ATTENTION: If you belong to the LaaS Cert program, the training does not include an exam.

Official LPI Linux Course: LPIC-2 - Exam 201 and 202 Preparation plus 2 Free Exams

The LPIC-2 will validate the candidate's ability to manage small and medium-sized mixed networks.

Goals

This course covers the topics for preparing for exams 201 and 202 , required for the Linux LPI level 2 or LPIC-2 certification.

The main objectives are:

• Perform advanced system administration, including common tasks related to the Linux kernel, system startup, and maintenance
• Perform advanced block storage and file system management, as well as advanced networking, authentication, and system security, including firewalls and VPNs.
• Install and configure essential network services, including DHCP, DNS, SSH, web servers, file servers using FTP, NFS and Samba, email delivery
• Supervise attendees and advise management on automation and purchasing.

Contents for certification

To earn LPIC-2 certification , you must have LPIC-1 certification and pass exams 201 and 202. Topics for each exam include: 

LPIC-2 exam 201:

• Topic 200: Capacity Planning
• Topic 201: Linux Kernel
  
• Topic 202: System boot
  
• Topic 203: File system and devices
  
• Topic 204: Advanced storage device management
  
• Topic 205: Network Configuration
  
• Topic 206: System maintenance

LPIC-2 exam 202:

• Topic 207: Domain Name Server
  
• Topic 208: Web Services
  
• Topic 209: File Sharing
  
• Topic 210: Network Client Management
  
• Topic 211: Email Services
  
• Topic 212: Security system

LPIC-2 Exam 201

Topic 200: System Resource Planning

200.1 Measure resource use and identify and resolve associated problems

The candidate should be able to measure hardware resources and network bandwidth, as well as identify and resolve resource-related issues.

Key knowledge areas:

• Measure CPU usage.
• Measure memory usage.
  
• Measure disk I/O.
  
• Measure network I/O.
  
• Measure firewall and router performance.
  
• Map bandwidth per client.
  
• Match/correlate symptoms in the system with their possible causes.
• Make estimates of system performance and identify bottlenecks, including network bottlenecks.

200.2 Predict future resource needs

The candidate must be able to monitor resource usage to predict future needs.

Key knowledge areas:

• Use monitoring and measurement tools to monitor IT infrastructure usage.
  
• Predict the breaking point of a configuration with respect to capacity.
  
• Observe the growth rate of capacity utilization.
  
• Make graphs that reflect the trend of capacity usage.
  
• Learn monitoring solutions such as Icinga2, Nagios, collectd, MRTG, and Cacti

Topic 201: The Linux kernel

201.1 Kernel Components

The candidate must be able to use kernel components required for specific hardware, hardware drivers, resources, and system requirements. This objective includes implementing different types of kernel images, understanding the concepts of stable kernels, long-lived kernels, and patches, and knowing how to use kernel modules.

Key knowledge areas:

• Documentation for 2.6.x, 3.x and 4.x kernels

201.2 Compiling a Linux Kernel

The candidate must be able to properly configure a Linux kernel to include or disable special features, as well as compile and recompile it as needed. The objective also includes the ability to update it, create an initial memory image (initrd), and install new kernels.

Key knowledge areas:

• /usr/src/linux/
  
• Kernel Makefiles.
  
• Targets of the make command for 2.6.x, 3.x, and 4.x kernels.
  
• Customize kernel settings.
  
• Build a new kernel and corresponding modules.
  
• Install a new kernel and any necessary modules.
  
• Ensure that the bootloader can locate the new kernel and associated files.
  
• Module configuration files.
  
• Using DKMS to compile kernel modules.
  
• Have knowledge about dracut.

201.3 Kernel Runtime Management and Troubleshooting

The candidate should be able to manage and/or query a 2.6.x, 3.x, or 4.x kernel and the modules that can be loaded within it; identify and correct common boot and runtime issues; understand device management and detection using the udev tool; and troubleshoot issues related to udev rules.

Key knowledge areas:

• Use command-line utilities to obtain information about the running kernel and its modules.
  
• Load and unload kernel modules manually.
  
• Determine when modules can be downloaded.
  
• Determine what parameters a module accepts.
  
• Configure the system to load modules by a name other than their file name.
  
• /proc file system.
  
• Contents of /, /boot/ , and /lib/modules/.
  
• Tools and utilities to analyze information concerning available hardware.
  
• Udev rules.

Topic 202: System startup

202.1 Customize system startup

The candidate should be able to query the status of system services on different targets/runlevels, as well as modify their behavior. A thorough understanding of systemd, SysV Init, and the Linux boot process is required. The objective includes interaction with systemd targets and SysV Init runlevels.

Key knowledge areas:

• Systemd
  
• SysV init
  
• Linux Standard Base Specification (LSB)

202.2 System Recovery

The candidate must be competent in manipulating a Linux system, both during the boot process and in recovery mode. They must be familiar with the init utility and related kernel options. They must also be able to determine the causes of errors that occur during boot and use of GRUB version 2 and GRUB Legacy boot loaders on both BIOS and UEFI systems.

Key knowledge areas:

• BIOS and UEFI.
  
• NVMe boot.
  
• GRUB version 2 and Legacy.
  
• The grub shell.
  
• Boot sequence: the bootloader gives way to the kernel.
  
• Loading the kernel.
  
• Hardware initialization and configuration.
  
• Initialization and configuration of daemons/services.
  
• Know the possible installation locations of the bootloader on both a hard drive and a removable device.
  
• Use the bootloader shell and override standard bootloader options.
  
• Using systemd rescue and emergency modes.

202.3 Alternative Boot Loaders

The candidate must be familiar with alternative boot loaders to GRUB and their main features.

Key knowledge areas:

• SYSLINUX, ISOLINUX, PXELINUX.
  
• Understand how PXE works for BIOS and UEFI.
  
• Know systemd-boot and U-Boot.

Topic 203: File systems and devices

203.1 Managing the Linux File System

The candidate should be able to correctly configure and navigate the standard Linux file system, as well as configure and mount various types of file systems.

Key knowledge areas:

• fstab configuration.
  
• Tools and utilities for managing swap partitions and files.
  
• Using Universally Unique Identifiers (UUIDs) to identify and mount file systems.
  
• Understanding systemd mount units.

203.2 Maintaining a Linux File System

The candidate should be able to properly maintain a Linux file system using system utilities. This includes manipulating standard file systems and monitoring devices with SMART technology.

Key knowledge areas:

• Tools and utilities for manipulating ext2, ext3 and ext4 file systems.
  
• Tools and utilities for performing basic operations on a Btrfs file system, including creating subvolumes and snapshots.
  
• Tools and utilities for manipulating an XFS file system.
  Get to know the ZFS file system.

203.3 Create and configure file system options

The candidate should be able to configure self-mounting file systems using AutoFS. This includes configuring automounting for network file systems or storage devices, as well as creating file systems for devices such as CD-ROMs and basic knowledge of file system encryption features.

Key knowledge areas:

• Autofs configuration files.
  
• Know how automount units work.
  
• Tools and utilities for UDF and ISO9660.
  
• Know other file systems for CD-ROM (HFS).
  
• Know file system extensions for CD-ROMs (Joliet, Rock Ridge, El Torito).
  
• Basic knowledge of data encryption features (dm-crypt / LUKS).

Topic 204: Advanced storage device management

204.1 RAID Configuration

The candidate must know how to configure and implement software RAID. This includes the use and configuration of RAID 0, 1, and 5.

Key knowledge areas:

• Configuration files and utilities for implementing software RAID.

204.2 Storage Device Access Settings

The candidate should be able to configure kernel options to support multiple storage drives as well as use software tools to view and modify hard drive configurations (including iSCSI devices).

Key knowledge areas:

• Tools and utilities to configure DMA on IDE devices (including ATAPI and SATA).
  
• Tools and utilities for configuring solid-state drives (including AHCI and NVMe).
  
• Tools and utilities to manipulate or analyze system resources (e.g. interrupts).
  
• Understand the sdparm command and its different uses.
  
• Tools and utilities for working with iSCSI.
  
• Understand SAN, including relevant protocols such as AoE and FCoE.

204.3 Logical Volume Management

The candidate must be able to create and delete logical volumes, volume groups, and physical volumes. This objective also includes managing snapshots and resizing logical volumes.

Key knowledge areas:

• LVM Suite Tools.
  
• Resize, rename, create, and delete logical volumes, volume groups, and physical volumes.
  
• Create and maintain snapshots.
  
• Activate volume groups.

Topic 205: Network Configuration

205.1 Basic Network Configuration

The candidate must know how to configure a network device to connect to a local area network (wired or wireless) and a wide area network. Likewise, the candidate must be able to establish communication between multiple subnets of the same network (both IPv4 and IPv6).

Key knowledge areas:

• Utilities for configuring and manipulating Ethernet network interfaces.
  
• Configure basic access to wireless networks.

205.2 Advanced Network Configuration

The candidate must be able to configure a network device to implement various network authentication schemes. Likewise, the candidate must be able to configure a multi-homed network device and troubleshoot communication issues.

Key knowledge areas:

• Utilities for manipulating routing tables.
  
• Utilities for configuring and manipulating Ethernet network interfaces.
  
• Utilities to manipulate the status of network devices.
  
• Utilities for monitoring and analyzing TCP/IP traffic.

205.3 Network Troubleshooting

The candidate should be able to identify and correct common network configuration problems, as well as understand the location of basic commands and configuration files.

Key knowledge areas:

• Location and content of access restriction files.
  
• Utilities for configuring and manipulating Ethernet network interfaces.
  
• Utilities for managing routing tables.
  
• Utilities for producing lists of network statuses.
  
• Utilities for obtaining information about network configuration.
  
• Methods for obtaining information about recognized and used hardware devices.
  
• System initialization files and their contents (Systemd and SysV init).
  
• Knowledge of NetworkManager and its impact on network configuration.

Topic 206: System maintenance

206.1 Compiling and installing programs from source code

The candidate must be able to compile and install an executable program from its source code. The candidate must also know how to unpack an archive containing source code.

Key knowledge areas:

• Unpack source code using common compression and archiving utilities.
  
• Understand what happens when you invoke the make command to compile programs.
  
• Apply parameters to a configuration script.
  
• Know the default location of the source code of the programs.

206.2 Backup Operations

The candidate must be able to use system tools to back up important information.

Key knowledge areas:

• Know which files to include in backups.
  
• Learn about network backup solutions such as Amanda, Bacula, Bareos, and BackupPC.
  
• Understand the benefits and drawbacks of tapes, CD-Rs, disks, and other backup media.
  
• Perform partial and manual backups.
  
• Verify the integrity of backup files.
  
• Restore backups in full or in part.

206.3 Notify users about system-related problems

The candidate must be able to notify users about system-related issues.

Key knowledge areas:

• Automate communication with users through login messages.
  
• Inform active users about system maintenance.

LPIC-2 Exam 202

Topic 207: Domain Name Server

207.1 Basic DNS Server Configuration

The candidate must know how to configure BIND to function as an authoritative DNS server and as a recursive or caching DNS server. The candidate must also be able to manage a running DNS server and configure records.

Key knowledge areas:

• BIND 9.x Terms, Utilities, and Configuration Files
  
• Define the location of zone files within BIND configuration files.
  
• Reload modified configurations and zone files.
  
• Know dnsmasq, djbdns and PowerDNS as alternative name servers.

207.2 Creating and Maintaining DNS Zones

The candidate must be able to create zone files for forward and reverse zones, as well as hints for root servers. This objective also includes knowing how to set appropriate values ​​for records, add hosts to zones, and add zones to the Domain Name System. Finally, the candidate must also be able to delegate zones to another DNS server.

Key knowledge areas:

• BIND 9 Terms, Utilities, and Configuration Files
  
• Utilities to request information from the DNS server.
  
• Design, content, and location of BIND zone files.
  
• Methods for adding a new host to zone files — including reverse zones.

207.3 Securing the DNS Server

The candidate must know how to configure a DNS server to work without root permissions and within a chroot jail. This objective also includes secure data exchange between DNS servers.

Key knowledge areas:

• BIND 9 configuration files.
  
• Configuring BIND to run inside a chroot jail.
  
• Split BIND configuration by declaring forwarders.
  
• Configuring and using transaction signatures (TSIG).
  
• Learn DNSSEC and its basic tools.
  
• Get to know DANE and its records.

Topic 208: HTTP Services

208.1 Basic Apache Configuration

The candidate must be able to install and configure a web server, monitor server performance and load, restrict client access, configure support for scripting languages ​​such as modules, and configure client authentication. This objective also includes configuring server options to restrict resource usage, configuring the web server to use virtual hosts, and customizing file access.

Key knowledge areas:

• Apache 2.4 Files, Terms, and Utilities
  
• Configuration and content of Apache log files.
  
• Files and access restriction methods.
  mod_perl and PHP configuration.
  
• Client authentication files and utilities.
  
• Setting the maximum number of requests and the maximum and minimum number of servers and clients.
  
• Implementing virtual hosts in Apache 2.4 (with and without dedicated IP address).
  
• Using redirect statements in configuration files
• Apache to customize file access.

208.2 Configuring Apache for HTTPS

The candidate must be able to configure a web server to provide HTTPS.

Key knowledge areas:

• SSL utilities, tools, and configuration files.
  
• Generate private keys for the server and Certificate Signing Requests (CSRs).
• Certificate Signing Request) for a commercial Certification Authority (CA).
  
• Generate a self-signed certificate.
  
• Installing keys and certificates, including the role of intermediate CAs.
  
• Configuring virtual hosting using Server Name Indication (SNI).
  
• Learn about issues related to virtual hosting and the use of SSL.
  
• Security issues related to the use of SSL and disabling insecure protocols and ciphers.

208.3 Implementing Squid as a caching proxy server

The candidate should be able to install and configure a proxy server, including access policies, authentication, and resource usage.

Key knowledge areas:

• Squid 3.x utilities, terms, and configuration files.
  
• Access restriction methods.
  
• Client authentication methods.
  
• Design and content of Access Control Lists (ACLs) in Squid configuration files.

208.4 Implementing Nginx as a Web Server and Reverse Proxy Server

The candidate should be able to install and configure Nginx as a reverse proxy server. This objective also includes basic configuration of Nginx as an HTTP server.

Key knowledge areas:

• Nginx.
  
• Reverse proxy server.
  
• Basic web server.

Topic 209: File Sharing

209.1 Samba Server Configuration

The candidate should be able to configure a Samba server for multiple clients, either as a standalone server or integrated as a member of Active Directory. This objective covers simple CIFS configuration and printer sharing, as well as configuring a Linux client to use a Samba server. Troubleshooting Samba installation is also included in this objective.

Key knowledge areas:

• Samba 4 Documentation.
  
• Samba 4 configuration files.
  
• Samba 4 Tools, Utilities, and Daemons
  
• Mounting CIFS shares on Linux.
  
• Mapping Windows usernames to Linux usernames.
  
• Security at different levels: user, sharing and AD.

209.2 NFS Server Configuration

The candidate must be able to export file systems using NFS. This objective also covers access restrictions, mounting NFS file systems on a client, and securing NFS.

Key knowledge areas:

• NFS version 3 configuration files.
  
• NFS utilities and tools.
  
• Access restrictions to certain hosts and/or certain subnets.
  
• Mounting options on the server and client.
  
• TCP Wrappers.
  
• Know NFSv4.

Topic 210: Network Client Administration

210.1 DHCP Configuration

The candidate should be able to configure a DHCP server, which includes setting default and per-client options, as well as adding static and BOOTP clients. This objective also includes configuring a DHCP relay agent and maintaining the DHCP server.

Key knowledge areas:

• DHCP utilities, terms, and configuration files.
  
• Subnets and dynamically assigned range configuration.
  
• Learn about DHCPv6 and IPv6 router advertisements.

210.2 PAM Authentication

The candidate must be able to configure PAM to enable authentication using various available methods. Basic SSSD functionality is included.

Key knowledge areas:

• PAM utilities, terms, and configuration files.
  
• Passwd and shadow passwords.
  
• Using sssd for LDAP authentication.

