LPIC-2 · topic practice

System Security practice questions

Practise Linux Professional Institute Certification Level 2 LPIC-2 System Security practice questions — original exam-style scenarios with answer choices, explanations, and analysis of common mistakes.

Courseiva uses original exam-style practice questions designed for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps.

Reviewed byJohnson Ajibi· MSc IT Security
20 questionsDomain: System Security

What the exam tests

What to know about System Security

System Security questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Watch out for

Common System Security exam traps

  • Answering from memory before reading the full scenario.
  • Missing a constraint such as cost, availability, security, scope or command context.
  • Choosing a broad answer when the question asks for the most specific fix.
  • Ignoring why the wrong options are tempting.

Practice set

System Security questions

20 questions · select your answer, then reveal the explanation

Question 1mediummultiple choice
Read the full System Security explanation →

A system administrator notices that the SSH service on a Linux server is failing to start. The log shows: 'sshd: error: Could not load host key: /etc/ssh/ssh_host_rsa_key'. What is the most likely cause and solution?

A security policy requires that all users must change their passwords every 90 days. Which command enforces maximum password age for an existing user 'jdoe'?

A security audit reveals that the /var/log directory contains world-readable log files that may contain sensitive information. The administrator wants to ensure new files created in /var/log are not readable by others, without affecting existing file permissions. Which umask value should be set system-wide?

Which TWO commands can be used to display the current iptables rules for the filter table?

Which THREE of the following are valid methods to restrict access to the su command on a Linux system?

Question 6mediummultiple choice
Read the full System Security explanation →

Based on the iptables output, what is the expected behavior for incoming SSH connections on eth0?

Network Topology
10 840 ACCEPT alllo * 0.0.0.0/05 420 ACCEPT tcp0 0 DROP all* * 0.0.0.0/0Refer to the exhibit.# iptables -L -n -v

Based on the sshd configuration, user 'charlie' attempts to log in using public key authentication. What will happen?

Exhibit

Refer to the exhibit.

# cat /etc/ssh/sshd_config | grep -v '^#' | grep -v '^$'
Port 22
Protocol 2
PermitRootLogin no
PubkeyAuthentication yes
PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM yes
AllowUsers alice bob
DenyUsers charlie

A system administrator wants to ensure that all commands executed by root are logged to a remote syslog server. Which rsyslog configuration directive should be used?

Question 9mediummultiple choice
Read the full System Security explanation →

An organization requires that all email traffic from their mail server must be encrypted in transit. Which of the following is the most appropriate solution?

Question 10easymultiple choice
Read the full System Security explanation →

Which file is used to configure which users and groups are allowed to use the 'cron' daemon?

Question 11hardmultiple choice
Study the full ACL explanation →

Based on the ACL output, which user(s) can write to the file /var/www/html/index.html?

Exhibit

Refer to the exhibit.

# getfacl /var/www/html/index.html
# file: var/www/html/index.html
# owner: root
# group: www-data
user::rw-
user:www-data:r--
group::r--
mask::r--
other::---
Question 12hardmultiple choice
Read the full System Security explanation →

A company runs a web application on a Linux server that uses Apache, MySQL, and PHP. The application stores sensitive user data in a MySQL database. The security team has detected that the MySQL service is listening on port 3306 on all interfaces (0.0.0.0). The application and database are on the same server, so there is no need for remote database access. The administrator must secure the MySQL service without breaking the application. Which of the following is the most appropriate course of action?

Question 13mediummultiple choice
Read the full System Security explanation →

A system administrator needs to ensure that all users must change their passwords every 90 days and that passwords must be at least 12 characters long. The administrator modifies /etc/login.defs and /etc/pam.d/common-password. Which additional step is required to enforce these settings for existing users?

Which TWO commands can be used to list all currently listening TCP ports and the associated processes?

Question 15hardmultiple choice
Read the full System Security explanation →

Given the exhibit, what is the most likely reason for the GPG error, and what is the correct way to fix it permanently?

Network Topology
# apt-get installallow-unauthenticated -y somepackageRefer to the exhibit.# apt-get update...
Question 16mediummultiple choice
Read the full System Security explanation →

You are the security administrator for a company that runs a web application on a Linux server. The application runs under the user 'www-data' and listens on TCP port 8080. The server also runs an SSH service on port 22. Recently, an external penetration test revealed that an attacker could exploit a vulnerability in the web application to execute commands as the 'www-data' user, and from there, the attacker could escalate privileges to root due to a misconfigured sudo rule. You need to implement a defense-in-depth approach to limit the impact of such an attack. Which single action would be the most effective in preventing privilege escalation from the 'www-data' user to root, while still allowing the application to function normally?

Question 17hardmultiple choice
Read the full System Security explanation →

An administrator is reviewing the audit rules on a Linux server. The current rules are shown in the exhibit. The administrator needs to ensure that any failed attempts to open files are logged, while also monitoring for successful outbound connections. Which of the following describes the effect of the current rules?

Exhibit

Refer to the exhibit.

```
# auditctl -l
-a always,exit -F arch=b64 -S openat -F success=0 -F key=access_denied
-a always,exit -F arch=b64 -S connect -F key=outbound_connect
-w /etc/shadow -p wa -k shadow_changes
-w /etc/ssh/sshd_config -p wa -k sshd_config_change
```

An administrator wants to enhance the security of a web server running Apache. Which TWO of the following actions are recommended best practices?

Question 19mediummultiple choice
Read the full System Security explanation →

A company runs a critical database server on a Linux system. The server is subject to a strict compliance policy that requires all commands executed by the database administrator (user 'dbadmin') to be logged. Additionally, any attempt to change the system time must be logged regardless of the user. The administrator has configured auditd and added the following rules: -w /usr/bin -p x -k binary_exec, -a always,exit -F arch=b64 -S adjtimex -F key=time_change. However, during a compliance audit, it is discovered that not all commands executed by dbadmin are being logged. Which of the following is the most likely cause?

Question 20mediumdrag order
Review the full routing breakdown →

Order the steps to configure a Linux system as a router using iptables.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Focused System Security sessions

Start a System Security only practice session

Every question in these sessions is drawn from the System Security domain — nothing else.

Related practice questions

Related LPIC-2 topic practice pages

Move into related areas when this topic feels solid.

Frequently asked questions

What does the LPIC-2 exam test about System Security?
System Security questions test whether you can apply the concept in context, not just recognise a definition.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just System Security questions in a focused session?
Yes — the session launcher on this page draws every question from the System Security domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other LPIC-2 topics?
Use the topic links above to move to related areas, or go back to the LPIC-2 question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the LPIC-2 exam covers. They are not copied from any real exam or dump site.