LinuC Level 2

LinuC-2

Exam 202 Objectives (Version 10.0)

LinuC Level 2 certification is awarded after passing both Exam 201 and Exam 202 and having an active LinuC Level 1 certification. The exams may be taken in any order. The objectives of level 2 cover the advanced technology necessary for Linux engineers common to Linux distributions.

Each item of the objectives is weighted for its importance. The weight is approximately in the range 1 to 10, and indicates the relative importance of the topic covered. Questions on topics with higher weight appear more often in the exams.

Topic 2.07: Network client management

2.07.1 DHCP server configuration and management
Weight	2
Overview	Candidates can set up a DHCP server. This includes setting default and per-client options, as well as adding static and BOOTP hosts. It also includes setting up a DHCP relay agent and maintaining a DHCP server.
Details	DHCP configuration files, terms, utilities arp, dhcpd, dhcpd.conf, dhcpd.leases DHCP log messages in syslog and systemd journals Subnet and dynamic allocation range settings Know about DHCPv6 and IPv6 router advertisements. radvd, radvd.conf

2.07.2 PAM authentication
Weight	3
Overview	Candidates can configure PAM to support authentication in various ways. This includes basic SSSD (System Security Services Daemon) functions.
Details	PAM configuration files, terms, utilities /etc/pam.d/, pam.conf, nsswitch.conf, sssd.conf pam_unix, pam_cracklib, pam_limits, pam_listfile, pam_sss

2.07.3 How to use LDAP client
Weight	2
Overview	Candidates can query and update LDAP server. It also includes adding and importing items and adding and managing users.
Details	LDAP utility for data management ldapadd, ldapdelete, ldapmodify Query the LDAP directory. ldapsearch Change the user password. ldappasswd

2.07.4 OpenLDAP server settings
Weight	2
Overview	Candidates set up a basic OpenLDAP server, including knowledge of the LDIF format and important access controls.
Details	OpenLDAP slapadd, slapcat, slapindex, slapd, /var/lib/ldap/ Directory-based settings slapd-config Access control slapd.access Distinguished Name (DN) LDIF directory Work with entries Schema Object ID, attribute, class White page

Topic 2.08: Domain Name Server

2.08.1 BIND configuration and management
Weight	3
Overview	Candidates can configure BIND to act as an authoritative server, a recursive server, or a cache-only DNS server. This includes managing running servers and setting up logging.
Details	BIND configuration files, terms, utilities named.conf, host, dig, nslookup Define the location of the BIND zone file by the BIND configuration file. named.conf Reload the changed configuration file and zone file. rndc, named-checkconf Know about dnsmasq, Unbound, NSD, and PowerDNS as alternative nameservers.

2.08.2 Management of zone information
Weight	2
Overview	Candidates can create forward and reverse lookup zone files and root hint files. This includes setting appropriate values in the record, adding the host to the zone, and adding the zone to DNS. It also includes performing zone delegation to other DNS servers.
Details	BIND zone file layout, contents, file layout Zone file format, resource record format How to check when adding a new host to a zone file, including reverse zones named-compilezone, named-checkzone

2.08.3 Realization of secure DNS server
Weight	2
Overview	Candidates can configure the DNS server to run in a chroot environment as a non-root user. This includes the secure exchange of data between DNS servers.
Details	Set up BIND to run in a chroot environment. Split BIND configuration using forwarders statement. named.conf Know about DNSSEC and basic tools. dnssec-keygen, dnssec-signzone, TSIG(Transaction Signature) Know about DANE and related records.

Topic 2.09: HTTP Server and Proxy Server

2.09.1 Apache HTTP server configuration and management
Weight	3
Overview	Candidates can install and configure Apache HTTP Server. This includes monitoring server load and performance, limiting user access from clients, settings that support scripting languages as modules, and client user authentication settings. It also includes limiting resource usage through server option settings. Candidates can configure Apache HTTP Server to use a virtual host and customize access to files.
Details	Apache HTTP Server configuration files, terms, utilities httpd, apache2 httpd.conf, mod_auth_basic, mod_authz_host apachectl, apache2ctl Apache HTTP Server log file settings and contents Access log and error log Access restriction methods and files .htaccess, AuthUserFile, AuthGroupFile Files and utilities to authenticate client users htpasswd Maximum number of requests, minimum/maximum number of servers and number of clients Virtual host implementation in Apache HTTP Server Use the Redirect statement in the Apache HTTP Server configuration file to customize access to the file.

