310-303 - Scseca - Solaris 10

Exam : 310-303
Title
: Sun Certified Security Administrator

for the Solaris 10
Ver
: 09.05.07
310-303
QUESTION 1
After using the Solaris Security Toolkit on a system, some of your users have complained
that they are no longer able to connect to the system through telnet. Which option will
allow users to connect to the system without impacting security?
A. Re-enable the telnet service.
B. Re-enable the telnet service, but force users to use Kerberos passwords.
C. Re-enable the telnet service, but force users to use IP Filter.
D. Leave telnet disabled and suggest that users use SSH instead.
Answer: D
QUESTION 2
An application file system stores unchanging data only. How should this file system be
mounted defensively in /etc/vfstab?
A. /dev/dsk/c0t3d0s6 /dev/rdsk/c0t3d0s6 /data ufs 2 yes nodevices,noexec,ro
B. /dev/dsk/c0t3d0s6 /dev/rdsk/c0t3d0s6 /data ufs 2 yes ro,nosuid,anon=0
C. /dev/dsk/c0t3d0s6 /dev/rdsk/c0t3d0s6 /data ufs 2 yes noexec,nosuid,nodevices
D. /dev/dsk/c0t3d0s6 /dev/rdsk/c0t3d0s6 /data ufs 2 yes nosuid,noxattr,noexec
Answer: A
QUESTION 3
To harden a newly installed Solaris OS, an administrator needs to disable the sendmail
service. Which command will disable the sendmail service, even if the system is
rebooted, patched, or upgraded, while still allowing email to be sent?
A. rm /etc/rc2.d/S88sendmail
B. svcadm disable -t svc:/network/smtp:sendmail
C. svcadm disable svc:/network/smtp:sendmail
D. pkgrm SUNWsndmr SUNWsndmu
Answer: C
QUESTION 4
The Solaris 10 cryptographic framework provides a set of end user commands. One of
these new commands allows the encryption and decryption of a file.
In encryption, a file named clear_file with this utility gives this error:
# encrypt -a 3des -k 3_des.key -i clear_file -o encrypt_file
encrypt: failed to generate a key: CKR_ATTRIBUTE_VALUE_INVALID
What is the cause?
A. The 3des algorithm can NOT be used to encrypt a file.
B. The file clear_file is too big to be encrypted.
Actualtests.com - The Power of Knowing
310-303
C. The encryption key can NOT be stored in a file.
D. The key length in 3_des.key is wrong.
Answer: D
QUESTION 5
A small newspaper company has problems, because one of their servers was modified by
someone. Before this incident, they didn't bother about security. After a new installation,
they now want to restrict access to the system. Which two options will enhance their
access control? (Choose two.)
A. Enable auditing for login and logout activities.
B. Use Role Based Access Control (RBAC) for administrative tasks.
C. Create a wheel group and list the admin accounts in this group to limit the su
command to only those people.
D. Disable services without authentication.
Answer: B,D
QUESTION 6
A Certkiller .com system administrator wants to remove most of the basic privileges for
ordinary users and adds the following line to the appropriate configuration file to achieve
this:
PRIV_DEFAULT=basic,!proc_info,!proc_session,!file_link_any
It would be shorter to list the two remaining privileges specified in Solaris 10. Should the
administrator have written this instead?
PRIV_DEFAULT=proc_exec,proc_fork
A. Yes, both forms will always be equivalent.
B. No, the basic set might change in future releases.
C. No, both forms are wrong. You cannot remove basic privileges.
D. Yes, the shorter form is preferred.
Answer: B
QUESTION 7
The digital signature of a patch provides an integrity check of the patch. Which is a
requirement for signed patches?
A. The system administrator needs to sign the patch.
B. All patches need to be signed by Sun Microsystems.
C. Signed patches need to be downloaded through SSL.
D. Vendors can sign patches only with approval from Sun Microsystems.
E. The system administrator can specify which Certification Authorities are trusted for
signed patches.
310-303
Answer: E
QUESTION 8
Which two steps have to be performed to configure systems so that they are more
resilient to attack? (Choose two.)
A. Perform system auditing.
B. Perform system minimization.
C. Perform a full system backup.
D. Perform system replication.
E. Perform system hardening.
Answer: B,E
QUESTION 9
Certkiller .com you work for is leasing zones to customers to run their applications in.
You want each customer to be able to run the zoneadm command to start their zone in
case of accidental shutdown, and also zlogin so they can access the console of their zone.
Which are three reasons why you should NOT create accounts for them in the global
zone and grant them the Zone Management profile? (Choose three.)
A. They will be able to reboot the global zone.
B. They will be able to see processes in other customers' zones.
C. They will be able to reboot other customers' zones.
D. They will be able to disable auditing in other customers' zones.
E. They will be able to log in to other customers' zones.
Answer: B,C,E
QUESTION 10
The Key Distribution Center (KDC) is a central part of the Kerberos authentication
system. How should the system running the KDC be configured?
A. The KDC implementation employs cryptography and can therefore run securely on an
ordinary multi-user system.
B. For improved security, users must log in to the KDC before authenticating themselves,
so it must be a multi-user system.
C. It should be a hardened, non-networked system.
D. It should be a hardened, minimized system.
Answer: D
QUESTION 11
You maintain a minimized and hardened web server. The exhibit shows the current
credentials that the web server runs with. You receive a complaint about the fact that a
310-303
newly installed web-based application does not function. This application is based on a
/bin/ksh cgi-bin script.
What setting prevents this cgi-bin program from working?
A. Some of the libraries needed by /bin/ksh are NOT present in the webserver's chroot
environment.
B. The system might NOT have /bin/ksh installed.
C. The server should run with uid=0 to run cgi-bin scripts.
D. The server is NOT allowed to call the exec system call.
Answer: D
QUESTION 12
Given:
Certkiller :$md5,rounds=2006$2amXesSj5$$kCF48vfPsHDjlKNXeEw7V.:12210::::::
What is the characteristic of this /etc/shadow entry?
A. User Certkiller uses the 2a hash, with 2006 iterations of the hash, with salt 2amXesSj5,
and with the encrypted password kCF48vfPsHDjlKNXeEw7V.
B. User Certkiller uses the md5 hash, with salt 2006$2amXesSj5$, and with the encrypted
password $kCF48vfPsHDjlKNXeEw7V.
C. User Certkiller uses the md5 hash, with 2006 iterations of the hash, with no salt, and
with the encrypted password $rQmXesSj5$$kCF48vfPsHDjlKNXeEw7V.
D. User Certkiller uses the md5 hash, with 2006 iterations of the hash, with salt
2amXesSj5, and with the encrypted password kCF48vfPsHDjlKNXeEw7V.
Answer: D
QUESTION 13
DRAG DROP
The Solaris 10 OS supports a number of password-related security controls, including
minimum password length, password aging, password history, password complexity
rules, and password dictionary lookup.
As a Certkiller .com instructor you are required to move the password Control items to the
appropriate locations.
310-303
Answer:
QUESTION 14
During the installation of your database server db, you disabled telnet access to it by
running inetadm -d telnet, because Certkiller .com security policy prohibits unencrypted
access to the systems. You also added a default deny access policy:
# cat /etc/hosts.deny
ALL: ALL
Now a legacy application running on the legacy server needs access to the db server,
using telnet, and you have been asked to implement the changes.
Which three steps do you have to take to enable telnet on db and restrict access to it, so
that only traffic from legacy is allowed? (Choose three.)
