+49 (561) 81679120 info@certnet.de

Prüfung 300: Mixed Environment

Prüfung 303: Security

Prüfung 304: Virtualization and High Availability

LPIC-3

LPIC-3 ist eine Zertifizierung des Linux Professional Institutes (LPI). Sie wendet sich an Linux-Profis, die bereits die LPIC-2-Zertifizierung erworben haben. LPIC-3 bescheinigt fundiertes, berufliche Spezialwissen in unterschiedlichen Bereichen der Linux-Anwendungen. LPIC-3 bietet drei unterschiedliche Prüfungen an, die jeweils mit einem Zertifikat belohnt werden. Die LPIC-3-Zertifizierung bietet die Prüfungen LPI 300, 303 und 304. Die LPIC-2-Zertifizierung muss zuvor absolviert und bestanden werden, um ein LPIC-3-Zertifikat zu erhalten.

ZIELGRUPPE

Die LPIC-3-Zertifizierung richtet sich an Personen, die Linux bereits im Beruf einsetzen und umfangreich nutzen und sich bereits zusätzliches Wissen durch die LPIC-2-Zertifizierung angeeignet haben. Diese Personen möchten Ihre Kenntnisse weiter spezialisieren.

PRÜFUNGSTHEMEN (LPI 300: MIXED ENVIRONMENT)

Topic 390: OpenLDAP Configuration

390.1 OpenLDAP Replication

  • Replication concepts
  • Configure OpenLDAP replication
  • Analyze replication log files
  • Understand replica hubs
  • LDAP referrals
  • LDAP sync replication

390.2 Securing the Directory

  • Securing the directory with SSL and TLS
  • Firewall considerations
  • Unauthenticated access methods
  • User / password authentication methods
  • Maintanence of SASL user DB
  • Client / server certificates

390.3 OpenLDAP Server Performance Tuning

  • Measure OpenLDAP performance
  • Tune software configuration to increase performance
  • Understand indexes
  • Topic 391: OpenLDAP as an Authentication Backend

391.1 LDAP Integration with PAM and NSS

  • Configure PAM to use LDAP for authentication
  • Configure NSS to retrieve information from LDAP
  • Configure PAM modules in various Unix environments

391.2 Integrating LDAP with Active Directory and Kerberos

  • Kerberos integration with LDAP
  • Cross platform authentication
  • Single sign-on concepts
  • Integration and compatibility limitations between OpenLDAP and Active Directory

Topic 392: Samba Basics

  • Understand the roles of the Samba daemons and components
  • Understand key issues regarding heterogeneous networks
  • Identify key TCP/UDP ports used with SMB/CIFS
  • Knowledge of Samba3 and Samba4 differences

392.2 Configure Samba

  • Knowledge of Samba server configuration file structure
  • Knowledge of Samba variables and configuration parameters
  • Troubleshoot and debug configuration problems with Samba

392.3 Regular Samba Maintenance

  • Monitor and interact with running Samba daemons
  • Perform regular backups of Samba configuration and state data

392.4 Troubleshooting Samba

  • Configure Samba logging
  • Backup TDB files
  • Restore TDB files
  • Identify TDB file corruption
  • Edit / list TDB file content

392.5 Internationalization

  • Understand internationalization character codes and code pages
  • Understand the difference in the name space between Windows and Linux/Unix with respect to share, file and directory names in a non-English environment
  • Understand the difference in the name space between Windows and Linux/Unix with respect to user and group naming in a non-English environment
  • Understand the difference in the name space between Windows and Linux/Unix with respect to computer naming in a non-English environment

Topic 393: Samba Share Configuration

393.1 File Services

  • Create and configure file sharing
  • Plan file service migration
  • Limit access to IPC$
  • Create scripts for user and group handling of file shares
  • Samba share access configuration parameters

393.2 Linux File System and Share/Service Permissions

  • Knowledge of file / directory permission control
  • Understand how Samba interacts with Linux file system permissions and ACLs
  • Use Samba VFS to store Windows ACLs

393.3 Print Services

  • Create and configure printer sharing
  • Configure integration between Samba and CUPS
  • Manage Windows print drivers and configure downloading of print drivers
  • Configure [print$]
  • Understand security concerns with printer sharing
  • Uploading printer drivers for Point’n’Print driver installation using ‚Add Print Driver Wizard‘ in Windows

Topic 394: Samba User and Group Management

394.1 Managing User Accounts and Groups

  • Manager user and group accounts
  • Understand user and group mapping
  • Knowledge of user account management tools
  • Use of the smbpasswd program
  • Force ownership of file and directory objects

394.2 Authentication, Authorization and Winbind

  • Setup a local password database
  • Perform password synchronization
  • Knowledge of different passdb backends
  • Convert between Samba passdb backends
  • Integrate Samba with LDAP
  • Configure Winbind service
  • Configure PAM and NSS

