Schlussprüfung — Selbstverwaltetes IT-Leben (English)

• A) Maximum speed of services
• B) Control over data and functionality
• C) Cost savings when using IT services
• D) Easier operation of software

Correct Answer: B. The main goal of self-hosting is control over one's own data and functionality, not primarily speed, cost, or ease of use.

• A) The ability to solve all IT problems oneself
• B) Independence from IT providers in designing the digital infrastructure
• C) The use exclusively of open-source software
• D) The complete automation of all IT processes

Correct Answer: B. IT sovereignty means the ability to design and control one's own digital infrastructure independently of providers, not necessarily solving all problems oneself or using exclusively open source.

• A) LAN
• B) WLAN
• C) DMZ
• D) VPN

Correct Answer: C. The DMZ (Demilitarized Zone) is specifically designed for services that should be reachable from the internet, while the LAN is reserved for internal network resources.

• A) Installation of a Linux operating system
• B) Purchase of new hardware
• C) Definition of requirements
• D) Setting up a firewall

Correct Answer: C. Before taking technical steps, requirements should be defined to clearly define the scope and goals of the project.

• A) To increase the speed of the network connection
• B) To divide a larger network into smaller, logical subnets to improve performance, security, and management
• C) To maximize the number of available IP addresses
• D) To change the physical structure of the network

Correct Answer: B. Subnetting serves to logically divide a network, not to physically change it or maximize IP addresses.

• A) To increase network security by authenticating devices
• B) To forward data packets between different networks
• C) To enable the automatic assignment of IP addresses and other network parameters to devices
• D) To monitor and optimize network performance

Correct Answer: C. DHCP is specifically responsible for the automatic configuration of network parameters such as IP addresses, not for routing or security.

• A) DHCP
• B) Subnetting
• C) NAT
• D) Routing

Correct Answer: C. NAT (Network Address Translation) is the specific method that enables this address translation, while DHCP is responsible for IP assignment and routing for packet forwarding.

• A) ip addr add 192.168.1.1/24 dev eth0
• B) ifconfig eth0 192.168.1.1 netmask 255.255.255.0
• C) set ip address 192.168.1.1/24 interface eth0
• D) configure eth0 ip 192.168.1.1/24

Correct Answer: A. The command with 'ip addr add' is the modern syntax for IP configuration in Linux, while the other options are syntactically incorrect or use outdated commands.

• A) OPNsense is a paid version of pfSense
• B) OPNsense is a fork of pfSense with a more modern codebase
• C) pfSense is based on Linux, OPNsense on FreeBSD
• D) OPNsense does not support VLANs

Correct Answer: B. OPNsense is actually a fork of pfSense with a more modern codebase and more active development cycle, while both are based on FreeBSD and support VLANs.

• A) Randomly for load balancing
• B) From bottom to top
• C) Based on the requester's IP address
• D) From top to bottom

Correct Answer: D. Firewall rules in pfSense are evaluated from top to bottom, which makes the order of rules crucial for functionality.

• A) For internal network communication
• B) For connecting to the internet
• C) For system administration
• D) For connecting to other firewalls

Correct Answer: B. The WAN interface is responsible for connecting to the internet, while the LAN interface is used for the internal network.

• A) Firewall rules
• B) Port-Forwarding
• C) VLAN configuration
• D) DHCP server

Correct Answer: B. Port-Forwarding is specifically designed for forwarding external connections to internal devices. Firewall rules only filter the data flow, VLANs logically segment the network, and DHCP assigns IP addresses internally.

• A) From bottom to top
• B) Randomly
• C) By priority numbers
• D) From top to bottom

Correct Answer: D. Firewall rules in pfSense are evaluated sequentially from top to bottom, once a matching rule is found. The other options do not correspond to the standard behavior of pfSense.

• A) Accelerating traffic
• B) Increasing internet speed
• C) Logical network segmentation
• D) Reducing hardware costs

Correct Answer: C. VLANs enable the logical division of a physical network into separate broadcast domains, improving security and organization. They do not accelerate traffic, increase internet speed, and primarily do not reduce hardware costs.

• A) Block
• B) Deny
• C) Pass
• D) Drop

Correct Answer: C. In pfSense, "Pass" is used as an action to explicitly allow traffic. "Block" and "Deny" prevent traffic, while "Drop" silently discards packets without sending an error message.

• A) The encryption method used
• B) The number of networks involved
• C) The protocol used (TCP vs UDP)
• D) The type of authentication

Correct Answer: B. In Client-to-Site, a single device connects to a network, while Site-to-Site connects two or more networks with each other. The other options are common to both types of VPN configurations.