A. svcadm enable telnet
B. inetadm -m telnet tcp_wrapper=legacy
C. inetadm -M tcp_wrapper=TRUE
D. inetadm -e telnet
E. inetadm -m telnet tcp_wrapper=TRUE
F. Add in.telnetd:legacy to /etc/hosts.deny.
G. Add in.telnetd: legacy to /etc/hosts.allow.
310-303
H. svcprop -s telnet setprop inetd/tcp_wrappers=TRUE
Answer: D,E,G
QUESTION 15
Which of the descriptions is a high-level overview of how Kerberos works?
A. In a Kerberos environment, a user authenticates once to a central authority.
B. In a Kerberos environment, a user needs to type a password for each service.
C. In a Kerberos environment, a user authenticates once to any service of its choosing
and is then pre-authenticated for all other services.
D. In a Kerberos environment, a user authenticates once to each service.
Answer: A
QUESTION 16
For security reasons, one of the services your department provides has to be run in a
separate zone. Which three of the zone's properties can differ from the global zone?
(Choose three.)
A. the zone's IP address
B. the zone's root password
C. the zone's kernel patch level
D. the zone's domain name
E. the zone's system time
Answer: A,B,D
QUESTION 17
One of the operators of the mainframe group was moved to the UNIX group and tasked
to activate and configure password history. For every user, the last 10 passwords should
be remembered in the history. In what file is the size of the password history configured?
A. /etc/security/policy.conf
B. /etc/shadow
C. /etc/default/passwd
D. /etc/pam.conf
Answer: C
QUESTION 18
Certkiller .com has implemented a policy that states that accounts should become
unavailable if they have not been used in 21 days. How is account inactivity calculated in
Solaris if no naming service is used?
A. the number of days since the user's last password change
310-303
B. the last user entry in the /var/adm/wtmpx file
C. the password timestamp in the /etc/shadow file
D. an entry in the /var/adm/lastlog file
Answer: D
QUESTION 19
You have been asked to implement defense in depth for network access to a system,
where a web server will be running on an Internet-facing network interface. Which is
NOT contributing to the defense in depth?
A. using IP Filter to limit which network ports can be accessed from the Internet
B. using VLANs on a single network interface instead of using multiple network
interfaces
C. using TCP wrappers to limit from which system SSH be used to connect to the system
D. running the web server in a zone
E. using svcadm to disable unused services
Answer: B
QUESTION 20
You suspect that the /usr/bin/ls binary on a system might have been replaced with a
"Trojan horse." You have been able to determine that the correct MD5 checksum for the
real /usr/bin/ls binary is:
md5 (/usr/bin/ls) = b526348afd2d57610dd3635e46602d2a
Which standard Solaris command can be used to calculate the MD5 checksum for the
/usr/bin/ls file?
A. sum -r /usr/bin/ls
B. digest -a md5 /usr/bin/ls
C. md5 /usr/bin/ls
D. sum -a md5 /usr/bin/ls
E. crypt -a md5 /usr/bin/ls
Answer: B
QUESTION 21
It is corporate practice to use the Solaris Security Toolkit on all Sun systems. This has
been sucessfully done for years, and the administrators are experienced with the tool.
Starting with Solaris 10, Certkiller .com now also uses Solaris zones. Which two
statements regarding Solaris Security Toolkit are correct? (Choose two.)
A. Configuration of the global zone does not impact hardening of the non-global zone.
B. All minimization and hardening is done from the global zone.
C. The Solaris Security Toolkit should be run in the non-global zone after installation.
D. Hardening and auditing with the Solaris Security Toolkit can be done within each
310-303
individual zone.
Answer: C,D
QUESTION 22
What type of condition does Basic Audit and Report Tool (BART) allow you to detect?
A. when users have chosen passwords which do NOT comply with system password
policy
B. when a file has been modified, compared with a known baseline
C. when a user attempts to assume a role which has NOT been assigned to that user
D. unauthorized attempts to log in to a system
E. a dictionary password attack, executed by attempting to log in through SSH
Answer: B
QUESTION 23
Certkiller .com is running a DNS test server on the internal network. Access to this server
must be blocked by using IP Filter. The administrator prefers that this access control is
not obvious to someone trying to contact the server from the outside. Which rule
implements the access control but hides the use of IP Filter to the outside?
A. pass out quick on eri0 proto icmp from 192.168.1.2 to any keep state
B. block return-icmp(port-unr) in proto udp from any to 192.168.1.2 port = 53
C. pass in quick on eri0 from 192.168.0.0/24 to any
D. block in quick proto udp from any to any port = 53
Answer: B
QUESTION 24
A security administrator would like to restrict the number of simultaneous lightweight
processes (LWPs) that the webadm role may have at any given time. The security
administrator has created the following policy in /etc/projects:
user.webadm:10000::::task.max-lwps=(privileged,5,deny)
What will be the impact if the webadm role attempted to start a sixth LWP?
A. The LWP will be created and webadm's oldest LWP will be suspended until sufficient
resources become available.
B. The LWP will be created but it will immediately be suspended until sufficient
resources become available for it to run.
C. The LWP creation attempt will suspend until sufficient resources become available
allowing the LWP to be created.
D. The LWP creation attempt will fail and an error code will be returned to the initiating
process.
E. The LWP creation attempt will fail but the system will automatically retry until the
LWP has been successfully created.
310-303
Answer: D
QUESTION 25
An NFSv4 client has a user Certkiller from domain example.com. The NFS server is in the
ficticious.com domain and knows the user as Certkiller as well. How would the server treat
requests made by the client?
A. The server rejects a subset of the requests made by the client.
B. The server would map the user to nobody and accepts its requests.
C. The server would reject all remote procedure call (RPC) requests.
D. The server accepts the requests by the client as Certkiller .
Answer: B
QUESTION 26
A user started the ssh-agent followed by the ssh-add command. Afterwards the user
connects to a remote system by using the ssh command. What will this ssh command do?
A. It requires the user to enter their pass-phrase.
B. It allows the user to authenticate through the GSS-API.
C. It generates new keys from the user's pass-phrase.
D. It authenticates without asking for the user's pass-phrase.
Answer: D
QUESTION 27
To comply with new security guidelines, Certkiller .com requires you to implement a new
password policy that performs stricter checks on new passwords than those performed by
Solaris. Which Solaris subsystem can you consider extending?
A. Solaris PAM
B. Solaris Cryptographic Framework
C. Solaris /usr/bin/passwd
D. Solaris User Rights Management
Answer: A
QUESTION 28
DRAG DROP
You work as a Certkiller .com security administrator.
There are a number of security tasks that a typical security administrator performs when
configuring and deploying new servers.
You are required to put the Security Tasks at the appropriate locations.
310-303
Answer:
QUESTION 29
Which three are examples of network security mechanisms? (Choose three.)
A. Basic Security Module
B. Network File System
C. TCP Wrappers
D. Role Based Access Control (RBAC)
E. Kerberos
F. IPsec
G. syslog
Answer: C,E,F
QUESTION 30
A security administator has a requirement to make an encrypted backup copy of an
application and its data, using the AES algorithm, so that it can be safely transmitted to a
partner. Which two command sequences can be used to generate an encrypted backup of
the files under /app1? (Choose two.)
A. encrypt -a aes -d /app1 -o app1.backup.aes
B. ufsdump 0f - /app1 |\
crypt -a aes > app1.backup.aes
C. tar cf - /app1 |\
openssl enc -out app1.backup.aes -aes-128-cbc
D. crypt < /app1/* > app1.backup.aes
310-303
E. ufsdump 0f - /app1 |\
encrypt -a aes -o app1.backup.aes
F. tar cf - /app1 | gzip -d -e aes > app1.backup.aes
Answer: C,E
QUESTION 31
During the configuration of a system to install signed patches, you discover that the
system does not have the required Sun Microsystems Enterprise Service Patch
Management public key installed. Which is true?
