image: LPI-banner
Home | About LPI | Certification | Exam Development | The LPI Community | News | Members´ Area | Logout

Certification

 

Horizontal Line
You logged in as mikal.
Horizontal Line

Why Get Certified?

Things your boss ought to know

Verify LPIC

Why Certify With LPI?

Procedure for Taking Exams

Exam Preparation

LPI Approved Training Materials

The LPIC Program

Special Promotions

LPI Approved Training Materials

Exam Development Process

  

Exam 202: Detailed Objectives

This is a required exam for LPI certification Level 2. It covers advanced network administration skills that are common across all distributions of linux.

Each objective is assigned a weighting value. The weights range roughly from 1 to 10, and indicate the relative importance of each objective. Objectives with higher weights will be covered in the exam with more questions.

  • 2.205.1 Basic networking configuration
    Modified: 2001-August-24
    Maintainer: Kara Pritchard
    Weight: 5

Description: The candidate should be able to configure a network device to be able to connect to a local network and a wide-area network. This objective includes being able to communicate between various subnets within a single network, configure dialup access using mgetty, configure dialup access using a modem or ISDN, configure authentication protocols such as PAP and CHAP, and configure TCP/IP logging.

Key files, terms, and utilities include:

/sbin/route
/sbin/ifconfig
/sbin/arp
/usr/sbin/arpwatch
 /etc/
  • 2.205.2 Advanced Network Configuration and Troubleshooting
    Modified: 2001-August-24
    Maintainer: Kara Pritchard
    Weight: 3

Description: The candidate should be able to configure a network device to implement various network authentication schemes. This objective includes configuring a multi-homed network device, configuring a virtual private network and resolving networking and communication problems.

Key files, terms, and utilities include:
/sbin/route
/sbin/route
/sbin/ifconfig
/bin/netstat
/bin/ping
/sbin/arp
/usr/sbin/tcpdump
/usr/sbin/lsof
/usr/bin/nc

Topic 206 Mail & News
  • 2.206.1 Configuring mailing lists
    Modified: 2001-August-24
    Maintainer: Kara Pritchard
    Weight: 1

Description: Install and maintain mailing lists using majordomo. Monitor majordomo problems by viewing majordomo logs.

Key files, terms, and utilities include:
Majordomo2

  • 2.206.2 Using Sendmail
    Modified: 2001-August-24
    Maintainer: Kara Pritchard
    Weight: 4

Description: Candidates should be able to manage a Sendmail configuration including email aliases, mail quotas, and virtual mail domains. This objective includes configuring internal mail relays and monitoring SMTP servers.

Key files, terms, and utilities include:
/etc/aliases
sendmail.cw
virtusertable
genericstable

  • 2.206.3 Managing Mail Traffic
    Modified: 2001-August-24
    Maintainer: Kara Pritchard
    Weight: 3

Description: Candidates shold be able to implement client mail management software to filter, sort, and monitor incoming user mail. This objective includes using software such as procmail on both server and client side.

Key files, terms, and utilities include:
procmail
.procmailrc

  • 2.206.4 Serving news
    Modified: 2001-August-24
    Maintainer: Kara Pritchard
    Weight: 1

Description: Candidates should be able to install and configure news servers using inn. This objective includes customizing and monitoring served newsgroups.

Key files, terms, and utilities include:
innd

Topic 207 DNS
  • 2.207.1 Basic BIND 8 configuration
    Modified: 2001-August-24
    Maintainer: Kara Pritchard
    Weight: 2

Description: The candidate should be able to configure BIND to function as a caching-only DNS server. This objective includes the ability to convert a BIND 4.9 named.boot file to the BIND 8.x named.conf format, and reload the DNS by using kill or ndc. This objective also includes configuring logging and options such as directoryh location for zone files.

Key files, terms, and utilities include:
/etc/named.conf
/usr/sbin/ndc
/usr/sbin/named-bootconf
kill

  • 2.207.2 Create and maintain DNS zones
    Modified: 2001-August-24
    Maintainer: Kara Pritchard
    Weight: 3

Description: The candidate should be able to create a zone file for a forward or reverse zone or root level server. This objective includes setting appropriate values for the SOA resource record, NS records, and MX records. Also included is adding hosts with A resource records and CNAME records as appropriate, adding hosts to reverse zones with PTR records, and adding the zone to the /etc/named.conf file using the zone statement with appropriate type, file and masters values. A candidate should also be able to delegate a zone to another DNS server.

