LPI LPIC-2 - Exam 202 (part 2 of 2), version 4.5 202-450 Exam Dumps: Updated Questions & Answers (October 2025)

Sieve filters are usually applied to an email when the email is delivered to a mailbox by a mail delivery agent (MDA) or a local delivery agent (LDA). Sieve filters are scripts that can perform various actions on incoming emails, such as sorting them into folders, assigning labels, forwarding, rejecting, or discarding them. Sieve filters are executed on the server side, and they are independent of the mail user agent (MUA) or the mail access protocol. This means that the email filtering is consistent across different email clients and devices. Sieve filters are not applied when the email is relayed by an SMTP server, received by an SMTP smarthost, sent to the first server by an MUA, or retrieved by an MUA. These are different stages of the email delivery process, but they do not involve the final delivery of the email to a mailbox.

References:

LPIC-2 Exam 202 Objectives, Objective 205.4: Managing a dovecot server

Sieve filter (advanced custom filters) | Proton

start - Sieve.Info

What is Sieve Filtering? - Knowledge Base - Pair Networks

The TransferLog and CustomLog directives are both used to specify the location and format of the access log file in Apache HTTPD. The access log file records information about each request received by the server, such as the client IP address, the request method, the requested URL, the response status code, and the bytes sent.

The TransferLog directive is a simple way to enable access logging, without any customization. It takes one argument, which is the name of the log file or a pipe to a program that will handle the log data. For example:

TransferLog logs/access_log

The CustomLog directive is a more flexible way to enable access logging, with the ability to customize the log format and conditionally log requests based on environment variables. It takes two or three arguments, which are the name of the log file or a pipe to a program, the log format string or a nickname defined by the LogFormat directive, and optionally an expression that evaluates to true or false for each request. For example:

CustomLog logs/access_log common CustomLog “|/usr/bin/rotatelogs logs/access_log.%Y-%m-%d 86400” combined CustomLog logs/ssl_access_log “%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x "%r" %b” env=HTTPS

The ErrorLog directive is another logging directive in Apache HTTPD, but it is used to specify the location and format of the error log file, which records any errors or warnings encountered by the server. For example:

ErrorLog logs/error_log

The ServerLog and VHostLog directives are not valid logging directives in Apache HTTPD. They may be confused with the ServerSignature and VirtualHost directives, which are used for other purposes.

References:

Log Files - Apache HTTP Server Version 2.4

Directive Index - Apache HTTP Server Version 2.4

Apache Logging Basics - The Ultimate Guide To Logging

According to the OpenLDAP Software 2.6 Administrator’s Guide1, the default access control policy is allow read by all clients. This means that if there is no access directive, any client can read any entry or attribute in the directory, but cannot modify or delete them. Therefore, option C is the correct answer, as it represents this policy. Option A is incorrect, as it grants write access to all clients, which is not the default. Option B is incorrect, as it denies access to all clients, which is also not the default. Option D is incorrect, as it grants read and write access only to the rootdn, which is the superuser of the directory, and denies access to all other clients.

References:

OpenLDAP Software 2.6 Administrator’s Guide: Access Control: The official documentation of OpenLDAP on how to configure access control for the directory server.

DANE stands for DNS-based Authentication of Named Entities. It is a protocol that provides a way to verify the association of X 509 certificates to DNS host names. X 509 certificates are digital documents that contain the public key and identity information of an entity, such as a web server or an email server. They are used to establish secure connections and authenticate the identity of the entity. However, the traditional way of obtaining and validating X 509 certificates relies on a hierarchical system of trusted third parties, called certificate authorities (CAs), which can be vulnerable to attacks or compromise. DANE aims to enhance the security and trust of X 509 certificates by using DNSSEC, which is a set of extensions to DNS that provide cryptographic signatures and validation for DNS records. DANE allows the owner of a domain name to publish the X 509 certificate or its fingerprint in a DNS record, called a TLSA record, which can be verified by the DNSSEC chain of trust. This way, the client can check the authenticity of the certificate directly from the DNS, without relying on external CAs. DANE can also be used to specify which CAs are authorized to issue certificates for a domain name, or to indicate that no CA is needed at all. DANE can be applied to various protocols that use X 509 certificates, such as HTTPS, SMTP, IMAP, POP3, etc.

References:

DANE - Wikipedia

DNS-Based Authentication of Named Entities (DANE) - Internet Society

DANE: Taking TLS Authentication to the Next Level Using DNSSEC

The root directive in Nginx defines the file system path from which the content of the server is retrieved. It can be placed in the http, server, or location contexts. The root directive specifies the root directory that will be used to search for a file. To obtain the path of a requested file, Nginx appends the request URI to the path specified by the root directive. For example, if the root directive is set to /var/www/html and the request URI is /index.php, Nginx will look for the file /var/www/html/index.php. References: Serving Static Content | NGINX DocumentationUnderstanding and Implementing FastCGI Proxying in Nginx

 The host allow option in the smb.conf file specifies the hosts or networks that are allowed to access the Samba server. The hosts can be specified by name, IP address, or network address with a netmask. The host allow option can also include the special name localhost, which refers to the local machine. The host allow option can be overridden by the host deny option, which specifies the hosts or networks that are denied access to the Samba server. The host deny option has a higher priority than the host allow option.

