What is the true of the following share’s access properties? (Choose two.)
- A . @managers copies the permissions of the share [managers].
- B . The alice and bob users can manipulate files regardless of the file system permissions.
- C . @managers will be resolved as a Unix group.
- D . @managers is a builtin default Samba group.
- E . the parameter admin users can be applied only to print shares.
Which of the following parameters can be used in a Samba configuration in order to execute scripts on the server? (Choose three.)
- A . add printer script
- B . add user script
- C . add group script
- D . add user to group script
- E . add share script
Fill in the blank.
Which option must be specified in smb.conf in order to make Samba create machine accounts automatically when a client joins the domain?
What is the effect of the following line within a global section of a Samba configuration file?
- A . After its start, nmbd forces an election in order to become the master browser.
- B . The os level is set to the highest possible value 255 in order to become the master browser.
- C . nmbd forces an election every minute in order to become the master browser.
- D . The local nmbd becomes the master browser for all available workgroups in the local network.
- E . The line has no effect as long as local master is not set to no.
Which of the following commands is used to join a properly configured Samba server as member to an Active Directory domain?
- A . net ads join member
- B . net rpc join Cmember
- C . net domain join member
- D . net domain join Cmember
- E . net ads member join
Which of the following Samba variables must be used to pass the machine name to the script specified in add machine script within a Samba configuration file?
- A . %m
- B . %w
- C . %p
- D . %q
- E . %u
By default, Samba tries to automatically detect the correct character set to use with a connecting client.
Which parameter in smb.conf forces Samba to use only ASCII?
- A . global charset = ASCII
- B . unicode = no
- C . ASCII = yes
- D . force charset = ASCII
- E . reduce charset = yes
Fill in the blank.
What command checks the Samba configuration file for syntactical correctness? (Specify ONLY the command without any path or parameters.)
Which of the following sections must exist in a Samba configuration file in order to create dynamic shares for printers?
- A . [print$]
- B . [printcap]
- C . [printer]
- D . [printers]
- E . [spooler]
Fill in the blank.
Which type of message should be sent to a Samba daemon using smbcontrol in order to change the daemon’s debug level? (Specify ONLY the name of the message type without command or options.)
Which of the following ports are open by default on a Samba 4 Active Directory Domain Controller? (Choose three.)
- A . 443/TCP
- B . 138/TCP
- C . 389/TCP
- D . 445/TCP
- E . 53/TCP
In order to generate an individual log file for each of the machines connecting to a Samba server, which of the following statements must be used in the Samba configuration file?
- A . log file = /var/log/samba/log.%c
- B . log file = /var/log/samba/log.%M
- C . log file = /var/log/samba/log.%m
- D . log file = /var/log/samba/log.%I
Fill in the blank.
What samba command generates the following output? (Specify ONLY the command without any path or parameters.)
Which of the following parameters is used in the database on a slave server to direct clients that want to make changes to the OpenLDAP database to the master server?
- A . updatedn
- B . updateserver
- C . updateref
- D . updateuri
It is found that changes made to an OpenLDAP directory are no longer being replicated to the slave server at 192.168.0.3. Tests prove that the slave server is listening on the correct port and changes are being recorded properly to the replication log file. In which file would you find the replication errors?
- A . replication.err
- B . replication.rej
- C . 192.168.0.3: 389.rej
- D . 192.168.0.3: 389.err
In an OpenLDAP masters’s slapd.conf configuration file, a replica configuration option is needed to enable a slave OpenLDAP server to replicate. What value is required in the following setting: bindmethod=____________ if using passwords for master/slave authentication? (Only specify the missing value)
In the example below, what is the missing argument that is required to use secret as the password to authenticate the replication push with a slave directory server?
replica uri=ldaps: //slave.example.com: 636
binddn="cn=Replicator,dc=example,dc=com"
bindmethod=simple ______________=secret
- A . secure
- B . master
- C . credentials
- D . password
Below is an ACL entry from a slapd.conf file. Fill in the access control level setting to prevent users from retrieving passwords.
access to attrs=lmPassword,ntPassword by dn="cn=smbadmin,dc=samplenet" write by * _______
When configuring OpenLDAP to use certificates, which option should be used with the TLSVerifyClient directive to ask the client for a valid certificate in order to proceed normally?
- A . never
- B . allow
- C . try
- D . demand
Which of the following procedures will test the TLS configuration of an OpenLDAP server?
- A . Run the ldapsearch command with the -ZZ option, while watching network traffic with a packet analyzer.
- B . Run the ldapsearch command with the -x option, while watching network traffic with a packet analyzer.
- C . Run the slapcat command, while watching network traffic with a packet analyzer.
- D . Verify the TLS negotiation process in the /var/log/ldap_auth.log file.