Key files, terms, and utilities include:
contents of /var/named
zone file syntax
resource record formats
dig
nslookup
host

  • 2.207.3 Securing a DNS server
    Modified: 2001-August-24
    Maintainer: Kara Pritchard
    Weight: 3

Description: The candidate should be able to configure BIND to run as a non-root user, and configure BIND to run in a chroot jail. This objective includes configuring DNSSEC statements such as key and trusted-keys to prevent domain spoofing. Also included is the ability to configure a split DNS configuration using the forwarders statement, and specifying a non-standard version number string in response to queries.

Key files, terms, and utilities include:
SysV init files or rc.local
/etc/named.conf
/etc/passwd
dnskeygen


Topic 208 Web Services
  • 2.208.1 Implementing a web server
    Modified: 2001-August-24
    Maintainer: Kara Pritchard
    Weight: 2

Description: Candidates should be able to install and configure an Apache web server. This objective includes monitoring Apache load and performance, restricting client user access, configuring mod_perl and PHP support, and setting up client user authentication. Also included is configuring Apache server options such as maximum requests, minimum and maximim servers, and clients.

Key files, terms, and utilities include:
access.log
.htaccess
httpd.conf
mod_auth
htpasswd
htgroup

  • 2.208.2 Maintaining a web server
    Modified: 2001-August-24
    Maintainer: Kara Pritchard
    Weight: 2

Description: Candidates should be able to configure Apache to use virtual hosts for websites without dedicated IP addresses. This objective also includes creating an SSL certification for Apache and defining SSL definitions in configuration files using OpenSSL. Also included is customizing file access by implementing redirect statements in Apache's configuration files.

Key files, terms, and utilities include:
httpd.conf

  • 2.208.3 Implementing a proxy server
    Modified: 2001-August-24
    Maintainer: Kara Pritchard
    Weight: 2

Description: Candidates should be able to install and configure a proxy server using Squid. This objective includes impelementing access policies, setting up authentication, and utilizing memory usage.

Key files, terms, and utilities include:
squid.conf
acl
http_access

Topic 210 Network Client Management
  • 2.210.1 DHCP configuration
    Modified: 2001-August-24
    Maintainer: Kara Pritchard
    Weight: 2

Description: The candidate should be able to configure a DHCP server and set default options, create a subnet, and create a dynamically-allocated range. This objective includes adding a static host, setting options for a single host, and adding bootp hosts. Also included is to configure a DHCP relay agent, and reload the DHCP server after making changes.

Key files, terms, and utilities include:
dhcpd.conf
dhcpd.leases

  • 2.210.2 NIS configuration
    Modified: 2001-August-24
    Maintainer: Kara Pritchard
    Weight: 1

Description: The candidate should be able to configure an NIS server and create NIS maps for major configuration files. This objective includes configuring a system as a NIS client, setting up an NIS slave server, and configuring ability to search local files, DNS, NIS, etc. in nsswitch.conf.

Key files, terms, and utilities include:
nisupdate, ypbind, ypcat, ypmatch, ypserv, ypswitch, yppasswd, yppoll, yppush, ypwhich, rpcinfo
nis.conf, nsswitch.conf, ypserv.conf
Contents of /etc/nis/: netgroup, nicknames, securenets
Makefile

  • 2.210.3 LDAP configuration
    Modified: 2001-August-24
    Maintainer: Kara Pritchard
    Weight: 1

Description: The candidate should be able to configure an LDAP server. This objective includes configuring a directory hierarchy, adding group, hosts, services and other data to the hierarchy. Also included is importing items from LDIF files and add items with a management tool, as well as adding users to the directory and change their passwords.

Key files, terms, and utilities include:
slapd
slapd.conf

  • 2.210.4 PAM authentication
    Modified: 2001-August-24
    Maintainer: Kara Pritchard
    Weight: 2

Description: The candidate should be able to configure PAM to support authentication via traditional /etc/passwd, shadow passwords, NIS, or LDAP.

