LPIC-2 Certified Linux Engineer Changed 202-450 Questions

DNSSEC adds digital signatures to DNS records, which can be verified by the clients using public keys. This way, DNSSEC ensures that the DNS responses are authentic and have not been tampered with by attackers. DNSSEC does not encrypt DNS queries or answers, nor does it authenticate the user or the nameserver123

What is DNSSEC on DNS Server in Windows Server?1

How DNSSEC Works | Cloudflare

Sieve is a language for filtering and sorting email messages on a mail server. Sieve core filters are the basic actions that can be applied to a message that matches a set of conditions. The following actions are available in Sieve core filters:

• discard: This action discards the message silently, without sending any notification to the sender or the recipient. This action is useful for deleting spam or unwanted messages.
• fileinto: This action delivers the message to a specified mailbox. The mailbox can be an existing one or a new one that is created by the action. This action is useful for organizing messages into different folders based on their content or headers.
• reject: This action rejects the message and sends a notification to the sender with a specified reason. The message is not delivered to the recipient. This action is useful for informing the sender that the message was not accepted due to some policy or error.

The other options are not valid actions in Sieve core filters. drop, relay, and fileinto are not recognized keywords by Sieve.

References:

• Sieve: An Email Filtering Language, section 2.10, “Actions”
• Sieve Tutorial, section 4, “Actions”

An open relay is a mail server that allows anyone to send e-mail through it without authentication or authorization. This can expose the mail server to spam, abuse, and blacklisting. To prevent the mail server from being used as an open relay, while maintaining the possibility to receive company mails, the following actions would help:

• Restrict Postfix to only accept e-mail for domains hosted on this server. This can be done by setting the mydestination parameter in the /etc/postfix/main.cf file to include the company domains, and the smtpd_recipient_restrictions parameter to reject_unauth_destination. This will ensure that Postfix will only accept mail for the domains that it is responsible for, and reject mail for other domains unless the sender is authenticated or authorized. For example:

mydestination = example.com, example.net, localhost smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination

• Restrict Postfix to only relay outbound SMTP from the internal network. This can be done by setting the mynetworks parameter in the /etc/postfix/main.cf file to include the IP addresses or networks of the internal hosts that are allowed to relay mail through Postfix, and the smtpd_relay_restrictions parameter to permit_mynetworks. This will ensure that Postfix will only relay mail from the trusted internal hosts, and reject mail from external hosts unless the sender is authenticated or authorized. For example:

mynetworks = 192.168.0.0/24, 127.0.0.0/8 smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination

The other actions would not help prevent the mail server from being used as an open relay, or they would affect the functionality of the mail server. Configuring Dovecot to support IMAP connectivity would not affect the SMTP relay, but it would allow users to access their mailboxes remotely. Configuring netfilter to not permit port 25 traffic on the public network would prevent the mail server from receiving any mail from the outside world, which would defeat the purpose of having a mail server. Upgrading the mailbox format from mbox to maildir would not affect the SMTP relay, but it would change the way the mail messages are stored on the disk.

References:

• LPIC-2 Exam 202 Objectives, Objective 205.3: Managing a postfix server
• Postfix Basic Configuration, Postfix Documentation
• Postfix SMTP relay and access control, Postfix Documentation
• How to disable open relay on Postfix? - Howtoforge, Forum
• Postfix SMTP relay without authentication | Guide - Bobcares, Blog

The security option in the smb.conf file determines how Samba authenticates users who try to access its shares. The value of security = share means that Samba does not require a valid username and password for each connection, but only for each share. This allows users to access shares anonymously, without providing any credentials. This is useful for setting up a guest printer service, where anyone can print to a shared printer without logging in. However, this option is deprecated and not recommended for security reasons. The other options are either invalid or irrelevant for this question.