Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

HomeCertificationsLPIC-2DomainsSystem Security
LPIC-2Free — No Signup

System Security

Practice LPIC-2 System Security questions with full explanations on every answer.

80questions

Start practicing

System Security — choose a session length

10 questions~10 min20 questions~20 min30 questions~30 min50 questions~50 min

Free · No account required

LPIC-2 Domains

Linux Kernel and System StartupBlock Devices, Filesystems and Advanced StorageAdvanced Networking ConfigurationDNS, Web and Mail ServicesFile Sharing and SambaSystem SecurityNetwork Client Management

Practice System Security questions

10Q20Q30Q50Q

All LPIC-2 System Security questions (80)

Start session

Click any question to see the full explanation and answer options, or start a focused practice session above.

1

A system administrator notices that the SSH service on a Linux server is failing to start. The log shows: 'sshd: error: Could not load host key: /etc/ssh/ssh_host_rsa_key'. What is the most likely cause and solution?

2

A security policy requires that all users must change their passwords every 90 days. Which command enforces maximum password age for an existing user 'jdoe'?

3

A security audit reveals that the /var/log directory contains world-readable log files that may contain sensitive information. The administrator wants to ensure new files created in /var/log are not readable by others, without affecting existing file permissions. Which umask value should be set system-wide?

4

Which TWO commands can be used to display the current iptables rules for the filter table?

5

Which THREE of the following are valid methods to restrict access to the su command on a Linux system?

6

Based on the iptables output, what is the expected behavior for incoming SSH connections on eth0?

7

Based on the sshd configuration, user 'charlie' attempts to log in using public key authentication. What will happen?

8

A system administrator wants to ensure that all commands executed by root are logged to a remote syslog server. Which rsyslog configuration directive should be used?

9

An organization requires that all email traffic from their mail server must be encrypted in transit. Which of the following is the most appropriate solution?

10

Which file is used to configure which users and groups are allowed to use the 'cron' daemon?

11

Based on the ACL output, which user(s) can write to the file /var/www/html/index.html?

12

A company runs a web application on a Linux server that uses Apache, MySQL, and PHP. The application stores sensitive user data in a MySQL database. The security team has detected that the MySQL service is listening on port 3306 on all interfaces (0.0.0.0). The application and database are on the same server, so there is no need for remote database access. The administrator must secure the MySQL service without breaking the application. Which of the following is the most appropriate course of action?

13

A system administrator needs to ensure that all users must change their passwords every 90 days and that passwords must be at least 12 characters long. The administrator modifies /etc/login.defs and /etc/pam.d/common-password. Which additional step is required to enforce these settings for existing users?

14

Which TWO commands can be used to list all currently listening TCP ports and the associated processes?

15

Given the exhibit, what is the most likely reason for the GPG error, and what is the correct way to fix it permanently?

16

You are the security administrator for a company that runs a web application on a Linux server. The application runs under the user 'www-data' and listens on TCP port 8080. The server also runs an SSH service on port 22. Recently, an external penetration test revealed that an attacker could exploit a vulnerability in the web application to execute commands as the 'www-data' user, and from there, the attacker could escalate privileges to root due to a misconfigured sudo rule. You need to implement a defense-in-depth approach to limit the impact of such an attack. Which single action would be the most effective in preventing privilege escalation from the 'www-data' user to root, while still allowing the application to function normally?

17

An administrator is reviewing the audit rules on a Linux server. The current rules are shown in the exhibit. The administrator needs to ensure that any failed attempts to open files are logged, while also monitoring for successful outbound connections. Which of the following describes the effect of the current rules?

18

An administrator wants to enhance the security of a web server running Apache. Which TWO of the following actions are recommended best practices?

19

A company runs a critical database server on a Linux system. The server is subject to a strict compliance policy that requires all commands executed by the database administrator (user 'dbadmin') to be logged. Additionally, any attempt to change the system time must be logged regardless of the user. The administrator has configured auditd and added the following rules: -w /usr/bin -p x -k binary_exec, -a always,exit -F arch=b64 -S adjtimex -F key=time_change. However, during a compliance audit, it is discovered that not all commands executed by dbadmin are being logged. Which of the following is the most likely cause?

