that computer using SSH from a third computer. How do you explain this?

Answer 149

One of Nmap’s limitations is that it can only tell you what ports are open to the scanning system. Firewall rules, xinetd restrictions, and similar configurations can block ports from one computer but not from another one.

Question 150

What utility uses the /etc/hosts.allow and /etc/hosts.deny files?

Answer 150

TCP Wrappers uses thes files for access control. Typically, inetd is the main user of TCP Wrappers, but other servers may use its services independent of inetd.

Question 151

What utility manages SSH logins, enabling you to enter a single passphrase instead of typing a password or passphrase for each SSH connection?

Answer 151

The ssh-agent utility manages SSH logins.

Question 152

What file holds information about servers known to SSH for all users on a computer?

Answer 152

The ssh known hosts file, which is typically stored in /etc or /etc/ssh, holds information about servers known to SSH for all users on a computer.