Official Linux LPIC-2 Exam 202 course + exam

ATTENTION: If you belong to the LaaS Cert program, the training does not include an exam.

Official LPI Linux Course: LPIC-2 - Exam 202 Preparation plus 1 Free Exam

LPIC-2 is the second certification in the Linux Professional Institute's (LPI) multi-level professional certification program.

The LPIC-2 will validate the candidate's ability to manage small and medium-sized mixed networks.

Important: This course covers Only the topics for Exam 202. If you're interested in the complete training with the syllabus for Exams 201 and 202, visit our course: LPIC-2 exams 201 and 202

Contents for certification

To earn the LPIC-2 certification , you must have the LPIC-1 certification and pass both exams 201 and 202. This course covers only the topics on exam 202:

LPIC-2 exam 202:

• Topic 207: Domain Name Server
  
• Topic 208: Web Services
  
• Topic 209: File Sharing
  
• Topic 210: Network Client Management
  
• Topic 211: Email Services
  
• Topic 212: Security system

LPIC-2 Exam 202

Topic 207: Domain Name Server

207.1 Basic DNS Server Configuration

The candidate must know how to configure BIND to function as an authoritative DNS server and as a recursive or caching DNS server. The candidate must also be able to manage a running DNS server and configure records.

Key knowledge areas:

• BIND 9.x Terms, Utilities, and Configuration Files
  
• Define the location of zone files within BIND configuration files.
  
• Reload modified configurations and zone files.
  
• Know dnsmasq, djbdns and PowerDNS as alternative name servers.

207.2 Creating and Maintaining DNS Zones

The candidate must be able to create zone files for forward and reverse zones, as well as hints for root servers. This objective also includes knowing how to set appropriate values ​​for records, add hosts to zones, and add zones to the Domain Name System. Finally, the candidate must also be able to delegate zones to another DNS server.

Key knowledge areas:

• BIND 9 Terms, Utilities, and Configuration Files
  
• Utilities to request information from the DNS server.
  
• Design, content, and location of BIND zone files.
  
• Methods for adding a new host to zone files — including reverse zones.

207.3 Securing the DNS Server

The candidate must know how to configure a DNS server to work without root permissions and within a chroot jail. This objective also includes secure data exchange between DNS servers.

Key knowledge areas:

• BIND 9 configuration files.
  
• Configuring BIND to run inside a chroot jail.
  
• Split BIND configuration by declaring forwarders.
  
• Configuring and using transaction signatures (TSIG).
  
• Learn DNSSEC and its basic tools.
  
• Get to know DANE and its records.

Topic 208: HTTP Services

208.1 Basic Apache Configuration

The candidate must be able to install and configure a web server, monitor server performance and load, restrict client access, configure support for scripting languages ​​such as modules, and configure client authentication. This objective also includes configuring server options to restrict resource usage, configuring the web server to use virtual hosts, and customizing file access.

Key knowledge areas:

• Apache 2.4 Files, Terms, and Utilities
  
• Configuration and content of Apache log files.
  
• Files and access restriction methods.
  mod_perl and PHP configuration.
  
• Client authentication files and utilities.
  
• Setting the maximum number of requests and the maximum and minimum number of servers and clients.
  
• Implementing virtual hosts in Apache 2.4 (with and without dedicated IP address).
  
• Using redirect statements in configuration files
• Apache to customize file access.

208.2 Configuring Apache for HTTPS

The candidate must be able to configure a web server to provide HTTPS.

Key knowledge areas:

• SSL utilities, tools, and configuration files.
  
• Generate private keys for the server and Certificate Signing Requests (CSRs).
• Certificate Signing Request) for a commercial Certification Authority (CA).
  
• Generate a self-signed certificate.
  
• Installing keys and certificates, including the role of intermediate CAs.
  
• Configuring virtual hosting using Server Name Indication (SNI).
  
• Learn about issues related to virtual hosting and the use of SSL.
  
• Security issues related to the use of SSL and disabling insecure protocols and ciphers.

208.3 Implementing Squid as a caching proxy server

The candidate should be able to install and configure a proxy server, including access policies, authentication, and resource usage.

Key knowledge areas:

• Squid 3.x utilities, terms, and configuration files.
  
• Access restriction methods.
  
• Client authentication methods.
  
• Design and content of Access Control Lists (ACLs) in Squid configuration files.

208.4 Implementing Nginx as a Web Server and Reverse Proxy Server

The candidate should be able to install and configure Nginx as a reverse proxy server. This objective also includes basic configuration of Nginx as an HTTP server.

Key knowledge areas:

• Nginx.
  
• Reverse proxy server.
  
• Basic web server.

Topic 209: File Sharing

209.1 Samba Server Configuration

The candidate should be able to configure a Samba server for multiple clients, either as a standalone server or integrated as a member of Active Directory. This objective covers simple CIFS configuration and printer sharing, as well as configuring a Linux client to use a Samba server. Troubleshooting Samba installation is also included in this objective.

Key knowledge areas:

• Samba 4 Documentation.
  
• Samba 4 configuration files.
  
• Samba 4 Tools, Utilities, and Daemons
  
• Mounting CIFS shares on Linux.
  
• Mapping Windows usernames to Linux usernames.
  
• Security at different levels: user, sharing and AD.

