Sample Exam 4: RHCE Sample
Exam 2
2Appendix E: Sample Exam 4: RHCE Sample Exam 2
T he following questions will help measure your understanding of the material presented
in this book. As discussed in the introduction, you should be prepared to complete the
RHCE exam in 2.0 hours.
Like the RHCSA, the RHCE exam is “closed book.” However, you are allowed to use any documentation that can be found on the Red Hat Enterprise Linux computer.
While test facilities allow you to make notes, you won’t be allowed to take these
notes from the testing room.
While the RHCE exam is entirely separate from the RHCSA, you need to pass both exams to receive the RHCE certificate. Nevertheless, you can take the RHCE
exam first. While both exams cover some of the same services, the objectives for
those services are different.
In most cases, there is no one solution, no single method to solve a problem or install a service. There are a nearly infinite number of options with Linux, so I can’t
cover all possible scenarios.
Even for these exercises, do not use a production computer. A small error in some or all of these exercises may make Linux unbootable. If you’re unable to recover
from the steps documented in these exercises, you may need to reinstall Red Hat
Enterprise Linux. Saving any data that you have on the local system may then not
be possible.
Red Hat presents its exams electronically. For that reason, the exams in this book are available from the companion CD, in the Exams/ subdirectory. This exam is in
the file named RHCEsampleexam2, and is available in .txt, .doc, and .html formats.
For details on how to set up RHEL 6 as a system suitable for a practice exam, refer to
Appendix A.
In most cases, there is no one solution, no single method to solve a problem or install a service. There are a nearly infinite number of options with Linux, so I can’t
cover all possible scenarios.
Don’t turn the page until you’re finished with the sample exam!
RHCE Sample Exam 2 Discussion 3
RHCE Sample Exam 2 Discussion
In this discussion, I’ll describe one way to check your work to meet the requirements
listed for the Sample 2 RHCE exam. Since there is no one way to set up a Red Hat
Enterprise Linux configuration, there is no one right answer for the listed requirements.
But there are some general things to remember. You need to make sure your changes
work after a reboot. For the RHCE, you’ll need to make sure that the services that
you set up are active at the appropriate runlevels. For example, if you’re configuring
Apache, it should be active for at least runlevels 3 and 5.
1.System logging servers require access through either the TCP or UDP pro-
tocols. For our purposes, either is acceptable. In general, if the logging data
is mission critical, use TCP. Otherwise, UDP is faster. Options for both are
shown in comments in the default /etc/rsyslog.conf file.
A s for the logging client, the last commented directive provides a template.
To review, the following directive sends all log messages over TCP port 514,
to the logging server named https://www.sodocs.net/doc/861315706.html,.
*.* @@https://www.sodocs.net/doc/861315706.html,:514
2.Since there is no exam requirement to create a Kerberos server, you may not
be able to verify the Kerberos client directly. So to verify, review the Kerberos
client. For example, based on the question, it should include the following
directives in /etc/krb5.conf:
default_realm = https://www.sodocs.net/doc/861315706.html,
I n addition, the kdc and admin_server directives in the /etc/krb5.con file
should be set to the FQDN of the physical host system. When complete, the
/etc/nsswitch.conf file should include
passwd: files sss
shadow: files sss
group: files sss
I n addition, the sssd service should be running—now and upon reboot. That
can be verified with the chkconfig --list sssd command.
3.If successful, you should see the contents of the noted index.html files for
each web site.
4Appendix E: Sample Exam 4: RHCE Sample Exam 2
T he httpd.conf file in the /etc/httpd/conf directory includes a commented
sample virtual host stanza. You can use it as a template for both virtual
hosts. You should also use the SELinux contexts of the /var/www/html direc-
tory as a template as well for the /web subdirectory.
4.If you are successful, users elizabeth and fred, and no others, will have access
to the cubs subdirectory of the main directory. Both users will have access
only from systems on the local network. In the Apache httpd.conf file, there
is a template for single home directories. It can be modified to accommodate
a group of users.
5.The CGI application should be accessible from the following URL:
https://www.sodocs.net/doc/861315706.html,/cgi-bin/good.pl. When you navigate to that URL,
the browser should tell you “Good Job!”
6.Given the presumed change to the SELinux ftp_home_dir boolean, you need
to pay attention to the vsftpd.conf configuration file in the /etc/vsftpd direc-
tory. And in that directory, you’ll see that logins by regular users are enabled
by default.
7.The default named.conf configuration file is itself sufficient for a caching-
only DNS server. To that file, you’ll need to add a forwarders directive, with
the IP address of the remote DNS server.
8.In principle, it should not matter whether you configure Postfix or sendmail
as the SMTP server. You should be able to check access with commands like
telnet https://www.sodocs.net/doc/861315706.html, 25, only from systems within the local network.
The response should reveal the name of the SMTP server. Of course, you can
go further with an e-mail client like mutt.
9.When user mike attempts to connect from a given client, the system should
prompt for and accept the passphrase defined in the exam question. (“Linux
rocks, Windows does not.” with the comma and period, but without the
quote marks.)
10. When masquerading is configured, connections from internal systems such
as https://www.sodocs.net/doc/861315706.html, appear as if they come from the physical host system.
That can be confirmed in log messages associated with user connections. In
an iptables-based configuration, it adds forwarding rules.
11. Users with an account on the Samba server should be able to connect to their
home directories on that server. But the files on that directory won’t be acces-
sible unless the samba_enable_home_dirs boolean is enabled.
RHCE Sample Exam 2 Discussion 5 12. Peers on an NTP server can be enabled in the /etc/ntp.conf file, in place of
the server directive. Just remember, NTP communicates over UDP port 123.
Accordingly, you can’t use the telnet command to verify the open connec-
tion. One way to check if UDP port 123 is open is with the following com-
mand: nmap -sU server1 -p 123.
13. To avoid responding to the ping command, which works over IPv4, the
icmp_echo_ignore_all option must be active. You can set that up permanently in the /etc/sysctl.conf file with the net.ipv4.icmp_echo_ignore_all = 1
directive.