Topic 395: Samba Domain Integration

395.1 Samba as a PDC and BDC

  • Understand and configure domain membership and trust relationships
  • Create and maintain a primary domain controller with Samba3 and Samba4
  • Create and maintain a backup domain controller with Samba3 and Samba4
  • Add computers to an existing domain
  • Configure logon scripts
  • Configure roaming profiles
  • Configure system policies

395.2 Samba4 as an AD compatible Domain Controller

  • Configure and test Samba 4 as an AD DC
  • Using smbclient to confirm AD operation
  • Understand how Samba integrates with AD services: DNS, Kerberos, NTP, LDAP

395.3 Configure Samba as a Domain Member Server

  • Joining Samba to an existing NT4 domain
  • Joining Samba to an existing AD domain
  • Ability to obtain a TGT from a KDC
  • Topic 396: Samba Name Services

396.1 NetBIOS and WINS

  • Understand WINS concepts
  • Understand NetBIOS concepts
  • Understand the role of a local master browser
  • Understand the role of a domain master browser
  • Understand the role of Samba as a WINS server
  • Understand name resolution
  • Configure Samba as a WINS server
  • Configure WINS replication
  • Understand NetBIOS browsing and browser elections
  • Understand NETBIOS name types

396.2 Active Directory Name Resolution

  • Understand and manage DNS for Samba4 as an AD Domain Controller
  • DNS forwarding with the internal DNS server of Samba4

Topic 397: Working with Linux and Windows Clients

397.1 CIFS Integration

  • Understand SMB/CIFS concepts
  • Access and mount remote CIFS shares from a Linux client
  • Securely storing CIFS credentials
  • Understand features and benefits of CIFS
  • Understand permissions and file ownership of remote CIFS shares

397.2 Working with Windows Clients

  • Knowledge of Windows clients
  • Explore browse lists and SMB clients from Windows
  • Share file / print resources from Windows
  • Use of the smbclient program
  • Use of the Windows net utility
PRÜFUNGSTHEMEN (LPI 303: SECURITY)

Topic 325: Cryptography

325.1 X.509 Certificates and Public Key Infrastructures

  • Understand X.509 certificates, X.509 certificate lifecycle, X.509 certificate fields and X.509v3 certificate extensions.
  • Understand trust chains and public key infrastructures.
  • Generate and manage public and private keys.
  • Create, operate and secure a certification authority.
  • Request, sign and manage server and client certificates.
  • Revoke certificates and certification authorities.

325.2 X.509 Certificates for Encryption, Signing and Authentication

  • Understand of SSL, TLS and protocol versions.
  • Understand common transport layer security threats, for example Man-in-the-Middle.
  • Configure Apache HTTPD with mod_ssl to provide HTTPS service, including SNI and HSTS.
  • Configure Apache HTTPD with mod_ssl to authenticate users using certificates.
  • Configure Apache HTTPD with mod_ssl to provide OCSP stapling.
  • Use OpenSSL for SSL/TLS client and server tests.

325.3 Encrypted File Systems

  • Understand block device and file system encryption.
  • Use dm-crypt with LUKS to encrypt block devices.
  • Use eCryptfs to encrypt file systems, including home directories and PAM integration.
  • Be aware of plain dm-crypt and EncFS.

325.4 DNS and Cryptography

  • Understanding of DNSSEC and DANE.
  • Configure and troubleshoot BIND as an authoritative name server serving DNSSEC secured zones.
  • Configure BIND as an recursive name server that performs DNSSEC validation on behalf of its clients.
  • Key Signing Key, Zone Signing Key, Key Tag
  • Key generation, key storage, key management and key rollover
  • Maintenance and re-signing of zones
  • Use DANE to publish X.509 certificate information in DNS.
  • Use TSIG for secure communication with BIND.

Topic 326: Host Security

326.1 Host Hardening

  • Configure BIOS and boot loader (GRUB 2) security.
  • Disable useless software and services.
  • Use sysctl for security related kernel configuration, particularly ASLR, Exec-Shield and IP / ICMP configuration.
  • Limit resource usage.
  • Work with chroot environments.
  • Drop unnecessary capabilities.
  • Be aware of the security advantages of virtualization.

326.2 Host Intrusion Detection

  • Use and configure the Linux Audit system.
  • Use chkrootkit.
  • Use and configure rkhunter, including updates.
  • Use Linux Malware Detect.
  • Automate host scans using cron.
  • Configure and use AIDE, including rule management.
  • Be aware of OpenSCAP.

326.3 User Management and Authentication

  • Understand and configure NSS.
  • Understand and configure PAM.
  • Enforce password complexity policies and periodic password changes.
  • Lock accounts automatically after failed login attempts.
  • Configure and use SSSD.
  • Configure NSS and PAM for use with SSSD.
  • Configure SSSD authentication against Active Directory, IPA, LDAP, Kerberos and local domains.
  • Obtain and manage Kerberos tickets.

