ExamTopics Logo
Mail Us[email protected]
Menu
Lpi Discussions
exam questions

Exam 303-200 All Questions

View all questions & answers for the 303-200 exam
Go to Exam

Exam 303-200 topic 1 question 55 discussion

Actual exam question from LPI's 303-200
Question #: 55
Topic #: 1
[All 303-200 Questions]

Which option of the openvpn command should be used to ensure that ephemeral keys are not written to the swap space?

  • A. --mlock
  • B. --no-swap
  • C. --root-swap
  • D. --keys-no-swap
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
https://openvpn.net/index.php/open-source/documentation/manuals/65-openvpn-20x-manpage.html
by nicknameisalreadytaken4444 at Nov. 15, 2024, 9:18 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
nicknameisalreadytaken4444
2 weeks, 4 days ago
Selected Answer: A
A is correct. Per 'man openvpn': Using this option ensures that key material and tunnel data are never written to disk due to virtual memory paging operations which occur under most modern operating systems. It ensures that even if an attacker was able to crack the box running OpenVPN, he would not be able to scan the system swap file to recover previously used ephemeral keys, which are used for a period of time governed by the --reneg options (see below), then are discarded.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel