nerdexam
CompTIA

LX0-104 · Question #12

Which of the following programs uses the hosts.allow file to perform its main task of checking for access control restrictions to system services?

The correct answer is A. tcpd. The tcpd program, also known as TCP Wrappers, relies on the hosts.allow and hosts.deny files to enforce host-based access control for system services. It acts as an intermediary, checking these files to determine if a connection should be permitted or denied before launching the

Security

Question

Which of the following programs uses the hosts.allow file to perform its main task of checking for access control restrictions to system services?

Options

  • Atcpd
  • Binetd
  • Cfingerd
  • Dmountd
  • Exinetd

How the community answered

(20 responses)
  • A
    90% (18)
  • C
    5% (1)
  • E
    5% (1)

Why each option

The `tcpd` program, also known as TCP Wrappers, relies on the `hosts.allow` and `hosts.deny` files to enforce host-based access control for system services. It acts as an intermediary, checking these files to determine if a connection should be permitted or denied before launching the requested service.

AtcpdCorrect

`tcpd` (TCP Wrappers) is specifically designed to use the `hosts.allow` and `hosts.deny` files for access control. Services configured to run under `tcpd` will have their incoming connections checked against these files before being allowed to proceed.

Binetd

`inetd` (Internet Services Daemon) is a super-server that listens for connections and launches appropriate services, but it typically does not directly use `hosts.allow` for access control; instead, services it launches might use `tcpd`.

Cfingerd

`fingerd` is a specific network service (finger daemon), and while it might be wrapped by `tcpd`, it does not inherently use `hosts.allow` for its own access control.

Dmountd

`mountd` is a daemon that handles NFS mount requests, and its access control is typically configured via `/etc/exports` or RPC mechanisms, not `hosts.allow`.

Exinetd

`xinetd` is an extended Internet services daemon, a more advanced replacement for `inetd`, and it has its own comprehensive access control features defined in its configuration files (e.g., `/etc/xinetd.conf` and `/etc/xinetd.d/*`), rather than relying on `hosts.allow` and `hosts.deny` directly.

Concept tested: TCP Wrappers (hosts.allow/deny)

Source: https://www.man7.org/linux/man-pages/man8/tcpd.8.html

Topics

#TCP Wrappers#hosts.allow#access control#system security

Community Discussion

No community discussion yet for this question.

Full LX0-104 Practice