LPIC-2 Exam 202
The LPIC-2 certification is the second level of the comprehensive professional certification program. It constitutes the second component of the two-part LPIC-2 course. By completing this course, you will gain expertise in advanced block storage and file system management, as well as advanced networking, authentication, and system security. This encompasses topics such as configuring firewalls and VPNs, installing and setting up essential network services like DHCP, DNS, SSH, Web servers, FTP, NFS, and Samba for file sharing, managing email delivery, and providing guidance on automation and procurement to assist and advise management.
Exam
Certification by
per person
Level
Duration
Training Delivery Format
Face-to-face / Virtual Class
Associated Certification
per person
Level
Duration
Training Delivery Format
Face-to-face (F2F) / Virtual Class
Associated Certification
Class types
Public Class
Private Class
In-House Training
Bespoke
About this course
The LPIC-2 Exam 202 serves as the second certification examination within the LPIC-2 certification program. Its purpose is to assess the advanced Linux administration and engineering skills necessary for professionals engaged in the management of extensive Linux installations and the design and implementation of intricate Linux-based solutions.
The LPIC-2 Exam 202 encompasses a diverse range of topics pertinent to Linux networking, security, and administration. These include:
- Domain Name System (DNS): This involves the configuration and administration of DNS servers, comprehension of DNS zone management, and familiarity with DNSSEC.
- Web Services: Here, the focus is on configuring and managing web servers, understanding virtual hosting, SSL/TLS encryption, and web application security.
- File Sharing: This topic entails configuring and managing file sharing services, understanding file permissions, Access Control Lists (ACLs), and implementing backup strategies.
- Network Client Management: This covers the configuration and management of network clients, including aspects of authentication, authorization, and configuration management.
- E-mail Services: The emphasis is on configuring and managing e-mail servers, encompassing protocols such as SMTP, IMAP, and POP3, as well as understanding e-mail security measures and spam filtering.
- System Security: This domain involves the configuration and management of system security, including the use of firewalls, SELinux, AppArmor, and securing network services.
- Network Configuration and Management: This covers the configuration and management of network interfaces, routing tables, and network settings. It also encompasses a solid understanding of network protocols like TCP/IP, DNS, DHCP, and IPsec.
- System Monitoring and Optimization: This topic focuses on monitoring system performance, kernel tuning, system optimization, and troubleshooting system issues.
- Automated Installations and Virtualization: Here, the emphasis is on configuring and managing automated installations using tools like Kickstart, understanding virtualization concepts, and effectively managing virtual machines.
Who should attend?
The LPIC-2 Exam 202 is designed for seasoned Linux experts who hold the responsibility of overseeing extensive Linux installations and creating intricate Linux-based solutions. The certification targets the following individuals:
- Linux system administrators who have already attained the LPIC-1 certification or possess equivalent knowledge and experience.
- IT professionals who interact with Linux-based systems and possess expertise in advanced Linux administration and engineering tasks.
- Linux engineers who bear the responsibility of devising and executing complex Linux-based solutions.
- Linux consultants who offer professional services relating to Linux-based systems.
- Linux trainers who provide instruction in advanced Linux administration and engineering.
Learning Outcome
The LPIC-2 Exam 202 aims to validate the advanced-level skills in Linux administration and engineering that professionals require to effectively manage large Linux installations and develop complex Linux-based solutions. The exam encompasses the following key learning objectives:
- Domain Name System (DNS): This involves the configuration and management of DNS servers, comprehension of DNS zone management, and understanding DNSSEC.
- Web Services: This objective covers the configuration and management of web servers, understanding virtual hosting, SSL/TLS encryption, and ensuring web application security.
- File Sharing: Here, the focus is on configuring and managing file sharing services, understanding file permissions, Access Control Lists (ACLs), and implementing effective backup strategies.
- Network Client Management: This objective encompasses the configuration and management of network clients, including aspects of authentication, authorization, and configuration management.
- E-mail Services: The emphasis is on configuring and managing e-mail servers, including protocols such as SMTP, IMAP, and POP3. Understanding e-mail security measures and spam filtering is also important.
- System Security: This domain involves the configuration and management of system security, including the use of firewalls, SELinux, AppArmor, and securing network services.
- Network Configuration and Management: This objective covers the configuration and management of network interfaces, routing tables, and network settings. Understanding network protocols such as TCP/IP, DNS, DHCP, and IPsec is essential.
- System Monitoring and Optimization: This objective focuses on monitoring system performance, tuning the kernel, optimizing system performance, and effectively troubleshooting system problems.
- Automated Installations and Virtualization: Here, the focus is on configuring and managing automated installations using tools like Kickstart, understanding virtualization concepts, and effectively managing virtual machines.
