LPI 300-300  Exam Dumps & Practice Test Questions

Question 1:

Which statement correctly describes how raw printing works with Samba?

A. Print jobs are submitted as vector files, including fonts, and then rendered and printed by Samba.
B. All print jobs sent to Samba are in raw PostScript format.
C. Files such as office documents are sent to the printer exactly as stored on disk, without any processing.
D. Samba converts printer-specific print jobs into raw data for compatibility with any printer.
E. Print jobs are processed and rendered on the client before Samba forwards them to the printer.

Correct Answer: C

Explanation:

Raw printing in the context of Samba means that print jobs are sent to the printer without any modification or processing by the Samba server. The data is transmitted in its exact binary form, exactly as it exists on the client disk. This approach is often used when the printer itself is capable of handling all the formatting, rendering, and printing internally, such as when dealing with printer-ready files like PDFs or pre-rendered PostScript documents.

Option A is incorrect because Samba does not process or render vector files and fonts in raw mode; that would be part of a non-raw or filtered printing process, where Samba or CUPS might interpret and convert print jobs before sending them to the printer.

Option B is also wrong since raw printing does not restrict the data format to PostScript. Raw printing simply passes the original file as-is, regardless of its format.

Option D is false because Samba does not perform any conversion from printer-specific job formats into raw data. The job is already in raw form before transmission.

Option E is incorrect because in raw printing, the rendering is not done on the client side. Samba forwards the raw bitstream directly to the printer.

In summary, raw printing with Samba is a pass-through method, where the print job is delivered exactly as stored, with no processing by Samba. This enables printers that are capable of interpreting their own print languages to function without interference, which is why option C is the correct description.

Question 2:

If a Samba share is configured with force directory mode = 0555 and a client creates a directory with permissions set to 0750, what permissions will that directory have on the Samba server?

A. 0755
B. 0750
C. 0200
D. 0555
E. 0777

Correct Answer: D

Explanation:

In Samba, the configuration directive force directory mode enforces specific permissions on directories created within the share, regardless of the permissions requested by the client. When the setting is force directory mode = 0555, it instructs Samba to override the client’s requested directory permissions and instead assign the permission mode 0555 to all newly created directories.

Let’s break down what this means: when a client attempts to create a directory with permissions 0750, Samba ignores this and enforces 0555. The mode 0555 grants read and execute permissions to the owner, group, and others but does not grant write permission to anyone. This means users can list and access the directory contents but cannot create, delete, or modify files within that directory.

Option A (0755) and B (0750) reflect permissions that might be requested or typical defaults but are overridden by the forced setting, so both are incorrect.

Option C (0200) corresponds to write-only permission for the owner and is irrelevant here.

Option E (0777) means full read, write, and execute permissions for everyone, which is contrary to the forced restrictive mode.

The key point is that force directory mode is a server-side override designed to maintain consistent directory permission policies on the Samba server, which enhances security and access control. No matter what the client tries to set, Samba will enforce 0555.

Therefore, the directory will have permissions 0555 after creation on the Samba server, making option D the correct answer.

Question 3:

Which smb.conf setting must be enabled to convert a standard Samba file share into a Distributed File System (DFS) share?

A. msdfs root = yes
B. addfs support = yes
C. dfs forward = yes
D. follow symlinks = yes
E. proxy share = yes

Correct Answer: A

Explanation:

In Samba, enabling Distributed File System (DFS) support requires configuring the smb.conf file properly. The key option responsible for transforming a regular file share into a DFS share is msdfs root = yes. This directive marks the share as a DFS root, allowing it to serve as the entry point in a DFS namespace.

DFS is a system designed to unify multiple shared folders across different servers into a single logical namespace. This abstraction simplifies resource access for users, enabling them to reach files stored on various servers seamlessly under one unified share path. When msdfs root is set to yes, Samba treats that share as part of this DFS structure, thereby allowing DFS referrals and the distributed management of shared folders.

Looking at the other options:

• addfs support = yes is not a recognized Samba directive and does not relate to DFS functionality. It might be a misunderstanding or confusion with another configuration parameter.

• dfs forward = yes is not valid in smb.conf and does not enable DFS features. Samba’s DFS support is handled primarily through msdfs root and related settings, not this option.

• follow symlinks = yes is a valid option but controls whether Samba follows symbolic links within a share, not DFS capabilities. It impacts how linked files or directories behave but does not convert a share into DFS.

• proxy share = yes is not an official smb.conf setting and does not influence DFS behavior.

Therefore, only msdfs root = yes correctly enables DFS root functionality in Samba, turning a standard share into a DFS share that can participate in a DFS namespace and provide referral services.

Question 4:

Which Samba share configuration parameter ensures that users only see files and folders they have permission to access?

A. hide unreadable = yes
B. valid files = read,write
C. browse mask = 000
D. browseable = readable
E. display mode = 100

Correct Answer: A

Explanation:

In Samba, managing the visibility of files and directories based on user permissions is crucial for both security and user experience. The parameter hide unreadable = yes is used within a share’s configuration to hide any files or folders that the connected user does not have permission to read. This means that when a user accesses the share, Samba will automatically exclude unreadable files and directories from the listing, presenting a cleaner and more secure view.

