Task 1. Do we also require the candidate to install OpenSSL and zlib from tarball as part of the same exercise? Again, this is testing software development skills more than security. With the prevalence of RPM-based distros at the kinds of employers who would look for LPIC-3 (Security) candidates, is this even necessary? Remember, LSB requires RPM, and just about every distro provides some form of binary package management. . .
Task 3 - "Understand the differences between SSH1 and SSH2" - I'm not sure there's much point in asking a candidate to explain the weaknesses in SSH 1 when the next task requires him to disable it. It's not a history exam. <g> Task 12 - "Understand how a SSH MitM attack is perpetrated" - What are we asking for here? If the candidate has understood everything so far, his own MitM attack against his own systems is going to fail. Are we asking whether he understands how to attack someone else's systems? Or do we just want him to know what to do to ensure someone else's attack will fail? Task 13 - "Invoke the ssh command with verbose detail" - Maybe this should be "debug certain common ssh misconfiguration problems, such as incorrect permissions on key files, etc.)? The idea is that the candidate should know to look in /var/log/messages, increase verbosity, and be able to act on the messages. Best, --- Les Bell, RHCE, CISSP [http://www.lesbell.com.au] _______________________________________________ lpi-examdev mailing list [EMAIL PROTECTED] http://list.lpi.org/mailman/listinfo/lpi-examdev
