Home » LPI » 117-201 » Which of the following actions would you take to achieve this?
You have been asked to block network access to an NFS sever. You need to block all access except NFS access. Which of the following actions would you take to achieve this?
A. Make sure that xinetd is switched off.
B. Place “ALL: ALL” in /etc/hosts.deny and “NFS: ALL” in /etc/hosts.allow
C. Add IPChains rules to deny all incoming packets except for portmapper
D. Place “ALL: ALL” in /etc/hosts.deny and “portmap: ALL” in /etc/hosts.allow
E. Ensure that the nfs-access.o module is configured into the kernel and use the command “nfs-ctl-allow <your IP range>” to provide the required access
Correct Answer: D
Explanation/Reference:
Explanation: The hosts.allow file is read before the hosts.deny file. This means that you can block access to ‘all’ in the hosts.deny file, but allow access to specific ports by specific hosts in the hosts.allow file. In this answer, we are blocking all ports to all hosts in the hosts.deny file. However, we are allowing access to the portmap service for all hosts in the hosts.allow file. (The portmap service is for access to NFS).
Reference: http://www.mandrakeuser.org/docs/connect/cnfs2.html
Incorrect Answers
A:Xinetd must be running.
B:NFS uses the portmapper service. Therefore, you should enter ‘portmap: ALL’ in the hosts.allow file.
C:IPChains is a firewall program. This may work (if you have IPChains running), however using the hosts.allow and hosts.deny files is much simpler.
E:The module and command in this question don’t exist or are incorrectly named.
Download Printable PDF. VALID exam to help you PASS.
|
|