Oracle Solaris 10 Security Administrator Certified Expert Exam v6.0 (1z0-881)

Page:    1 / 20   
Total 297 questions

Which IPsec mechanism provides confidentiality for network traffic?

  • A. AH
  • B. IKE
  • C. ESP
  • D. SKIP

Answer : C

An administrator has applied patch 120543-02 to a server. Unfortunately, this patch is causing compatibility problems with one of the core applications running on that server.
The patch needs to be backed out to solve the application problems. Which command performs the uninstallation of this patch?

  • A. pkgrm 120543-02
  • B. patchadm -d 120543-02
  • C. patchremove 120543-02
  • D. smpatch remove -i 120543-02
  • E. rm -rf /var/sadm/patch/120543-02

Answer : D

Which are two advantages of the Service Management Facility compared to the init.d startup scripts? (Choose two.)

  • A. It restarts processes if they die.
  • B. It handles service dependencies.
  • C. It has methods to start and stop the service.
  • D. It specifies what the system should do at each run level.

Answer : A,B

Which action can a system administrator with the solaris.smf.modify.sendmail authorization execute?

  • A. svcadm enable sendmail
  • B. svcadm refresh sendmail
  • C. svcadm disable sendmail
  • D. svccfg -s sendmail listprop

Answer : D

You suspect that the /usr/bin/ls binary on a system might have been replaced with a
"Trojan horse." You have been able to determine that the correct MD5 checksum for the real /usr/bin/ls binary is: md5 (/usr/bin/ls) = b526348afd2d57610dd3635e46602d2a Which standard Solaris command can be used to calculate the MD5 checksum for the /usr/bin/ls file?

  • A. md5 /usr/bin/ls
  • B. sum -r /usr/bin/ls
  • C. sum -a md5 /usr/bin/ls
  • D. crypt -a md5 /usr/bin/ls
  • E. digest -a md5 /usr/bin/ls

Answer : E

Click the Exhibit button.
You maintain a minimized and hardened web server. The exhibit shows the current credentials that the web server runs with. You receive a complaint about the fact that a newly installed webbased application does not function. This application is based on a
/bin/ksh cgi-bin script. What setting prevents this cgi-bin program from working?

  • A. The system might NOT have /bin/ksh installed.
  • B. The server is NOT allowed to call the exec system call.
  • C. The server should run with uid=0 to run cgi-bin scripts.
  • D. Some of the libraries needed by /bin/ksh are NOT present in the webserver's chroot environment.

Answer : B

Click the Task button.
When a user logs into a Solaris 10 system, a default project for the use is located.
Place the locations in the order in which the Solaris OS searches for the users default project.
Drag and drop question. Drag the items to the proper locations.

Answer :

A Solaris 10 system has IP Filter enabled and configured. A section of the /etc/ipf/ipf.conf configuration file is reported below: block return-rst in quick proto tcp from any to any port =
23 flags S block return-icmp (port-unr) in proto udp from any to any port > 3000 Which two statements are true? (Choose two.)

  • A. The system blocks TCP RST packets.
  • B. The system will block incoming telnet connections and returns a TCP RST packet.
  • C. The system will block all incoming echo requests and replies with an ICMP port unreachable packet.
  • D. The system does NOT return ICMP-type packets for UDP incoming connections received on ports greater than 3000.
  • E. The system will block and replay with an ICMP port unreachable packet to UDP connections received for ports greater than 3000.

Answer : B,E

Which two statements are true about roles in the Solaris 10 OS? (Choose two.)

  • A. Roles can only be assumed by authorized users.
  • B. su is the only way that a user can assume a role.
  • C. Roles require the use of passwords for authentication.
  • D. rolemod can be used to allow roles to access other roles.
  • E. Roles do NOT have their own UID, GID, or home directory.

Answer : A,B

A system administrator wants to remove most of the basic privileges for ordinary users and adds the following line to the appropriate configuration file to achieve this:
file_link_any It would be shorter to list the two remaining privileges specified in Solaris 10.
Should the administrator have written this instead?

  • A. Yes, the shorter form is preferred.
  • B. Yes, both forms will always be equivalent.
  • C. No, the basic set might change in future releases.
  • D. No, both forms are wrong. You cannot remove basic privileges.

Answer : C

A security administrator has been asked to construct a Solaris Security Toolkit security profile (that is, driver) to enable Solaris Auditing. If the security administrator starts with the secure.driver profile, which Finish script must be added to enable Solaris Auditing?

  • A. enable-bsm.fin
  • B. install-bsm.fin
  • C. enable-auditing.fin
  • D. install-auditing.fin

Answer : A

Which two statements about the digest and mac commands are true? (Choose two.)

  • A. The mac command can use the Digital Encryption Standard (DES) in cipher-block chained (CBC) mode. The digest command can NOT.
  • B. The mac command uses a distinct class of hash functions called message authentication codes (MACs). MAC functions combine the input file with a key supplied by the user, returning a fixed length digest.
  • C. The mac command uses a distinct class of hash functions called MACs. A MAC function combines the input file with a randomly generated salt, and returns a digest.
  • D. The digest command requires that the user supply a key. The mac command does NOT. The digest command takes an input file, combines it with the key, and a variable length digest is returned.

Answer : A,B

The company you work for is leasing zones to customers to run their applications in. You want each customer to be able to run the zoneadm command to start their zone in case of accidental shutdown, and also zlogin so they can access the console of their zone. Which are three reasons why you should NOT create accounts for them in the global zone and grant them the Zone Management profile? (Choose three.)

  • A. They will be able to reboot the global zone.
  • B. They will be able to reboot other customers' zones.
  • C. They will be able to log in to other customers' zones.
  • D. They will be able to see processes in other customers' zones.
  • E. They will be able to disable auditing in other customers' zones.

Answer : B,C,D

In which location is the signature for a signed binary found?

  • A. the ELF header
  • B. a trailer attached to the file
  • C. stored in a system database
  • D. added to the binary at compile time
  • E. created and stored in memory at system boot

Answer : A

Which two tasks can you perform using the Audit facility? (Choose two.)

  • A. generate an overview of CPU usage by users
  • B. generate an overview of disk space occupied by a particular user
  • C. generate an overview of which users recently changed their password
  • D. generate an overview of the network bandwith in use by a particular user
  • E. generate an overview of all the applications executed by a particular user

Answer : C,E

Page:    1 / 20   
Total 297 questions