A. The public key can be downloaded from Sun's web site.
B. The public key is NOT required, as the Root CA will be used to verify the patch if it is
NOT available.
C. The public key must be requested from Sun, and transfered over a secure connection
so its authenticity can be confirmed.
D. The public key must be generated using the keytool command.
Answer: A
QUESTION 32
While attempting to restart the cron service on a Solaris 10 system from the secadm
account, a security administrator receives the following error message:
secadm$ svcadm -v restart cron
svcadm: svc:/system/cron:default: Couldn't create "restarter_actions" property group
(permission denied).
Which two actions will permit the secadm account to restart the cron service? (Choose
two.)
A. Assign the solaris.smf.manage.cron authorization to secadm.
B. Add the sys_suser_compat privilege to the secadm account.
C. Assign the sys_admin privilege to the secadm account.
D. Assign the Cron Management rights profile to secadm.
E. Add the secadm account to the /etc/cron/cron.allow file.
Answer: A,D
QUESTION 33
Given:
$ ppriv -s I-proc_exec $$
What is the result of this command?
A. There is no noticible effect because the Inheritable set is NOT used by a process.
B. The shell process can no longer execute programs
C. The command fails because an ordinary user cannot execute this command.
D. New commands started by the shell can no longer execute programs.
310-303
Answer: D
QUESTION 34
A security administrator is required to validate the integrity of a set of operating system
files on a number of Solaris systems. The administrator decides to use the Solaris
Fingerprint Database to validate configuration and data files as well as binaries and
libraries. What command, available by default in Solaris 10, will help the security
administrator collect the necessary information that will be used with the Solaris
Fingerprint Database?
A. cryptoadm
B. elfsign
C. encrypt
D. md5sum
E. digest
Answer: E
QUESTION 35
A Certkiller .com system administrator wants to share NFS file systems to two different
sets of systems. Both sets of systems require integrity checks and Kerberos
authentication. The second set of systems also requires encryption. What option is open
to the system administrator?
A. Logically divide the file system into two separate file systems, each shared with
different sec options.
B. Use an NFS server in two different zones, sharing the same data.
C. Share the file system only with NFSv4, because older NFS versions do not support
this.
D. Share the same file system with different sec options for both sets of clients.
Answer: D
QUESTION 36
When configuring the Internet Key Exchange (IKE) daemon, which two exchanges can
system administrators choose to do? (Choose two.)
A. public keying material
B. shared secret keys
C. public key certiticates
D. private key certificates
E. shared key certificates
Answer: B,C
310-303
QUESTION 37
Which two tasks can you perform using the Audit facility? (Choose two.)
A. generate an overview of the network bandwith in use by a particular user
B. generate an overview of all the applications executed by a particular user
C. generate an overview of CPU usage by users
D. generate an overview of which users recently changed their password
E. generate an overview of disk space occupied by a particular user
Answer: B,D
QUESTION 38
An administrator has been tasked with the installation of 20 systems. The systems will be
identical and are located both on the local network and on remote networks, although all
of the hardware is network accessible. Which installation method is best suited for this
task?
A. a JumpStart interactive installation
B. a DVD interactive installation
C. cloning hard drives and shipping them
D. a WAN Boot installation
Answer: D
QUESTION 39
A cryptographically signed patch provides system administrators with assurance that the
patch possesses certain qualities. Which two qualities are assured when a patch signature
is verified? (Choose two.)
A. The patch has a verified origin.
B. The contents of the patch have NOT been revealed to anyone who does NOT have a
Sun service plan.
C. The patch was created by a Sun Certified Systems Engineer.
D. The patch has NOT been modified since it was signed.
Answer: A,D
QUESTION 40
A Certkiller .com system administrator is new to the Solaris cryptographic framework.
During minimization and hardening, the system administrator discovered a running
/usr/lib/crypto/kcfd and disabled this daemon.
To verify the integrity of a Solaris binary, the system administrator is comparing the
MD5 checksum of a binary with the information from the Solaris Fingerprint Database at
SunSolve. To get the local checksum, he is using the command digest.
What will happen when executing this command?
310-303
A. The command will run as usual and provide the MD5 sum.
B. The command will run but won't be able to use any installed crypto accelerator
hardware (if installed).
C. The command will run slower because the kernel function can't be accessed, and the
userland implementation (libmd5.so.1) will be used.
D. The command will fail with an error.
Answer: D
QUESTION 41
DRAG DROP
As an administrator at Certkiller .com you are required to put the Solaris features at the
Answer:
QUESTION 42
Which two commands are part of Sun Update Connection? (Choose two.)
A. /usr/bin/updatemanager
B. /usr/sbin/patchadd
C. /usr/bin/keytool
310-303
D. /usr/sbin/smpatch
E. /usr/bin/pkgadm
Answer: A,D
QUESTION 43
User Certkiller runs a program that consumes all of the system's memory while
continuously spawning a new program. You decide to terminate all of Certkiller 's
programs to put a stop to this. What command should you use?
A. kill `ps -U Certkiller -o pid`
B. kill -u Certkiller
C. pstop -U Certkiller
D. pkill -U Certkiller
Answer: D
QUESTION 44
DRAG DROP
You work as an administrator at Certkiller .com. When a user logs into a Solaris 10
system, a default project for the user is located.
You are required to put the Group Assignments at the appropriate locations in which the
Solaris OS searches for the user's default project.
Answer:
310-303
QUESTION 45
Can a global zone administrator prevent a non-global zone administrator from running
the sendmail program?
A. Yes, using pkgrm SUNWsndmr SUNWsndmu.
B. No, the non-global zone administrator can install and run any program.
C. Yes, using zlogin -l root zonename svcadm disable sendmail.
D. Yes, using svcadm -Z zonename disable sendmail.
Answer: B
QUESTION 46
Packet filters and firewalls are an important component of any defense-in-depth security
strategy. Which two types of threats can IP Filter be deployed as an effective
countermeasure against? (Choose two.)
A. an attempt to exploit a buffer overflow vulnerability in rpcbind, originating from a
host on an authorized network
B. a Christmas Tree scan
C. an attempt to exploit a buffer overflow vulnerability in rpcbind, originating from a
host on an unauthorized network
D. an attempt to log in to a system using SSH by an unauthorized user
E. an attempt to exploit a SQL injection vulnerability in a web storefront application
Answer: B,C
QUESTION 47
Which two components are part of the Solaris Cryptographic Framework? (Choose two.)
A. single sign-on capabilities
B. Kerberos principle generation
C. random number generation
D. encryption and decryption
Answer: C,D
QUESTION 48
Within the context of file integrity, rules can be implemented to change the scope of the
Basic Audit and Report Tool (BART) manifest.
Given the rule file:
/home/bert/docs *.og[dt]
CHECK all
IGNORE mtime
Which two statements are valid? (Choose two.)
310-303
A. The last modification time of all checked files will not be checked.
B. Only files with extension .ogt and .ogd in the directory /home/bert/docs will be
checked.
C. All files on the system will be checked.
D. Key words such as CHECK and IGNORE can NOT be used in a rule file.
E. All files on the system will be checked, except for files with extensions .ogt and .ogd
in the directory /home/bert/docs.
Answer: A,B
QUESTION 49
A security administrator has a requirement to enable password aging on a server. After
configuring the maximum age for a user's password, the security administrator forces all
of the users to change their passwords at next login. The administrator also configures
password history to prevent users from simply reusing their last two passwords. What is
wrong with this approach?
