|Exam Name||:||Oracle Solaris 10 Security Administrator(R) Certified Expert|
|Questions and Answers||:||293 Q & A|
|Updated On||:||October 18, 2017|
|PDF Download Mirror||:||1Z0-881 Brain Dump|
|Get Full Version||:||Pass4sure 1Z0-881 Full Version|
A security administrator is required to validate the integrity of a set of operating system files on a number of Solaris systems. The administrator decides to use the Solaris Fingerprint Database to validate configuration and data files as well as binaries and libraries. What command, available by default in Solaris 10, will help the security administrator collect the necessary information that will be used with the Solaris Fingerprint Database?
Solaris 10 provides password history checking out of the box. Which name services currently support this feature?
To harden a newly installed Solaris OS, an administrator is required to make sure that syslogd is configured to NOT accept messages from the network. Which supported method can be used to configure syslogd like this?
Run svcadm disable -t svc:/network/system-log.
Edit /etc/default/syslogd to set LOG_FROM_REMOTE=NO.
Edit /etc/rc2.d/S74syslog to start syslogd with the -t option.
Edit /lib/svc/method/system-log to set LOG_FROM_REMOTE=NO.
Which two commands are part of Sun Update Connection? (Choose two.)
You have been asked to grant the user ennovy, a member of the staff group, read and write access to the file /app/notes which has the following properties: ls -l /app/notes -rw-rw 1
root app 0 Jun 6 15:11 /app/notes Which options will NOT grant the user the ability to read and write the file?
usermod -G app ennovy
setfacl -m user:ennovy:rw- /app/notes
setfacl -m group:staff:rw- /app/notes
usermod -K defaultpriv=basic,file_dac_read,file_dac_write ennovy
To allow a legacy system to connect to one of your hosts, you are required to enable remote login (rlogin) connections. However, you wish to disable the ability for users to use .rhosts files to allow password-less logins. You have enabled rlogin connections by running the following command: # svcadm enable network/login:rlogin Which file do you need to modify to disable the use of .rhosts files?
Click the Exhibit button.
A system administrator needs to minimize a freshly installed Solaris system. After verifying that the correct metacluster is installed, the administrator tries to further minimize the number of installed set-uid binaries. After inspection, the administrator finds a number of printing related binaries, reviewing the relevant contents of the /var/sadm/install/contents file. What is the correct command to remove these set-uid binaries in a supported way?
rm /usr/bin/cancel /usr/bin/lp /usr/bin/lpset /usr/bin/lpstat /usr/bin/lpmove
chmod u-s /usr/bin/cancel /usr/bin/lp /usr/bin/lpset /usr/bin/lpstat /usr/bin/lpmove
chmod u-x /usr/bin/cancel /usr/bin/lp /usr/bin/lpset /usr/bin/lpstat /usr/bin/lpmove
Click the Task button.
Drag and drop question. Drag the items to the proper locations.
While attempting to restart the cron service on a Solaris 10 system from the secadm account, a security administrator receives the following error message: secadm$ svcadm -v restart cron svcadm: svc:/system/cron:default: Couldn't create "restarter_actions" property group (permission denied). Which two actions will permit the secadm account to restart the cron service? (Choose two.)
Assign the Cron Management rights profile to secadm.
Assign the sys_admin privilege to the secadm account.
Add the sys_suser_compat privilege to the secadm account.
Add the secadm account to the /etc/cron/cron.allow file.
Assign the solaris.smf.manage.cron authorization to secadm.
A company has produced several inhouse applications that have to deal with authentication using passwords. The Solaris systems have been reconfigured to use the password history checking option. What is the impact of this change for their applications?
All applications automatically benefit from the new password history checking.
Only privilege aware applications will benefit from the password history checking.
Every application has to be changed to call the new functions for password history checking.
Applications which use the PAM framework will automatically use password history checking.
Which item in the list would be specifically required for a VPN compared to a mode without encryption?
Authentication Header (AH)
Internet Key Exchange (IKE)
Encapsulating Security Payload (ESP)
Streams Control Transmission Protocol (SCTP)
You have been asked to let your manager's children run their homework assignments on one of the servers you administer. You have been promised that it will not impact the overall performance of the server, but you aren't sure, so you want to track how many resources they use. After you have created a new user called kids and assigned a new project called homework to the user, what do you need to do to gather the resource usage information?
Enable Solaris Auditing for the kids user.
Use the acctadm command to enable extended accounting for tasks.
Use the poolcfg command to assign the homework project to a resource pool.
Use the rctladm command to enable the syslog action for the homework project.
