20+ practice questions focused on System Security — one of the most tested topics on the Linux Professional Institute Certification Level 2 LPIC-2 exam. Each question includes a detailed explanation so you learn why the right answer is correct.
Start System Security PracticeA system administrator notices that the SSH service on a Linux server is failing to start. The log shows: 'sshd: error: Could not load host key: /etc/ssh/ssh_host_rsa_key'. What is the most likely cause and solution?
Explanation: The error message indicates that the SSH daemon cannot load the RSA host key file. Host keys are generated during package installation or manually via ssh-keygen. Option D is correct because running 'ssh-keygen -A' automatically generates all missing host key types (RSA, ECDSA, Ed25519) that are configured for use, resolving the missing or corrupt key issue without manual intervention.
A security policy requires that all users must change their passwords every 90 days. Which command enforces maximum password age for an existing user 'jdoe'?
Explanation: The `chage -M 90 jdoe` command sets the maximum number of days a password is valid for user 'jdoe' to 90 days, enforcing the security policy. The `-M` option directly controls the password aging parameter that defines when the password must be changed, as stored in `/etc/shadow`.
A security audit reveals that the /var/log directory contains world-readable log files that may contain sensitive information. The administrator wants to ensure new files created in /var/log are not readable by others, without affecting existing file permissions. Which umask value should be set system-wide?
Explanation: Option D (umask 026) is correct because it sets the default permissions for new files to 640 (rw-r-----), which removes read access for 'others' while preserving read access for group members. The umask value is subtracted from the base permissions (666 for files), so a umask of 026 results in 666 - 026 = 640, meeting the requirement that new files in /var/log are not world-readable without altering existing file permissions.
Which TWO commands can be used to display the current iptables rules for the filter table?
Explanation: Option A is correct because `iptables -L` lists the current rules in the default filter table without needing to specify the table explicitly. Option C is correct because `iptables -t filter -L` explicitly selects the filter table and lists its rules, which is functionally equivalent to the default behavior of `iptables -L`.
Which THREE of the following are valid methods to restrict access to the su command on a Linux system?
Explanation: Option D is correct because the /etc/suauth file (used by some Linux distributions with the 'su' command from the 'shadow' suite) allows you to specify which users or groups are permitted to use su, providing a direct access control mechanism. Option E is correct because configuring pam_wheel.so in /etc/pam.d/su with the 'wheel' group restricts su access to only members of that group, a standard PAM-based method.
+15 more System Security questions available
Practice all System Security questions1. Baseline your knowledge
Start with 10 questions to gauge your current understanding of System Security. This tells you whether you need a concept refresher or just practice.
2. Review every explanation
For each question — right or wrong — read the full explanation. Understanding why an answer is correct is more valuable than knowing the answer itself.
3. Focus on exam traps
System Security questions on the LPIC-2 frequently use trap wording. Look for subtle differences in answers that test your precision, not just general knowledge.
4. Reach 80% consistently
Do repeated sessions until you score 80%+ three times in a row. Then move to mixed-mode practice to test cross-topic recall under realistic conditions.
The exact number varies per candidate. System Security is tested as part of the Linux Professional Institute Certification Level 2 LPIC-2 blueprint. Practicing with targeted System Security questions ensures you can handle any format or difficulty that appears.
Yes. Courseiva provides free LPIC-2 practice questions across all exam topics and domains. The platform includes topic-based practice, mock exams, missed-question review, bookmarked questions, and readiness tracking — no account required.
Difficulty is subjective, but System Security is a high-priority exam concept tested in multiple ways — direct recall, scenario analysis, and command-output interpretation. Consistent practice is the best way to build confidence.
Launch a full System Security practice session with instant scoring and detailed explanations.
Start System Security Practice →