Back to Linux Professional Institute Certification Level 2 LPIC-2 questions

Scenario-based practice

Refer to the Exhibit Practice Questions

Practise Linux Professional Institute Certification Level 2 LPIC-2 practice questions — original exam-style scenarios covering every exam domain, with detailed explanations, wrong-answer analysis, and common exam traps.

15
scenario questions
LPIC-2
exam code
LPI
vendor

Scenario guide

How to approach refer to the exhibit practice questions

Practise exhibit-style questions that ask you to read a topology, table, command output or diagram before choosing the best answer.

Quick answer

Exhibit-style questions test whether you can read a topology, command output, diagram or table before choosing the best answer.

How to extract the relevant detail from an exhibit.

How topology, command output or routing information affects the answer.

How to avoid answering from memory before reading the evidence.

How to map the exhibit back to the exam objective.

Related practice questions

Related LPIC-2 topic practice pages

Scenario questions usually connect to one or more exam topics. Use these links to review the underlying concepts behind the scenario.

Practice set

Practice scenarios

Question 1mediummultiple choice
Full question →

Refer to the exhibit. The system boots successfully, but the root filesystem is mounted as read-only even after the boot process completes. Which of the following is the most likely cause?

Exhibit

Refer to the exhibit.

[    0.000000] Linux version 5.10.0-8-amd64 (debian@amd64) #1 SMP Debian 5.10.46-4 (2021-08-03)
[    0.000000] Command line: BOOT_IMAGE=/vmlinuz-5.10.0-8-amd64 root=/dev/mapper/vg-root ro quiet
[    0.000000] Memory: 1024M/2048M available (8192K kernel code, 1024K rwdata, 2048K rodata, 512K init, 256K bss, 1024K reserved)
[    0.000000] Kernel command line: BOOT_IMAGE=/vmlinuz-5.10.0-8-amd64 root=/dev/mapper/vg-root ro quiet
[    1.234567] device-mapper: ioctl: 4.43.0-ioctl (2021-02-07) initialised: dm-devel@redhat.com
[    2.345678] EXT4-fs (dm-0): mounted filesystem with ordered data mode. Opts: (null)
[    3.456789] systemd[1]: systemd 247 running in system mode. (+PAM +AUDIT +SELINUX +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +ZSTD +SECCOMP +BLKID +ELFUTILS +KMOD -IDN2 +IDN -PCRE2 default-hierarchy=hybrid)
Question 2hardmultiple choice
Review the full routing breakdown →

A client on the internet sends a TCP SYN packet to 10.0.1.10:8080. The router receives it on eth0. According to the exhibit, what will happen to the packet?

Network Topology
MASQUERADE all10.0.2.0/24DNAT tcpRefer to the exhibit.# ip route showdefault via 10.0.1.1 dev eth0# iptables -L -t natChain PREROUTING (policy ACCEPT)target prot opt source destinationChain POSTROUTING (policy ACCEPT)
Question 3hardmultiple choice
Full question →

An administrator is reviewing the audit rules on a Linux server. The current rules are shown in the exhibit. The administrator needs to ensure that any failed attempts to open files are logged, while also monitoring for successful outbound connections. Which of the following describes the effect of the current rules?

Exhibit

Refer to the exhibit.

```
# auditctl -l
-a always,exit -F arch=b64 -S openat -F success=0 -F key=access_denied
-a always,exit -F arch=b64 -S connect -F key=outbound_connect
-w /etc/shadow -p wa -k shadow_changes
-w /etc/ssh/sshd_config -p wa -k sshd_config_change
```
Question 4hardmultiple choice
Read the full DNS explanation →

Based on the exhibit, which command would change the DNS server to 1.1.1.1 for the connection MyConnection?

Exhibit

Refer to the exhibit.

```
# nmcli device show eth0
GENERAL.DEVICE:                         eth0
GENERAL.TYPE:                           ethernet
GENERAL.HWADDR:                         00:1A:2B:3C:4D:5E
GENERAL.MTU:                            1500
GENERAL.STATE:                          100 (connected)
GENERAL.CONNECTION:                     MyConnection
WIRED-PROPERTIES.CARRIER:               on
IP4.ADDRESS[1]:                         192.168.1.100/24
IP4.GATEWAY:                            192.168.1.1
IP4.DNS[1]:                             8.8.8.8
IP4.DNS[2]:                             8.8.4.4
```
Question 5easymultiple choice
Full question →

Refer to the exhibit. Which kernel parameter is responsible for reducing the amount of kernel messages displayed on the console?

Exhibit

BOOT_IMAGE=/boot/vmlinuz-5.10.0-8-amd64 root=/dev/sda1 ro quiet splash
Question 6mediummultiple choice
Full question →

Refer to the exhibit. The administrator wants to mount /dev/sdb1 at /data using its UUID. Which /etc/fstab entry is correct?

