Thursday, April 12, 2007

LPI Exam 202 Detailed Objectives

Indicate the source of this article,when you make a copy.
如需轉載本文請註明本文出處(lpi-note.blogspot.com)

Reference:www.lpi.org
參考資料:LPI網站

Exam 202: Detailed Objectives

This is a required exam for LPI certification Level 2. It covers basic system administration skills that are common across all distributions of Linux.

IMPORTANT INFORMATION: These are the current 202 objectives, which are valid effective 2006-03-01. The 201 exams, which are delivered through test centres all over the world, will reflect these updated objectives for English in mid 2006 and all other languages by late 2006/early 2007. Candidates should be prepared to take exams based upon these objectives after 2Q2006.

Each objective is assigned a weighting value. The weights range roughly from 1 to 10 and indicate the relative importance of each objective. Objectives with higher weights will be covered in the exam with more questions.

Maintainer: Dimitrios "Taki" Bogiatzoules, Product Developer

Last modification: 2006-02-28



Topic 205: Networking Configuration

2.205.1 Basic networking configuration

Weight: 5

Description: Candidates should be able to configure a network device to be able to connect to a local, wired or wireless, and a wide-area network. This objective includes being able to communicate between various subnets within a single network, configure dialup access, its authentication protocols and logging.

Key knowledge area(s):Utilities to configure and manipulate ethernet network interfaces
Use and configuration of modems, ISDN interface cards and ethernet interfaces as dialup devices.
Authentication protocols such as PAP and CHAP.
Configuring wireless networks.


The following is a partial list of the used files, terms and utilities:/sbin/route
/sbin/ifconfig
/bin/ip
/sbin/arp
/usr/sbin/arpwatch
/sbin/iwconfig
/sbin/wlanctl-ng
/sbin/wpa_supplicant
/etc/


2.205.2 Advanced Network Configuration and Troubleshooting

Weight: 3

Description: Candidates should be able to configure a network device to implement various network authentication schemes. This objective includes configuring a multi-homed network device, configuring a VPN client and resolving communication problems.

Key knowledge area(s):Utilities to manipulate routing tables
Utilities to configure and manipulate ethernet network interfaces
Utilities to analyse the status of the network devices
Utilities to monitor and analyse the TCP/IP traffic
OpenVPN


The following is a partial list of the used files, terms and utilities:/sbin/route
/sbin/ifconfig
/bin/netstat
/bin/ping
/sbin/arp
/usr/sbin/tcpdump
/usr/sbin/lsof
/usr/bin/nc
/bin/ip
/etc/openvpn/*
openvpn


Topic 206 Mail & News

2.206.1 Configuring mailing lists

Weight: 1

Description: Install and maintain mailing lists. Monitor and resolve problems by viewing the logs.

Key knowledge area(s):Install, configure and manipulate mailing lists
Mailman configuration files, terms and utilities
Majordomo configuration files, terms and utilities
Ezmlm configuration files, terms and utilities


The following is a partial list of the used files, terms and utilities:Not applicable


2.206.2 Using email servers

Weight: 4

Description: Candidates should be able to manage an email server, including the configuration of email aliases, email quotas and virtual email domains. This objective includes configuring internal email relays and monitoring email servers.

Key knowledge area(s):Configuration files for postfix, qmail, exim and sendmail
Basic knowledge of the SMTP protocol


The following is a partial list of the used files, terms and utilities:Configuration files and commands for postfix, qmail, exim and sendmail
/etc/aliases
/etc/mail/*
/etc/postfix/*
/var/qmail/control/*
sendmail emulation layer commands


2.206.3 Managing Mail Traffic

Weight: 3

Description: Candidates should be able to implement client email management software to filter, sort and monitor incoming user email.

Key knowledge area(s):procmail configuration files, tools and utilities
Usage of procmail on both server and client side


The following is a partial list of the used files, terms and utilities:~/.procmail
/etc/procmailrc
procmail



2.206.4 Serving news

Weight: 1

Description: Candidates should be able to install and configure news servers. This objective includes customising and monitoring served newsgroups.

Key knowledge area(s):INN configuration files, terms and utilities
Leafnode configuration files, terms and utilities


The following is a partial list of the used files, terms and utilities:innd
fetnchnews


Topic 207: DNS

2.207.1 Basic DNS server configuration

Weight: 2

Description: Candidates should be able to configure BIND to function as a caching-only DNS server. This objective includes the ability to convert older BIND configuration files to newer format, managing a running server and configuring logging.

