Network File Services with NFS - Quiz Explanation

The answers you selected are indicated below, along with text that explains the correct answers.
 
1. Why is the portmap facility required for NFS servers and clients?
Please select the best answer.
  A. Because portmap actually mounts the NFS filesystems
  B. Because portmap forwards incoming network connections to the appropriate RPC facility
  C. Because portmap maintains status information on all the NFS filesystems
  D. Because portmap maps NFS clients to their associated read/write access privileges
  The correct answer is B. The portmap facility is required for NFS servers and clients because portmap forwards incoming network connections to the appropriate RPC facility. A is incorrect because it's rpc.mountd, not portmap, that mounts NFS filesystems. C is incorrect because it's rpc.nfsd, not portmap, that maintains information about individual NFS filesystems. D is incorrect because it's /etc/exports, not portmap, that maps NFS clients to their associated privileges.

2. Which of the following measures is most likely to increase your NFS security without harming functionality?
Please select the best answer.
  A. Using NFS's host access to restrict clients
  B. Turning off the portmapper
  C. Using tcpd's host access to restrict clients
  D. Turning off NFS
  The correct answer is C. Using tcpd's host access to restrict clients is the measure most likely to increase your NFS security without harming functionality, because tcpd provides more flexible host-based access control.
A is incorrect because NFS supports only limited host-based access checking. B is incorrect because disabling the portmapper prevents any NFS access. D is incorrect because turning off NFS obviously harms NFS functionality.

3. Why should you routinely inspect your /etc/exports file?
Please select the best answer.
  A. Because when a client mounts a NFS filesystem, it's stored in this file
  B. Because this file describes who gets your files and what access they have
  C. Because NFS often requires you to add new hosts to this file
  D. Because the portmapper uses this file to log RPC requests
  The correct answer is B. You should routinely inspect your /etc/exports file because this file describes who gets your files and what access they have. Any misconfiguration in this file could lead to compromised data, so it's important to scan it routinely for tampering. A is incorrect because the /etc/exports file is not used for logging. C is incorrect because NFS allows you to use wildcards, so there's no need to update the /etc/exports file often. D is incorrect because the portmapper doesn't use the /etc/exports file.