• A) Creating network configuration files
• B) Managing PKI and certificates
• C) Optimizing VPN connection speed
• D) Authenticating users via LDAP

Correct Answer: B. Easy-RSA is specifically designed for managing PKI (Public Key Infrastructure) and certificates. The other options describe different functions that are not part of the core of Easy-RSA.

• A) The use of static IP addresses

• A) Unbound only supports IPv4, while BIND also supports IPv6
• B) Unbound is designed as a stub resolver and offers higher security through protection against DNS spoofing
• C) BIND is open-source, while Unbound is commercial software
• D) Unbound cannot perform zone transfers, while BIND supports this

Correct Answer: B. Unbound is designed as a stub resolver and offers high protection against DNS spoofing attacks through its modularity and security. BIND is a full-featured DNS server, while Unbound is specifically optimized for resolution and not primarily serves as an authoritative server.

• A) A-Record
• B) MX-Record
• C) CNAME-Record
• D) PTR-Record

Correct Answer: C. The CNAME record (Canonical Name) is used to point an alias domain to another domain. A-Records map domains directly to IP addresses, MX-Records define mail servers, and PTR-Records are used for reverse-lookups of IP addresses to domain names.

• A) systemd
• B) ufw
• C) apt
• D) unattended-upgrades

Correct Answer: B. ufw (Uncomplicated Firewall) is a simplified frontend for iptables that allows configuring firewall rules without deep iptables knowledge. systemd is an init and system manager, apt is for package management, and unattended-upgrades automates security updates.

• A) Disabling password login
• B) Using key authentication
• C) Enabling root login via SSH
• D) Changing the default SSH port

Correct Answer: C. Enabling root login via SSH is insecure and contradicts SSH hardening. The other options are proven security measures: disabling password login, using key authentication, and changing the SSH port reduce the attack surface.

• A) Package management and software installation
• B) Management of system services and startup scripts
• C) Configuration of network interfaces
• D) Automated installation of security updates

Correct Answer: B. systemd is the init and system manager that handles all system services, startup scripts, and resources through a unified architecture with Units.

• A) LUKS is only for SSDs, dm-crypt for HDDs
• B) LUKS is a metadata layer that uses dm-crypt
• C) dm-crypt only supports simple encryption, LUKS supports multiple keys
• D) LUKS is proprietary, dm-crypt is Open Source

Correct Answer: B. LUKS is a metadata layer that builds on dm-crypt and provides additional functions like key management. A is incorrect because both technologies work with all types of hard disks. C is incomplete because dm-crypt can also support multiple keys, but without the easy management of LUKS. D is incorrect because both are Open Source technologies.

• A) sudo cryptsetup luksFormat /dev/sdXn
• B) sudo cryptsetup encrypt /dev/sdXn
• C) sudo luksFormat /dev/sdXn
• D) sudo cryptsetup setup /dev/sdXn

Correct Answer: A. The correct command is 'sudo cryptsetup luksFormat /dev/sdXn' to initialize a partition with LUKS. B is incorrect because there is no 'encrypt' command in the cryptsetup tool. C is incorrect because 'luksFormat' is not a standalone command but part of cryptsetup. D is incorrect because the correct command is 'luksFormat', not 'setup'.

• A) It improves the performance of the encrypted partition
• B) It enables data recovery in case of header damage
• C) It contains the passwords for accessing the partition
• D) It is required to add additional keys

Correct Answer: B. A header backup is important to be able to recover data in case of LUKS header damage. A is incorrect because the header has nothing to do with performance. C is incorrect because the header does not contain passwords, but metadata about the encryption. D is incorrect because adding keys is possible without a header backup.

• A) It increases security through an additional encryption layer
• B) It enables automatic mounting without manual password entry
• C) It stores the metadata for the filesystem
• D) It serves as a backup for the LUKS header

Correct Answer: B. A keyfile enables automatic mounting because it contains the key and can be used without manual entry. A is incorrect because a keyfile does not add an additional encryption layer. C is incorrect because the keyfile does not store filesystem metadata. D is incorrect because the keyfile is not a backup for the LUKS header.

• A) KEMU is an abbreviation for Kernel-based Emulation Utility, while QEMU stands for Quick Emulator.
• B) KVM is a hypervisor that is directly integrated into the Linux kernel, while QEMU provides hardware emulation.
• C) KVM is only suitable for Windows hosts, while QEMU runs exclusively on Linux.
• D) KVM is used for managing virtual machines, while QEMU is used exclusively for installing operating systems.

Correct Answer: B. KVM is a kernel-based hypervisor, while QEMU provides hardware emulation. Option A is incorrect as there is no such abbreviation as KEMU. Option C is incorrect as KVM was primarily developed for Linux hosts. Option D is incorrect as KVM does not directly serve for management but provides the virtualization layer.