A. Users will now no longer be able to log in to the system.
B. Users will be able to circumvent the password history policy.
C. Users will be able to circumvent the password aging policy.
D. Nothing. This approach will work as expected.
E. Users will NOT be able to change their password at next login.
Answer: B
QUESTION 50
The /etc/default/passwd file contains a number of configuration parameters that can be
used to constrain the character composition of user passwords. What is one of the dangers
of having password composition too tightly constrained?
A. Password complexity rules apply only to the English alphabet.
B. Duplication of encrypted user password strings is much more likely.
C. Limited password value possibilities can simplify brute force attacks.
D. Passwords are harder to compute when using many character classes.
E. The entropy of the resulting password strings will be very high.
Answer: C
QUESTION 51
Which are two advantages of the Service Management Facility compared to the init.d
startup scripts? (Choose two.)
A. It has methods to start and stop the service.
B. It specifies what the system should do at each run level.
C. It handles service dependencies.
D. It restarts processes if they die.
310-303
Answer: C,D
QUESTION 52
To implement dictionary checks at password-change time, Certkiller .com has acquired a
PAM module that performs these checks.
Which two locations would put this module in the PAM stack when you install this
module as an additional strength checking measure? (Choose two.)
A. before the line containing pam_authtok_check.so.1

B. after the line containing pam_authtok_store.so.1
C. replace the line containing pam_authtok_check.so.1
D. after the line containing pam_authtok_check.so.1
E. before the line containing pam_dhkeys.so.1
Answer: A,D
QUESTION 53
Certkiller .com has acquired a small company and your task is to set up the first Solaris
server in their network. As there is no existing JumpStart environment, you will have to
start from scratch. Which metacluster is best suited for initial installation of a strict
minimized system?
A. End User System Support (SUNWCuser)
B. Reduced Networking Core System Support (SUNWCrnet)
C. Entire Distribution (SUNWCall)
D. Core Software Support (SUNWreq)
Answer: B
QUESTION 54
After a recent security breach, you have been asked to create a Security Policy for
Certkiller .com. Which statement describes a Security Policy?
A. an audit report on how security is currently configured within Certkiller .com
B. a security baseline for use when implementing systems and procedures
C. details of which tools should be used to maintain security
D. a report on how the security breach occurred, and how to avoid another occurrence in
the future
310-303
E. specific procedures to implement security in Certkiller .com
Answer: B
QUESTION 55
DRAG DROP
Solaris contains a number of different tools for carrying out auditing, each focused on
auditing a different type of activity.
As an administrator at Certkiller .com you are required to put the Solaris Tools at the
Answer:
QUESTION 56
The security administrator is reviewing a Solaris Security Toolkit audit run against the
global zone of a server. The administrator discovers that the Basic Audit and Report Tool
(BART) reports failures related to file changes in non-global zones. How would the
administrator correct this problem?
A. In the global zone, create a BART rules file that excludes non-global zone file systems
from the manifest.
B. In the non-global zone, edit the enable-bart.aud script and add options to the bart
create command to exclude the non-global zone file systems.
C. In the non-global zone, create a BART rules file that excludes non-global zone file
systems from the manifest.
D. In the global zone, edit the enable-bart.fin script and add options to the bart compare
310-303
command to exclude the non-global zone file systems.
E. In the global zone, edit the enable-bart.aud script and add options to the bart create
command to exclude the non-global zone file systems.
Answer: A
QUESTION 57
Which action can a system administrator with the solaris.smf.modify.sendmail
authorization execute?
A. svcadm refresh sendmail
B. svcadm enable sendmail
C. svccfg -s sendmail listprop
D. svcadm disable sendmail
Answer: C
QUESTION 58
An administrator is required to minimize an installed Solaris system. Which command is
used to query which packages are installed?
A. pkginfo
B. svcs -xv
C. ps -ef
D. pkgadm
E. pkgrm
Answer: A
QUESTION 59
Solaris 10 includes the ability to lock a user's account after a fixed number of failed login
accounts. What is the disadvantage of enabling this feature?
A. Entering a blank password will reset the failed login count.
B. It requires passwords to be stored in clear-text on the system.
C. Only login attempts using telnet are counted.
D. It can be used to enable a Denial-of-Service attack.
Answer: D
QUESTION 60
DRAG DROP
As an administrator at Certkiller .com you are required to put the Kerberos Concepts at
the appropriate locations.
310-303
Answer:
QUESTION 61
You suspect that one of your systems has been compromised. You want to inspect the
system's binaries and kernel modules by calculating hashes for them and comparing the
hashes to the Solaris Fingerprint Database. What prerequisite step should you take before
generating the hashes?
A. Reboot the system into single user mode to make sure that any "Trojan horses" are
terminated.
B. Make sure that all users are logged out.
C. Bring the system down to single user level.
D. Shut down the system, and analyze the system's disk on a trusted system.
Answer: D
QUESTION 62
The kernel calculates the effective set of privileges based on three other privilege sets.
This calculation begins with the set of privileges inherited from the parent process. The
effective set is then further constrained by two other sets of privileges. Which two
describe the remaining privilege sets? (Choose two.)
A. Disallowed set - the set of privileges specifically witheld in the process owner's profile
B. Basic set - the privileges which define the system security policy
C. Implicit set - the set of privileges required by a process to function correctly
D. Limit set - the ouside limit of privileges available to the process
E. Permitted set - a subset of the inheritable set
Answer: D,E
310-303
QUESTION 63
The security administrator has been tasked to design a minimally installed centralized
logging server. The administrator needs to examine the packages included in the Solaris
installation clusters to determine which metacluster will be the best starting installation
for the planned configuration. In which file on the installation DVD can the adminstratior
find the packages associated with each metacluster?
A. mountpoint /Solaris_10/Product/.packagetoc
B. mountpoint /.cdtoc
C. mountpoint /.install_config
D. mountpoint /Solaris_10/Product/.clustertoc
Answer: D
QUESTION 64
DRAG DROP
As an administrator at Certkiller .com you are required to put the RBAC database names
at the appropriate locations.
310-303
Answer:
QUESTION 65
A site security policy dictates that all failed logins to critical systems must be logged and
monitored. Which parameter must be changed in /etc/default/login to enable this
functionality?
A. SYSLOG_FAILED_LOGINS
B. SYSLOG
C. LOG_LOGIN_FAILURES
D. SYSLOG_LOG_FAILURES
E. LOG_SYSLOG_FAILURES
Answer: A
QUESTION 66
You have been asked to grant the user ennovy, a member of the staff group, read and
write access to the file /app/notes which has the following properties:
ls -l /app/notes
-rw-rw---- 1 root app 0 Jun 6 15:11 /app/notes
Which options will NOT grant the user the ability to read and write the file?
A. usermod -G app ennovy
B. setfacl -m group:staff:rw- /app/notes
C. setfacl -m user:ennovy:rw- /app/notes
D. usermod -K defaultpriv=basic,file_dac_read,file_dac_write ennovy
Answer: D
QUESTION 67
To enforce security within Certkiller .com, access restrictions to systems must be applied.
In particular, restrictions to the telnet protocol must be configured. Which action must be
taken to enable TCP wrappers for the telnet protocol?
310-303
A. inetadm -m telnet=tcp_wrappers
B. inetadm -m telnet tcp_wrappers=true
C. svcadm enable tcp_wrappers
D. svcadm tcp_wrappers start
Answer: B
QUESTION 68
Which three are useful tools to monitor the integrity of a system? (Choose three.)