Key knowledge area(s):BIND 8.x and 9.x configuration files, terms and utilities
Defining the location of the BIND zone files in BIND configuration files
Reloading modified configuration and zone files


The following is a partial list of the used files, terms and utilities:/etc/named.conf
/usr/sbin/ndc
/usr/sbin/rndc
/usr/sbin/named-bootconf
kill


2.207.2 Create and maintain DNS zones

Weight: 3

Description: Candidates should be able to create a zone file for a forward or reverse zone or root level server. This objective includes setting appropriate values for records, adding hosts in zones and adding zones to the DNS. A candidate should also be able to delegate zones to another DNS server.

Key knowledge area(s):BIND 8.x and 9.x configuration files, terms and utilities
Utilities to request information from the DNS server
Layout, content and file location of the BIND zone files
Various methods to add a new host in the zone files, inlcuding reverse zones


The following is a partial list of the used files, terms and utilities:contents of /var/named/
zone file syntax
resource record formats
dig
nslookup
host


2.207.3 Securing a DNS server

Weight: 3

Description: Candidates should be able to configure a DNS server to run as a non-root user and run in a chroot jail. This objective includes secure exchange of data between DNS servers.

Key knowledge area(s):BIND 8.x and 9.x configuration files
Configuring BIND to run in a chroot jail
DNSSEC configuration files, tools and utilities
Split configuration of BIND using the forwarders statement


The following is a partial list of the used files, terms and utilities:SysV init files or rc.local
/etc/named.conf
/etc/passwd
dnskeygen


Topic 208 Web Services

2.208.1 Implementing a web server

Weight: 2

Description: Candidates should be able to install and configure a web server. This objective includes monitoring the server's load and performance, restricting client user access, configuring support for scripting languages as modules and setting up client user authentication. Also included is configuring server options to restrict usage of resources.

Key knowledge area(s):Apache 1.x configuration files, terms and utilities
Apache 2.x configuration files, terms and utilities
Apache log files configuration and content
Access restriction methods and files
mod_perl and PHP configuration
Client user authentication files and utilities
Configuration of maximum requests, minimum and maximim servers and clients


The following is a partial list of the used files, terms and utilities:access.log
.htaccess
httpd.conf
mod_auth
htpasswd
htgroup
apache2ctl
apachectl
httpd


2.208.2 Maintaining a web server

Weight: 2

Description: Candidates should be able to configure a web server to use virtual hosts, Secure Sockets Layer (SSL) and customise file access.

Key knowledge area(s):SSL (OpenSSL) configuration files, tools and utilities
SSL certificate handling
Apache 1.x and 2.x virtual host implementation (with and without dedicated IP addresses)
Using redirect statements in Apache's configuration files to customise file access


The following is a partial list of the used files, terms and utilities:/etc/httpd/*
/etc/apache2/*
/etc/ssl/*
openssl


2.208.3 Implementing a proxy server

Weight: 2

Description: Candidates should be able to install and configure a proxy server, including access policies, authentication and resource usage.

Key knowledge area(s):Squid 2.x configuration files, terms and utilities
Access restriction methods
Client user authentication methods
Layout and content of ACL in the Squid configuration files


The following is a partial list of the used files, terms and utilities:squid.conf
acl
http_access


Topic 210 Network Client Management

2.210.1 DHCP configuration

Weight: 2

Description: Candidates should be able to configure a DHCP server. This objective includes setting default and per client options, adding static hosts and BOOTP hosts. Also included is configuring a DHCP relay agent and maintaining the DHCP server.

Key knowledge area(s):DHCP configuration files, tterms and utilities
Subnet and dynamically-allocated range setup


The following is a partial list of the used files, terms and utilities:dhcpd.conf
dhcpd.leases


2.210.2 NIS configuration

Weight: 1

Description: Candidates should be able to configure an NIS server. This objective includes configuring a system as an NIS client.

Key knowledge area(s):NIS configuration files, terms and utilities
Create NIS maps for major configuration files
Manipulate nsswitch.conf to configure the ability to search local files, DNS, NIS, etc.


The following is a partial list of the used files, terms and utilities:ypbind
ypcat
ypmatch
ypserv
yppasswd
yppoll
yppush
ypwhich
rpcinfo
nsswitch.conf
ypserv.conf
contents of /var/yp/*
netgroup
nicknames
securenets
Makefile


2.210.3 LDAP configuration

Weight: 1

Description: Candidates should be able to configure an LDAP server. This objective includes working with directory hierarchy, groups, hosts, services and adding other data to the hierarchy. Also included is importing and adding items, as well as adding and managing users.

Key knowledge area(s):LDAP configuration files, tools and utilities
Importing items from LDIF files
Change user passwords


The following is a partial list of the used files, terms and utilities:slapd
slapd.conf


2.210.4 PAM authentication

Weight: 2

Description: The candidate should be able to configure PAM to support authentication using various available methods.