This setting is beneficial because it prevents users from even seeing resources they are unauthorized to access, reducing the risk of accidental attempts or information leakage about file existence.

Other options do not achieve this behavior:

• valid files = read,write is not a valid Samba configuration option. Samba does allow specifying valid users or groups for access control, but this exact parameter is not recognized and doesn’t affect file visibility.

• browse mask = 000 controls the visibility of the share itself in the network browsing list, not the individual files within the share. Setting it to "000" would make the share invisible, but files inside the share are unaffected.

• browseable = readable is not a valid value; the browseable option only accepts yes or no to determine if a share is visible in the network neighborhood, regardless of file permissions.

• display mode = 100 is not a recognized Samba parameter and does not influence visibility or permissions.

In conclusion, hide unreadable = yes is the correct option to ensure Samba only displays files and directories to users based on their access rights, enhancing both security and usability.

Question 5:

In the given Samba configuration’s [printers] share definition, which line is missing?

A. printcap name = cups
B. printable = yes
C. print script = /usr/bin/lp -d %P %s
D. print admin = Administrator, root, @lpadmin
E. load printers = yes

Correct Answer: B

Explanation:

In Samba configurations, the [printers] share section is used to enable printer sharing services over the network. Among the listed options, the crucial directive that must be included to properly designate the share as a printer is printable = yes. This setting explicitly tells Samba that the share is a printer share, not a regular file share, which enables proper print job handling and sharing functionality.

Option A, printcap name = cups, specifies the location of the printer capability file, typically pointing Samba to the printcap file generated by CUPS (Common Unix Printing System). While useful for environments integrating with CUPS, it’s not mandatory for a simple printer share setup.

Option C, print script = /usr/bin/lp -d %P %s, defines a custom printing script command. This line is required only if a specialized printing command is needed, but it’s not a fundamental requirement for the printer share to function.

Option D, print admin = Administrator, root, @lpadmin, determines which users have administrative rights over the printer share. Although it controls printer management permissions, it’s optional and not required to enable the printer share itself.

Option E, load printers = yes, enables automatic loading of printer definitions from the system but is a global setting rather than part of the [printers] share specifically.

In summary, printable = yes is essential to activate the printer sharing functionality within the [printers] section, making B the correct answer.

Question 6:

If the [homes] section of smb.conf has the parameter browseable = no, what are two effects of this setting?

A. No share named after the current user appears when browsing the Samba server.
B. If the Samba server is in an Active Directory domain, only members of SeBrowsingUsers group can browse the homes share.
C. Users can browse the homes share but cannot view the contents of their home directories.
D. The homes share can still be accessed directly by specifying its UNC path.
E. The homes share is not visible when browsing the Samba server.

Correct Answers: A, E

Explanation:

The setting browseable = no in the [homes] section of a Samba configuration affects how user home directories are presented when browsing shares on the Samba server. It primarily controls the visibility of these shares in browsing tools such as Windows Explorer or smbclient.

Option A is correct because with browseable = no, the Samba server does not display a share named after the current user during share browsing. This means users won't see their home directory as a visible share when browsing the network.

Option E is also correct, as the parameter causes the entire [homes] share itself to be hidden from the list of visible shares on the Samba server. This is a key privacy and security measure to avoid exposing home directories to casual browsing.

Option B is incorrect since browseable = no does not impose group-based restrictions. It simply hides shares from browsing but does not restrict access based on Active Directory groups such as SeBrowsingUsers.

Option C is incorrect because it suggests users can browse the share but not see contents. In reality, if the share is not browseable, users cannot browse or even see the share unless they explicitly access it.

Option D is true in practice but not listed as a correct answer here. Even with browseable = no, users can still access their home directories directly if they know the exact UNC path (for example, \\server\username). This means the shares remain accessible but hidden from browsing.

To summarize, browseable = no hides the homes shares from network browsing, improving privacy and security, but does not prevent direct access. The primary visible effects are captured by answers A and E.

Question 7:

Which Samba utility, when executed with the proper options, produces output detailing the Access Control Lists (ACLs) of files and directories?

A. smbcacls
B. smbclient
C. getfacl
D. smbxattr
E. smbfacl

Correct Answer: A

Explanation:

The smbcacls command is a Samba utility designed specifically for managing and displaying Access Control Lists (ACLs) on files and directories shared via Samba. ACLs provide detailed permission settings that go beyond traditional Unix file permissions by allowing granular control over which users or groups have access and what kind of access they possess.

When run with the appropriate parameters, smbcacls will output a list of permissions set on files or directories, showing which users or groups have read, write, or execute rights. This tool is particularly valuable in environments where precise access control on Samba shares is necessary to maintain security and proper data management.

In contrast, smbclient (Option B) acts as an SMB/CIFS client, allowing users to connect interactively to a Samba share to browse, upload, or download files. While powerful, it is not intended for viewing or managing ACLs, so it won’t produce ACL-specific outputs.

