LPIC-2 Advanced Networking Configuration Practice Question
This LPIC-2 practice question tests your understanding of advanced networking configuration. Match the stated requirement to the specific cloud service, access model, or configuration option — many options are valid in isolation but not for this scenario. After answering, compare your reasoning against the explanation and wrong-answer breakdown below. Once you have made your selection, read the full explanation to reinforce the concept and understand why each distractor is designed to mislead on exam day.
Exhibit
Refer to the exhibit.
# nft list ruleset
table ip filter {
chain input {
type filter hook input priority 0; policy drop;
ct state established,related accept
iifname lo accept
ip saddr 192.168.1.0/24 tcp dport { 22, 80, 443 } accept
ip saddr 192.168.2.0/24 tcp dport 22 accept
}
chain forward {
type filter hook forward priority 0; policy drop;
ip saddr 192.168.1.0/24 oifname eth0 accept
oifname eth0 ip daddr 192.168.1.0/24 accept
}
}
A host on 192.168.2.100 tries to SSH to the firewall's IP address (192.168.1.1). The firewall's input chain policy is drop. Will the SSH connection be allowed?
Answer the question above first, then reveal the full breakdown to understand why each option is right or wrong.
Correct answer & explanation
✓
Yes, because there is a rule accepting SSH from 192.168.2.0/24.
Option D is correct because the firewall's input chain policy is set to drop, but a specific rule exists that accepts SSH traffic from the 192.168.2.0/24 subnet. Since the source IP 192.168.2.100 falls within that subnet, the SSH connection to the firewall's own IP (192.168.1.1) is allowed by that rule before the default drop policy is applied. The input chain processes traffic destined for the firewall itself, so the rule directly permits this inbound SSH session.
Key principle: Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.
Answer analysis
Option-by-option breakdown
For each option: why learners choose it and why it is or isn't the right answer here.
✗
No, because the input chain drops all packets that don't match rules.
Why it's wrong here
The packet matches the SSH rule, so it is not dropped.
✗
No, because SSH to firewall is considered forwarded traffic.
Why it's wrong here
Traffic destined to the firewall itself is input, not forward.
✗
Yes, because the forward chain accepts SSH.
Why it's wrong here
SSH to the firewall is input traffic, not forward.
✓
Yes, because there is a rule accepting SSH from 192.168.2.0/24.
Read the scenario before looking for a memorised answer.
Common exam traps
Common exam trap: answer the scenario, not the keyword
The trap here is that candidates confuse the input chain (for traffic to the firewall) with the forward chain (for traffic through the firewall), and incorrectly assume that a drop policy on the input chain blocks all traffic regardless of existing rules, ignoring rule precedence over the default policy.
Detailed technical explanation
How to think about this question
In iptables/netfilter, the input chain is traversed for packets destined to a local socket on the firewall, while the forward chain handles packets routed through the firewall. The default policy (e.g., DROP) applies only if no rule in the chain matches; a rule with a match on source subnet and destination port 22/tcp will accept the packet before the policy is evaluated. This scenario demonstrates how a specific ACCEPT rule can override a restrictive default policy, a common pattern in firewall hardening where only authorized subnets are allowed administrative access.
KKey Concepts to Remember
Read the scenario before looking for a memorised answer.
Find the constraint that changes the correct option.
Eliminate answers that are true in general but not in this case.
TExam Day Tips
→Watch for words such as best, first, most likely and least administrative effort.
→Review why wrong options are wrong, not only why the correct option is correct.
Key takeaway
Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.
Real-world example
How this comes up in practice
A security administrator must allow nursing staff to reach a patient records server while blocking access from the guest Wi-Fi VLAN. After applying an extended ACL, traffic is still blocked from nursing workstations. The ACL was applied outbound instead of inbound on the wrong interface. Questions like this test ACL direction and placement rules.
What to study next
Got this wrong? Here's your next step.
Identify which exam domain this question belongs to, review the core concept, then practise similar questions from the same domain.
Advanced Networking Configuration — This question tests Advanced Networking Configuration — Read the scenario before looking for a memorised answer..
What is the correct answer to this question?
The correct answer is: Yes, because there is a rule accepting SSH from 192.168.2.0/24. — Option D is correct because the firewall's input chain policy is set to drop, but a specific rule exists that accepts SSH traffic from the 192.168.2.0/24 subnet. Since the source IP 192.168.2.100 falls within that subnet, the SSH connection to the firewall's own IP (192.168.1.1) is allowed by that rule before the default drop policy is applied. The input chain processes traffic destined for the firewall itself, so the rule directly permits this inbound SSH session.
What should I do if I get this LPIC-2 question wrong?
Identify which exam domain this question belongs to, review the core concept, then practise similar questions from the same domain.
What is the key concept behind this question?
Read the scenario before looking for a memorised answer.
About these practice questions
Courseiva creates original exam-style practice questions with explanations and wrong-answer analysis. It does not publish real exam questions, exam dumps, or protected exam content. Learn why practice questions differ from exam dumps →
Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.
This LPIC-2 practice question is part of Courseiva's free LPI certification practice question bank. Courseiva provides original exam-style practice questions with explanations, topic-based practice, mock exams, readiness tracking, and study analytics to help learners prepare for the LPIC-2 exam.
Question Discussion
Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.
Sign in to join the discussion.