- E . Verify the TLS negotiation process in the /var/log/auth.log file.
The ________ command, included with OpenLDAP, will generate password hashes suitable for use in slapd.conf. (Enter the command with no options or parameters)
In slapd.conf, what keyword will instruct slapd to not ask the client for a certificatE.
TLSVerifyClient = ________
- A . never
- B . nocert
- C . none
- D . unverified
OpenLDAP can be secured by which of these options? (Select THREE correct choices)
- A . TLS (Transport Layer Security)
- B . ACLs (Access Control Lists)
- C . HTTPS (Hypertext Transfer Protocol Secure)
- D . SSL (Secure Sockets Layer)
- E . OSI-L2 (OSI Layer 2 encryption)
After modifying the indexes for a database in slapd.conf and running slapindex, the slapd daemon refuses to start when its init script is called.
What is the most likely cause of this?
- A . The indexes are not compatible with the init script.
- B . The init script cannot be run after executing slapindex, without first signing the indexes with slapsign.
- C . The init script has identified one or more invalid indexes.
- D . The init script is starting slapd as an ordinary user, and the index files are owned by root.
What does cachesize 1000000 represent in the slapd.conf file?
- A . The number of entries to be cached.
- B . The size of the cache in Bytes.
- C . The size of the cache in Bits.
- D . The minimum cache size in Bytes.
- E . The maximum cache size in Bytes.
What is the correct command to regenerate slapd indices based upon the current contents of the database?
- A . slapd index
- B . sindexd
- C . slapindex
- D . There is no index command, indexing is handled by the slapd daemon.
Which of the following parameters can be used in the file DB_CONFIG? (Select TWO correct answers.)
- A . set_cachesize
- B . set_cachepath
- C . set_db_type
- D . set_db_path
- E . set_lg_max
A server is authenticating users using the pam_ldap module. Only users who are members of a certain group should be allowed to login. In which parameter in ldap.conf can a filter string be specified, that is ANDed with the login attribute when validating a user? (Enter only the parameter, without any options or values)
When configuring an OpenLDAP system for integration with PAM and NSS the /etc/nsswitch.conf file needs to be modified. Which of the following parameters completes this line from the /etc/nsswitch.conf file?
passwD. files _________
- A . pam
- B . ldap
- C . pam_nss
- D . pam_ldap
- E . none
By configuring Pluggable Authentication Module (PAM) and Name Service Switch (NSS) technologies to use OpenLDAP, what authentication service can be replaced?
- A . Microsoft NT Domain
- B . Samba
- C . Network Information Service (NIS)
- D . Active Directory (AD)
Which option for the pam_ldap module specifies a file from which the module’s global settings can be read?
- A . default
- B . global
- C . config
- D . include
When configuring an OpenLDAP server to act as a proxy to a Microsoft Active Directory server, what is the correct database type for this stanza of the slapd.conf file?
database _________
suffix "cn=users,dc=testcorp,dc=com"
subordinate
rebind-as-user
uri "ldap: //dc1.testcorp.com/"
chase-referrals yes
Which file stores the global Kerberos configuration needed for OpenLDAP integration with Active Directory and Kerberos? (Specify only the file name without any path.)
Which port in TCP/IP communication is used for Kerberos v5?
- A . 888
- B . 86
- C . 88
- D . 90
What are benefits of using Single Sign-On (SSO)? (Select THREE correct answers.)
- A . Reduce IT costs due to lower number of IT help desk calls about passwords.
- B . Reduce time spent re-entering passwords for the same identity.
- C . Reduce number of passwords to remember.
- D . Reduce password complexity.
- E . Reduce number of services used by users.
Which of the following are true for CIFS? (Choose TWO correct answers.)
- A . Filenames can be in any character set.
- B . Filenames can have a maximum length of 127 characters.
- C . Unlike SMB, CIFS is not optimized for slow network connections.
- D . Opportunistic Locks are supported.
CIFS relies upon which port for direct hosting without requiring NetBIOS?
- A . 139
- B . 443
- C . 137
- D . 445
Which of the following daemons are included in Samba 3? (Select THREE correct answers.)
- A . wind
- B . nmbd
- C . winbindd
- D . samba
- E . smbd
What following statement is true about Samba 4?
- A . Samba 4 can serve as an Active Directory Domain Controller.
- B . Microsoft Windows clients cannot connect to Samba 4 servers.
- C . Samba 4 is only a minor update of Samba 3 to fix smaller bugs and contains no new features.
- D . Integration of Samba 4 in an existing Active Directory Domain is not possible.
There are multiple network interfaces on a server. Which parameters must you set in smb.conf to limit which interfaces Samba will accept connections? (Choose TWO correct answers.)
- A . listen interfaces
- B . bind interfaces only
- C . interfaces
- D . listen address