The getfacl command (Option C) is commonly used on Linux and Unix file systems to view and manipulate ACLs, but it is not Samba-specific. It works at the local file system level rather than on Samba shares, so it doesn’t produce the same output when dealing with Samba ACLs.

smbxattr (Option D) deals with extended attributes on files in SMB shares, but this is different from ACLs; extended attributes store metadata, not permission lists.

Finally, smbfacl (Option E) is not a valid Samba utility, so it can be dismissed.

Given the nature of the commands and their purposes, smbcacls is the correct choice to obtain ACL details on Samba shares, making A the right answer.

Question 8:

Which two Samba configuration directives can be used to restrict access to a shared resource?

A. untrusted users
B. write list
C. valid groups
D. valid users
E. accept list

Correct Answers: C, D

Explanation:

When configuring Samba shares, controlling who can access shared resources is essential for security and proper resource management. Two directives specifically designed for this purpose are valid groups and valid users.

The valid groups directive restricts access to members of certain groups only. When this option is set, Samba checks the group memberships of users attempting to connect to the share and grants access only if the user belongs to one of the allowed groups. This method is effective in environments where access should be controlled at the group level, simplifying management by grouping users with similar access needs.

The valid users directive works similarly but operates at the individual user level. It explicitly lists usernames allowed to access the share. This is useful when fine-grained control is necessary or when access should be limited to specific users rather than entire groups.

Examining other options clarifies why they are not correct:

A. untrusted users:
This term generally refers to users outside a trusted domain but is not a valid Samba configuration directive for restricting share access.

B. write list:
This directive defines which users or groups have write permission on a share but does not restrict who can read or access it in the first place. So it controls write access, not general access.

E. accept list:
This is not a recognized Samba directive. While Samba does support deny list options, there is no accept list for access control.

Therefore, to limit access to a Samba share, valid groups and valid users are the appropriate directives, making C and D the correct answers.

Question 9:

If the Samba file share configuration has the parameters create mask = 711 and force create mode = 750, what will be the actual permissions of a file originally created with permission 777?

A. 066
B. 027
C. 777
D. 761
E. 751

Correct Answer: E

Explanation:

In Samba configurations, the create mask and force create mode settings control the permissions assigned to newly created files. Understanding how these parameters interact is essential to determining the final effective permissions.

• The create mask parameter acts as a permission filter that limits the maximum permissions a file can have when created. Here, it is set to 711, which means the owner can have full permissions (read, write, execute), but the group and others are limited to execute-only permissions (1). This mask restricts any permission bits beyond these limits from being applied.

• The force create mode parameter forcibly adds specific permission bits to any file created, regardless of what permissions are requested by the user. In this case, it is set to 750, which means the owner gets full permissions (rwx), the group has read and execute (r-x), and others have no permissions (---).

Now, let’s analyze a file that starts with permissions 777 (full read, write, execute for everyone):

1. The create mask of 711 restricts the file to at most rwx--x--x. It effectively removes read and write permissions from group and others.

2. The force create mode of 750 then adds mandatory permission bits — owner: rwx, group: r-x, others: none.

When combined, the force create mode overrides the create mask for the owner and group, ensuring the file permissions at least have 750. However, the execute bit for others is permitted by the create mask (1 in 711), so others will have execute permission.

Putting this all together, the effective permissions are 751:

• Owner: rwx (7)

• Group: r-x (5)

• Others: --x (1)

Therefore, E (751) is the correct answer as it reflects the interaction of both parameters on the initially requested 777 permissions.

Question 10:

Which two of the following are valid backends that Samba can use to store user and group information? (Select two.)

A. sdb
B. smbpasswd
C. ldapsam
D. krb
E. smb

Correct Answer: B, C

Explanation:

Samba uses various backend methods to store and manage user and group credentials. Choosing the appropriate backend depends on the environment and integration requirements. Let's analyze the provided options:

• smbpasswd: This is a classic and well-established backend in Samba. It uses the /etc/smbpasswd file to store user credentials locally. This method was common in earlier Samba versions and remains supported for backward compatibility. It is simple but less scalable and secure compared to newer methods.

• ldapsam: This backend enables Samba to integrate with LDAP directories for user and group management. LDAP (Lightweight Directory Access Protocol) is widely used in enterprise environments to centrally manage users and groups. Using ldapsam, Samba can authenticate users against an existing LDAP server or Active Directory, making it ideal for complex and large-scale deployments.

The other options are not valid Samba user/group backends:

• sdb: This is not a recognized standard Samba backend for storing user credentials. It might refer to database-related terms but not within Samba’s user/group backend context.

• krb: This stands for Kerberos, an authentication protocol, not a storage backend for Samba’s user/group information.

• smb: This refers to the protocol itself (Server Message Block) and not a backend method for storing user data.

In summary, smbpasswd and ldapsam are the two legitimate Samba backends for storing and managing user and group credentials. They represent both traditional file-based and modern directory-based approaches. Hence, the correct choices are B and C.