Exhibit

# blkid
/dev/sda1: UUID="abcd-1234" TYPE="ext4"
/dev/sda2: UUID="efgh-5678" TYPE="swap"
/dev/sdb1: UUID="ijkl-9012" TYPE="ext4" PARTUUID="12345678-01"
Question 7easymultiple choice
Full question →

Refer to the exhibit. What type of attack is indicated by the log entries?

Exhibit

Refer to the exhibit.
```
/var/log/auth.log
Mar 10 08:12:15 server sshd[1234]: Failed password for root from 192.168.1.10 port 45678 ssh2
Mar 10 08:12:17 server sshd[1235]: Failed password for root from 192.168.1.10 port 45679 ssh2
Mar 10 08:12:19 server sshd[1236]: Failed password for root from 192.168.1.10 port 45680 ssh2
... (repeated entries)
```
Question 8mediummultiple choice
Full question →

Refer to the exhibit. The user 'user' reports that they are able to run 'sudo apt-get update' without a password, but 'sudo apt-get upgrade' prompts for a password. What is the most likely cause?

Exhibit

Refer to the exhibit.
```
# /etc/sudoers
Defaults:user !requiretty
user ALL=(root) NOPASSWD: /usr/bin/apt-get update
user ALL=(root) /usr/bin/apt-get upgrade
```
Question 9hardmultiple choice
Review the full subnetting walkthrough →

Refer to the exhibit. An administrator has applied these iptables rules. Users can still SSH into the server from any IP address, which is unexpected because the administrator intended to restrict SSH to only a specific subnet. What is the most likely reason the restriction is not working?

Network Topology
-A INPUT -m conntrackctstate ESTABLISHED-A INPUT -p tcpdport 22 -m conntrackctstate NEW -j ACCEPTRefer to the exhibit.```-P INPUT ACCEPT-A INPUT -j DROP
Question 10mediummultiple choice
Full question →

Refer to the exhibit. A security audit reveals that the server is not blocking SSH connections from unauthorized networks. What is the most likely cause?

Network Topology
-A INPUT -m statestate ESTABLISHED-A INPUT -p tcpdport 22 -j ACCEPT# iptables-save output*filter:INPUT DROP [0:0]:FORWARD DROP [0:0]:OUTPUT ACCEPT [0:0]COMMIT
Question 11hardmultiple choice
Full question →

Refer to the exhibit. A user cannot log in via SSH even though the password is correct. What is the most likely issue?

Exhibit

# /etc/pam.d/sshd
auth required pam_securetty.so
auth required pam_unix.so nullok
auth required pam_nologin.so
account required pam_unix.so
password required pam_unix.so
session required pam_unix.so
Question 12mediummultiple choice
Read the full network assurance explanation →

Refer to the exhibit. An administrator runs aide --check and receives a warning that /var/log/syslog has changed. Why is this expected?

Exhibit

# aide.conf excerpt
/etc/passwd p+i+u+g+s+m+c+sha512
/etc/shadow p+i+u+g+s+m+c+sha512
/etc/group p+i+u+g+s+m+c+sha512
/etc/sudoers p+i+u+g+s+m+c+sha512
/var/log p+sha512
Question 13hardmultiple choice
Full question →

Refer to the exhibit. A packet is sent from 192.168.1.100 to 10.0.0.5. Which interface will the packet exit?

Exhibit

Refer to the exhibit.

# ip route show
default via 192.168.1.1 dev eth0
10.0.0.0/8 via 192.168.2.1 dev eth1
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.100
192.168.2.0/24 dev eth1 proto kernel scope link src 192.168.2.100
Question 14hardmultiple choice
Full question →

A new client with IP 10.0.1.15 tries to connect to HTTPS on the server. Based on the exhibit, what happens?

Network Topology
# iptables -L INPUTline-numbers1 ACCEPT allanywhere anywhere state ESTABLISHED2 ACCEPT tcpanywhere anywhere tcp dpt:ssh3 ACCEPT tcp192.168.1.0/24 anywhere tcp dpt:http4 ACCEPT tcp10.0.0.0/8 anywhere tcp dpt:https5 DROP allanywhere anywhereRefer to the exhibit.Chain INPUT (policy ACCEPT)
Question 15mediummultiple choice
Full question →

Given the smb.conf exhibit, which share(s) allow write access to user 'alice' who is a member of the 'staff' group?

Exhibit

Refer to the exhibit.

[global]
workgroup = MYGROUP
server string = Samba Server
security = user

[share1]
path = /srv/samba/share1
valid users = alice, bob
read only = no

[share2]
path = /srv/samba/share2
valid users = @staff
read only = yes

[share3]
path = /srv/samba/share3
guest ok = yes
read only = no

These LPIC-2 practice questions are part of Courseiva's free LPI certification practice question bank. Courseiva provides original exam-style LPIC-2 questions with detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics.