Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

HomeCertificationsLPIC-2TopicsSystem Security
Free · No Signup RequiredLPI · LPIC-2

LPIC-2 System Security Practice Questions

20+ practice questions focused on System Security — one of the most tested topics on the Linux Professional Institute Certification Level 2 LPIC-2 exam. Each question includes a detailed explanation so you learn why the right answer is correct.

Start System Security Practice

Exam Domains

Linux Kernel and System StartupBlock Devices, Filesystems and Advanced StorageAdvanced Networking ConfigurationDNS, Web and Mail ServicesFile Sharing and SambaSystem SecurityNetwork Client ManagementAll domains →

Study Tools

Practice TestMock ExamFlashcardsAll Topics

Sample System Security Questions

Practice all 20+ →
1.

A system administrator notices that the SSH service on a Linux server is failing to start. The log shows: 'sshd: error: Could not load host key: /etc/ssh/ssh_host_rsa_key'. What is the most likely cause and solution?

A.The sshd_config file has a syntax error. Run 'sshd -t' to check it.
B.The SSH service is managed by xinetd and the configuration is missing. Edit /etc/xinetd.d/ssh.
C.The /etc/ssh/sshd_config file has incorrect permissions. Change them to 600.
D.The host key file is missing or corrupt. Run 'ssh-keygen -A' to regenerate all missing host keys.

Explanation: The error message indicates that the SSH daemon cannot load the RSA host key file. Host keys are generated during package installation or manually via ssh-keygen. Option D is correct because running 'ssh-keygen -A' automatically generates all missing host key types (RSA, ECDSA, Ed25519) that are configured for use, resolving the missing or corrupt key issue without manual intervention.

2.

A security policy requires that all users must change their passwords every 90 days. Which command enforces maximum password age for an existing user 'jdoe'?

A.chage -M 90 jdoe
B.passwd -f jdoe
C.usermod -e 90 jdoe
D.chage -E 90 jdoe

Explanation: The `chage -M 90 jdoe` command sets the maximum number of days a password is valid for user 'jdoe' to 90 days, enforcing the security policy. The `-M` option directly controls the password aging parameter that defines when the password must be changed, as stored in `/etc/shadow`.

3.

A security audit reveals that the /var/log directory contains world-readable log files that may contain sensitive information. The administrator wants to ensure new files created in /var/log are not readable by others, without affecting existing file permissions. Which umask value should be set system-wide?

A.umask 027
B.umask 022
C.umask 077
D.umask 026

Explanation: Option D (umask 026) is correct because it sets the default permissions for new files to 640 (rw-r-----), which removes read access for 'others' while preserving read access for group members. The umask value is subtracted from the base permissions (666 for files), so a umask of 026 results in 666 - 026 = 640, meeting the requirement that new files in /var/log are not world-readable without altering existing file permissions.

4.

Which TWO commands can be used to display the current iptables rules for the filter table?

A.iptables -L
B.iptables -S
C.iptables -t filter -L
D.iptables -t nat -L

Explanation: Option A is correct because `iptables -L` lists the current rules in the default filter table without needing to specify the table explicitly. Option C is correct because `iptables -t filter -L` explicitly selects the filter table and lists its rules, which is functionally equivalent to the default behavior of `iptables -L`.

5.

Which THREE of the following are valid methods to restrict access to the su command on a Linux system?

A.Set the SU_WHEEL_ONLY variable in /etc/login.defs.
B.Modify /etc/shells to include only approved shells.
C.Configure sudoers to allow only specific users to run su.
D.Edit the /etc/suauth file to specify allowed users.

Explanation: Option D is correct because the /etc/suauth file (used by some Linux distributions with the 'su' command from the 'shadow' suite) allows you to specify which users or groups are permitted to use su, providing a direct access control mechanism. Option E is correct because configuring pam_wheel.so in /etc/pam.d/su with the 'wheel' group restricts su access to only members of that group, a standard PAM-based method.

+15 more System Security questions available

Practice all System Security questions

How to master System Security for LPIC-2

1. Baseline your knowledge

Start with 10 questions to gauge your current understanding of System Security. This tells you whether you need a concept refresher or just practice.

2. Review every explanation

For each question — right or wrong — read the full explanation. Understanding why an answer is correct is more valuable than knowing the answer itself.

3. Focus on exam traps

System Security questions on the LPIC-2 frequently use trap wording. Look for subtle differences in answers that test your precision, not just general knowledge.

4. Reach 80% consistently

Do repeated sessions until you score 80%+ three times in a row. Then move to mixed-mode practice to test cross-topic recall under realistic conditions.

Frequently asked questions

How many LPIC-2 System Security questions are on the real exam?

The exact number varies per candidate. System Security is tested as part of the Linux Professional Institute Certification Level 2 LPIC-2 blueprint. Practicing with targeted System Security questions ensures you can handle any format or difficulty that appears.

Are these LPIC-2 System Security practice questions free?

Yes. Courseiva provides free LPIC-2 practice questions across all exam topics and domains. The platform includes topic-based practice, mock exams, missed-question review, bookmarked questions, and readiness tracking — no account required.

Is System Security one of the harder LPIC-2 topics?

Difficulty is subjective, but System Security is a high-priority exam concept tested in multiple ways — direct recall, scenario analysis, and command-output interpretation. Consistent practice is the best way to build confidence.

Ready to practice?

Launch a full System Security practice session with instant scoring and detailed explanations.

Start System Security Practice →

Topic Info

Topic

System Security

Exam

LPIC-2

Questions available

20+