TestOut LabSim 12.7.7 Questions

11/8/23, 5 : 12 AM Page 1 of 11 https://labsimapp.testout.com/v6_0_575/exam-engine.html/4ab2b496-…n/31059180/783da08f-b2ef-464f-8624-23fec01f7276/end ? locale=en-us 12.7.7 Practice Questions Candidate: Levi Cloakey (Lcloakey) Date: 11/8/2023 5:02:35 am • Time Spent: 03:20 Score: 100% Passing Score: 80%

11/8/23, 5 : 12 AM Page 2 of 11 https://labsimapp.testout.com/v6_0_575/exam-engine.html/4ab2b496-…n/31059180/783da08f-b2ef-464f-8624-23fec01f7276/end ? locale=en-us  Question 1:  Correct Which of the following are IP packet characteristics that ACL rules look at to determine how to fi lter a packet? (Select three.) Protocols Header Source address Data Ports Trailer Payload Explanation ACLs use the following packet characteristics to determine how to fi lter a packet: Source address Destination address Ports Protocols The header, payload, and trailer are the three parts of an IP packet. While data is transmitted in an IP packet, it is not content that an ACL rule looks at. References  12.7.3 IP Forwarding q_ fi rewall_acl_packet_characteristics_lp6.question.fex

11/8/23, 5 : 12 AM Page 4 of 11 https://labsimapp.testout.com/v6_0_575/exam-engine.html/4ab2b496-…n/31059180/783da08f-b2ef-464f-8624-23fec01f7276/end ? locale=en-us  Question 3:  Correct Which of the following are Python scripts classi fi ed as intrusion prevention software and provide dynamic rule sets to automate the rules IPTables use to fi lter network tra ffi c? (Select two.) DenyHosts Fail2ban fi rewalld IPset Uncomplicated Firewall (UFW) Explanation DenyHosts and Fail2ban are two popular Python scripts that are classi fi ed as instruction prevention software. Both scripts monitor log fi les and react to common security problems, such as brute force attacks, by adding or modifying fi rewall rules. Uncomplicated Firewall (UFW) provides a user-friendly framework for managing Net fi lter. IPset is a companion application to IPTables that allows you to easily set fi rewall rules for a block of IP addresses. fi rewalld is a front-end controller for IPTables. References  12.7.4 Linux Firewall Facts q_ fi rewall_denyhosts_fail2ban_lp6.question.fex  Question 4:  Correct

11/8/23, 5 : 12 AM Page 5 of 11 https://labsimapp.testout.com/v6_0_575/exam-engine.html/4ab2b496-…n/31059180/783da08f-b2ef-464f-8624-23fec01f7276/end ? locale=en-us Alex, a webmaster, recently deployed a new web server. After checking external access to the new web server, he was unable to communicate on port 80. Alex veri fi ed that the host- based fi rewall's con fi guration had been changed and that the httpd service is running. Which of the following commands will most likely resolve the communication issue? systemctl restart fi rewalld Install fi rewalld on the same system as the webserver systemctl restart httpd fi rewall-cmd --permanent --zone=public -- add-port= 80/tcp Explanation The systemctl restart fi rewalld command restarts the fi rewall service. This is important because if you make any changes to the fi rewall con fi guration, you need to restart the fi rewalld daemon in order to have that change take e ff ect. This is most likely the step that Alex did not complete for the con fi guration changes to take e ff ect. fi rewall-cmd --permanent --zone=public --add-port= 80/tcp changes the con fi guration, which Alex had already done. Install fi rewalld on the same system as the webserver is not a command. systemctl restart httpd restarts the web server, which will have no impact on the issue since the web server is running. References  12.7.1 Linux Firewalls  12.7.2 Con " gure " rewalld  12.7.4 Linux Firewall Facts q_ fi rewall_ fi rewalld_restart_lp6.question.fex