326.4 FreeIPA Installation and Samba Integration

  • Understand FreeIPA, including its architecture and components.
  • Understand system and configuration prerequisites for installing FreeIPA.
  • Install and manage a FreeIPA server and domain.
  • Understand and configure Active Directory replication and Kerberos cross-realm trusts.
  • Be aware of sudo, autofs, SSH and SELinux integration in FreeIPA.

Topic 327: Access Control

327.1 Discretionary Access Control

  • Understand and manage file ownership and permissions, including SUID and SGID.
  • Understand and manage access control lists.
  • Understand and manage extended attributes and attribute classes.

327.2 Mandatory Access Control

  • Understand the concepts of TE, RBAC, MAC and DAC.
  • Configure, manage and use SELinux.
  • Be aware of AppArmor and Smack.

327.3 Network File Systems

  • Understand NFSv4 security issues and improvements.
  • Configure NFSv4 server and clients.
  • Understand and configure NFSv4 authentication mechanisms (LIPKEY, SPKM, Kerberos).
  • Understand and use NFSv4 pseudo file system.
  • Understand and use NFSv4 ACLs.
  • Configure CIFS clients.
  • Understand and use CIFS Unix Extensions.
  • Understand and configure CIFS security modes (NTLM, Kerberos).
  • Understand and manage mapping and handling of CIFS ACLs and SIDs in a Linux system.

Topic 328: Network Security

328.1 Network Hardening

  • Configure FreeRADIUS to authenticate network nodes.
  • Use nmap to scan networks and hosts, including different scan methods.
  • Use Wireshark to analyze network traffic, including filters and statistics.
  • Identify and deal with rogue router advertisements and DHCP messages.

328.2 Network Intrusion Detection

  • Implement bandwidth usage monitoring.
  • Configure and use Snort, including rule management.
  • Configure and use OpenVAS, including NASL.

328.3 Packet Filtering

  • Understand common firewall architectures, including DMZ.
  • Understand and use netfilter, iptables and ip6tables, including standard modules, tests and targets.
  • Implement packet filtering for both IPv4 and IPv6.
  • Implement connection tracking and network address translation.
  • Define IP sets and use them in netfilter rules.
  • Have basic knowledge of nftables and nft.
  • Have basic knowledge of ebtables.
  • Be aware of conntrackd.

328.4 Virtual Private Networks

  • Configure and operate OpenVPN server and clients for both bridged and routed VPN networks.
  • Configure and operate IPsec server and clients for routed VPN networks using IPsec-Tools / racoon.
  • Awareness of L2TP.
PRÜFUNGSTHEMEN (LPI 304: VIRTUALIZATION AND HIGH AVAILABILITY)

Topic 330: Virtualization

330.1 Virtualization Concepts and Theory

  • Terminology
  • Pros and Cons of Virtualization
  • Variations of Virtual Machine Monitors
  • Migration of Physical to Virtual Machines
  • Migration of Virtual Machines between Host systems
  • Cloud Computing

330.2 Xen

  • Xen architecture, networking and storage
  • Xen configuration
  • Xen utilities
  • Troubleshooting Xen installations
  • Basic knowledge of XAPI
  • Awareness of XenStore
  • Awareness of Xen Boot Parameters
  • Awareness of the xm utility

330.3 KVM

  • KVM architecture, networking and storage
  • KVM configuration
  • KVM utilities
  • Troubleshooting KVM installations

330.4 Other Virtualization Solutions

  • Basic knowledge of OpenVZ and LXC
  • Awareness of other virtualization technologies
  • Basic knowledge of virtualization provisioning tools

330.5 Libvirt and Related Tools

  • libvirt architecture, networking and storage
  • Basic technical knowledge of libvirt and virsh
  • Awareness of oVirt

330.6 Cloud Management Tools

  • Basic feature knowledge of OpenStack and CloudStack
  • Awareness of Eucalyptus and OpenNebula

Topic 334: High Availability Cluster Management

334.1 High Availability Concepts and Theory

  • Understand the most important cluster architectures.
  • Understand recovery and cluster reorganization mechanisms.
  • Design an appropriate cluster architecture for a given purpose.
  • Application aspects of high availability.
  • Operational considerations of high availability.

334.2 Load Balanced Clusters

  • Understanding of LVS / IPVS.
  • Basic knowledge of VRRP.
  • Configuration of keepalived.
  • Configuration of ldirectord.
  • Backend server network configuration.
  • Understanding of HAProxy.
  • Configuration of HAProxy.