Key files, terms, and utilities include:
/etc/pam.d
pam.conf


Topic 212 System Security
  • 2.212.2 Configuring a router
    Modified: 2001-August-24
    Maintainer: Kara Pritchard
    Weight: 2

Description: The candidate should be able to configure ipchains and iptables to perform IP masquerading, and state the significance of Network Address Translation and Private Network Addresses in protecting a network. This objective includes configuring port redirection, listing filtering rules, and writing rules that accept or block datagrams based upon source or destination protocol, port and address. Also included is saving and reloading filtering configurations, using settings in /proc/sys/net/ipv4 to respond to DOS attacks, using /proc/sys/net/ipv4/ip_forward to turn IP forwarding on and off, and usingtools such as PortSentry to block port scans and vulnerability probes.

Key files, terms, and utilities include:
/proc/sys/net/ipv4
/etc/services
ipchains
iptables
routed

  • 2.212.3 Securing FTP servers
    Modified: 2001-August-24
    Maintainer: Kara Pritchard
    Weight: 2

Description: The candidate should be able to configure an anonymous download FTP server. This objective includes configuring an FTP server to allow anonymous uploads, listing additional precautions to be taken if anonymous uploads are permitted, configuring guest users and groups with chroot jail, and configuring ftpaccess to deny access to named users or groups.

Key files, terms, and utilities include:
ftpaccess, ftpusers, ftpgroups
/etc/passwd
chroot

  • 2.212.4 Secure shell (OpenSSH)
    Modified: 2001-August-24
    Maintainer: Kara Pritchard
    Weight: 2

Description: The candidate should be able to configure sshd to allow or deny root logins, enable or disable X forwarding. This objective includes generating server keys, generating a user's public/private key pair, adding a public key to a user's authorized_keys file, and configuring ssh-agent for all users. Candidates should also be able to configure port forwarding to tunnel an application protocol over ssh, configure ssh to support the ssh protocol versions 1 and 2, disable non-root logins during system maintenance, configure trusted clients for ssh logins without a password, and make multiple connections from multiple hosts to guard against loss of connection to remote host following configuration changes.

Key files, terms, and utilities include:
ssh, sshd
/etc/ssh/sshd_config
~/.ssh/identity.pub and identity, ~/.ssh/authorized_keys
.shosts, .rhosts

  • 2.212.5 TCP_wrappers
    Modified: 2001-August-24
    Maintainer: Kara Pritchard
    Weight: 1

Description: The candidate should be able to configure tcpwrappers to allow connections to specified servers from only certain hosts or subnets.

Key files, terms, and utilities include:
inetd.conf, tcpd
hosts.allow, hosts.deny
xinetd

  • 2.212.6 Security tasks
    Modified: 2001-August-24
    Maintainer: Kara Pritchard
    Weight: 3

Description: The candidate should be able to install and configure kerberos and perform basic security auditing of source code. This objective includes arranging to receive security alerts from Bugtraq, CERT, CIAC or other sources, being able to test for open mail relays and anonymous FTP servers, installing and configuring an intrusion detection system such as snort or Tripwire. Candidates should also be able to update the IDS configuration as new vulnerabilities are discovered and apply security patches and bugfixes.

Key files, terms, and utilities include:
Tripwire
telnet
nmap


Topic 214 Network Troubleshooting
  • 2.214.7 Troubleshooting network issues
    Modified: 2001-August-24
    Maintainer: Kara Pritchard
    Weight: 1

Description: A candidates should be able to identify and correct common network setup issues to include knowledge of locations for basic configuration files and commands.

Key files, terms, and utilities include:
/sbin/ifconfig
/sbin/route
/bin/netstat
/etc/network || /etc/sysconfig/network-scripts/
system log files such as /var/log/syslog && /var/log/messages
/bin/ping
/etc/resolv.conf
/etc/hosts
/etc/hosts.allow && /etc/hosts.deny
/etc/hostname || /etc/HOSTNAME
/sbin/hostname
/usr/sbin/traceroute
/usr/bin/nslookup
/usr/bin/dig
/bin/dmesg
host

Top

Horizontal Line
Copyright © 1999 - 2004 Linux Professional Institute. All rights reserved.
The LPI logo is a trademark of Linux Professional Institute.
Sun Mar 14 00:11:18 2004 		Privacy Policy | Site Map | Contact Us
Horizontal Line