2.09.2 OpenSSL and HTTPS settings
Weight	3
Overview	Candidates can configure the Apache HTTP Server to provide HTTPS.
Details	SSL configuration file, tool /etc/ssl/, /etc/pki/ Apache HTTP server configuration file SSLEngine, SSLCertificateKeyFile, SSLCertificateFile SSLProtocol, SSLCipherSuite Generate a private key for the server and a CSR for a commercial CA. openssl Generate a self-signed certificate. openssl Install keys and certificates that include intermediate CAs. SSLCACertificateFile, SSLCACertificatePath Disable security issues with using SSL and insecure protocols and ciphers.

2.09.3 Nginx configuration and management
Weight	3
Overview	Candidates can install and configure the reverse proxy server, nginx. This includes configuring nginx as an HTTP server.
Details	nginx configuration and management /etc/nginx/, nginx nginx SSL settings ssl, ssl_certificate, ssl_certificate_key, ssl_ciphers, ssl_protocols Setting as a reverse proxy server proxy_pass, proxy_http_version, proxy_set_header Redirect with nginx.

2.09.4 Squid configuration and management
Weight	2
Overview	Candidates can install and configure a proxy server. This includes access policies, authentication and resource usage.
Details	Squid 3.x configuration files, terms and utilities squid.conf, squidclient How to restrict access http_access Client user authentication method ACL layout and contents in Squid configuration file acl

Topic 2.10: E-Mail Services

2.10.1 Postfix configuration and management
Weight	3
Overview	Candidates can manage email servers. This includes email aliases, access restrictions, and virtual domain settings. It also includes setting up internal email relays and monitoring email servers.
Details	Postfix configuration files, spools, log files /etc/postfix/, /etc/aliases, /var/spool/postfix/, /var/log/ mail related logs Postfix basic TLS configuration SMTP authentication settings Basic knowledge of the SMTP protocol Know exim

2.10.2 Dovecot settings and management
Weight	2
Overview	Candidates can install and configure POP and IMAP daemons.
Details	Dovecot POP and IMAP configuration and management /etc/dovecot/, dovecot.conf , doveconf, doveadm Basic TLS configuration for Dovecot

Topic 2.11: File Sharing Services

2.11.1 Samba configuration and management
Weight	4
Overview	Candidates can set up a Samba server for various clients. This includes setting up Samba for clients to log in to, workgroups for servers to join, defining shared directories, and troubleshooting installation.
Details	Samba configuration and log files /etc/samba/, /var/log/samba/ Samba utilities and daemons samba, smbd, nmbd, winbindd smbcontrol, smbstatus, testparm, smbpasswd, nmblookup, net, smbclient, samba-tool Map Windows usernames to Linux usernames. ACL and AD security getfacl, setfacl

2.11.2 NFS server configuration and management
Weight	3
Overview	Candidates can use NFS to export the file system. This includes access restrictions, mounting NFS file systems on clients, and NFS protection.
Details	NFS configuration file /etc/exports NFS utilities and daemons exportfs, showmount, nfsstat, rpcinfo mountd, portmapper Restrict access to specific hosts or subnets Mount options on server and client /etc/fstab, /proc/mounts

Topic 2.12: System Security

2.12.1 Packet filtering with iptables and firewalld
Weight	3
Overview	Candidates can protect the network by configuring your system to forward IP packets or perform network address translation (NAT or IP masquerading). This includes setting port redirection, managing filter rules, and evading attacks.
Details	iptables and ip6tables tools iptables, ip6tables IP packet forwarding /proc/sys/net/ipv4/, /proc/sys/net/ipv6/ Tools for managing the routing table Port redirection View and save filters and rules that accept and deny IP packets based on source and destination protocols, ports, and addresses /etc/services Save and reload filter settings iptables-save, iptables-restore Check and change the settings with firewalld. firewalld, firewall-cmd Can check and change the settings with ufw. ufw

