ExamGecko
Search Search Login
Home Home / CompTIA / XK0-005
Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

A systems administrator is enabling LUKS on a USB storage device with an ext4 filesystem format. The administrator runs dmesg and notices the following output: Given this scenario, which of the following should the administrator perform to meet these requirements? (Select three).
A Linux administrator needs to harden a system and guarantee that the Postfix service will not run, even after a restart or system upgrade. Which of the following commands allows the administrator to fulfill the requirement?
A Linux systems administrator is updating code. After completing the update, the administrator wants to publish the updated code without including the configuration files. Which of the following should the administrator use to accomplish this task?
A Linux engineer set up two local DNS servers (10.10.10.10 and 10.10.10.20) and was testing email connectivity to the local mail server using the mail command on a local machine when the following error appeared: The local machine DNS settings are: Which of the following commands could the engineer use to query the DNS server to get mail server information?
Junior system administrator had trouble installing and running an Apache web server on a Linux server. You have been tasked with installing the Apache web server on the Linux server and resolving the issue that prevented the junior administrator from running Apache. INSTRUCTIONS Install Apache and start the service. Verify that the Apache service is running with the defaults. Typing "help" in the terminal will show a list of relevant event commands. If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
A new application container was built with an incorrect version number. Which of the following commands should be used to rename the image to match the correct version 2.1.2?
Which of the following options describes the purpose of YAML?
A Linux administrator needs to analyze a failing application that is running inside a container. Which of the following commands allows the Linux administrator to enter the running container and analyze the logs that are stored inside?
A Linux system fails to start and delivers the following error message: Which of the following commands can be used to address this issue?
A Linux administrator is scheduling a system job that runs a script to check available disk space every hour. The Linux administrator does not want users to be able to start the job. Given the following: The Linux administrator attempts to start the timer service but receives the following error message: Which of the following is MOST likely the reason the timer will not start?

Question 263 - XK0-005 discussion

Report
Export

An administrator added the port 2222 for the SSH server on myhost and restarted the SSH server. The administrator noticed issues during the startup of the service. Given the following outputs:

Which of the following commands will fix the issue?

A.
semanage port -a -t ssh_port_t -p tcp 2222
Answers
A.
semanage port -a -t ssh_port_t -p tcp 2222
B.
chcon system_u:object_r:ssh_home_t /etc/ssh/*
Answers
B.
chcon system_u:object_r:ssh_home_t /etc/ssh/*
C.
iptables -A INPUT -p tcp -- dport 2222 -j ACCEPT
Answers
C.
iptables -A INPUT -p tcp -- dport 2222 -j ACCEPT
D.
firewall-cmd -- zone=public -- add-port=2222/tcp
Answers
D.
firewall-cmd -- zone=public -- add-port=2222/tcp
Suggested answer: A

Explanation:

The correct answer is

A) semanage port -a -t ssh_port_t -p tcp 2222

This command will allow the SSH server to bind to port 2222 by adding it to the SELinux policy. The semanage command is a utility for managing SELinux policies. The port subcommand is used to manage network port definitions. The -a option is used to add a new record, the -t option is used to specify the SELinux type, the -p option is used to specify the protocol, and the tcp 2222 argument is used to specify the port number. The ssh_port_t type is the default type for SSH ports in SELinux.

The other options are incorrect because:

B) chcon system_u:object_r:ssh_home_t /etc/ssh/*

This command will change the SELinux context of all files under /etc/ssh/ to system_u:object_r:ssh_home_t, which is not correct. The ssh_home_t type is used for user home directories that are accessed by SSH, not for SSH configuration files. The correct type for SSH configuration files is sshd_config_t.

C) iptables -A INPUT -p tcp --dport 2222 -j ACCEPT

This command will add a rule to the iptables firewall to accept incoming TCP connections on port 2222. However, this is not enough to fix the issue, as SELinux will still block the SSH server from binding to that port. Moreover, iptables may not be the default firewall service on some Linux distributions, such as Fedora or CentOS, which use firewalld instead.

D) firewall-cmd --zone=public --add-port=2222/tcp

This command will add a rule to the firewalld firewall to allow incoming TCP connections on port 2222 in the public zone. However, this is not enough to fix the issue, as SELinux will still block the SSH server from binding to that port. Moreover, firewalld may not be installed or enabled on some Linux distributions, such as Ubuntu or Debian, which use iptables instead.

How to configure SSH to use a non-standard port with SELinux set to enforcing

Change SSH Port on CentOS/RHEL/Fedora With SELinux Enforcing

How to change SSH port when SELinux policy is enabled

Show Answer
asked 02/10/2024
Cyrom Meryll Santos
36 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms