Questions for the 300-300 were updated on : Dec 01 ,2025
Which of the following statements about automount in a FreeIPA domain are true? (Choose two.)
C, D
Explanation:
Automounting in a FreeIPA domain involves several key aspects:
Base Configuration File (/etc/auto.master): The auto.master file is the main configuration file for the
automounter. It contains the master map which defines mount points and their corresponding maps.
This file is crucial for setting up automount points.
Example entry in /etc/auto.master:
plaintext
Copy code
/home /etc/auto.home
SSSD Requirement: In a FreeIPA domain, automount requires the System Security Services Daemon
(SSSD) to be installed and configured on each client. SSSD is used to retrieve automount maps from
the FreeIPA server, enabling the automount feature to function correctly.
Example configuration in /etc/sssd/sssd.conf:
[sssd] services = nss, pam, autofs config_file_version = 2 domains = example.com
[domain/example.com] autofs_provider = ipa ipa_server = _srv_
Reference:
Automount Configuration
FreeIPA SSSD Integration
Which of the following commands open NFSv4 ACLs in an editor? (Choose two.)
A, B
Explanation:
To open NFSv4 ACLs in an editor, the following commands can be used:
nfs4_setfacl -e: This command is used to set NFSv4 ACLs, and the -e option opens the ACLs in an
editor for modification. The command usage is:
This opens the ACL editor where the user can modify the ACLs for the specified file.
nfs4_editfacl: This command is a more intuitive way to edit NFSv4 ACLs directly in an editor. It
provides a user-friendly interface for managing ACLs.
Reference:
NFSv4 ACL Tools Documentation
NFSv4 ACLs
Given a proper network and name resolution setup, which of the following commands establishes a
trust between a FreeIPA domain and an Active Directory domain?
D
Explanation:
To establish a trust between a FreeIPA domain and an Active Directory domain, the correct command
is ipa trust-add. This command is used to add a trust relationship with an Active Directory (AD)
domain. The --type ad specifies the type of the trust, addom is the domain name, --admin
Administrator specifies the AD administrator account, and --password prompts for the
administrator's password.
The complete command looks like this:
a trust-add --type ad addom --admin Administrator --password
This command will initiate the trust creation process, which involves providing the credentials of the
AD administrator.
Reference:
FreeIPA Trusts
FreeIPA Trust Management
What is a correct statement about FreeIPA ID views?
C
Explanation:
In FreeIPA, ID views allow administrators to override default POSIX attributes for users and groups.
This feature is useful when integrating with other identity management systems, enabling specific
attribute values to be used on a per-host basis. This way, different POSIX attributes can be set for the
same user or group in different contexts.
Reference:
FreeIPA: ID Views
FreeIPA Documentation
When logging into a windows workstation which is member of an Active Directory domain, which of
the following user names refers to the local account bob instead of the domain-wide account bob?
C
Explanation:
When logging into a Windows workstation that is a member of an Active Directory domain, the .\
prefix is used to specify a local user account rather than a domain account. Therefore, to refer to the
local account bob, you would use .\bob.
Reference:
How to Log On to Your Computer if You Are a Domain User
Windows Logon Naming Conventions
Which of the following commands connects to the share Share on the Windows Server 2012 R2
server fs1 using the SMB3 protocol?
B
Explanation:
To connect to a share on a Windows server using the SMB3 protocol, the smbclient command with
the --max-protocol option should be used. The --max-protocol option allows you to specify the
highest SMB protocol version that should be used. Therefore, the correct command is smbclient --
max-protocol SMB3 //fs1/Share.
Reference:
smbclient man page
Samba: smbclient Command Options
Which parameter in a user object defines on which share the user's roaming profile is stored?
C
Explanation:
The profilePath parameter in a user object specifies the path to the user's roaming profile. A roaming
profile is a feature in Windows that allows user profile data to be stored on a network share so that
users can access their profiles from any workstation within the network. By setting the profilePath,
administrators can define where on the network the profile data is stored.
Reference:
Roaming User Profiles
User Account Properties
Which smbclient invocation displays a list of the available SMB shares on the remote Samba server
FileSrv1?
E
Explanation:
The smbclient command is used to access shared resources on a network that uses the SMB (Server
Message Block) protocol. To list the available SMB shares on a remote Samba server, the correct
invocation is smbclient -L <server_name>. Here, -L stands for "list" and <server_name> is the name
of the Samba server. Therefore, smbclient -L FileSrv1 will list all the available SMB shares on the
server named FileSrv1.
Reference:
smbclient man page
Samba: smbclient Command
Which of the following names identify services within a SSSD configuration file? (Choose three.)
A, D, E
Explanation:
In the SSSD (System Security Services Daemon) configuration file, various services can be defined to
handle different types of access and authentication. The services listed in the SSSD configuration file
under the [sssd] section can include:
kerberos: This service allows SSSD to handle Kerberos authentication.
nss (Name Service Switch): This service provides name resolution and manages user and group
information.
sudo: This service enables SSSD to provide sudo rules based on the identity provider.
These services are specified in the services attribute of the [sssd] section of the sssd.conf file.
Example:
[sssd] services = nss, pam, sudo domains = LDAP [nss] filter_users = root filter_groups = root [sudo]
sudo_provider = ldap
Reference:
SSSD Services
SSSD Man Pages
Which of the following sections in the Kerberos configuration file may contain the option
default_realm?
C
Explanation:
The Kerberos configuration file, typically located at /etc/krb5.conf, contains several sections, each
with different settings that control the behavior of Kerberos. The libdefaults section is where default
settings for Kerberos libraries are defined, and it may include the default_realm option.
Example:
[libdefaults] default_realm = EXAMPLE.COM dns_lookup_realm = false dns_lookup_kdc = true
Reference:
Kerberos Configuration
Red Hat Kerberos Configuration
Which of the following sections is always present in sssd.conf?
D
Explanation:
The sssd.conf file is the configuration file for the System Security Services Daemon (SSSD). SSSD
provides access to different identity and authentication providers. The configuration file typically
contains multiple sections, but the [sssd] section is always present. This section provides global
options that apply to all other sections of the file.
Example:
[sssd] config_file_version = 2 services = nss, pam domains = LDAP
Reference:
SSSD Configuration
SSSD Man Pages
FILL BLANK
Which command line option instructs smbclient to authenticate using an existing Kerberos token?
(Specify ONLY the option name without any values or parameters.)
-k
Explanation:
The smbclient command is used to access shared resources on a server running the SMB/CIFS
protocol. To authenticate using an existing Kerberos token, the -k option is used. This instructs
smbclient to use Kerberos for authentication, assuming that the user already has a valid Kerberos
ticket (usually obtained via the kinit command).
Example:
smbclient //server/share -k
Reference:
smbclient man page
Kerberos Authentication with Samba
Which of the following keywords are module types for PAM? (Choose three.)
C, D, E
Explanation:
Pluggable Authentication Modules (PAM) provides a system of libraries that handle the
authentication tasks of applications (services) on a Linux system. These libraries are loaded
dynamically and can be configured in the /etc/pam.d directory or in /etc/pam.conf. The PAM
modules are divided into four types:
auth (authentication): This module type is responsible for authenticating the user, setting up user
credentials, and initiating a session.
account: This module type manages account policies such as password expiration, access restrictions,
and checking user permissions.
password: This module type handles the updating of authentication tokens, such as passwords.
session: This module type manages tasks that need to be performed at the beginning and end of a
session, like mounting directories or logging.
Reference:
Linux PAM Documentation
Understanding PAM
Which of the following Group Policy Objects exist by default in an Active Directory domain? (Choose
two.)
A, B
Explanation:
Default Group Policy Objects in AD:
A . Default Domain Policy: This is a built-in GPO that is applied to all users and computers in the
domain. It contains security settings, password policies, and other domain-wide configurations.
B . Default Domain Controllers Policy: This GPO is specifically applied to the Domain Controllers
organizational unit (OU). It contains settings relevant to domain controllers, such as security settings
and audit policies.
Reference:
Active Directory Group Policy documentation
Best practices for managing Group Policy in Active Directory
FILL BLANK
What service name must be added to a database entry in /etc/nsswitch.conf to include SSSD as a
source of information? (Specify ONLY the service name without any parameters.)
sss
Explanation:
Adding SSSD to /etc/nsswitch.conf:
To include SSSD (System Security Services Daemon) as a source of information in the
/etc/nsswitch.conf file, the service name sss must be added. This is specified without any
parameters. The sss service allows the system to retrieve information from various sources, such as
LDAP, Kerberos, and others, as configured in SSSD.
Reference:
SSSD documentation
nsswitch.conf configuration guidelines