• A) They enable the use of 3D graphics acceleration in VMs.
• B) They reduce the overhead for network and disk accesses through paravirtualized devices.
• C) They allow direct connection of physical USB devices to the VM without going through the host.
• D) They enable live migration of VMs without interrupting network traffic.

Correct Answer: B. They reduce the overhead for network and disk accesses through paravirtualized devices. Option A is incorrect as 3D acceleration is typically handled by different technologies (like SPICE or VGA passthrough). Option C is incorrect as USB device passthrough is handled by different mechanisms. Option D is incorrect as live migration is a feature of the hypervisor and not specifically dependent on virtio drivers.

• A) It manages the lifecycle of cloud instances, including creation, scaling, and termination.
• B) It provides a web-based interface for managing VMs through a browser.
• C) It handles the automatic initialization and configuration of a VM during its first boot.
• D) It enables the connection of VMs to cloud storage services like Amazon S3.

Correct Answer: C. It handles the automatic initialization and configuration of a VM during its first boot. Option A describes a cloud orchestration tool, not cloud-init specifically. Option B describes a tool like virt-manager or a web interface, not cloud-init. Option D is incorrect as cloud-init does not directly handle cloud storage connections.

• A) qcow2 provides better compression and reduces disk space usage.
• B) qcow2 supports encryption for VM disks, which raw does not.
• C) qcow2 enables features like snapshots and efficient storage management.
• D) qcow2 allows for live migration of VMs without downtime.

Correct Answer: C. qcow2 enables features like snapshots and efficient storage management. While qcow2 does offer some compression, that's not its primary advantage in production. While qcow2 does support encryption, that's not its main benefit over raw. Live migration is possible with both formats and is not specific to qcow2.

• A) Images are read-only, containers can be written to
• B) Images are templates, containers are running instances of those templates
• C) Images require less storage space than containers
• D) Containers cannot exist without images, but images can exist without containers

Correct Answer: B. Images are static templates with all necessary components, while containers are running instances of these images. A is incorrect, as containers can also be read-only. C is incorrect, as images are smaller than their running containers. D is partially correct but not the main difference.

• A) To speed up container execution
• B) To share configuration files between containers
• C) To persistently store data that outlives a container's lifecycle
• D) To increase container security

Correct Answer: C. Volumes serve for persistent data storage that exists independently of a container's lifecycle. A is incorrect, as volumes do not affect execution speed. B is incorrect, as other mechanisms like Bind Mounts are used for sharing configuration files. D is incorrect, as volumes primarily serve data storage.

• A) Creating Docker Images
• B) Defining and running multiple container applications with YAML files
• C) Monitoring system resources
• D) Backing up Docker data

Correct Answer: B. Docker Compose is a tool for defining and running multiple Docker container applications with YAML files. A is incorrect, as Dockerfile is used for image creation

• A) It is the only open-source solution for email servers
• B) It combines all necessary components in a Docker-based solution
• C) It requires no technical knowledge for installation
• D) It offers exclusively webmail functionality

Correct answer: B. Mailcow integrates all necessary components such as MTA, IMAP/POP3, spam filter etc. in a Docker-based solution. A is incorrect as there are other open-source solutions. C is incorrect as technical knowledge is required. D is incorrect as Mailcow offers more than just webmail.

• A) SPF
• B) DMARC
• C) DKIM
• D) Roundcube

Correct answer: C. DKIM (DomainKeys Identified Mail) is the cryptographic method for signing emails. SPF prevents email spoofing through DNS records, DMARC builds on SPF and DKIM, and Roundcube is a webmail client.

• A) Higher synchronization speed
• B) Full control over data without central providers
• C) Automatic backup function
• D) Simpler user interface

Correct Answer: B. Syncthing enables decentralized synchronization where your data is not stored with a cloud provider but exchanged directly between your devices. While A and D may be true depending on the situation, they are not the core advantage. C is incorrect as backups are not automatically created.

• A) To keep the software up to date
• B) To save older versions of files for restoration
• C) To ensure compatibility between different devices
• D) To increase synchronization speed

Correct Answer: B. Versioning saves older versions of files so you can revert to previous versions in case of accidental changes or data loss. A refers to software updates, not file versions. C is ensured by device IDs, not versioning. D is incorrect as versioning requires additional storage space and does not increase speed.

• A) The unique name of your device in the network
• B) A password to protect your synchronization
• C) A 64-character identifier for identifying devices
• D) The IP address of your device

Correct Answer: C. The device ID is a unique 64-character identifier used to identify and connect devices in the Syncthing network. A is incorrect as the name is freely selectable and not used for identification.