209.2 NFS Server Configuration

The candidate must be able to export file systems using NFS. This objective also covers access restrictions, mounting NFS file systems on a client, and securing NFS.

Key knowledge areas:

• NFS version 3 configuration files.
  
• NFS utilities and tools.
  
• Access restrictions to certain hosts and/or certain subnets.
  
• Mounting options on the server and client.
  
• TCP Wrappers.
  
• Know NFSv4.

Topic 210: Network Client Administration

210.1 DHCP Configuration

The candidate should be able to configure a DHCP server, which includes setting default and per-client options, as well as adding static and BOOTP clients. This objective also includes configuring a DHCP relay agent and maintaining the DHCP server.

Key knowledge areas:

• DHCP utilities, terms, and configuration files.
  
• Subnets and dynamically assigned range configuration.
  
• Learn about DHCPv6 and IPv6 router advertisements.

210.2 PAM Authentication

The candidate must be able to configure PAM to enable authentication using various available methods. Basic SSSD functionality is included.

Key knowledge areas:

• PAM utilities, terms, and configuration files.
  
• Passwd and shadow passwords.
  
• Using sssd for LDAP authentication.

210.3 Using the LDAP Client

The candidate must be able to perform queries and updates to an LDAP server. This objective also includes importing and adding items, as well as adding and managing users.

Key knowledge areas:

• LDAP utilities for data management and queries.
  
• Changing user passwords.
  
• LDAP directory queries.

210.4 OpenLDAP Server Configuration

The candidate should be able to configure a basic OpenLDAP server, including knowledge of the LDIF format and basic access controls.

Key knowledge areas:

• OpenLDAP.
  
• Directory-based configuration.
  
• Access control.
  
• Distinguished names.
  
• Exchange rate operations.
  
• Outlines and White Pages.
  
• Directories.
  
• Classes, attributes and object IDs.

Topic 211: Email Services

211.1 Use of email servers

The candidate should be able to administer an email server, including configuring aliases, quotas, and virtual domains, as well as configuring internal relays and monitoring the server.

Key knowledge areas:

• Postfix configuration files.
  
• Basic TLS configuration for postfix.
  
• Basic knowledge of the SMTP protocol.
  
• Know sendmail and exim.

211.2 Managing Email Delivery

The candidate must be able to implement the client's email management software to filter, sort, and monitor incoming email.

Key knowledge areas:

• Understand Sieve functionality, syntax, and operators.
  
• Using Sieve to filter and sort mail based on sender, recipient(s), headers, and size.
  
• Know procmail.

211.3 Managing mailbox access

The candidate must know how to install and configure the POP and IMAP daemons.

Key knowledge areas:

• Configuration and administration of Dovecot, IMAP and POP3.
  
• Basic TLS configuration for Dovecot.
  
• Meet Courier.

Topic 212: System security

212.1 Router Configuration

The candidate should be able to configure the system to forward IP packets and perform network address translation (NAT, IP masquerading), highlighting their importance in network protection. This objective also includes configuring port forwarding, managing filtering rules, and preventing attacks.

Key knowledge areas:

• Configuration files, tools, and utilities for iptables and ip6tables.
  
• Tools, commands and utilities for managing routing tables.
  
• Private address ranges (IPv4); Unique Local Addresses and Addresses
• Link Locations (IPv6).
  
• Port forwarding and IP forwarding.
  
• List and write filter rules that accept or block IP packets based on source or destination protocol, port, and address.
  
• Save and reload filter settings.

212.2 FTP Server Administration

The candidate must be able to configure an FTP server to perform anonymous downloads and uploads. This objective also includes precautions to be taken if anonymous uploads are allowed and user access configuration.

Key knowledge areas:

• Configuration files, tools, and utilities for Pure-FTPd and vsftpd.
  
• Get to know ProFTPd.
  
• Understanding Active vs. Passive FTP Connections

212.3 Secure Shell (SSH)

The candidate must be able to configure and secure an SSH daemon. This objective also includes key management and SSH configuration for users, as well as forwarding an application protocol over SSH and managing SSH logins.

Key knowledge areas:

• OpenSSH configuration files, tools, and utilities.
  
• Login restrictions for superuser and regular users.
  
• Administration and use of server and client keys for login with and without password.
  
• Using multiple connections from multiple hosts to protect against losing a connection to a remote host after making configuration changes.

212.4 Security Tasks

The candidate must be able to receive security alerts from a variety of sources; install, configure, and run intrusion detection systems; and apply security patches and bug fixes.

Key knowledge areas:

• Tools and utilities for scanning and testing ports on a server.
  
• Places and organizations that report security alerts such as Bugtraq, CERT, or other sources.
  
• Tools and utilities for implementing an intrusion detection system (IDS).
  
• Know OpenVAS and Snort.

212.5 OpenVPN

The candidate must know how to configure a virtual private network (VPN) and create secure point-to-point or site-to-site connections.

Key knowledge areas:

• OpenVPN

Language

The e-Learning components on which the training is conducted are in English and Spanish .

Exam languages ​​available at VUE test centers: English, German, Japanese, Portuguese (Brazilian)

Languages ​​for exams available online through OnVUE: English, Japanese

Requirements

The candidate must have an active LPIC-1 certification to receive the LPIC-2 certification.