On Thu, Jan 25, 2024 at 8:36 AM Fabian Thorns via lpi-examdev <[email protected]> wrote: > > Hi there, > > here comes the summary of the changes made to the 202 objectives draft. > > A diff of the changes made in the meantime is available in the wiki: > > https://wiki.lpi.org/pubwiki/index.php?title=LPIC-2_Objectives_V5.0&type=revision&diff=5839&oldid=5781 > > Please note that there are some open questions at the end of this mail. > > ## Big changes > > * Objective 210.1 (DHCP Configuration) got an additional weight due to the > amount of IPv6 knowledge in the new version. This consumed one weight in exam > 202. > > * Objective 210.2 (PAM Authentication) got an additional weight due to the > 2FA aspects added. This consumed one weight in exam 202. > > * Objective 211.1 was renamed to 'Managing Email Transfer' > > * Objective 212.3 (Advanced Secure Shell (SSH)) was moved to exam 201. This > freed up three weights in exam 202. > > * Objective 212.1 (Routing and Packet Filtering) was renamed to "Routing and > Packet Filtering" > > * Objective 212.4 (Security Tasks) systemd specific aspects were moved to > their own objective in exam 201. This freed up two weights in exam 202. > > * Objective 212.4 was renamed to 'Security Assessment and Intrusion > Prevention' and received an additional weight due to some additional content > added (see below). This consumed one weight in exam 202. > > * Objective 212.5 (Virtual Private Networks) was extended and now has a > weight of five. This consumed two weights in exam 202. > > * Topic 212 was renamed to 'Network Security' > > > ## Smaller changes > > 207.1 (Basic DNS Server Configuration): > * host is kept because dig is not always available > * kill was removed > * Added 'Understanding the principles of the Domain Name System' > * Awareness of alternate DNS servers was kept since they may be seen in the > field. Awareness means knowing what they are, not setting them up or > implementing any configuration > > 207.2 (Create and Maintain DNS Zones): > * dig and host were removed here (but not in 207.2) I'm confused. You say they are removed here under the 207.2 heading but then say again they they were not removed under 207.2? > > 207.3 (Securing a DNS Server): > * Key & Signing Policy (KASP), dnssec-policy and tsig-keygen were added > * dnssec-keygen and dnssec-signzone were removed > > 208.1 (HTTP Protocol): > * HTTP versions were extended to cover 1.1, 2 and 3 (although we do not > explicitly mention QUIC) > * Added 'Understanding the principles of proxy servers and application layer > gateways' > > 208.4 (NGINX Configuration): > * The configuration of setup similar to the ones tested in 208.3 is kept > since candidates are expected to set up NGINX as a standard web server, not > just as a reverse proxy. > > 209.1 (Samba File Server Configuration): > * nmbd was kept in the objective since candidates will most likely stumble > upon it during their studies. Knowing that is recently not needed is part of > the studies and is stated explicitly in the Samba wiki documentation on > setting up a domain member > * Added a note that setting up an AD domain is not part of the objective, we > are focussing on integrating in an existing domain. Setting up the domain is > an LPIC-300 topic. That said, in a training scenario I would still set up an > AD domain using Samba (it is really really easy and I would tell candidates > that it is not relevant for the exam) and then use the Samba DC not just for > joining a Samba file server, but also for the LDAP and Kerberos client topics. > > 210.1 (DHCP Configuration): > * Awareness of KEA is included > > 210.2 (210.2 PAM Authentication): > * sssd was kept since it may be used with an AD domain > * pam_oath and pam_otp were moved here from 210.4 > * /etc/users.oath and oathtool were added to complement pam_oath > * Preparing SSHD for 2FA was added > > 210.3 (210.3 LDAP Client Usage): > * States that the setup of an LDAP server is not part of the objectives. A > Samba AD DC would be sufficient and likely be available for teaching the file > server domain join in 209.1 anyway > > 210.4 (210.4 Authentication Mechanisms and Standards): > * Stated that setting up the various services is not part of this objective > * Removed kinit, klist and kdestroy > > 211.1 (Using Email Servers ): > * Nullmailer is kept to allow providing basic mail services without a full > MTA when using an external mail relay > > 212.1 (Routing and Packet Filtering): > * Renamed to Routing and Packet Filtering > * The right way to ask about nft is hard. To me it seems that nft itself is > not commonly used, but instead the iptables compatibility commands or higher > level frameworks like firewall are used. I've adjust this objective to > include nftables, use nft to query rules and iptables/ip6tables as well as > firewalld to set rules > > * Added "Understand the concepts of routing, network address translation and > packet filtering" > * Understand the concepts and differences of iptables and nftables > * Query packet filter rule set using nft > * Configure packet filter rules using iptables and ip6tables compatibility > commands > > 212.4 (Security Assessment and Intrusion Prevention): > * Added conceptual knowledge of network intrusion and detection systems, > network security scanners and packet sniffers, along with awareness (NOT > implementation!) of snort, suricata, openvas, metasploit and wireshark. > * renamed to "Security Assessment and Intrusion Prevention" > > 212.5 (Virtual Private Networks): > * OpenVPN was added back to this objective, the hint to compatibility for > regulated use cases seems to be important. The weight of this objective was > bumped from 3 to 5. > > > ## Open Questions > > * Shall we stick with Postfix, switch to exim or reduce the mail topic to no > longer including configuring an MTA? Keep postfix, it's commonly used and seen and has been around > > * How should we tackle nftables? The way it is right now or is there a better > approach? > > * Shall we reduce Wireguard to awareness level and re-focus on OpenVPN? Either that or also +vpning with SSH? > > > Looking forward to your comments, > > Fabian > > On Mon, Oct 23, 2023 at 7:43 PM Fabian Thorns <[email protected]> wrote: >> >> Dear all, >> >> This thread is supposed to capture the discussion of the objectives draft >> for exam 201-500. The current draft for the new version is available in the >> LPI wiki: >> >> https://wiki.lpi.org/wiki/LPIC-2_Objectives_V5.0#Objectives:_Exam_202 >> >> Please note that this document will be edited as the discussion goes. Please >> use the history and diff features of the wiki to keep track of changes. >> >> The major change proposals can be summarized like this: >> >> - Topic 208, HTTP Services, was restructured to have generic objectives on >> HTTP and TLS, as well as individual topics on Apache HTTPD and NGINX. By >> summarizing aspects of HTTP and encryption, we can now cover both servers in >> greater detail without any repetition of common aspects. >> >> - Objective 208.3 (old), Squid, is gone >> >> - Objective 210.4 is no longer on configuration OpenLDAP, but is instead an >> overview of authentication mechanisms which includes more recent >> technologies. >> >> - Objective 221.1, Postfix, now includes SASL authentication >> >> - Objective 212.1, Configuring a router, now includes some basic aspects of >> firewalld >> >> - Objective 212.2 (old), FTP servers is gone >> >> - Objective 212.3, SSH, was changed to avoid overlaps with LPIC-1 and now >> includes SSH-CA >> >> - Objective 212.4, Security tasks, now includes systemd based security >> mechanisms >> >> - Objective 212.5 now covers VPN in a more generic fashion and Wireguard >> instead of OpenVPN >> >> There are, of course, numerous smaller changes, fixes and improvements. >> >> Looking forward to your feedback, >> >> Fabian >> >> -- >> Fabian Thorns <[email protected]> GPG: F1426B12 >> Director of Product Development, Linux Professional Institute > > > > -- > Fabian Thorns <[email protected]> GPG: F1426B12 > Director of Product Development, Linux Professional Institute > _______________________________________________ > lpi-examdev mailing list > [email protected] > https://list.lpi.org/mailman/listinfo/lpi-examdev _______________________________________________ lpi-examdev mailing list [email protected] https://list.lpi.org/mailman/listinfo/lpi-examdev
Re: [lpi-examdev] Objectives LPIC-2 Exam 202 Version 5.0 Discussion
Justin Keller via lpi-examdev Thu, 25 Jan 2024 16:30:31 -0800
- Re: [lpi-examdev] Objecti... Anselm Lingnau via lpi-examdev
- Re: [lpi-examdev] Ob... Simone Piccardi via lpi-examdev
- Re: [lpi-examdev... Bryan Smith via lpi-examdev
- Re: [lpi-examdev] Objectives LPIC-2 Exam 2... Werner Heuser via lpi-examdev
- Re: [lpi-examdev] Objectives LPIC-2 E... Éric Deschamps via lpi-examdev
- Re: [lpi-examdev] Objectives LPIC-2 Exam 2... Fabian Thorns via lpi-examdev
- Re: [lpi-examdev] Objectives LPIC-2 E... Jeroen Baten via lpi-examdev
- Re: [lpi-examdev] Objectives LPIC... Bryan Smith via lpi-examdev
- Re: [lpi-examdev] Objectives ... Jeroen Baten via lpi-examdev
- Re: [lpi-examdev] Objectives LPIC-2 E... Werner Heuser via lpi-examdev
- Re: [lpi-examdev] Objectives LPIC-2 E... Justin Keller via lpi-examdev
- Re: [lpi-examdev] Objectives LPIC-2 Exam 2... Simone Piccardi via lpi-examdev