Key knowledge area(s):PAM configuration files, terms and utilities
passwd and shadow passwords
NIS
LADP


The following is a partial list of the used files, terms and utilities:/etc/pam.d
pam.conf


Topic 212 System Security

2.212.2 Configuring a router

Weight: 2

Description: Candidates should be able to configure a system to perform network address translation (NAT, IP masquerading) and state its significance in protecting a network. This objective includes configuring port redirection, managing filter rules and averting attacks.

Key knowledge area(s):iptables configuration files, tools and utilities
ipchains configuration files, tools and utilities
Tools, commands and utilities to manage routing tables.
Private address ranges
Port redirection and IP forwarding
List and write filtering and rules that accept or block datagrams based on source or destination protocol, port and address
Save and reload filtering configurations
Manipulating the content of /proc/sys/net/ to respond to DoS attacks


The following is a partial list of the used files, terms and utilities:/proc/sys/net/ipv4
/etc/services
ipchains
iptables
routed
quagga


2.212.3 Securing FTP servers

Weight: 2

Description: Candidates should be able to configure an FTP server for anonymous downloads and uploads. This objective includes precautions to be taken if anonymous uploads are permitted and configuring user access.

Key knowledge area(s):Configuration files, tools and utilities for vsftpd, Pure-FTPd, wu-ftpd and ProFTPd
Layout and content of FTP access restriction files
Client user authentication methods
Usage of chroot to secure FTP


The following is a partial list of the used files, terms and utilities:ftpaccess
ftpusers
ftpgroups
/etc/passwd



2.212.4 Secure shell (SSH)

Weight: 2

Description: Candidates should be able to configure an SSH daemon. This objective includes managing keys and configuring SSH for users. Candidates should also be able to forward an application protocol over SSH and manage the SSH login.

Key knowledge area(s):SSH (OpenSSH) configuration files, tools and utilities
Differences between SSH versions 1 and 2
Login restrictions for the superuser and the normal users
Managing and using server and client keys to login with and without password
Usage of XWindow and other application protocols through SSH tunnels
Configuration of ssh-agent
Usage of multiple connections from multiple hosts to guard against loss of connection to remote host following configuration changes


The following is a partial list of the used files, terms and utilities:ssh
sshd
/etc/ssh/sshd_config
~/.ssh/identity.pub and identity
~/.ssh/authorized_keys
.shosts
.rhosts


2.212.5 TCP_wrappers

Weight: 1

Description: Candidates should be able to configure tcpwrappers to allow connections to specified servers only from certain hosts or subnets.

Key knowledge area(s):tcpwrappers configuration files, tools and utilities
(x)inetd configuration files, tools and utilities


The following is a partial list of the used files, terms and utilities:/etc/xinetd.conf
/etc/xinetd.d/*
/etc/inetd.conf
tcpd
/etc/hosts.allow
/etc/hosts.deny



2.212.6 Security tasks

Weight: 3

Description: Candidates should be able to install and configure a secure authentication system, perform basic security auditing of source code, receive security alerts from various sources, audit servers for open email relays and anonymous FTP servers, install, configure and run intrusion detection systems and apply security patches and bugfixes.

Key knowledge area(s):Basic KERBEROS 5 configuration files, tools and utilities to ensure secure logins to a server
Tools and utilities to scan and test ports on a server
Locations and organisations that report security alerts as Bugtraq, CERT, CIAC or other sources
Tools and utilities to implement an intrusion detection system (IDS)


The following is a partial list of the used files, terms and utilities:Tripwire
telnet
nmap
snort
nessus
PortSentry


Topic 214 Network Troubleshooting

2.214.7 Troubleshooting network issues

Weight: 1

Description: Candidates should be able to identify and correct common network setup issues, to include knowledge of locations for basic configuration files and commands.

Key knowledge area(s):Location and content of access restriction files as /etc/hosts
Utilities to configure and manipulate ethernet network interfaces
Utilities to manage routing tables
Utilities to list network states.
Utilities to gain information about the network configuration
Methods of information about the recognised and used hardware devices
System initialisation files and their contents (SysV init process)


The following is a partial list of the used files, terms and utilities:/sbin/ifconfig
/sbin/route
/bin/netstat
/etc/network || /etc/sysconfig/network-scripts/
System log files such as /var/log/syslog && /var/log/messages
/bin/ping
/etc/resolv.conf
/etc/hosts
/etc/hosts.allow && /etc/hosts.deny
/etc/hostname || /etc/HOSTNAME
/sbin/hostname
/usr/sbin/traceroute
/usr/bin/nslookup
/usr/bin/dig
/bin/dmesg
/usr/bin/host


No comments:

Post a Comment