A. elfsign
B. logadm
C. bart
D. cryptoadm
E. Solaris Fingerprint Database
Answer: A,C,E
QUESTION 69
Which three Solaris services can be protected with Kerberos in Solaris 10? (Choose
three.)
A. finger
B. NFS
C. TCP/IP
D. rusers
E. rdist
F. SSH
Answer: B,E,F
QUESTION 70
Which two statements about the digest and mac commands are true? (Choose two.)
A. The mac command uses a distinct class of hash functions called message
authentication codes (MACs). MAC functions combine the input file with a key supplied
by the user, returning a fixed length digest.
B. The mac command can use the Digital Encryption Standard (DES) in cipher-block
chained (CBC) mode. The digest command can NOT.
C. The digest command requires that the user supply a key. The mac command does
NOT. The digest command takes an input file, combines it with the key, and a variable
length digest is returned.
D. The mac command uses a distinct class of hash functions called MACs. A MAC
function combines the input file with a randomly generated salt, and returns a digest.
310-303
Answer: A,B
QUESTION 71
Before a security administrator modifies the default privilege list used for a SMF start or
stop method, it is important to first determine which privileges are actually needed by
that service. Which three utilities determine what privileges are used by a program or
service? (Choose three.)
A. truss
B. svcadm
C. ppriv
D. pfexec
E. dtrace
Answer: A,C,E
QUESTION 72
A security administrator has created these "Restricted Commands" rights profiles in the
/etc/security/exec_attr file that will be assigned to a number of application developers:
$ grep "^Restricted Commands" /etc/security/exec_attr
Restricted Commands:solaris:cmd:::/my/bin/progA:uid=yadm;gid=yadm
Restricted Commands:solaris:cmd:::/my/bin/progB:uid=vadm;gid=vadm
Restricted Commands:solaris:cmd:::/my/bin/progC:uid=oamd;gid=aadm
Restricted Commands:solaris:cmd:::/my/bin/progD:uid=nadm;gid=badm
Restricted Commands:solaris:cmd:::/my/bin/progD:uid=nadm;gid=cadm
Restricted Commands:solaris:cmd:::/my/bin/progD:uid=eadm;gid=eadm
Restricted Commands:solaris:cmd:::/my/bin/progD:
As what UID and GID will the command /my/bin/progD run when the command is
executed as followed by an application developer who has been assigned the "Restricted
Commands" rights profile?
A. UID nadm and GID cadm
B. UID and GID of the application developer
C. UID nadm and GID badm
D. UID eadm and GID eadm
Answer: C
QUESTION 73
A user tries to log in to a system using ssh and receives this message:
The authenticity of host 'example-01 (1.2.3.4)' can't be established. RSA key fingerprint
is 00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff. Are you sure you want to continue
(yes/no)?
Why is this message being generated?
310-303
A. example-01 has changed its host key since the last time the user has logged into the
system.
B. The ssh-agent command is not running on the client machine.
C. The user has entered an invalid password when trying to log into example-01.
D. The user has never logged into example-01.
Answer: D
QUESTION 74
On a system with these settings in audit_control:
dir:/var/audit
flags:lo,ex,nt
naflags:na
minfree:20
Which will NOT be a factor in the size of the audit trail generated by the system?
A. the settings in audit_event
B. the audit policy settings
C. the amount of memory in the system
D. the settings in audit_user
E. the number of active users
Answer: C
QUESTION 75
To harden a newly installed Solaris OS, an administrator is required to make sure that
syslogd is configured to NOT accept messages from the network. Which supported
method can be used to configure syslogd like this?
A. Edit /etc/rc2.d/S74syslog to start syslogd with the -t option.
B. Edit /lib/svc/method/system-log to set LOG_FROM_REMOTE=NO.
C. Edit /etc/default/syslogd to set LOG_FROM_REMOTE=NO.
D. Run svcadm disable -t svc:/network/system-log.
Answer: C
QUESTION 76
Which two features are implemented by the Solaris Kerberos service? (Choose two.)
A. single sign-on
B. public key cryptographic authentication
C. distributed authentication services
D. password confidentiality on the network
E. Federated Identity Management
Answer: A,D
310-303
QUESTION 77
In which Solaris OS subsystem is User Rights Management implemented?
A. Process Privileges
B. Role Based Access Control (RBAC)
C. Mandatory Access Control
D. Service Management Facility
E. Discretionary Access Control
Answer: B
QUESTION 78
Which is a basic privilege?
A. a privilege that applies to all processes in a basic zone
B. a privilege that cannot be taken away
C. a privilege that has traditionally been granted only to the super user
D. a privilege that has traditionally been granted to unprivileged processes
E. a privilege that is required to run the basic interpreter
Answer: D
QUESTION 79
Which statement is true about applying Solaris patches to zones?
A. You have to install a patch in each zone using zlogin.
B. Patches are NOT applicable to sparse root zones.
C. When you add a patch to the global zone, it is by default added to all non-global
zones.
D. Non-global zone administrators can install patches themselves.
E. The global zone administrator can only administer patches in the global zone.
Answer: C
QUESTION 80
The system administrator is required by the security policy to restrict the ability of users
to view other processes on the system. This needs to be done for all users on the system.
Which course of action should the administrator take?
A. Edit the file /etc/user_attr and add defaultpriv=basic,!proc_info for all users present in
the file.
B. Edit the file /etc/security/exec_attr and add
privs=basic,!proc_info to the "All" entry.
C. Edit the file /etc/security/prof_attr and add
privs=basic,!proc_info to the "Basic Solaris User" entry.
310-303
D. Edit the file /etc/security/policy.conf and create the following setting:
PRIV_DEFAULT=basic,!proc_info.
Answer: D
QUESTION 81
You are configuring a new system to be used as an intranet web server. After you have
installed the minimal amount of packages and patched the system, you added the
appropriate web server packages (SUNWapch2r and SUNWapch2u). By default, the web
server daemon will be started using UID webservd and the basic privilege set. To comply
with Certkiller .com's policy of least privilege, you need to minimize the privileges that
the web server will have. What will you modify to specify the privileges that the web
service will run with?
A. the privileges property of the web service in the SMF repository
B. the privs property of the web service in /etc/security/exec_attr
C. the defaultpriv setting of webserverd in /etc/user_attr
D. the PRIV_DEFAULT setting in /etc/security/policy.conf
Answer: A
QUESTION 82
You work as administrator at Certkiller .com. A single system must run a number of
different network services. Among them is a web server, a mail server, a DNS server, and
a MySQL database used by an e-commerce application. After several months of
successful operation, a compromise is discovered: an attacker exploited a vulnerability in
the mail server and ultimately obtained a root shell. However, none of the highly
sensitive personal information in the e-commerce database was compromised, nor was
the operation of the web server or DNS server affected.
How can this be?
A. An administrator had deployed IP Filter with an aggressive policy, blocking all
connections to non-essential ports.
B. A Certkiller .com system administrator deployed each service in its own non-global
zone.
C. Remote access to the system was only available through SSH using RSA public key
authentication, protecting users' credentials from eavesdroppers.
D. The system was deployed in a DMZ, sensibly segmented from the corporate intranet
by a packet filtering firewall.
Answer: B
QUESTION 83
A Solaris 10 system has IP Filter enabled and configured. A section of the
/etc/ipf/ipf.conf configuration file is reported below:
block return-rst in quick proto tcp from any to any port = 23 flags S
310-303
block return-icmp (port-unr) in proto udp from any to any port > 3000
Which two statements are true? (Choose two.)
A. The system does NOT return ICMP-type packets for UDP incoming connections
received on ports greater than 3000.