2.12.2 OpenSSH server configuration and management
Weight	4
Overview	Candidates can configure and protect the SSH daemon. This includes key management and configuring SSH for users.
Details	OpenSSH server configuration file and daemon sshd, /etc/ssh/sshd_config /etc/ssh/ssh_host__key and ssh_host__key.pub Restrict login for super users and general users. PermitRootLogin, PubKeyAuthentication, AllowUsers, PasswordAuthentication

2.12.3 OpenVPN configuration and management
Weight	2
Overview	Candidates can set up VPN (Virtual Private Network) and secure point-to-point or site-to-site connections.
Details	Understand the functional outline of OpenVPN. OpenVPN configuration files and tools /etc/openvpn/, openvpn

2.12.4 Security work
Weight	3
Overview	Candidates can collect security alerts from various sources. Candidates can install, configure, and run an intrusion detection system. Candidates can apply security patches and bug fixes.
Details	Utility to test and scan server ports netcat(nc, ncat), nmap, iptables, firewalld Knowledge of the organizations that report Bugtraq, CERT, CIAC and other security alerts and their addresses A utility that implements IDS (Intrusion Detection System) fail2ban, snort Know about OpenVAS and OpenSCAP.

Topic 2.13: System Architecture

2.13.1 Realization method of high availability system
Weight	2
Overview	Candidates understand the system configuration that achieves the required level of availability.
Details	Understand the events that affect availability. Failure/fault patterns, maintenance stoppages (planned, emergency), etc. Physical and logical failures SPoF, recoverability (difficulty, time) Know how to assess availability. However, the calculation formula is not included. MTBF, MTTR, availability, SLA RPO 、 RTO Know the system configuration that realizes high availability (HA). Realization of HA by redundancy Pacemaker, Corosync Be familiar with the concepts of clusters and load balancing as HA configuration types. Know the difference in availability levels due to physical and geographical distribution.

2.13.2 Ensure capacity planning and scalability
Weight	2
Overview	Candidates know how to extend the system in the near future in a system that can predict the required amount of resources in advance. In a system where the amount of resources required in the future cannot be easily predicted, candidates can continuously grasp the current resource usage status.
Details	Viewpoints and items of system resources that should be understood in order to create a capacity plan Know how to increase or decrease resources and what to be done. Scale up/down Scale out in Candidates know how to scale up. Reconfiguring a machine with the required amount of resources Candidates know how to scale out. Application configuration that can support scale-out (stateless configuration-DB, session, etc.) Increase or decrease nodes using configuration management tools or virtual machine images Access distributed load balancer, DNS round robin

2.13.3 System configuration on cloud services
Weight	2
Overview	Candidates understand the characteristics of the system configuration centered on IaaS on cloud services. Candidates understand that IaaS resources can be increased or decreased as needed.
Details	Understand the types of cloud storage. Storage that can be used only during instance operation (ephemeral storage) Storage that can be used across instance stop/start (persistent storage) Understand cloud network types. Fixed IP address, floating IP address Understand cloud network security. Tenant network, firewall (security group) Understand the key technologies and services that support the cloud. Object storage, messaging system (queue), autoscaler

2.13.4 Typical system architecture
Weight	3
Overview	Candidates understand the system configuration patterns for ensuring high availability and scalability.
Details	Know typical system configuration patterns and their characteristics. LAPP/LAMP configuration with PHP/Apache HTTP Server + PostgreSQL/MySQL Web 3-tier model with Web server + AP server + DB server Web 3-tier model that ensures redundancy by load balancer, HA configuration, and database replication Scalable web system by load balancer/DNS round robin + web server scale-out A scalable Web system that uses a proxy server cache and CDN Asynchronous data processing system utilizing messaging queue