A security administrator has created these "Restricted Commands" rights profiles in the
/etc/security/exec_attr file that will be assigned to a number of application developers: $ grep "^Restricted Commands" /etc/security/exec_attr Restricted Commands:solaris:cmd:::/my/bin/progA:uid=yadm;gid=yadm Restricted Commands: solaris:cmd:::/my/bin/progB:uid=vadm;gid=vadm Restricted Commands:solaris:cmd:::/my/bin/progC:uid=oamd;
gid=aadm Restricted Commands:solaris:cmd:::/my/bin/progD:uid=nadm;gid=badm Restricted
Commands: solaris:cmd:::/my/bin/progD:uid=nadm;gid=cadm Restricted Commands:solaris:cmd:::/my/bin/progD:uid=eadm;
gid=eadm Restricted Commands:solaris:cmd:::/my/bin/progD: As what UID and GID will the command /my/bin/progD run when the command is executed as followed by an application developer who has been assigned the "Restricted Commands" rights profile?
UID nadm and GID badm
UID nadm and GID cadm
UID eadm and GID eadm
UID and GID of the application developer
You are configuring a new system to be used as an intranet web server. After you have installed the minimal amount of packages and patched the system, you added the appropriate web server packages (SUNWapch2r and SUNWapch2u). By default, the web server daemon will be started using UID webservd and the basic privilege set. To comply with the
company's policy of least privilege, you need to minimize the privileges that the web server will have. What will you modify to specify the privileges that the web service will run with?
the PRIV_DEFAULT setting in /etc/security/policy.conf
the defaultpriv setting of webserverd in /etc/user_attr
the privileges property of the web service in the SMF repository
the privs property of the web service in /etc/security/exec_attr
So, this just happened. I just took down an entire corporate network with bridged adaptors in Windows 8.
Let's back up.
Last night, I was preparing for my talks at CodeMash. When I give Xbox development talks, I have to use a strange network configuration. You see, to debug on an Xbox, you have to have an active connection to both Xbox Live and the development machine. The easiest way to do this on isolated conference wifi is to bridge the wireless connection to the wired connection of my laptop while using a cross-over cable to the Xbox.
However, this was the first time I've had to do it with Windows 8. So, I tested it all out last night and got it working. Thinking like any other laptop I've had, I left the connections bridged. Let's face it, on Win7 when you accidently duel inputted bridged connections, nothing really happens.
Let's back up.
I came to my attention a few days ago that the only machine I had capable of running Hyper-V was my laptop. My home laptop is a Pentium, and my work desktop is a Core Duo. Thus, all my phone development has to be done on the i5 work laptop. Due to this, I set up a docking station for my laptop so I could use better stuff while in the office. During this time, I pulled a network cable into the docking station.
Fast forward to this morning. I'm doing my usual work stuff. At some point, I put the laptop in the docking station. 10 to 20 minutes later, the entire corporate network goes tango uniform.
The network gnomes go into a furious round of creating ulcers that would make any doctor's eyes turn to dollar signs. B and Tricare felt a disturbance in the force. Smurf just got real.
Four hours later, they managed to fix the network, but don't know what happened or how it was fixed. Hi-five were about, and many an M&M gave its life in the victory feast. There was just one nagging problem. The thing that worked shouldn't have worked.
The chief network gnome started trying to isolate the problem. In the process, he isolated one of the networks switches to pull it completely off the network. As soon as he did this, everything came back to life.
The problem being that the switch without a connection to the network was not only still connected, it was completely up and operational with the rest of the network. The only way this could have happened was if, somewhere on that switch, there was another router that had mysteriously been connected.
At this point, I raised both hands, triumphantly, and announced "IT WAS ME!" You see, any fool can take out a computer, it takes a programmer to take out an entire network.
The network connection in my office goes to a little four port switch. That connection goes to a few devices in my office. The other side goes to the isolated network switch. The adaptor for the corporate wifi goes to a different one of the switch. My laptop became the network gateway for the isolated switch.
Here is the moral of the story. Windows 8 does some thing new and unique when creating bridged connections. I creates a new adaptor called the "Network Bridge." This network bridge is a software router. It then connects the two bridged connections, using the one as a gateway for the other. However, in this case, this software router is a full blown router, DHCP server and all. Thus, my laptop created a HUGE feedback loop in the network. When we isolated the connection, it became the gateway for a large portion of the corporate office. We unplugged the network cable from the back of the docking station, and everything when back to normal.
I have not, yet, seen this documented in such a way. As such, I hope us figuring out this new way of bridging connections in Windows 8 can keep you ulcer free, doctors clear-eyed, and health insurance companies coming for you in a manner similar to the Empire.
Article by ArticleForge
1.Oracle system administration:If you are beginner or intermediate level of administrator then you can pursue oracle system administration.Still oracle is offering certifications for Solaris 10 but its better do with Solaris 11.
