914271-RHCSA_RHCE-AppE

Sample Exam 4: RHCE Sample

Exam 2

2Appendix E: Sample Exam 4: RHCE Sample Exam 2

T he following questions will help measure your understanding of the material presented

in this book. As discussed in the introduction, you should be prepared to complete the

RHCE exam in 2.0 hours.

Like the RHCSA, the RHCE exam is “closed book.” However, you are allowed to use any documentation that can be found on the Red Hat Enterprise Linux computer.

While test facilities allow you to make notes, you won’t be allowed to take these

notes from the testing room.

While the RHCE exam is entirely separate from the RHCSA, you need to pass both exams to receive the RHCE certificate. Nevertheless, you can take the RHCE

exam first. While both exams cover some of the same services, the objectives for

those services are different.

In most cases, there is no one solution, no single method to solve a problem or install a service. There are a nearly infinite number of options with Linux, so I can’t

cover all possible scenarios.

Even for these exercises, do not use a production computer. A small error in some or all of these exercises may make Linux unbootable. If you’re unable to recover

from the steps documented in these exercises, you may need to reinstall Red Hat

Enterprise Linux. Saving any data that you have on the local system may then not

be possible.

Red Hat presents its exams electronically. For that reason, the exams in this book are available from the companion CD, in the Exams/ subdirectory. This exam is in

the file named RHCEsampleexam2, and is available in .txt, .doc, and .html formats.

For details on how to set up RHEL 6 as a system suitable for a practice exam, refer to

Appendix A.

In most cases, there is no one solution, no single method to solve a problem or install a service. There are a nearly infinite number of options with Linux, so I can’t

cover all possible scenarios.

Don’t turn the page until you’re finished with the sample exam!

RHCE Sample Exam 2 Discussion 3

RHCE Sample Exam 2 Discussion

In this discussion, I’ll describe one way to check your work to meet the requirements

listed for the Sample 2 RHCE exam. Since there is no one way to set up a Red Hat

Enterprise Linux configuration, there is no one right answer for the listed requirements.

But there are some general things to remember. You need to make sure your changes

work after a reboot. For the RHCE, you’ll need to make sure that the services that

you set up are active at the appropriate runlevels. For example, if you’re configuring

Apache, it should be active for at least runlevels 3 and 5.

1.System logging servers require access through either the TCP or UDP pro-

tocols. For our purposes, either is acceptable. In general, if the logging data

is mission critical, use TCP. Otherwise, UDP is faster. Options for both are

shown in comments in the default /etc/rsyslog.conf file.

A s for the logging client, the last commented directive provides a template.

To review, the following directive sends all log messages over TCP port 514,

to the logging server named https://www.sodocs.net/doc/861315706.html,.

*.* @@https://www.sodocs.net/doc/861315706.html,:514

2.Since there is no exam requirement to create a Kerberos server, you may not

be able to verify the Kerberos client directly. So to verify, review the Kerberos

client. For example, based on the question, it should include the following

directives in /etc/krb5.conf:

default_realm = https://www.sodocs.net/doc/861315706.html,

I n addition, the kdc and admin_server directives in the /etc/krb5.con file

should be set to the FQDN of the physical host system. When complete, the

/etc/nsswitch.conf file should include

passwd: files sss

shadow: files sss

group: files sss

I n addition, the sssd service should be running—now and upon reboot. That

can be verified with the chkconfig --list sssd command.

3.If successful, you should see the contents of the noted index.html files for

each web site.

4Appendix E: Sample Exam 4: RHCE Sample Exam 2

T he httpd.conf file in the /etc/httpd/conf directory includes a commented

sample virtual host stanza. You can use it as a template for both virtual

hosts. You should also use the SELinux contexts of the /var/www/html direc-

tory as a template as well for the /web subdirectory.

4.If you are successful, users elizabeth and fred, and no others, will have access

to the cubs subdirectory of the main directory. Both users will have access

only from systems on the local network. In the Apache httpd.conf file, there

is a template for single home directories. It can be modified to accommodate

a group of users.

5.The CGI application should be accessible from the following URL:

https://www.sodocs.net/doc/861315706.html,/cgi-bin/good.pl. When you navigate to that URL,

the browser should tell you “Good Job!”

6.Given the presumed change to the SELinux ftp_home_dir boolean, you need

to pay attention to the vsftpd.conf configuration file in the /etc/vsftpd direc-

tory. And in that directory, you’ll see that logins by regular users are enabled

by default.

7.The default named.conf configuration file is itself sufficient for a caching-

only DNS server. To that file, you’ll need to add a forwarders directive, with

the IP address of the remote DNS server.

8.In principle, it should not matter whether you configure Postfix or sendmail

as the SMTP server. You should be able to check access with commands like

telnet https://www.sodocs.net/doc/861315706.html, 25, only from systems within the local network.

The response should reveal the name of the SMTP server. Of course, you can

go further with an e-mail client like mutt.

9.When user mike attempts to connect from a given client, the system should

prompt for and accept the passphrase defined in the exam question. (“Linux

rocks, Windows does not.” with the comma and period, but without the

quote marks.)

10. When masquerading is configured, connections from internal systems such

as https://www.sodocs.net/doc/861315706.html, appear as if they come from the physical host system.

That can be confirmed in log messages associated with user connections. In

an iptables-based configuration, it adds forwarding rules.

11. Users with an account on the Samba server should be able to connect to their

home directories on that server. But the files on that directory won’t be acces-

sible unless the samba_enable_home_dirs boolean is enabled.

RHCE Sample Exam 2 Discussion 5 12. Peers on an NTP server can be enabled in the /etc/ntp.conf file, in place of

the server directive. Just remember, NTP communicates over UDP port 123.

Accordingly, you can’t use the telnet command to verify the open connec-

tion. One way to check if UDP port 123 is open is with the following com-

mand: nmap -sU server1 -p 123.

13. To avoid responding to the ping command, which works over IPv4, the

icmp_echo_ignore_all option must be active. You can set that up permanently in the /etc/sysctl.conf file with the net.ipv4.icmp_echo_ignore_all = 1

directive.