Linux LPIC-2 | Exam Preparation 201 and 202

ATTENTION: If you belong to the LaaS Cert program, the training does not include an exam.

Official Linux LPIC‑2 Course | Exam Preparation 201 and 202 + 2 free exams

Who is the Linux LPIC-2 course for?

• Experienced Linux administrators who wish to get LPIC‑2 certified.
• Professionals who administer mixed networks and Linux services in small/medium organizations.
• IT teams that need to standardize Linux operations (infrastructure, services, security) and validate knowledge with official certification.

What will you learn in the LPIC-2 course?

This course covers the syllabi for the preparation of exams 201 and 202, which are required for Linux LPI level 2 or LPIC-2 certification.

The main objectives are:

• Perform advanced system administration, including common tasks related to the Linux kernel, system boot, and maintenance.
• Perform advanced block storage and file system management, as well as advanced networking and authentication, and system security, including firewall and VPN.
• Install and configure fundamental network services, including DHCP, DNS, SSH, web servers, file servers using FTP, NFS and Samba, email delivery.
• Supervise assistants and advise management on automation and procurement.

Contents for certification

LPIC‑2 Exam 201

• Topic 200: Capacity Planning
  
• Topic 201: Linux Kernel
  
• Topic 202: System boot
  
• Topic 203: Filesystem and devices
  
• Topic 204: Advanced storage device management
  Topic 205: Network Configuration
  Topic 206: System maintenance

LPIC‑2 Exam 202

• Topic 207: Domain Name Server (DNS)
  
• Topic 208: Web Services
  
• Topic 209: File Sharing
  
• Topic 210: Network Client Management
  
• Topic 211: Email Services
  
• Topic 212: Security system

LPIC-2 201

Topic 200: System Resource Planning

200.1 Measure resource usage and identify and resolve associated issues

The candidate should be able to measure hardware resources and network bandwidth, as well as identify and resolve resource-related issues.

Key knowledge areas:

• Measure CPU usage.
• Measure memory usage.
  
• Measure disk I/O.
  
• Measure network I/O.
  
• Measure firewall and router performance.
  
• Map bandwidth per client.
  
• Match / correlate system symptoms with their possible causes.
• Estimate system performance and identify bottlenecks, including network ones.

200.2 Predict future resource needs

The candidate should be able to monitor resource usage to predict future needs.

Key knowledge areas:

• Use monitoring and measurement tools to monitor IT infrastructure usage.
  
• Predict the breaking point of a configuration in terms of capacity.
  
• Observe the growth rate of capacity usage.
  
• Create graphs that reflect capacity usage trends.
  
• Be familiar with monitoring solutions such as Icinga2, Nagios, collectd, MRTG, and Cacti.

Topic 201: The Linux kernel

201.1 Kernel components

The candidate must be able to use kernel components that are necessary for specific hardware, hardware drivers, resources and system requirements. This objective includes implementing different types of kernel images, understanding the concepts of stable kernel, long-term kernel and patch, as well as knowing how to use kernel modules.

Key knowledge areas:

• Documentation for kernels 2.6.x, 3.x and 4.x

201.2 Compiling a Linux kernel

The candidate must be able to correctly configure a Linux kernel to include or disable special features, as well as compile and recompile it as needed. The objective also includes the ability to update it, create an initial memory image (initrd), and install new kernels.

Key knowledge areas:

• /usr/src/linux/
  
• Kernel Makefile files.
  
• `make` command targets for kernels 2.6.x, 3.x, and 4.x.
  
• Customize kernel configuration.
  
• Build a new kernel and corresponding modules.
  
• Install a new kernel and any necessary modules.
  
• Ensure that the bootloader can locate the new kernel and associated files.
  
• Module configuration files.
  
• Use DKMS to compile kernel modules.
  
• Have knowledge about dracut.

201.3 Kernel runtime management and troubleshooting

The candidate must be able to manage and/or query a 2.6.x, 3.x, or 4.x kernel and its loadable modules; identify and correct common boot and runtime issues; understand device management and detection with the udev tool, and resolve issues related to udev rules.

Key knowledge areas:

• Use command-line utilities to obtain information about the running kernel and its modules.
  
• Load and unload kernel modules manually.
  
• Determine when modules can be unloaded.
  
• Determine which parameters a module accepts.
  
• Configure the system to load modules by a name other than their filename.
  
• /proc filesystem.
  