• A) Better user-friendliness
• B) Local processing without cloud dependencies
• C) Lower acquisition costs
• D) Compatibility with all devices

Correct Answer: B. Home Assistant Core runs locally and requires no cloud connection, which increases privacy and enables offline functionality. Option A is incorrect because cloud-based solutions are often more user-friendly. Option C is incorrect because initialization costs may be higher. Option D is incorrect because not all devices are compatible.

• A) Home Assistant Configuration System
• B) Home Assistant Community Store
• C) Home Assistant Control System
• D) Home Assistant Cloud Service

Correct Answer: B. HACS is the Home Assistant Community Store, which enables the installation of community extensions. Option A is incorrect because it is not a configuration system. Option C is incorrect because it is not a control system. Option D is incorrect because HACS is cloud-independent.

• A) Z-Wave
• B) Zigbee
• C) MQTT
• D) Bluetooth

Correct Answer: C. MQTT is a lightweight Publish/Subscribe protocol that is particularly efficient for communication between many IoT devices and Home Assistant due to its low resource requirements and efficient message routing.

• A) HTTP
• B) RTSP
• C) MQTT
• D) TCP

Correct Answer: B. Frigate uses RTSP (Real Time Streaming Protocol) to receive video streams from IP cameras. HTTP is used for the web interface, MQTT for notifications, and TCP is a basic transport protocol, not specific to video streams.

• A) GPU
• B) Coral TPU
• C) CPU
• D) FPGA

Correct Answer: B. Coral TPU (Tensor Processing Unit) is a USB-based accelerator from Google that is specifically optimized for AI calculations. While GPUs can also perform AI calculations, the Coral TPU is more energy-efficient and cost-effective for this purpose, and it is explicitly mentioned in the module description.

• A) For recording video streams
• B) For controlling cameras
• C) For notifications about detected objects
• D) For system configuration

Correct Answer: C. MQTT is used in Frigate for notifications about detected objects, ideal for integration with home automation systems. Recording is done via RTSP, configuration via YAML files, and camera control is also done via RTSP.

• A) -v /path/to/config:/config
• B) -v /path/to/storage:/media/frigate
• C) -v /dev/bus/usb:/dev/bus/usb
• D) -v /etc/localtime:/etc/localtime

Correct Answer: C. The volume mount -v /dev/bus/usb:/dev/bus/usb is necessary to make the Coral TPU device accessible to the Frigate container. The other mounts are for configuration files, storage, and timezone settings, but not specifically for the Coral TPU.

• A) The implementation of the SIP protocol for VoIP connections
• B) A web-based configuration interface for Asterisk
• C) The provision of physical telephone hardware
• D) Establishing the connection to the public telephone network

Correct Answer: B. FreePBX is a web-based configuration interface for Asterisk that simplifies management. Option A describes the function of Asterisk, not FreePBX. Option C is incorrect because FreePBX is software, not hardware. Option D is implemented by SIP trunks, not by FreePBX.

• A) An internal phone number in your system
• B) A virtual connection to connect to the public telephone network
• C) A module for creating IVR menus
• D) A physical cable for connecting phones

Correct Answer: B. A SIP trunk is a virtual telephone line that connects your company with the public telephone network. Option A describes an extension, not a SIP trunk. Option C refers to the IVR module, not a SIP trunk. Option D is incorrect because SIP trunks are virtual, not physical connections.

• A) 3 different backup systems, 2 copies per system, 1 copy in the cloud
• B) 3 copies of your data, on 2 different media, with 1 copy off-site
• C) 3 daily backups, 2 weekly, 1 monthly archiving
• D) 3 different locations, 2 backup methods, 1 automatic system

Correct Answer: B. The 3-2-1 principle ensures you have three copies of your data, stored on two different media, with one copy kept at an external location to protect against local disasters.

• A) Lower costs compared to cloud services
• B) Full control over one's own digital infrastructure and data
• C) Easier operation through graphical user interfaces
• D) Automatic updates and maintenance through systems

Correct Answer: B. The main benefit of self-hosting is complete control and sovereignty over one's own digital infrastructure and data, which minimizes dependencies on commercial providers.

• A) Internal workstations and servers
• B) Backup systems and databases
• C) Mail servers and web servers
• D) Firewall and router

Correct Answer: C. The DMZ is a network zone between the internal network and the internet that hosts services like mail servers and web servers that need to be accessible from outside but remain isolated from the internal network.

• A) To test the backup software for functionality
• B) To ensure the backups are actually recoverable
• C) To optimize backup speed
• D) To reduce storage space requirements

Correct Answer: B. Regular recovery exercises ensure that the backups are not only present but actually work and the data is completely recoverable, which is crucial in an emergency.