In this question, the host allow option is set to 192.168.1.100 192.168.2.0/24 localhost, which means that only the host with the IP address 192.168.1.100, the hosts on the network 192.168.2.0/24 (from 192.168.2.1 to 192.168.2.254), and the local machine can access the Samba server. This explains why a wireless laptop with an IP address 192.168.2.93 can access the Samba server, but a workstation on the wired network with an IP address 192.168.1.177 cannot. Almost every machine on the wired network is unable to access the Samba server because they are not included in the host allow option.

To fix this problem, the host allow option should be changed to include the entire wired network, which is assumed to be 192.168.1.0/24 (from 192.168.1.1 to 192.168.1.254). This can be done by using the network address and the netmask, or by using a range of IP addresses. The host allow option should also keep the wireless network and the localhost in the list, so that the existing access is not denied. Therefore, the correct answer is E. host allow = 192.168.1.0/255.255.255.0 192.168.2.0/255.255.255.0 localhost. This will allow any host on either network, or the local machine, to access the Samba server, without denying access to anyone else.

The AuthType directive is used to specify the method of authentication for a directory or a location on the Apache HTTPD server. The directive has four possible values: None, Basic, Digest, and Form. Each value corresponds to a different module that implements the authentication mechanism.

None: This value means that no authentication is required. This is the default value and it can be used to override any inherited authentication settings.

Basic: This value means that the basic authentication method is used. This method is implemented by the mod_auth_basic module. It requires the user to enter a username and a password, which are sent to the server in plain text. Therefore, this method is not very secure and should be used with encryption, such as SSL or TLS.

Digest: This value means that the digest authentication method is used. This method is implemented by the mod_auth_digest module. It requires the user to enter a username and a password, which are hashed by the client and the server using a nonce (a random number) and a realm (a name for the protected area). Therefore, this method is more secure than the basic method, as it prevents replay attacks and password sniffing.

Form: This value means that the form authentication method is used. This method is implemented by the mod_auth_form module. It requires the user to fill out a web form with their credentials, which are sent to the server using the POST method. Therefore, this method is more flexible and user-friendly than the other methods, as it allows the use of custom forms and cookies.

References:

AuthType Directive

Authentication and Authorization - Apache HTTP Server Version 2.4

How to Create and Use .htpasswd

 The htpasswd command is used to create and update user files for basic authentication of HTTP users. The command has several options, but the most relevant ones for this question are:

-c: This option creates a new file and overwrites it if it already exists. This is not suitable for changing the password of existing users, as it would erase the previous data.

-n: This option displays the results on standard output rather than updating a file. This is useful for generating password records for other types of data stores, but not for modifying an existing file.

-D: This option deletes the specified user from the file. This is not what the question asks for, as it wants to change the password, not remove the user.

-b: This option uses batch mode, which means getting the password from the command line rather than prompting for it. This option is not mentioned in the question, and it is not recommended for security reasons.

Therefore, the correct option is B, which uses the default syntax of htpasswd to change the password of an existing user in the specified file. The command will prompt for the new password and update the file accordingly.

References:

htpasswd - Manage user files for basic authentication

How to Create and Use .htpasswd

Unlocking htpasswd in Linux: Comprehensive Guide with Examples

To allow X connections to be forwarded from or through an SSH server, the configuration keyword that must be set to yes in the sshd configuration file is XllForwarding. This keyword enables X11 forwarding, which is a mechanism that allows graphical applications to be run on a remote host and displayed on a local host. The sshd configuration file is usually located at /etc/ssh/sshd_config, and the XllForwarding keyword can be set globally or per host. For example:

XllForwarding yes

This will enable X11 forwarding for all hosts. To enable X11 forwarding for a specific host, use the Match directive, followed by the Host keyword and the host name or pattern. For example:

Match Host example.com XllForwarding yes

This will enable X11 forwarding only for the host example.com.

References:

X11 Forwarding using SSH

sshd_config - OpenSSH SSH daemon configuration file

How To Configure X11 Forwarding Using SSH In Linux

The command in the question is using the ldapsearch tool to query an LDAP directory. The filter expression is (|(cn=marie)(!(telephoneNumber=9*))), which means to match entries that satisfy either one of the two conditions inside the parentheses. The first condition is (cn=marie), which means the common name attribute (cn) of the entry is equal to marie. The second condition is (!(telephoneNumber=9*)), which means the telephone number attribute (telephoneNumber) of the entry is not equal to 9 followed by any number of characters. The ! operator means logical negation, and the * operator means wildcard matching. Therefore, the command will return entries that have a cn of marie or don’t have a telephoneNumber beginning with 9. References: LPIC-2 202 exam objectives, LDAP Search Filters