• Contents of /, /boot/, and /lib/modules/.
  
• Tools and utilities to analyze information concerning available hardware.
  
• udev rules.

Topic 202: System Startup

202.1 Customize system startup

The candidate must be able to query the status of system services at different targets / runlevels as well as modify their behavior. A thorough understanding of systemd, SysV Init, and the Linux boot process is required. The objective includes interacting with systemd targets and SysV Init runlevels.

Key knowledge areas:

• Systemd
  
• SysV init
  
• Linux Standard Base Specification (LSB)

202.2 System recovery

The candidate must be proficient in manipulating a Linux system both during the boot process and in recovery mode. They must know how to use the init utility and related kernel options. Furthermore, the candidate must be able to determine the causes of errors that occur during the loading and use of GRUB version 2 and GRUB Legacy bootloaders on both BIOS and UEFI systems.

Key knowledge areas:

• BIOS and UEFI.
  
• NVMe boot.
  
• GRUB version 2 and Legacy.
  
• The grub shell.
  
• Boot sequence: the boot manager hands off to the kernel.
  
• Kernel loading.
  
• Hardware initialization and configuration.
  
• Daemon/service initialization and configuration.
  
• Know the possible installation locations of the boot manager on both a hard drive and a removable device.
  
• Use the boot manager shell and override standard boot manager options.
  
• Use systemd's rescue and emergency modes.

202.3 Alternative bootloaders

The candidate must be familiar with alternative bootloaders to GRUB and their main features.

Key knowledge areas:

• SYSLINUX, ISOLINUX, PXELINUX.
  
• Understand how PXE works for BIOS and UEFI.
  
• Know systemd-boot and U-Boot.

Topic 203: File systems and devices

203.1 Manage the Linux filesystem

The candidate must be able to correctly configure and navigate the standard Linux filesystem as well as configure and mount various types of filesystems.

Key knowledge areas:

• fstab configuration.
  
• Tools and utilities for managing swap partitions and files.
  
• Using Universally Unique Identifiers (UUIDs) to identify and mount filesystems.
  
• Understanding systemd mount units.

203.2 Maintaining a Linux filesystem

The candidate must be able to properly maintain a Linux filesystem using system utilities. This includes manipulating standard filesystems and monitoring devices with SMART technology.

Key knowledge areas:

• Tools and utilities for manipulating ext2, ext3, and ext4 file systems.
  
• Tools and utilities for performing basic operations on a Btrfs file system, including creating subvolumes and snapshots.
  
• Tools and utilities for manipulating an XFS file system.
  Know the ZFS file system.

203.3 Creating and configuring filesystem options

The candidate must be able to configure automountable filesystems using AutoFS. This includes configuring automounting for network filesystems or storage devices, as well as creating filesystems for devices such as CD-ROMs and basic knowledge of filesystem encryption features.

Key knowledge areas:

• autofs configuration files.
  
• Know how automount units work.
  
• Tools and utilities for UDF and ISO9660.
  
• Know other file systems for CD-ROM (HFS).
  
• Know file system extensions for CD-ROM (Joliet, Rock Ridge, El Torito).
  
• Basic knowledge of data encryption features (dm-crypt / LUKS).

Topic 204: Advanced storage device management

204.1 RAID Configuration

The candidate must know how to configure and implement software RAID. This includes the use and configuration of RAID 0, 1 and 5.

Key knowledge areas:

• Configuration files and utilities for implementing software RAID.

204.2 Adjusting storage device access

The candidate must be able to configure kernel options to support various storage drives as well as use software tools to visualize and modify hard drive configurations (including iSCSI devices).

Key knowledge areas:

• Tools and utilities for configuring DMA on IDE devices (including ATAPI and SATA).
  
• Tools and utilities for configuring solid-state drives (including AHCI and NVMe).
  
• Tools and utilities for manipulating or analyzing system resources (e.g., interrupts).
  
• Know the `sdparm` command and its various uses.
  
• Tools and utilities for working with iSCSI.
  
• Know SAN, including relevant protocols such as AoE and FCoE.

204.3 Managing logical volumes

The candidate must be able to create and delete logical volumes, volume groups, and physical volumes. This objective also includes managing snapshots and resizing logical volumes.

Key knowledge areas:

• LVM suite tools.
  
• Resize, rename, create and delete logical volumes, volume groups and physical volumes.
  
• Create and maintain snapshots.
  
• Activate volume groups.

