【红帽认证系列笔记之RHCE】RHCE 认证考试题库(上)

欧易(OKX)最新版本

【遇到注册下载问题请加文章最下面的客服微信】永久享受返佣20%手续费！

APP下载   全球官网 大陆官网

币安(Binance)最新版本

币安交易所app【遇到注册下载问题请加文章最下面的客服微信】永久享受返佣20%手续费！

APP下载   官网地址

火币HTX最新版本

火币老牌交易所【遇到注册下载问题请加文章最下面的客服微信】永久享受返佣20%手续费！

APP下载   官网地址

RHCE的考试相对RHCSA来说要难很多，主要考网络配置，各种文件系统的挂载，web的配置，防火墙策略，数据库查找，脚本编写等等。一共20道题左右。rhce考试一般在下午，时长3.5个小时，考试环境是一台装有redhat7操作系统的物理机，上面虚拟了两台主机，一台当做服务器主机配置各种服务，另一台虚拟机当做客户端对服务器的各种配置进行验证。考试开始时你会以普通用户登录物理主机，同样物理主机的桌面上有一个控制台，用来控制两个虚拟机。rhce考试两台虚拟机的root密码是已经提供好的，网络环境也是配置好的。

RHCE's examination is a lot more difficult than RHCSA's, the main test network configuration, the installation of various file systems, the web configuration, firewall strategy, database search, script writing, etc. 20 questions and so on. The rhce examination usually takes about 3.5 hours in the afternoon and is conducted in a physical machine with a redhat7 operating system with two virtual hosts, one as the server host with various services, and the other as the client with various configurations of the server. At the start of the examination, you log into the physics mainframe with a control table on the same physics mainframe, which controls two virtual machines. The root passwords for both of the rhce examination virtual machines are already available, and the network environment is well configured.

RHCE考试参考试题及答案(上)：

RHCE examination reference questions and answers (upshot):

1、配置SeLinux

1, configuration of SeLinux

在server0和desktop0上要求SeLinux的状态为enforcing。要求系统重启后依然生效。

The state of SeLinux is required to be enforcing on server0 and desktop0.

注意：（一定要将上午考试用到的机器关机 init 5 切换到图形化界面）

notes: (it is important to switch the machine init 5 used for the morning exam to a graphical interface)

回答：

Answer:

2、配置防火墙对SSH的限制

2 and configuration firewall restrictions on SSH

在server0和desktop0上设置防火墙,对SSH实现访问限制：

Set up firewalls on server0 and desktop0 and achieve access restrictions on SSH:

允许example.com （172.25.0.0/16）域的客户对server0和desktop0进行ssh访问。

allows clients in the example.com (172.25.0.0/16) field ssh visits to server0 and desktop0.

禁止my133t.org (172.17.10.0/24 )域的客户对server0和desktop0进行ssh访问。

prohibits ssh visits by clients in my133t.org (172.17.10.0.0/24) fields to server0 and desktop0.

备注：my133t.org是在172.17.10.0/24网络。（根据考试实际提供的网段配置）

Remarks: My133t.org is on 172.17.10.0.0/24 network. (Configured on the basis of the web segment actually provided by the examination)

回答：

Answer:

firewall-config

注意：在防火墙规则设置完成后，一定要点击"reload firewalled", 使设置生效。

Note: When firewall rules are complete, click on &quat; reload firewaled&quat; to give effect to the settings.

3、配置IPv6地址

3, configure IPv6 address

在你的考试系统上配置接口eth0使用以下IPv6地址：

Configure interface eth0 on your examination system using the following IPv6 address:

server0 上的地址应该是

The address on server0 should be

fddb:fe2a:ab1e::c0a8:1/64 (根据考试实际提供的地址配置)

fddb:fe2a:ab1e:c0a8:1/64 (configuration based on the actual address provided by the examination)

desktop0 上的地址应该是

The address on desktop0 should be

fddb:fe2a:ab1e::c0a8:2/64

两个系统必须能够与网络fddb:fe2a:ab1e/64内的系统通信。地址必须在重启后依旧生效。两个系统必须保持当前的IPv4地址并能通信

The two systems must be able to communicate with the system in network fddb:fe2a:ab1e/64. The address must remain in effect after restart. The two systems must maintain the current IPv4 address and be able to communicate