334.3 Failover Clusters

  • Pacemaker architecture and components (CIB, CRMd, PEngine, LRMd, DC, STONITHd).
  • Pacemaker cluster configuration.
  • Resource classes (OCF, LSB, Systemd, Upstart, Service, STONITH, Nagios).
  • Resource rules and constraints (location, order, colocation).
  • Advanced resource features (templates, groups, clone resources, multi-state resources).
  • Pacemaker management using pcs.
  • Pacemaker management using crmsh.
  • Configuration and Management of corosync in conjunction with Pacemaker.
  • Awareness of other cluster engines (OpenAIS, Heartbeat, CMAN).

334.4 High Availability in Enterprise Linux Distributions

  • Basic knowledge of Red Hat Enterprise Linux High Availability Add-On.
  • Basic knowledge of SUSE Linux Enterprise High Availability Extension.

Topic 335: High Availability Cluster Storage

335.1 DRBD / cLVM

  • Understanding of DRBD resources, states and replication modes.
  • Configuration of DRBD resources, networking, disks and devices.
  • Configuration of DRBD automatic recovery and error handling.
  • Management of DRBD using drbdadm.
  • Basic knowledge of drbdsetup and drbdmeta.
  • Integration of DRBD with Pacemaker.
  • cLVM
  • Integration of cLVM with Pacemaker.

335.2 Clustered File Systems

  • Understand the principles of cluster file systems.
  • Create, maintain and troubleshoot GFS2 file systems in a cluster.
  • Create, maintain and troubleshoot OCFS2 file systems in a cluster.
  • Integration of GFS2 and OCFS2 with Pacemaker.
  • Awareness of the O2CB cluster stack.
  • Awareness of other commonly used clustered file systems.
VORAUSSETZUNGEN

Für die Vorbereitung auf diese Prüfungen sollte eine Berufserfahrung mit der Nutzung von Linux von ca. mind. einem Jahr bestehen.
Um eine LPIC-3 Zertifizierung zu erhalten, müssen Sie eine aktive LPIC-2 Zertifizierung besitzen und müssen mindestens einer der folgenden spezial Prüfungen bestehen. Nachdem Sie alle Bedingungen erfolgreich erfüllt haben, dann erhalten Sie den Titel mit der Spezialisierung LPIC-3 Spezialisierung-Bezeichnung, zum Beispiel: LPIC-3 Virtualization & High Availability.

LERNMATERIALIEN

Es sind keine bestimmten Lernmaterialien vorgegeben. Im Handel gibt es verschiedene Buchtitel zur Vorbereitung. Schulungsinstitute und Linux-Trainingspartner bieten in der Regel Unterlagen und Kurse an.

Kostenfreie Lernmaterialien finden Sie hier.

Weitere Hinweise auf LPI Literatur und Lernmedien finden Sie hier.

PRÜFUNGS-LEVEL

Level 4 von 4: Tiefergehendes Fachwissen

Unterschieden wird wie folgt:

  • Level 1 von 4: Einführung – Grundlegende Informationen und die Einführung in ein Thema.
  • Level 2 von 4: Basiswissen – Stabiles Grundwissen als Basis für die Vertiefung.
  • Level 3 von 4: Berufliches Grundwissen – Relevantes Wissen für die Umsetzung im Job.
  • Level 4 von 4: Tiefergehendes Fachwissen – Erweitertes Wissen für die Umsetzung im Job.
PRÜFUNGSSPRACHEN

Englisch.

PRÜFUNGSORT UND -DAUER

Diese Prüfung wird im Regelfall in Pearson-VUE-Testcentern abgelegt. Auf Events und Veranstaltungen an denen das LPI teilnimmt, werden Papierprüfungen angeboten.

Die Prüfungsdauer beträgt 90 Minuten.

GÜLTIGKEITSDAUER DER ZERTIFIZIERUNG

Die Zertifizierung bleibt 5 Jahre aktiv.

 

PREISE UND BEZUGSMÖGLICHKEITEN

Eine Prüfung kostet zurzeit 160,00 € zzgl. MwSt. Trainingspartner (AAP und ATP) erhalten jedoch deutliche Vergünstigungen.
Auf Events und Veranstaltungen an denen das LPI teilnimmt, werden Papierprüfungen für 90,00 € angeboten.

Teilweise erheben die Testcenter eine zusätzliche Administrationsgebühr. Prüfungskandidaten erfragen bitte die genauen Konditionen vor der Prüfung im Testcenter.

Wenn Sie bereits Testcenter sind oder werden möchten, wenden Sie sich bitte direkt an uns. Testcenter können die Zertifizierungsprüfungen direkt bei CERTNET einkaufen. CERTNET verkauft nicht and Enduser.

WIE WERDEN WIR TESTCENTER?

Weiterführende Links finden Sie hier: https://certnet.de/testcenter-werden/

WIE WERDEN WIR TESTCENTER?

Weiterführende Links finden Sie hier: https://certnet.de/testcenter-werden/