Topic 205: Network Configuration

205.1 Basic network configuration

The candidate must know how to configure a network device to connect to a local area network (wired or wireless) and a wide area network. Additionally, the candidate must be able to establish communication between several subnets of the same network (both IPv4 and IPv6).

Key knowledge areas:

• Utilities for configuring and manipulating Ethernet network interfaces.
  
• Configure basic access to wireless networks.

205.2 Advanced network configuration

The candidate must know how to configure a network device to implement various network authentication schemes. Additionally, the candidate must be able to configure a multi-card network device and troubleshoot communication issues.

Key knowledge areas:

• Utilities to manipulate routing tables.
  
• Utilities for configuring and manipulating Ethernet network interfaces.
  
• Utilities to manipulate the status of network devices.
  
• Utilities to monitor and analyze TCP/IP traffic.

205.3 Network troubleshooting

The candidate must be able to identify and correct common network configuration problems as well as know the location of basic commands and configuration files.

Key knowledge areas:

• Location and content of access restriction files.
  
• Utilities for configuring and manipulating Ethernet network interfaces.
  
• Utilities for managing routing tables.
  
• Utilities for producing network status listings.
  
• Utilities to obtain information about network configuration.
  
• Methods for obtaining information about recognized and used hardware devices.
  
• System initialization files and their content (Systemd and SysV init).
  
• Knowledge about NetworkManager and its impact on network configuration.

Topic 206: System Maintenance

206.1 Compile and install programs from source code

The candidate must be able to compile and install an executable program from its source code. Additionally, the candidate must know how to unpack a file containing source code.

Key knowledge areas:

• Unpack source code using common compression and archiving utilities.
  
• Understand what happens when the `make` command is invoked to compile programs.
  
• Apply parameters to a configuration script.
  
• Know the default location of program source code.

206.2 Backup operations

The candidate must be able to use system tools to back up important information.

Key knowledge areas:

• Know which files to include in backups.
  
• Be familiar with network backup solutions such as Amanda, Bacula, Bareos, and BackupPC.
  
• Know the benefits and drawbacks of tapes, CD-Rs, disks, and other backup media.
  
• Perform partial and manual backups.
  
• Verify the integrity of backup files.
  
• Restore backups fully or partially.

206.3 Notify users about system-related issues

The candidate must be able to notify users about system-related issues.

Key knowledge areas:

• Automate communication with users through login messages.
  
• Inform active users about system maintenance.

LPIC-2 202

Topic 207: Domain Name Server

207.1 Basic DNS server configuration

The candidate must know how to configure BIND to act as an authoritative DNS server and as a recursive or caching DNS server. Additionally, the candidate must be able to administer a running DNS server and configure records.

Key knowledge areas:

• BIND 9.x terms, utilities, and configuration files.
  
• Define the location of zone files within BIND configuration files.
  
• Reload modified configurations and zone files.
  
• Be familiar with dnsmasq, djbdns, and PowerDNS as alternative name servers.

207.2 Creation and maintenance of DNS zones

The candidate must be able to create zone files for forward or reverse zones as well as hints for the root servers. This objective also includes knowing how to set appropriate values for records, add hosts to zones, and zones to the Domain Name System. Finally, the candidate must also be able to delegate zones to another DNS server.

Key knowledge areas:

• BIND 9 terms, utilities, and configuration files.
  
• Utilities to request information from the DNS server.
  
• Design, content, and location of BIND zone files.
  
• Methods for adding a new host to zone files — including reverse zones.

207.3 Securing the DNS server

The candidate must know how to configure a DNS server to run without root privileges and within a chroot jail. This objective also includes the secure exchange of data between DNS servers.

Key knowledge areas:

• BIND 9 configuration files.
  
• Configuring BIND to run within a chroot jail.
  
• Split configuration of BIND by declaring forwarders.
  
• Configuration and use of Transaction Signatures (TSIG).
  
• Know DNSSEC and its basic tools.
  
• Know DANE and its records.

Topic 208: HTTP Services

208.1 Basic Apache configuration

The candidate must know how to install and configure a web server, as well as be able to monitor server performance and load, restrict client access, configure support for scripting languages as modules, and configure client authentication. This objective also includes configuring server options to restrict resource usage, configuring the web server to use virtual hosts, and customizing file access.

Key knowledge areas:

• Apache 2.4 files, terms, and utilities.
  
• Apache log file configuration and content.
  