20

Order the steps to configure a Linux system as a router using iptables.

21

Match each systemd unit type to its function.

22

A system administrator wants to ensure that only key-based authentication is allowed for SSH and password authentication is disabled. Which configuration change is required in /etc/ssh/sshd_config?

23

A user needs to run a specific command as root without being prompted for a password. The command is /usr/bin/systemctl restart apache2. Which sudoers rule accomplishes this securely?

24

An administrator configures iptables on a Linux firewall with the following rules: -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT; -A INPUT -p tcp --dport 22 -j ACCEPT; -A INPUT -j DROP. Users report that SSH connections are being dropped. What is the most likely cause?

25

A system administrator wants to verify the integrity of a downloaded package using a GPG signature. Which command should be used after importing the distributor's public key?

26

An application running under AppArmor is failing to write to its log directory. The AppArmor profile for the application includes the line '/var/log/myapp/ r,' but not '/var/log/myapp/** rw,'. What is the most likely issue?

27

A PAM configuration file for password authentication includes the line 'password requisite pam_cracklib.so retry=3 minlen=8'. A user tries to change their password but is rejected even though the new password meets the stated criteria. The administrator suspects a conflict with another PAM module. Which of the following is the most likely cause?

28

To protect against SSH brute-force attacks, a system administrator installs fail2ban. Which configuration file should be modified to enable the SSH jail with default settings?

29

A web server is running in enforcing mode under SELinux. The administrator wants to allow Apache to connect to a remote database server. Which SELinux boolean needs to be set to allow httpd to make network connections?

30

An administrator wants to create a chroot environment for a potentially compromised service. The service needs to read /etc/resolv.conf and /etc/hosts, and run from a directory /chroot/service. Which of the following steps is essential to ensure the chroot environment is secure and functional?

31

Which TWO of the following are effective methods to secure SSH access on a Linux server? (Choose two.)

32

Which TWO iptables commands are necessary to allow incoming SSH connections (port 22) from the subnet 192.168.1.0/24 while dropping all other incoming traffic? Assume the INPUT chain has a default policy of DROP. (Choose two.)

33

Which THREE of the following actions are recommended as initial security hardening steps after installing a new Linux server? (Choose three.)

34

Refer to the exhibit. The user 'user' reports that they are able to run 'sudo apt-get update' without a password, but 'sudo apt-get upgrade' prompts for a password. What is the most likely cause?

35

Refer to the exhibit. An administrator has applied these iptables rules. Users can still SSH into the server from any IP address, which is unexpected because the administrator intended to restrict SSH to only a specific subnet. What is the most likely reason the restriction is not working?

36

Refer to the exhibit. What type of attack is indicated by the log entries?

37

An administrator wants to allow user 'john' to execute any command as root without a password. Which sudoers entry is correct?

38

An administrator wants to drop incoming TCP packets on port 22 from IP 10.0.0.5 using iptables. Which command is correct?

39

An administrator is configuring nftables to log and drop packets from a specific IP. The rule must be added to the input hook. Which command accomplishes this?

40

A company requires two-factor authentication for SSH logins. Which PAM module can be used to implement this if the system uses a time-based one-time password (TOTP)?

41

An administrator wants to encrypt a file so that only a specific recipient can decrypt it. Which GPG command should be used?

42

An administrator configures AIDE to monitor /etc. After initializing the database, what command updates the database with current file hashes without removing old entries?

43

To ensure that OpenVPN clients authenticate the server, which configuration directive should be present on the client side?

44

An administrator uses logwatch to send daily summaries to root. Which configuration file controls the default logwatch behavior?

45

A security analyst notices that an /etc/pam.d/common-auth file contains the line 'auth required pam_tally2.so deny=5'. What is the effect?

46

Which two commands correctly configure SSH to disable root login? (Select two.)

47

Which three PAM modules can be used to enforce password complexity? (Select three.)

48

Which two of the following are valid methods to authenticate with OpenVPN? (Select two.)