B. The system will block and replay with an ICMP port unreachable packet to UDP
connections received for ports greater than 3000.
C. The system will block incoming telnet connections and returns a TCP RST packet.
D. The system will block all incoming echo requests and replies with an ICMP port
unreachable packet.
E. The system blocks TCP RST packets.
Answer: B,C
QUESTION 84
A security administrator is required to periodically validate binaries against the Solaris
Fingerprint Database. While attempting to capture MD5 file signatures for key Solaris
OS files, the security administrator encounters the following error:
digest: no cryptographic provider was found for this algorithm -- md5
What command should the administrator use to help determine the cause of the problem?
A. cryptoadm
B. digest
C. crypt
D. openssl
E. kcfadm
Answer: A
QUESTION 85
Which are threats to electronic assets?
A. disclosure, software, loss, and trust
B. loss, security policy, trust, and modification
C. disclosure, modification, loss, and interruption
D. modification, trust, repudiation, and availability
Answer: C
QUESTION 86
You have a legacy non-privilege aware program which runs as root to be able to open a
privileged port. Now that you have upgraded the system to Solaris 10 you want to take
advantage of privileges. You can either run the program as root with fewer privileges, or
you can run the program as daemon with additional privileges. Why is it preferred to run
the program as daemon with added privileges?
310-303
A. root owns most of the system files.
B. root is not able to drop privileges.
C. daemon has preconfigured profiles for this kind of privileges.
D. root is able to regain dropped privileges using the ppriv command.
Answer: A
QUESTION 87
Click the Exhibit button.
What is the significance of the output generated by the jass-check-sum command?
A. The two files were archived since the last Solaris Security Toolkit run.
B. The two files were deleted since the last Solaris Security Toolkit run.
C. The two files were modified since the last Solaris Security Toolkit run.
D. The two files were created since the last Solaris Security Toolkit run.
Answer: C
QUESTION 88
Which two tasks does the Key Distribution Center (KDC) perform? (Choose two.)
A. issues service tickets
B. provides private sessions to services
C. issues ticket-granting-tickets
D. authenticates services
E. validates passwords sent in clear text
Answer: A,C
QUESTION 89
A Certkiller .com system administrator at home wants secure communication with
Certkiller .com's network through a VPN. Which step would accomplish this?
A. Configure IP Filter on the client.
310-303
B. Use ssh with port forwarding.
C. Configure IPsec in tunnel mode.
D. Configure IPsec in transport mode.
Answer: C
QUESTION 90
A security administrator is asked to create digests of some important files on a server.
The digests must be stored locally on the same server. Which command will allow the
administrator to create digests and assure that the digests have NOT been tampered with?
A. digest
B. cryptoadm
C. mac
D. elfsign
Answer: C
QUESTION 91
Traditionally, UNIX systems have allowed users to hard-link files of other users.
Certkiller .com's current policy disallows this, and you need to implement this change. In
the Solaris 10 OS, there is a special privilege that controls this particular capability: the
file_link_any privilege. Which statement is true?
A. You can NOT remove the privilege from the user's privilege sets because it is a basic
privilege.
B. You can remove the privilege from all users by editing /etc/security/policy.conf.
C. You can remove the privilege from all users by editing /etc/default/login.
D. You can remove the privilege from all users by assigning them a profile shell.
Answer: B
QUESTION 92
Which command is used to configure auditing to track all arguments to an executed
command?
A. auditconfig -setpolicy +cnt
B. audit -setpolicy -c ex
C. audit -c ex +argv
D. auditconfig -setpolicy +argv
Answer: D
QUESTION 93
DRAG DROP
You work as a security administrator at Certkiller .com. The security policy of
310-303
Certkiller .com specifies that all user home directories have to be audited for file integrity.
The security policy further specifies that user core files and user TEST directories do not
have to be checked.
Complete the Basic Audit and Report Tool (BART) IGNORE rule file to achieve the
above task.
Answer:
QUESTION 94
DRAG DROP
You work as a security administrator at Certkiller .com. You are required to put the
Naming services at the appropriate locations. You can use each one more than once.
310-303
Answer:
QUESTION 95
A large financial company, Certkiller .com, has run through their annual external security
audits. One section of the audit report handles password security. The auditors request to
change the system to allow account locking after three failed logins. They found that the
account locking feature was already enabled, but the accounts are locked after five failed
login attempts. There is a system default for the number of failed login attempts before
the account is locked. Which is the correct place to set a new system-wide default?
A. /etc/default/passwd
B. /etc/default/login
C. /etc/security/policy.conf
D. /etc/user_attr
E. /etc/system
Answer: B
QUESTION 96
Which command sequence would you use to verify that the public key is synchronized
between security associations (SA)?
A. Execute ipsecalgs -l on the local system, and ipsecalgs -s on the remote system.
B. Execute ipsecconf -f on the local system, and ipsecconf -l on the remote system.
C. Execute ikecert certdb -l on the local system, and ikecert certlocal -l on the remote
system.
D. Execute ipsecconf -l on the local system, and ipsecconf -f on the remote system.
Answer: C
QUESTION 97
Your employer Certkiller .com has acquired a number of systems as a part of an
acquisition of another company. You suspect that a number of the systems might have
been hacked, so you want to remove any malicious software that might have been
installed by the hacker. The systems have not previously had the Solaris Security Toolkit
310-303
software used on them. Which would remove any software installed by the hacker?
A. Run Solaris Security Toolkit in audit mode, and remove anything it detects.
B. Boot the system from CD-ROM and run Solaris Security Toolkit in standalone mode.
C. Reinstall Solaris on the system, and run Solaris Security Toolkit after installation.
D. Run Solaris Security Toolkit with the undo option, and then re-run it in normal mode.
Answer: C
QUESTION 98
The Internet Key Exchange (IKE) protocol is defined in RFC 2409. What describes what
this protocol is responsible for implementing?
A. exchange of SSH public keys between hosts
B. automating key exchange for all network services
C. exchange of IPsec keys between hosts
D. exchange of SSH private keys between hosts
E. used for Multi-Data Transmission (MDT)
Answer: C
QUESTION 99
A Certkiller .com system administrator suspects that /etc/passwd or /etc/shadow has been
modified without proper authorization. Which two methods or programs can be used to
find out whether that happened? (Choose two.)
A. pkgchk
B. bart
C. the Solaris Fingerprint Database
D. pwdsign
E. file system backups
Answer: B,E
QUESTION 100
Which statement concerning the output of a Solaris Security Toolkit run is true?
A. Output can be sent to the terminal, sent as an email message, and sent to a log file.
B. Output can be sent as an email message, sent to a log file, and sent to Solaris auditing.
C. Output can be sent to the terminal, sent as an SNMP trap, and sent to the syslog
facility.
D. Output can be sent to the terminal, sent to a log file, and sent as a system event.
E. Output can be sent to the terminal, sent to the syslog facility, and sent to a log file.
Answer: A
310-303
QUESTION 101
Solaris 10 provides password history checking out of the box. Which name services
currently support this feature?
A. NIS+
B. Kerberos
C. local files
D. NIS
Answer: C
QUESTION 102
You notice that the following line has been added to /etc/passwd:
admin:x:0:0:Administrator:/:/bin/sh
To figure out when this file was changed, you look at the file creation date, but based on
that information, the file hasn't been touched since the system was installed. You look at
the audit logs for this system and find the three records that are shown in the Exhibit.
What happened?
A. User foo used su to become root, changed /etc/passwd, and set the date of that file to
05/05/05.