• Access restriction files and methods.
  mod_perl and PHP configuration.
  
• Client authentication files and utilities.
  
• Configuring maximum requests and maximum and minimum server and client numbers.
  
• Implementing virtual hosts in Apache 2.4 (with and without dedicated IP address).
  
• Using redirect statements in Apache configuration files to customize file access.

208.2 Configuring Apache for HTTPS

The candidate must be able to configure a web server to provide HTTPS.

Key knowledge areas:

• SSL utilities, tools, and configuration files.
  
• Generate private keys for the server and Certificate Signing Requests (CSR) for a commercial Certification Authority (CA).
  
• Generate a self-signed certificate.
  
• Installation of keys and certificates, including the role of intermediate CAs.
  
• Configure virtual hosting using Server Name Indication (SNI).
  
• Know issues related to virtual hosting and SSL use.
  
• Security issues related to the use of SSL and deactivation of insecure protocols and ciphers.

208.3 Implementing Squid as a proxy cache server

The candidate must be able to install and configure a proxy server, including access policies, authentication, and resource usage.

Key knowledge areas:

• Squid 3.x utilities, terms, and configuration files.
  
• Access restriction methods.
  
• Client authentication methods.
  
• Design and content of Access Control Lists (ACLs) in Squid configuration files.

208.4 Implementing Nginx as a web server and as a reverse proxy server

The candidate must be able to install and configure Nginx as a reverse proxy server. This objective also includes basic configuration of Nginx as an HTTP server.

Key knowledge areas:

• Nginx.
  
• Reverse proxy server.
  
• Basic web server.

Topic 209: File Sharing

209.1 Samba server configuration

The candidate must be able to configure a Samba server for various clients, either as a standalone server or integrated as a member of an Active Directory. This objective covers simple CIFS configuration and printer sharing, as well as configuring a Linux client to use a Samba server. Troubleshooting Samba installation is also included in this objective.

Key knowledge areas:

• Samba 4 documentation.
  
• Samba 4 configuration files.
  
• Samba 4 tools, utilities, and daemons.
  
• Mounting CIFS shares in Linux.
  
• Mapping Windows user names to Linux user names.
  
• Security at different levels: user, share, and AD.

209.2 NFS server configuration

The candidate must be able to export file systems using NFS. This objective also includes access restrictions, mounting NFS file systems on a client, and securing NFS.

Key knowledge areas:

• NFS version 3 configuration files.
  
• NFS utilities and tools.
  
• Access restrictions to certain hosts and/or subnets.
  
• Mount options on the server and client.
  
• TCP Wrappers.
  
• Know NFSv4.

Topic 210: Network Client Administration

210.1 DHCP Configuration

The candidate must be able to configure a DHCP server, which involves knowing how to set default and per-client options, as well as adding static and BOOTP clients. Also included in this objective is configuring a DHCP relay agent and maintaining the DHCP server.

Key knowledge areas:

• DHCP utilities, terms, and configuration files.
  
• Subnets and dynamically assigned range configuration.
  
• Know DHCPv6 and IPv6 router advertisements.

210.2 PAM authentication

The candidate must be able to configure PAM to enable authentication using various available methods. Basic SSSD functionality is included.

Key knowledge areas:

• PAM utilities, terms, and configuration files.
  
• passwd and shadow passwords.
  
• Using sssd for LDAP authentication.

210.3 Using the LDAP client

The candidate must be able to perform queries and updates to an LDAP server. This objective also includes importing and adding elements, as well as adding and managing users.

Key knowledge areas:

• LDAP utilities for data management and queries.
  
• Change user passwords.
  
• Queries to the LDAP directory.

210.4 OpenLDAP server configuration

The candidate must know how to configure a basic OpenLDAP server, which includes knowledge of the LDIF format and basic access controls.

Key knowledge areas:

• OpenLDAP.
  
• Directory-based configuration.
  
• Access control.
  
• Distinguished Names.
  
• Change type operations.
  
• Schemas and White Pages.
  
• Directories.
  
• Classes, attributes, and object IDs.

Topic 211: Email Services

211.1 Using email servers

The candidate must be able to administer an email server, which includes configuring aliases, quotas, and virtual domains, as well as configuring internal relays and monitoring the server.

Key knowledge areas:

• Postfix configuration files.
  
• Basic TLS configuration for postfix.
  
• Basic knowledge of the SMTP protocol.
  