List of certification available in Oracle Solaris administrator category. 1.Oracle Certified Associate, Oracle Solaris 10 Operating System (1Z0-876)2.Oracle Certified Associate, Oracle Solaris 11 System Administrator (1Z0-821)3.Oracle Certified Professional, Oracle Solaris 10 System Administrator (1Z0-877 & 1Z0-878)4.Oracle Certified Professional, Oracle Solaris 11 System Administrator (1Z1-822)
Exam Title OS version Exam codes Duration(Minitues) Number of Questions Passing Score Description Training Enforced Qualification Associate Solaris 10 1Z0-876 90 52 50% No NA Associate Solaris 11 1Z0-821 120 75 64% Exam Part1 (Solaris11) No NA Professional Solaris 10 1Z0-877 140 63 66% Exam Part1 (Solaris10) Yes NA Professional Solaris 10 1Z0-878 140 63 66% Exam Part2 (Solaris10) Yes NA Professional Solaris 11 1Z1-822 180 150-225 TBD% Exam Part2 (Solaris11) Yes Certified Associate
2.Oracle Solaris cluster:
Once you have completed oracle system administration,then you can pursue Oracle Solaris cluster.In a order to complete this certification,then you need hands on experience on Solaris cluster for 6 months and should good knowledge in volume managers like SVM,VXVM,ZFS.Certification Name:1.Oracle Certified Professional, Oracle Solaris Cluster 3.2 System Administrator
Solaris cluster 3.2 Exam Exam Code 1Z0-884 Duration 100 minutes Number of Questions 62 Passing Score 62% Format Multiple Choice
Recommended Training: Oracle Solaris Cluster Administration Training Mandatory for this certification:No3.Oracle Solaris network administration:Oracle has certification program for Solaris network professional to prove their technical competency.To complete Oracle Solaris network administration, you mush hold the Oracle Certified Professional, Oracle Solaris 10 System Administrator or Sun Certified System Administrator for Solaris OS (any edition) .
Oracle Certified Expert, Oracle Solaris 10 Network Administrator
Exam Code 1Z0-880 Duration 120 minutes Number of Questions 64 Passing Score 66% Format Multiple Choice OS version Solaris 10
Recommended Training:Network Administration for the Solaris 10 Operating System Training Mandatory for this certification:No4.Oracle Solaris security:This certification is for system admins who has extensive job role as security administrator in Oracle Solaris for their organization.Prior to this certification you need to complete oracle training to give this certification exam or you need to be certified in Oracle Certified Professional, Oracle Solaris 10 System Administrator.
Oracle Certified Expert, Oracle Solaris 10 Security Administrator.
Exam Code ">1Z0-881 Duration 90 minutes Number of Questions 59 Passing Score 49% Format Multiple Choice OS version Solaris 10 All the best for your examination which you are planing from oracle.You can see the further exam details in this link.
Thank you for reading this article.Please leave a comment if you have any doubt.I will get back to you.
Article by ArticleForge
TestsLive Demolishes Doubts
If you have any fear of taking the Oracle 1Z0-041 Bronze DBA 10g exam to get your certification; turn to TestsLive and demolish those fears. Once you get that download you will see that there is no way that you won't come out of the exam room certified. This is a well thought out and put together guide. It will guide you through everything you need to know to pass the first time taking the test. I doubted myself before but, now I know that with TestsLive I can get certified in any area of my field.
- From Crystal Horton
I just wanted to be successful in the workplace. However, it really didn't seem to be a possibility. It seemed that no matter how hard I tried, I couldn't move up in the business. I had nothing to set me apart and get my boss to notice me. That was when a friendly coworker told me about the Oracle 1Z0-041 exam, and that getting my certification could be just what I needed. So I looked around for the best prep course (and ran into TestsLive, of course), and studied so well that it was no time before I was acing that exam with no trouble at all!
- From Jason Ladson
It does everything you say. And yes, I passed on my first attempt.
The Oracle 1Z0-041 Bronze DBA 10g exam simulator is super. It does everything you say. And yes, I passed on my first attempt. It's an affordable and effective solution for passing this difficult exam. You are a genius. It contains every question from the official version of the exam. All the information is easy to learn and its an interactive program, too. It's not dull or repetitive. I rather enjoyed my study time with it. And I think it's because of your program that I did so well on mine. Thought I should take a moment to say thank you and let you know I'll be spreading the word about it.
- From Lexi Potter
My older sister is so successful at her job, I thought that there was never going to be a way that I could make my parents proud like she had. I decided to try and take the Oracle 1Z0-041 exam and just see how I did. I ordered your study materials in preparation for the exam, and suddenly, my train of thought shifted. I started to realize that I was not only going to pass this test. I was going to do amazing on this test! I got a higher score than my sister! Much higher, in fact. My parents were thrilled and I'm making terrific money at my new job. TestsLive is the best!
- From Melvin