Practice LPIC-2 DNS, Web and Mail Services questions with full explanations on every answer.
Start practicing
DNS, Web and Mail Services — choose a session length
Free · No account required
Click any question to see the full explanation and answer options, or start a focused practice session above.
A company's mail server (Postfix) is rejecting incoming emails from a trusted partner with the error '550 5.7.1 Service unavailable; Client host [203.0.113.50] blocked using zen.spamhaus.org'. The partner's IP is not listed on any public DNSBL. What is the most likely cause?
2An administrator needs to configure a BIND DNS server to allow dynamic updates from a specific subnet (192.168.1.0/24) for the zone 'example.com'. The administrator must also ensure that the zone file is updated immediately after a dynamic update. Which configuration accomplishes this?
3A web server running Apache httpd is experiencing high load. The administrator suspects that many requests are for non-existent virtual hosts. Which configuration change would reduce the load caused by these requests?
4A company runs a Postfix mail server that relays mail for internal clients. Users report that emails to a specific external domain 'example.org' are delayed by several hours. The administrator checks the mail logs and sees entries like: 'status=deferred (connect to mx.example.org[203.0.113.10]:25: Connection timed out)'. What is the most likely cause?
5Which TWO statements are true regarding BIND DNS server security? (Choose two.)
6You are the administrator of a medium-sized company that runs its own authoritative DNS servers for the domain 'company.com'. The primary DNS server is a BIND9 master, and there are two slaves. Recently, you updated the zone file on the master to add a new subdomain 'lab.company.com' with an A record pointing to 10.0.0.10. After the update, you increased the serial number and ran 'rndc reload'. However, after several hours, some external clients report that they cannot resolve 'lab.company.com'. You check the master server and find that the zone file contains the new record. You also check the slave servers and find that they still have the old zone data. The serial number on the master is 2025011501, while the slaves show 2025011400. The master's syslog shows no errors. The slaves' syslogs show 'zone company.com/IN: Transfer started.' but no completion messages. Firewall rules allow TCP and UDP port 53 between all DNS servers. What should you do to resolve the issue?
7An administrator is configuring a BIND 9 DNS server to support DNSSEC for the zone 'example.com'. The zone is signed using the NSEC3 algorithm. Which TWO statements are correct regarding the configuration and operation of NSEC3?
8A small company runs a LAMP stack web server with Postfix mail server on a single Ubuntu 22.04 instance. The web server hosts a PHP application that sends password reset emails via the local mail server using PHP's mail() function. Recently, users report that password reset emails are not arriving. The administrator checks the mail log and finds that messages are being accepted by Postfix but are not being delivered. The mail queue shows messages with the status 'deferred'. There are no obvious errors in the mail log. The server has sufficient disk space and memory. The administrator suspects a DNS resolution issue. Which of the following is the most likely cause of the deferred mail?
9Order the steps to configure a Linux system to use LDAP for authentication.
10Match each kernel parameter to its effect.
11A company uses BIND9 as the authoritative name server for its public zone example.com. External users report that they cannot resolve the MX record for the domain, but internal users can. What is the most likely cause?
12A mail server running Postfix is deferring messages for a local user. The mail log shows 'status=deferred (mailbox is locked)'. What is the most likely cause?
13Which Apache module is used to rewrite URLs based on rules?
14A DNS administrator wants to implement DNSSEC on an authoritative zone. Which TWO resource records are essential for DNSSEC?
15A mail administrator is configuring Postfix to use SASL authentication for incoming connections. Which THREE parameters must be set in main.cf?
16Refer to the exhibit. A DNS query for 'ftp.example.com' returns NXDOMAIN. What configuration change would best resolve this?
17Refer to the exhibit. What is the most likely cause of this Apache error?
18Refer to the exhibit. What is wrong with the reverse DNS resolution for 192.0.2.1?
19Which Postfix configuration parameter specifies the domain that is appended to unqualified email addresses?
20A company wants to host multiple websites on a single Apache server with different domain names. Which approach is most appropriate?
21A DNS server returns SERVFAIL for queries to a zone that is configured as a slave. The master server is reachable. What should the administrator check?
22Which TWO tools can be used to send test email messages from the command line?
23An Apache administrator is troubleshooting a slow website. Which THREE modules could be causing performance issues if misconfigured?