Course Content
Topic 207: Domain Name Server
207.1 Basic DNS server configuration
- BIND 9.x configuration files, terms and utilities
- Defining the location of the BIND zone files in BIND configuration files
- Reloading modified configuration and zone files
- Awareness of dnsmasq, djbdns and PowerDNS as alternate name servers
207.2 Create and maintain DNS zones
- BIND 9 configuration files, terms and utilities
- Utilities to request information from the DNS server
- Layout, content and file location of the BIND zone files
- Various methods to add a new host in the zone files, including reverse zones 207.3 Securing a DNS server
- BIND 9 configuration files
- Configuring BIND to run in a chroot jail
- Split configuration of BIND using the forwarders statement
- Configuring and using transaction signatures (TSIG)
- Awareness of DNSSEC and basic tools
- Awareness of DANE and related records
Topic 208: HTTP Services
208.1 Basic Apache configuration
- Apache 2.4 configuration files, terms and utilities
- Apache log files configuration and content
- Access restriction methods and files
- mod_perl and PHP configuration
- Client user authentication files and utilities
- Configuration of maximum requests, minimum and maximum servers and clients
- Apache 2.4 virtual host implementation (with and without dedicated IP addresses)
- Using redirect statements in Apache’s configuration files to customise file access
208.2 Apache configuration for HTTPS
- SSL configuration files, tools and utilities
- Generate a server private key and CSR for a commercial CA
- Generate a self-signed Certificate
- Install the key and certificate, including intermediate CAs
- Configure Virtual Hosting using SNI
- Awareness of the issues with Virtual Hosting and use of SSL
- Security issues in SSL use, disable insecure protocols and ciphers
208.3 Implementing Squid as a caching proxy
- Squid 3.x configuration files, terms and utilities
- Access restriction methods
- Client user authentication methods
- Layout and content of ACL in the Squid configuration files
208.4 Implementing Nginx as a web server and a reverse proxy
- Nginx
- Reverse Proxy
- Basic Web Server
Topic 209: File Sharing
209.1 Samba Server Configuration
- Samba 4 documentation
- Samba 4 configuration files
- Samba 4 tools and utilities and daemons
- Mounting CIFS shares on Linux
- Mapping Windows user names to Linux user names
- User-Level, Share-Level and AD security
209.2 NFS Server Configuration
- NFS version 3 configuration files
- NFS tools and utilities
- Access restrictions to certain hosts and/or subnets
- Mount options on server and client
- TCP Wrappers · Awareness of NFSv4
Topic 210: Network Client Management
210.1 DHCP configuration
- DHCP configuration files, terms and utilities
- Subnet and dynamically-allocated range setup
- Awareness of DHCPv6 and IPv6 Router Advertisements
210.2 PAM authentication
- PAM configuration files, terms and utilities
- passwd and shadow passwords
- Use sssd for LDAP authentication
210.3 LDAP client usage
- LDAP utilities for data management and queries
- Change user passwords
- Querying the LDAP directory
210.4 Configuring an OpenLDAP server
- OpenLDAP · Directory based configuration
- Access Control · Distinguished Names
- Changetype Operations
- Schemas and Whitepages
- Directories
- Object IDs, Attributes and Classes
Topic 211: E-Mail Services
211.1 Using e-mail servers
- Configuration files for postfix
- Basic TLS configuration for postfix
- Basic knowledge of the SMTP protocol
- Awareness of sendmail and exim
211.2 Managing E-Mail Delivery (weight: 2)
- Understanding of Sieve functionality, syntax and operators
- Use Sieve to filter and sort mail with respect to sender, recipient(s), headers and size
- Awareness of procmail
211.3 Managing Mailbox Access
- Dovecot IMAP and POP3 configuration and administration
- Basic TLS configuration for Dovecot
- Awareness of Courier Topic 212: System Security
212.1 Configuring a router
- iptables and ip6tables configuration files, tools and utilities
- Tools, commands and utilities to manage routing tables.
- Private address ranges (IPv4) and Unique Local Addresses as well as Link Local Addresses (IPv6)
- Port redirection and IP forwarding
- List and write filtering and rules that accept or block IP packets based on source or destination protocol, port and address
- Save and reload filtering configurations
212.2 Managing FTP servers
- Configuration files, tools and utilities for Pure-FTPd and vsftpd
- Awareness of ProFTPd
- Understanding of passive vs. active FTP connections
212.3 Secure shell (SSH)
- OpenSSH configuration files, tools and utilities
- Login restrictions for the superuser and the normal users
- Managing and using server and client keys to login with and without password
- Usage of multiple connections from multiple hosts to guard against loss of connection to remote host following configuration changes
212.4 Security tasks
- Tools and utilities to scan and test ports on a server
- Locations and organisations that report security alerts as Bugtraq, CERT or other sources
- Tools and utilities to implement an intrusion detection system (IDS)
- Awareness of OpenVAS and Snort 212.5 OpenVPN
· OpenVPN
Certification
LPIC-2, offered by the Linux Professional Institute (LPI), is the second certification in their multi-level professional certification program. It validates a candidate’s proficiency in administering mixed networks of small to medium sizes.
Current Version: 4.5 (Exam codes 201-450 and 202-450)
Objectives: 201-450, 202-450
Prerequisites: To obtain the LPIC-2 certification, candidates must hold an active LPIC-1 certification.
Requirements: Successfully pass exams 201 and 202. Each exam consists of 60 multiple-choice and fill-in-the-blank questions and lasts for 90 minutes.
Validity Period: The certification remains valid for 5 years unless the exams are retaken or a higher level certification is achieved.
Cost: Visit the provided link for exam pricing in your country.
Exam Languages Available at VUE Test Centers: English, German, Japanese, Portuguese (Brazilian)
Exam Languages Available Online via OnVUE: English, Japanese
To become LPIC-2 certified, candidates must demonstrate the following abilities:
- Proficiently perform advanced system administration tasks, including tasks related to the Linux kernel, system startup, and maintenance.
- Competently manage block storage and file systems, as well as possess advanced networking and authentication skills. This includes managing firewalls and VPNs.
- Successfully install and configure fundamental network services such as DHCP, DNS, SSH, web servers, file servers using FTP, NFS, and Samba, and email delivery.
- Provide supervision to assistants and offer advice to management regarding automation and purchasing decisions.
At this time, this course is available for private class and in-house training only. Please contact us for any inquiries.