回答：

Answer:

4、配置链路聚合

4, Configure Link Cohesion

在server0和desktop0之间按一下要求配置：此链路使用接口eth1和eth2

configured as required between server0 and desktop0: this link uses interfaces eth1 and eth2

此链路在一个接口失效时仍然能工作

此链路在server0使用下面的地址 192.168.0.101/255.255.255.0

This link uses the address below at server0 at 192.168.0.10.101/255.255.255.0

此链路在desktop0使用下面的地址 192.168.0.102/255.255.255.0

This link uses the address below at desktop0, 192.168.0.102/255.255.255.0

此链路在系统重启之后依然保持正常状态

This link remains normal after the system is restarted

回答：

Answer:

desktop0 和 server0 的配置方式一样

desktop0 and server0 are configured in the same way

5、自定义用户环境

5, custom user environment

在系统server0和desktop0上创建自定义命令为qstat ，此自定义命令将执行以下命令：

creates custom command qstat on systemsserver0 and desktop0 and this custom command will execute the following command:

/bin/ps Ao pid,tt,user,fname,rsz

此命令对系统中的所有用户有效

This command is valid for all users of the system

回答：

Answer:

6、配置本地邮件服务

6; configure local mail service

在系统server0和desktop0上配置邮件服务，满足以下要求：

configures mail services on systemsserver0 and desktop0 to meet the following requirements:

这些系统不接收外部发送来的邮件。这些系统上本地发送的任何邮件都会自动路由到classroom.example.com。从这些系统上发送的邮件都显示来自example.com。

These systems do not receive external mail. Any mail sent locally on these systems is automatically routed to glassroom.example.com. The mail sent from these systems is displayed from example.com.

你可以通过发送邮件到本地用户student来测试你的配置，classroom.example.com已经配置好。把此用户的邮件转到下列URL：http://classroom.example.com/cgi-bin/recevied_mail（注意：这个实验不需要开启防火墙， 因为我只是发送邮件， 没有接收别人的邮件。

You can test your configuration by sending email to your local user student, which is already configured. Send this user's email to the following URL: http://classroom.example.com/cgi-bin/recevied_mail.

form root@example.com to student@classroom.example.com）

回答：

Answer:

7、配置端口转发

7. Configure port forwarding

在server0上配置端口转发，要求如下：

Configure Port Forward on server0, requesting the following:

在172.25.0.0/24网络中的系统，访问server0的本地端口5423将被转发到端口80

system in 172.25.0.0/24 network, local port 5423 with access to server 0 will be forwarded to port 80

此设置必须永久有效。

This setting must be permanent.

回答：

Answer:

firewall-config

（配完富规则后别忘记reload）

(don't forget reload after you've got the rich rule)

8、通过SMB共享目录

8, shared directory via SMB

在server0上配置SMB服务。

Configure SMB services on server0.

您的SMB服务器必须是STAFF工作组的一个成员，共享/common目录，共享名必须为common，只有example.com域内的客户端可以访问common共享 (配置文件里面要填 网段而不是域名) ，Common必须是可以浏览的，

your SMB server must be a member of the STAF Working Group, sharing/common directories, sharing names must be common, only clients in the example.com domain can access the common sharing (config file to fill in section instead of domain), and Comon must be browsable,

用户rob，samba密码为redhat , 只读权限访问common共享。 r-x

user Rob, samba password redhat and read-only access to common sharing. r-x

用户brian，samba密码为redhat ,读写权限访问common共享。 rwx

The user Brian, samba password is redhat and read and write permissions access common sharing. rwx

备注：考试的时候，用户和密码请根据题目实际情况进行设定，有的时候，

Note: Users and passwords at examination times are set according to the reality of the subject, sometimes