• Know sendmail and exim.

211.2 Managing email delivery

The candidate must be able to implement client email management software to filter, sort, and monitor incoming email.

Key knowledge areas:

• Understand Sieve functionality, syntax, and operators.
  
• Using Sieve to filter and sort mail by sender, recipient(s), headers, and size.
  
• Know procmail.

211.3 Mailbox access administration

The candidate must know how to install and configure POP and IMAP daemons.

Key knowledge areas:

• Configuration and administration of Dovecot, IMAP, and POP3.
  
• Basic TLS configuration for Dovecot.
  
• Know Courier.

Topic 212: System Security

212.1 Router configuration

The candidate must be able to configure the system to forward IP packets and perform network address translations (NAT, IP masquerading), indicating its importance in network protection. This objective also includes configuring port forwarding, managing filtering rules, and preventing attacks.

Key knowledge areas:

• Iptables and ip6tables configuration files, tools, and utilities.
  
• Tools, commands, and utilities for managing routing tables.
  
• Private address ranges (IPv4); Unique Local Addresses and Link-Local Addresses (IPv6).
  
• Port redirection and IP forwarding.
  
• List and write filtering rules that accept or block IP packets based on source or destination protocol, port, and address.
  
• Save and reload filtering configurations.

212.2 FTP server administration

The candidate must be able to configure an FTP server for anonymous downloads and uploads. This objective also includes precautions to be taken if anonymous uploads are allowed and user access configuration.

Key knowledge areas:

• Configuration files, tools, and utilities for Pure-FTPd and vsftpd.
  
• Know ProFTPd.
  
• Understanding active vs. passive FTP connections.

212.3 Secure Shell (SSH)

The candidate must know how to configure and secure an SSH daemon. This objective also includes managing keys and configuring SSH for users, as well as forwarding an application protocol over SSH and managing SSH login.

Key knowledge areas:

• OpenSSH configuration files, tools, and utilities.
  
• Login restrictions for superuser and normal users.
  
• Managing and using server and client keys for logging in with and without a password.
  
• Using multiple connections from multiple hosts to protect against loss of connection to a remote host after making configuration changes.

212.4 Security tasks

The candidate must be able to receive security alerts from various sources; install, configure, and run intrusion detection systems; and apply security patches and bug fixes.

Key knowledge areas:

• Tools and utilities for scanning and testing ports on a server.
  
• Locations and organizations that report security alerts such as Bugtraq, CERT, or other sources.
  
• Tools and utilities for implementing an Intrusion Detection System (IDS).
  
• Know OpenVAS and Snort.

212.5 OpenVPN

The candidate must know how to configure a virtual private network (VPN) and create secure point-to-point or site-to-site connections.

Key knowledge areas:

• OpenVPN

Languages of Linux LPIC-2 content and exam

The e-Learning components used for the training are in English and Spanish.

Available exam languages at VUE testing centers: English, German, Japanese, Portuguese (Brazilian)

Available exam languages online via OnVUE: English, Japanese

What are the requirements to take the Linux LPIC-2 course?

To obtain LPIC‑2 certification

To obtain LPIC‑2, you must have LPIC‑1 and pass exams 201 and 202.

To take the course

Experience equivalent to LPIC‑1 (basic Linux administration and networking) is recommended, as LPIC‑2 moves towards administration and services in real environments.

Frequently asked questions about Linux LPIC-2 training and certification

1) What certification do I get upon passing LPIC‑2?

You obtain the LPIC‑2 certification from LPI, which validates the ability to administer small to medium-sized mixed networks in Linux.

2) Is LPIC‑2 obtained with one exam or two?

LPIC‑2 requires passing two official exams: 201 and 202 (and having LPIC‑1).

3) What does LPIC‑2 Exam 201 cover?

It includes capacity planning, kernel, boot, file systems/devices, advanced storage, networking, and maintenance. [nanfor.com]

4) What does LPIC‑2 Exam 202 cover?

It includes DNS, web services, file sharing, network client management, mail, and security.

5) Does this course include an official exam?

It is available in two modalities: training only or training + 2 free exams (201 and 202).

6) What if I have LaaS Cert?

If you belong to the LaaS Cert program, the training does not include an exam.

7) Is Nanfor an official LPI Partner for Linux training and certification?

Yes. Nanfor indicates that it is a Platinum partner and is approved by the Linux Professional Institute (LPI) as a Training Partner and Channel Partner.