11/8/23, 5 : 12 AM Page 7 of 11 https://labsimapp.testout.com/v6_0_575/exam-engine.html/4ab2b496-…n/31059180/783da08f-b2ef-464f-8624-23fec01f7276/end ? locale=en-us  Question 6:  Correct Maria, a system administrator, wants to set up IP forwarding on a server for both IPv4 and IPv6. Which of the following fi les should be modi fi ed to enable IP forwarding? (Select two.) /proc/sys/net/ipv4/ip_forward /usr/lib/modules/ kernelversion /kernel/net/ipv6 /usr/lib/modules/ kernelversion /kernel/net/ipv4 /proc/sys/net/ipv6/ip_forward /etc/services Explanation IP forwarding is another name for routing. It is sometimes called kernel IP forwarding because it is a feature of the Linux kernel. You can enable IP forwarding by writing a 1 to the ip_forward fi le. Enable IPv4 forwarding by writing to the /proc/sys/net/ipv4/ip_forward fi le. Enable IPv6 forwarding by writing to the /proc/sys/net/ipv6/ip_forward fi le. Be cautious about enabling IP forwarding without a fi rewall, especially if an interface connects to the internet or to a subnet you don't control. Many fi rewall applications read from the /etc/services fi le. This fi le is a list of well-known services and their port assignments. The /net/ipv4 and /net/ipv6 fi les are kernel modules that provide these features on a Linux system. References  12.7.3 IP Forwarding q_ fi rewall_ip_forwarding_lp6.question.fex

11/8/23, 5 : 12 AM Page 8 of 11 https://labsimapp.testout.com/v6_0_575/exam-engine.html/4ab2b496-…n/31059180/783da08f-b2ef-464f-8624-23fec01f7276/end ? locale=en-us  Question 7:  Correct Which of the following popular Linux fi rewalls are based on Net fi lter? (Select three.) IPTables netcat IP forwarding Uncomplicated Firewall (UFW) fi rewalld Wireshark netstat Explanation IPTables, Uncomplicated Firewall (UFW), and fi rewalld are all fi rewalls based on Net fi lter. The other answers listed are not fi rewalls. References  12.7.4 Linux Firewall Facts q_ fi rewall_net fi lter_ fi rewalls_lp6.question.fex

11/8/23, 5 : 12 AM Page 10 of 11 https://labsimapp.testout.com/v6_0_575/exam-engine.html/4ab2b496…n/31059180/783da08f-b2ef-464f-8624-23fec01f7276/end ? locale=en-us  Question 9:  Correct Which of the following provides a user-friendly framework for managing the Net fi lter fi rewall? IPTables IPset Uncomplicated Firewall fi rewalld Explanation Uncomplicated Firewall (UFW) provides a user-friendly framework for managing Net fi lter. IPTables is a fi rewall application that is pre-installed on most Linux distributions, is a command-line interface, and is a rule-based front-end tool that interfaces with Net fi lter to decide which packets to fi lter. While fi rewalld provides both a command-line and graphical interface, its primary purpose is to be a front-end controller for IPTables. IPset is a companion application to IPTables that allows you to easily set fi rewall rules for a block of IP addresses. References  12.7.1 Linux Firewalls  12.7.2 Con " gure " rewalld  12.7.4 Linux Firewall Facts q_ fi rewall_uncomplicated_ fi rewall_lp6.question.fex

11/8/23, 5 : 12 AM Page 11 of 11 https://labsimapp.testout.com/v6_0_575/exam-engine.html/4ab2b496…n/31059180/783da08f-b2ef-464f-8624-23fec01f7276/end ? locale=en-us  Question 10:  Correct Which of the following fi les provides a list of services and their port assignments used by many fi rewall applications? /etc/group /etc/fstab /etc/services /etc/shadow Explanation Many fi rewall applications read from the /etc/services fi le. This fi le is a list of well-known services and their port assignments. When you update fi rewall rules, consider updating this fi le with new services and ports. The /etc/shadow fi le is an encrypted fi le that stores user passwords. The /etc/group fi le contains information about con fi gured groups in your Linux system. The /etc/fstab fi le lists the fi le systems mounted at startup by the mount -a command. References  12.7.4 Linux Firewall Facts q_frewall_etc_services_info_lp6.question.fex Copyright © 2023 TestOut Corporation All rights reserved.