49

Refer to the exhibit. A security audit reveals that the server is not blocking SSH connections from unauthorized networks. What is the most likely cause?

50

Refer to the exhibit. A user cannot log in via SSH even though the password is correct. What is the most likely issue?

51

Refer to the exhibit. An administrator runs aide --check and receives a warning that /var/log/syslog has changed. Why is this expected?

52

A system administrator wants to allow the user 'jdoe' to run the '/usr/bin/systemctl restart httpd' command on a specific server without a password prompt. Which sudoers entry achieves this?

53

A security audit reveals that a server with PAM authentication allows users to log in even when the '/etc/nologin' file exists, contrary to policy. Which PAM module is most likely misconfigured or missing?

54

A user's SSH public key has been added to '~/.ssh/authorized_keys' on a remote server, but the user is still prompted for a password. Which file permission is most likely causing the issue?

55

An administrator wants to block all incoming traffic from the IP address 203.0.113.55 except for SSH (port 22) using iptables. The current default policy for the INPUT chain is ACCEPT. Which set of commands achieves this?

56

An administrator needs to encrypt a large file using GPG with a symmetric cipher and then decrypt it on another system. Which command encrypts the file using AES256 and prompts for a passphrase?

57

A web server running Apache is receiving many failed login attempts. Which tool should be used to dynamically block IPs after a configurable number of failures?

58

A system with SELinux in enforcing mode is running a custom application that needs to write to a file in /data. The application's context type is 'myapp_t', and the target file context is 'default_t'. The file's current context is 'var_t'. Which command changes the file's context to allow access?

59

An AppArmor profile for a database server is too restrictive and denies legitimate queries. The administrator wants to learn the required accesses by running the application in complain mode. Which command puts the profile into complain mode?

60

An administrator wants to restrict SSH access to a server so that only users from the domain 'example.com' can connect. Which file and syntax should be used with TCP Wrappers?

61

Which TWO commands can be used to list currently loaded iptables rules in the filter table? (Choose two.)

62

Which THREE conditions must be met for an SSH key-based login to succeed using the default settings on a OpenSSH server? (Choose three.)

63

Which TWO files are commonly used to configure PAM authentication for the 'login' service on a Linux system? (Choose two.)

64

Which user can execute any command as any user without any password restriction?

65

A new client with IP 10.0.1.15 tries to connect to HTTPS on the server. Based on the exhibit, what happens?

66

A Linux server in a DMZ hosts a custom web application that listens on TCP port 8080. The server is also configured with SSH on port 22 for remote administration. Recently, the security team noticed an increase in brute-force attacks against SSH from various external IPs. The server runs Fedora with firewalld as the firewall service. The current firewalld default zone is 'public', and the SSH service is allowed in the 'public' zone. The administrator wants to mitigate the brute-force attacks without blocking legitimate users. Additionally, the administrator wants to ensure that only specific administrative IP addresses can initiate SSH connections, and that SSH connections are rate-limited to prevent flooding. The administrator also needs to keep the web application accessible from any external IP. Which course of action best meets these requirements?

67

A system administrator wants to enforce key-based SSH authentication for all users on a server, disabling password authentication. Which two commands must be executed to achieve this? (Choose TWO.)

68

A company's security policy requires that all members of the 'developers' group be able to run the command 'systemctl restart httpd' as root using sudo, without being prompted for a password. Which sudoers entry achieves this?

69

An administrator wants to chroot SSH users in the 'jailed' group to their home directories. Which configuration in /etc/ssh/sshd_config achieves this?

70

A firewall rule set is implemented using iptables. The administrator wants to allow incoming SSH connections only from the 192.168.1.0/24 subnet, while all other incoming traffic is dropped. Which set of rules achieves this?

71

Which TWO of the following are recommended best practices for securing a Linux server that is publicly accessible?

72

Which THREE of the following tools can be used to implement file integrity checking on a Linux system?