题目简单一些，测试用户早已建立，有的时候，题目较难一些，用户和密码都必须自己设定。

The

回答：

Answer:

9、配置多用户SMB挂载

9 Configure multi-user SMB mount

在desktop0上完成以下要求的配置：

completes the following configuration requested on desktop0:

desktop0把server0的common共享通过多用户的方式挂载到本地的/mnt/multiuser (实际的共享和挂载点请根据考试题目设定) ，

desktop0 loads the server0 common shared locally /mnt/multiuser (actual share and mount points should be set according to the subject of the examination),

用户rob，samba密码为redhat , 只读权限访问common共享。 rx

user Rob, samba password redhat, read-only access to common sharing. rx

用户brian，samba密码为redhat ,读写权限访问common共享。 rwx

The user Brian, samba password is redhat and read and write permissions access common sharing. rwx

该共享要求在系统启动时自动挂载。

The share requirement is automatically mounted on system startup.

回答:

Answer:

10、配置NFS服务

10, configuration of NFS service

在server0配置NFS服务，要求如下：

Configure NFS services in server0, requesting the following:

以只读的形式共享目录/public同时只能被example.com域中的系统访问。

shares directories/publics in read-only format and can only be accessed by systems in the example.com domain at the same time.

以读写的形式共享目录/protected同时只能被example.com域中的系统访问。访问/protected需要通过Kerberos安全加密，您可以使用下面提供的密钥：http://classroom.example.com/pub/keytabs/server0.keytab。目录/protected应该包含名为project 拥有人为ldapuser0的子目录，用户ldapuser0能以读写形式访问/protected/project。

shares the directory/protected as a reading and writing form and can only be accessed by the system in the exemple.com field at the same time. Access/proteect requires secure encryption through Kerberos. You can use the key provided below: http://clasroom.example.com/pub/keytabs/serve0.keytab.

回答：

Answer:

11、挂载一个NFS共享

11, mount a NFS share

在desktop0上挂载一个来自server0上的NFS共享，并符合下列要求：

mounts a NFS share from server0 on desktop0 and meets the following requirements:

/pulbic共享挂载到本地的/mnt/nfsmount。

/pulbic shared mount to local /mnt/nfsmount.

/protected挂载到本地的/mnt/nfssecure,并使用安全的方式，

/projected mount to local /mnt/nfssecure and use secure means

密钥下载地址：

Key Download Address:

http://classroom.example.com/pub/keytabs/desktop0.keytab

用户ldapuser0能够在/mnt/nfssecure/project上创建文件。

user ldapuser0 can create files on/mnt/nfssecure/project.

这些文件系统在系统启动时自动挂载。

These file systems are automatically mounted at the start of the system.

回答：

Answer:

12、实现一个web服务器

12, achieve a web server

在server0上配置一个站点http://server0.example.com，然后执行以下步骤：

Configure a site on server0 http://server0example.com and then implement the following steps:

从http://classroom.example.com/materials/station.html下载文件，

Downloaded from http://clasroom.example.com/matics/station.html,

并且将文件重命名为index.html,绝对不能修改此文件的内容。将index.html拷贝到你的web服务器的DocumentRoot目录下。来自example.com域的客户端可以访问此web站点。来自my133t.org域的客户端拒绝访问此web站点。备注：网站的DocumentRoot如果题目没有指定，那么随意。

and rename the file to index.html. Copying index.html to your web server's DocumentRoot directory. Clients from the example.com field can access this web site. Clients from the My133t.org field refuse to access this web site. Note: DocumentRoot on the website is free if the title is not specified.

(server name 是 server0.example.com ，也就是网站的url)

(server name is server0example.com, or url)

回答：

Answer:

13、配置安全web服务

13, Configure security web services

站点http://server0.example.com配置TLS加密。

site http://server0example.com configures TLS encryption.