210.3 Using the LDAP Client

The candidate must be able to perform queries and updates to an LDAP server. This objective also includes importing and adding items, as well as adding and managing users.

Key knowledge areas:

• LDAP utilities for data management and queries.
  
• Changing user passwords.
  
• LDAP directory queries.

210.4 OpenLDAP Server Configuration

The candidate should be able to configure a basic OpenLDAP server, including knowledge of the LDIF format and basic access controls.

Key knowledge areas:

• OpenLDAP.
  
• Directory-based configuration.
  
• Access control.
  
• Distinguished names.
  
• Exchange rate operations.
  
• Outlines and White Pages.
  
• Directories.
  
• Classes, attributes and object IDs.

Topic 211: Email Services

211.1 Use of email servers

The candidate should be able to administer an email server, including configuring aliases, quotas, and virtual domains, as well as configuring internal relays and monitoring the server.

Key knowledge areas:

• Postfix configuration files.
  
• Basic TLS configuration for postfix.
  
• Basic knowledge of the SMTP protocol.
  
• Know sendmail and exim.

211.2 Managing Email Delivery

The candidate must be able to implement the client's email management software to filter, sort, and monitor incoming email.

Key knowledge areas:

• Understand Sieve functionality, syntax, and operators.
  
• Using Sieve to filter and sort mail based on sender, recipient(s), headers, and size.
  
• Know procmail.

211.3 Managing mailbox access

The candidate must know how to install and configure the POP and IMAP daemons.

Key knowledge areas:

• Configuration and administration of Dovecot, IMAP and POP3.
  
• Basic TLS configuration for Dovecot.
  
• Meet Courier.

Topic 212: System security

212.1 Router Configuration

The candidate should be able to configure the system to forward IP packets and perform network address translation (NAT, IP masquerading), highlighting their importance in network protection. This objective also includes configuring port forwarding, managing filtering rules, and preventing attacks.

Key knowledge areas:

• Configuration files, tools, and utilities for iptables and ip6tables.
  
• Tools, commands and utilities for managing routing tables.
  
• Private address ranges (IPv4); Unique Local Addresses and Addresses
• Link Locations (IPv6).
  
• Port forwarding and IP forwarding.
  
• List and write filter rules that accept or block IP packets based on source or destination protocol, port, and address.
  
• Save and reload filter settings.

212.2 FTP Server Administration

The candidate must be able to configure an FTP server to perform anonymous downloads and uploads. This objective also includes precautions to be taken if anonymous uploads are allowed and user access configuration.

Key knowledge areas:

• Configuration files, tools, and utilities for Pure-FTPd and vsftpd.
  
• Get to know ProFTPd.
  
• Understanding Active vs. Passive FTP Connections

212.3 Secure Shell (SSH)

The candidate must be able to configure and secure an SSH daemon. This objective also includes key management and SSH configuration for users, as well as forwarding an application protocol over SSH and managing SSH logins.

Key knowledge areas:

• OpenSSH configuration files, tools, and utilities.
  
• Login restrictions for superuser and regular users.
  
• Administration and use of server and client keys for login with and without password.
  
• Using multiple connections from multiple hosts to protect against losing a connection to a remote host after making configuration changes.

212.4 Security Tasks

The candidate must be able to receive security alerts from a variety of sources; install, configure, and run intrusion detection systems; and apply security patches and bug fixes.

Key knowledge areas:

• Tools and utilities for scanning and testing ports on a server.
  
• Places and organizations that report security alerts such as Bugtraq, CERT, or other sources.
  
• Tools and utilities for implementing an intrusion detection system (IDS).
  
• Know OpenVAS and Snort.

212.5 OpenVPN

The candidate must know how to configure a virtual private network (VPN) and create secure point-to-point or site-to-site connections.

Key knowledge areas:

• OpenVPN

Language

The e-Learning components on which the training is conducted are in English and Spanish .

Exam languages ​​available at VUE test centers: English, German, Japanese, Portuguese (Brazilian)

Languages ​​for exams available online through OnVUE: English, Japanese

Requirements

The candidate must have an active LPIC-1 certification to receive the LPIC-2 certification.