73

Your company runs a web application on a Linux server that uses Apache HTTPD with mod_ssl for HTTPS. Recently, after a security audit, it was discovered that the server is vulnerable to the POODLE attack on SSLv3. The server is running RHEL 8 with Apache 2.4. The SSL configuration file /etc/httpd/conf.d/ssl.conf currently has the line 'SSLProtocol all -SSLv2'. You need to disable SSLv3 and also disable all versions of TLS below 1.2, while still allowing TLS 1.2 and 1.3. The server must remain available immediately. Which action should you take?

74

A financial institution uses a Linux server with a custom application that runs as the 'appuser' and writes logs to /var/log/app/. The security team recently detected that the application is vulnerable to a local privilege escalation via log injection. To mitigate, they decide to implement mandatory access control (MAC) using SELinux. The system is CentOS 7 with SELinux in enforcing mode. The current context of /var/log/app is 'unconfined_u:object_r:var_log_t:s0'. The application should only be allowed to write to logs in that directory, and no other processes should modify them. Which SELinux policy change should be made?

75

A small business has a single Linux server that serves as both a file server (Samba) and a web server (Apache). The server is directly connected to the internet. Recently, there have been numerous brute-force SSH login attempts. The administrator wants to implement a simple solution to block IP addresses that have more than 5 failed SSH attempts in 10 minutes. The server runs Ubuntu 20.04. Which tool should the administrator use to achieve this with minimal configuration?

76

A DevOps team manages a Kubernetes cluster on premises. The security team requires that all communication between pods be encrypted. The team decides to use mutual TLS (mTLS). They are using a Linux-based control plane with etcd and kube-apiserver. The current setup uses self-signed certificates for the API server, but the team wants to implement a proper PKI with automated certificate renewal. They have a small budget and prefer open-source tools. Which solution should they implement?

77

A government agency runs a classified application on a Linux server with strict auditing requirements. The application writes sensitive data to a MySQL database. The auditor requires that all SQL queries executed by the application be logged with timestamps, user, and the full query text. Additionally, the audit logs must be immutable (cannot be altered by the application or any user except a designated auditor account). The database runs on the same server. Which combination of tools and configurations should the administrator deploy?

78

Which TWO of the following actions are recommended to improve SSH server security?

79

Refer to the exhibit. What is the effect of this sudoers configuration?

80

A company runs an Apache web server (port 80) and an SSH server (port 22) for remote administration. The system administrator notices that the server has become sluggish and network traffic has increased significantly. Checking /var/log/auth.log reveals hundreds of failed SSH authentication attempts per minute from diverse IP addresses targeting the 'admin' user. The administrator wants to mitigate this brute-force attack with minimal impact on legitimate users. Which course of action is most effective?

Practice all 80 System Security questions

Other LPIC-2 exam domains

Linux Kernel and System StartupBlock Devices, Filesystems and Advanced StorageAdvanced Networking ConfigurationDNS, Web and Mail ServicesFile Sharing and SambaNetwork Client Management

Frequently asked questions

What does the System Security domain cover on the LPIC-2 exam?

The System Security domain covers the key concepts tested in this area of the LPIC-2 exam blueprint published by LPI. Courseiva provides free domain-focused practice, mock exams, missed-question review, and readiness tracking across all LPIC-2 domains — no account required.

How many System Security questions are in the LPIC-2 question bank?

The Courseiva LPIC-2 question bank contains 80 questions in the System Security domain. Click any question to see the full explanation and answer breakdown.

What is the best way to practice System Security for LPIC-2?

Start with a 10-question focused session to identify your baseline accuracy in this domain. Read every explanation — even for questions you answer correctly — to understand the reasoning. Once you score consistently above 80%, move to a 20–30 question session to confirm depth before moving to the next domain.

Can I practice only System Security questions for LPIC-2?

Yes — the session launcher on this page draws questions exclusively from the System Security domain. Choose 10, 20, 30, or 50 questions for a focused session, or click individual questions to review them one by one.

Free forever · No credit card required

Track your LPIC-2 domain progress

Save your results, see per-domain analytics, and get readiness scores — free, for every certification.

Sign Up Free

Free forever · Every certification included

Practice Session

10 questions20 questions30 questions50 questions

Study Resources

All DomainsPractice TestMock ExamFlashcardsStudy Guide