24A BIND9 nameserver is configured with 'allow-transfer { none; };' but a secondary nameserver needs to receive zone transfers. What change must be made on the master?
25Which of the following is a mail delivery agent (MDA)?
26A system administrator notices that clients on the internal network can resolve the company's web server's hostname (www.example.com) using the internal DNS server (192.168.1.10), but external clients are unable to resolve it. The company uses BIND9 on an Ubuntu server. Which of the following configuration changes should be made on the DNS server to allow external resolution?
27A company is migrating from Apache HTTPD 2.2 to 2.4 and needs to configure SSL for a virtual host. The administrator wants to use modern security practices. Which of the following configurations is the most secure and recommended for Apache 2.4?
28A Postfix mail server is configured to use Dovecot SASL for authentication. Users report that they can send emails but are prompted for password repeatedly and see "SASL authentication failed" in the logs. The Dovecot SASL socket is configured correctly. What is the most likely cause?
29A company has two BIND DNS servers, a primary and a secondary. The secondary fails to receive zone updates. Which command can be used to check if the primary allows zone transfers to the secondary?
30An Apache web server is experiencing high memory usage under heavy load. The administrator wants to reduce the number of idle child processes. Which configuration directive should be adjusted?
31An organization's Postfix mail server is being used as an open relay. The administrator wants to restrict relaying to only authenticated users from the internal network. Which combination of settings is correct?
32Refer to the exhibit. The DNS server at 192.0.2.1 is the primary for example.com. What does the 'lame server' message indicate?
33Which two commands can be used to trace the delegation path of a DNS domain? (Choose two.)
34A Postfix administrator wants to restrict which clients can relay mail through the server. Which three smtpd restriction lists are typically used for this purpose? (Choose three.)
35A company runs a DNS server using BIND9 on a Linux server. The server is configured with two network interfaces: one internal (192.168.1.10) and one external (203.0.113.10). The server is configured to be authoritative for example.com. Internal clients can resolve example.com, but external clients receive "SERVFAIL" responses. The host command from an external client returns "Host not found". The administrator checks the named configuration and finds the following in /etc/bind/named.conf.options: options { directory "/var/cache/bind"; listen-on { 127.0.0.1; 192.168.1.10; 203.0.113.10; }; allow-query { 192.168.1.0/24; }; recursion no; dnssec-validation auto; }; The zone configuration for example.com has proper allow-transfer and allow-update settings. What change should be made to resolve external queries?
36A web administrator has installed Apache httpd 2.4 on a Linux server. The default configuration serves files from /var/www/html. When accessing http://server/, the browser shows a directory listing of /var/www/html instead of the index.html file that exists in that directory. The administrator confirms that the user has read permissions on the file and that the file is named index.html. Which directive is most likely missing from the Apache configuration?
37A systems administrator is configuring a Postfix mail server to use Dovecot for SASL authentication. The authentication method is set to PLAIN in Dovecot, and Postfix has smtpd_sasl_auth_enable=yes and smtpd_sasl_type=dovecot. Dovecot's auth socket is at /var/run/dovecot/auth-client. The mail logs show repeated "SASL authentication failed" errors for known good credentials. The administrator checks that the socket exists and that Dovecot is running. What is the most likely cause?
38A system administrator notices that external clients cannot resolve the company's primary website (www.example.com) but internal clients can. What is the most likely cause?
39Which TWO are best practices for securing an Apache web server?
The DNS, Web and Mail Services domain covers the key concepts tested in this area of the LPIC-2 exam blueprint published by LPI. Courseiva provides free domain-focused practice, mock exams, missed-question review, and readiness tracking across all LPIC-2 domains — no account required.
The Courseiva LPIC-2 question bank contains 39 questions in the DNS, Web and Mail Services domain. Click any question to see the full explanation and answer breakdown.
Start with a 10-question focused session to identify your baseline accuracy in this domain. Read every explanation — even for questions you answer correctly — to understand the reasoning. Once you score consistently above 80%, move to a 20–30 question session to confirm depth before moving to the next domain.
Yes — the session launcher on this page draws questions exclusively from the DNS, Web and Mail Services domain. Choose 10, 20, 30, or 50 questions for a focused session, or click individual questions to review them one by one.
Save your results, see per-domain analytics, and get readiness scores — free, for every certification.
Sign Up FreeFree forever · Every certification included