一个已经签名证书从

http://classroom.example.com/pub/tls/certs/server0.crt获取

for

此证书的密钥从

The key to this certificate is from

http://classroom.example.com/pub/tls/private/server0.key获取

for

此证书的授权信息从

Can not get folder: %s: %s

http://classroom.example.com/pub/example-ca.crt获取

for

回答：

Answer:

14、配置虚拟主机

14, configuration of virtual host

在server0上扩展你的web服务器，为站点http://www0.example.com创建一个虚拟主机，然后执行以下步骤：

expands your web server on server 0 to create a virtual host for site http://www0example.com and then implements the following steps:

设置DocumentRoot为/var/www/virtual，从http://classroom.example.com/materials/www.html下载文件并重命名为index.html，不要对文件index.html内容做任何修改。将index.htm文件放到虚拟主机的DocumentRoot目录下，确保floyd用户能够在/var/www/virtual目录下创建文件 。

sets DocumentRoot as /var/www/virtual, downloads files from http://clasroom.example.com/materials/www.html and renames them as index.html, without making any changes to the contents of the documentindex.html. Place the index.htm file under the virtual host's DocumentRoot directory and ensure that floyd users can create files under /var/www/virtual directory.

注意：原始站点http://server0.example.com必须仍然能够访问。站点的所用的域名网络中已有DNS服务器解析。

Note: The original site http://server0example.com must still be accessible.

回答：

Answer:

15、配置web内容的访问

15; visit to configure web content

在你的server0上的web服务器的DocumentRoot目录下创建一个名为private的目录，

Creates a directory called Private, , under the webRoot directory of your server

要求如下：

requests the following:

从http://classroom.example.com/materials/private.html下载一个文件副本到这个目录，并且重命名为index.html。不要对这个文件的内容作任何修改。从system1上，任何人都可以浏览private的内容，但是从其他系统就不能访问这个目录的内容。（注意题目要求谁可以访问，灵活变化）

downloads a copy of a document from http://clasroom.example.com/matics/private.html to this directory and renames it as index.html. Do not make any changes to the contents of this document. From system1, anyone can view the contents of privat, but cannot access the contents of this directory from other systems.

备注：此题目是接着上一题，所以这里的DocumentRoot指的就是上面的

Note: The title goes on to the last question, so the Document Root here refers to .

/var/www/virtual/。

配置:

Configure:

16、实现动态Web内容

16, Realising DynamicWeb Contents

在server0上配置提供动态web内容，要求如下：

configures dynamic web content on server0, as follows:

动态内容由名为webapp0.example.com的虚拟主机提供，虚拟主机监听在端口8908。

从http://classroom.example.com/materials/webinfo.wsgi下载一个脚本，然后放在适当的位置，无论如何不要修改此文件的内容。客户端访问http://webapp0.example.com:8908/时应该接收到动态生成的web页面。此站点http://webapp0.example.com:8908/。必须能够被example.com域内的所有系统访问。

downloads a script from http://clasroom.example.com/matics/webinfo.wsgi and then puts it in the right place and does not modify the content of this document, in any case. The dynamic web page should be received when the client visits http://webapp0example.com:8908/. The site http://webapp0example.com:8908/. must be accessible to all systems in the example.com domain.

回答:

Answer:

注意: 可以参考系统提供的参考文档：

N.B. Reference documents available from the system:

因为RHCE考试题目较多所以我分了两篇来写。剩下的题目及答案请参见下篇 【红帽认证系列笔记之RHCE】RHCE 认证考试题库（下）。

Because of the number of subjects in the RHCE examination, I divided two. For the rest of the questions and answers, please refer to the next RHDE certified examination library.

欧易(OKX)最新版本

【遇到注册下载问题请加文章最下面的客服微信】永久享受返佣20%手续费！

APP下载   全球官网 大陆官网

币安(Binance)最新版本

币安交易所app【遇到注册下载问题请加文章最下面的客服微信】永久享受返佣20%手续费！

APP下载   官网地址

火币HTX最新版本

火币老牌交易所【遇到注册下载问题请加文章最下面的客服微信】永久享受返佣20%手续费！

APP下载   官网地址