B. User root changed /etc/passwd after setting the system date to 05/05/05.
C. User root changed /etc/passwd and set the date of that file to 05/05/05.
D. User foo used su to become root and changed /etc/passwd after setting the system date
to 05/05/05.
Answer: D
310-303
QUESTION 103
Which describes the capabilities of the crypt command?
A. It uses the 3DES encryption algorithm, which uses a 168-bit key.
B. It uses a weaker encryption algorithm than DES.
C. It uses the DES encryption algorithm, which uses a 64-bit key.
D. It uses the AES encryption algorithm, which uses a 128-bit key.
Answer: B
QUESTION 104
The security administrator wants to log all changes that are made to the device policy.
Which Solaris 10 subsystem will be used to log changes to the device policy?
A. Fault Manager
B. Solaris Auditing
C. System Event facility
D. syslog facility
Answer: B
QUESTION 105
Certkiller .com wants to deploy a third party network monitoring tool. A requirement for
deploying this tool is that it runs with as few privileges as possible. The tool needs access
to /dev/ip which is listed as:
crw-rw-rw- 1 root sys 3, 0 Jun 5 09:11 /dev/ip
When the tool is run as the unprivileged user monitor, it fails to open /dev/ip. How do
you find out what privileges are needed?
A. Look at monitor's authorizations with auths monitor.
B. Look at the device policy for /dev/ip.
C. Run the tool as root.
D. Look at /dev/loginperm.
Answer: B
QUESTION 106
By default, what are two benefits of enabling Solaris Auditing in the global zone on a
system where non-global zones (NGZ) have been deployed? (Choose two.)
A. Individual NGZ audit logs are accessible from within the NGZ.
B. Audit configuration settings cannot be changed inside of an NGZ.
C. Audit daemons are started within each of the running NGZ.
D. No one within an NGZ can modify the audit logs for that NGZ.
310-303
Answer: B,D
QUESTION 107
To improve accountability on a Solaris system, the security administrator decides to
configure the root account to be a Solaris role. What are two considerations that the
security administrator should understand before making this change? (Choose two.)
A. Scheduled cron jobs for the root role will no longer run.
B. Only authorized users will be able to access root.
C. New privileges will need to be assigned to the root role.
D. root will no longer be able to use the su command.
E. root will no longer be able to log in at the system console.
Answer: B,E
QUESTION 108
During a recent security audit, it was noted that a number of users within an organization
regularly share their password details with other users, even though this is specifically
forbidden in the Security Policy. Which step can be taken to reduce the incidence of
password sharing?
A. migrate all authentication to an LDAP server with SASL
B. educate users that sharing passwords is against policy
C. enable strict password enforcement using Kerberos
D. enable Solaris auditing to audit the lo (login, logout) class
E. configure PAM to disable sharing of accounts
Answer: B
QUESTION 109
What is the purpose of the Solaris cryptographic framework metaslot?
A. It is an interface to connect to any available cryptographic service.
B. It is a library to limit algorithms based on export control laws.
C. It is a door-based interface to the kernel cryptographic services.
D. It is a storage facility for all of the encryption algorithms.
E. It is a pointer to the next available cryptographic token slot.
Answer: A
QUESTION 110
A security administrator creates a directory called prevoy with the following access
control policy:
$ getfacl prevoy
# file: prevoy
310-303
# owner: secadm
# group: secadm
user::rwx group::r-x #effective:r-x
mask:r-x
other:r-x
default:user::r-default:user:sysadm:rwdefault:
group::r-default:group:sysadm:rwdefault:
mask:rwx
default:other:--Into this directory, the security administrator creates a file called secrets. The ls
command reports the following for the prevoy directory and secrets file:
$ ls -ld . secrets
drwxr-xr-x+ 2 secadm secadm 512 Jun 6 16:38 .
-r--r-----+ 1 secadm secadm 0 Jun 6 16:38 secrets
Which two actions can be successfully taken by the sysadm role? (Choose two.)
A. The sysadm role can remove the secrets file.
B. The sysadm role can read the secrets file.
C. The sysadm role can write to the secrets file.
D. The sysadm role can change the Access Control Lists of the prevoy directory.
E. The sysadm role can create new files under the prevoy directory.
Answer: B,C
QUESTION 111
In which Solaris 10 subsystem is Process Rights Management implemented?
A. Process Accounting
B. Mandatory Access Control
C. Process Privileges
D. Discretionary Access Control
E. Process Access Control
Answer: C
QUESTION 112
One step in the hardening process is to examine the user accounts and determine what
steps need to be taken to tighten access to the system. As part of this process, an
administrator executes the command passwd -sa.
Which three statements are true about the configured accounts? (Choose three.)
310-303
A. User uucp can NOT run cron jobs.

B. User webservd can NOT run cronjobs.
C. User charlie has no password set.
D. User uucp can run cron jobs.
E. User charlie is NOT in production.
F. User webservd can run cron jobs.
Answer: B,C,D
QUESTION 113
A user needs to be able to mount the file system located on a USB memory stick on a
workstation. How can you allow the user to mount and unmount this file system when
required?
A. Enable and configure the automount daemon (automountd).
B. Enable and configure the volume management daemon (vold).
C. Give the user write access to /etc/mnttab.
D. Assign the user the sys_mount privilege for the file system.
E. Give the user write access to /etc/vfstab.
Answer: B
QUESTION 114
Which two sources of keying material are available for use with IPsec? (Choose two.)
A. /dev/mem
B. /dev/urandom
C. /dev/kmem
D. /dev/crypto
E. /dev/random
Answer: B,E
310-303
QUESTION 115
An Internet service provider is offering shell accounts on their systems. As a special
service, customers can also apply for a root account to get their own virtual machine. The
provider has implemented this by using zones, and the customers get root access to the
non-global zone. One of their customers is developing cryptographic software and is
using the ISP machine for testing newly developed Solaris crypto providers. What kind
of testing is available to this developer?
A. The developer is able to test newly developed user-level providers.
B. The developer is able to do the same tests as if developing as root in the global zone.
C. The developer is able to test newly developed kernel software providers.
D. The developer can NOT test newly developed providers in a non-global zone.
Answer: A
QUESTION 116
Given a fresh new installation of a Solaris 10 system from a genuine DVD media kit, the
output of the command shown in the Exhibit fails to verify the /bin/bart elf binary file.
Assuming that the binary file is genuine, what is incorrect with the command?
A. The certificate is expired.

B. None of the elf binary files in Solaris 10 are signed.
C. The command given does NOT verify, but instead signs elf binary files.
D. The key word verify is in the wrong place.
E. The path of the certificate is NOT correct.
Answer: E
QUESTION 117
Given the command reported in /etc/dfs/dfstab from a system export:
share -F nfs rw= Certkiller ,root= Certkiller ,ro /export
310-303
Who can write to this file system?
A. the root user on systems Certkiller and ro
B. all users on system Certkiller
C. the root user on system Certkiller
D. all users on systems that have mounted this file system
Answer: B
QUESTION 118
Which two message digest algorithms are shipped with Solaris 10, unmodified? (Choose
two.)
A. sha1_hmac
B. sha256_mac
C. md5_hmac
D. 3des_mac
E. aes_hmac
Answer: A,C
QUESTION 119
To allow a legacy system to connect to one of your hosts, you are required to enable
remote login (rlogin) connections. However, you wish to disable the ability for users to
use .rhosts files to allow password-less logins.
You have enabled rlogin connections by running the following command:
# svcadm enable network/login:rlogin
Which file do you need to modify to disable the use of .rhosts files?
A. /etc/pam.conf
B. /etc/default/login
C. /etc/default/rlogin
D. /etc/inet/inetd.conf
Answer: A
QUESTION 120
DRAG DROP
You are required to put the Cryptographic Providers at the appropriate locations.
310-303
Answer:
QUESTION 121
After minimizing and hardening a system, application software was installed but could
not run. The administrator already found that /usr/lib/libz.so.1 is missing on the system.
The package containing this library needs to be installed, but the administrator does not
know the name of the corresponding package.The system is booted from the installed OS
and the installation media is mounted. Which command can be used to find the name of
the package which needs to be installed?
A. find Solaris_10 -name libz.so.1 -print
B. grep libz.so.1 Solaris_10/Product/*/pkgmap
C. grep libz.so.1 Solaris_10/Product/.clustertoc
D. grep libz.so.1 /var/sadm/install/contents
Answer: B
QUESTION 122
During a recent Solaris security assessment, a security administrator found a directory on
a local UFS file system that contained the following files:
$ ls -@
total 7200
-rwxr-----+ 1 webadm webadm 1048576 Jun 6 15:34 bar
-rw---l--- 1 webadm webadm 512000 Jun 6 15:35 baz
-rw-------@ 1 webadm webadm 2097152 Jun 6 15:34 Certkiller
What is the meaning of the @ symbol associated with file Certkiller ?
310-303
A. The file has the sticky bit set.
B. The file has at least one access control list defined.
C. The file has permissions with an undefined bit state.
D. The file is configured for mandatory locking.
E. The file contains extended file attributes.
Answer: E
QUESTION 123
The security group is testing software in a special lab which is configured in the same
secure way as the production servers. Some of the tested code might even be malicious.
Due to budget restrictions, the available lab systems for these tests have been reduced to
only three remaining systems. The system administrator is responsible for quickly
reinstalling these systems over and over again. What way is most efficient to reliably
accomplish this task?
A. Use compressed flash archives.
B. Use a checklist for installation with local media.
C. Use JumpStart with the Solaris Security Toolkit (SST).
D. Use UFS snapshots and rollback as needed.
Answer: A
QUESTION 124
Which naming service does NOT support password expiration?
A. files
B. NIS
C. LDAP
D. NIS+
Answer: B
QUESTION 125
Which two statements regarding patching are correct? (Choose two.)
A. A patching strategy should form part of your security policy.
B. Minimizing a system can reduce the time required to apply patches.
C. Only security patches should ever be installed on a secure system.
D. Hardening a system can reduce the time required to apply patches.
E. All patches should be installed as soon as possible after they are released.
Answer: A,B
QUESTION 126
Which command lists the hash of the local system's public key?
310-303
A. ikecert certrldb -l
B. ikecert certlocal -l
C. ikecert certdb -l
D. ikecert certdb -l local
Answer: C
QUESTION 127
After returning from training, the security administrator is getting asked by his coworkers
about the features of Solaris auditing. He starts with some basic information. Which three
statements are correct? (Choose three.)
A. Auditing can be configured for each zone.
B. Auditing can be configured for each individual file.
C. Auditing can be used to record logins and logouts.
D. Auditing can be configured for an individual user.
E. Auditing is a new feature of Solaris 10.
Answer: A,C,D
QUESTION 128
A security administrator has been asked to construct a Solaris Security Toolkit security
profile (that is, driver) to enable Solaris Auditing. If the security administrator starts with
the secure.driver profile, which Finish script must be added to enable Solaris Auditing?
A. install-bsm.fin
B. install-auditing.fin
C. enable-auditing.fin
D. enable-bsm.fin
Answer: D
QUESTION 129
DRAG DROP
You are required to put the Solaris facilites at the appropriate locations.
310-303
Answer:
QUESTION 130
A security administrator has a requirement to deploy the Solaris Security Toolkit onto all
Solaris servers in the department. In this environment, there are a variety of platforms
and operating system versions deployed. Onto which two platforms and operating system
combinations can the Solaris Security Toolkit be deployed in a supported configuration?
(Choose two.)
A. x64, Solaris 9
B. x86, Solaris 2.4
C. SPARC, Solaris 8
D. SPARC, Solaris 2.6
E. x86, Solaris 10
Answer: C,E
QUESTION 131
Which three items are the most relevant when trying to prevent resource exhaustion
attacks? (Choose three.)
A. signals
310-303
B. zones
C. resource controls
D. pools
E. groups
F. projects
Answer: C,D,F
QUESTION 132
A new security related patch has been released for the Solaris OS. This patch needs to be
applied to the system that functions as your web server. The web server is configured to
run in a non-global zone. Can you just use patchadd to apply the patch to the global zone
to update the web server zone?
A. Yes, but you must make sure that the web server zone is booted first.
B. Yes, patches will be automatically applied to all zones.
C. No, you need to shut down the web server zone first.
D. No, you need to apply the patch to the web server zone separately.
Answer: B
QUESTION 133
A system is configured to automatically lock accounts after a number of failed login
attempts. This was done by enabling the feature globally
(LOCK_AFTER_RETRIES=YES) without any further changes. Is the root user also
affected by the account locking?
A. By default, root is excluded from automatic account locking.
B. The /etc/shadow entry for the root user has the value -1 for failed login attempts,
which causes this account to never be locked.
C. root can always log in on the console, whether it is locked or not.
D. The framework ensures that root can never be automatically locked.
Answer: A
QUESTION 134
Certkiller .com security policy now requires very detailed auditing of all actions. This
includes capturing all executed commands together with their arguments and the
environment variables.
After activating auditing on all Solaris 10 systems, the security auditor complains about
having to check the audit trail on each individual host. He asks for a central place to
capture all audit trails.
Using standard Solaris 10 security features, which is a solution to this problem?
A. Configure auditd to store the audit trail using LDAP in a central directory.
B. Configure auditd to store the audit trail using NFS on a central server.
310-303
C. Configure auditd to send email with the events.
D. Configure auditd to send the output using syslog to a central loghost.
Answer: B
QUESTION 135
A Certkiller .com system administrator receives a critical security alert which includes a
reference to a fix implemented in an operating system patch. Which two statements
describe possible patching methods? (Choose two.)
A. Use patchadd to download, verify, and install the patch.
B. Use smpatch to download the patch, download and install the Root CA certificate,
analyze the patch for compatibility with the system, and verify and install the patch.
C. Use smpatch to download, verify, and install the patch.
D. Use svcadm to refresh the network/smpatch service. The patch will download and
install in the background.
E. Use pkgadm to download the patch, download and install the Root CA certificate, and
verify and install the patch.
Answer: A,C
QUESTION 136
Due to a new application requirement, on a Solaris 10 system, the ordinary user admin
has to create directories on the root file system.
The superuser has given a rights profile to the admin user as shown below:
# grep admin /etc/user_attr
admin::::type=normal;profiles=File System Management
Which command should the user admin execute to create the /log directory on the root
file system?
A. sh mkdir /log
B. pfexec mkdir /log
C. pfsh mkdir /log
D. exec mkdir /log
Answer: B
QUESTION 137
An application that you are installing needs to be able to run the snoop command, which
normally requires root access. Which two Solaris features could you use to allow this
application to run without giving it full root access to your system? (Choose two.)
A. Kerberos-enabled snoop
C. Solaris Zones
D. Trusted Extensions snoop
310-303
E. Process Rights Management
Answer: B,E
QUESTION 138
Which two statements are true about roles in the Solaris 10 OS? (Choose two.)
A. rolemod can be used to allow roles to access other roles.
B. su is the only way that a user can assume a role.
C. Roles require the use of passwords for authentication.
D. Roles can only be assumed by authorized users.
E. Roles do NOT have their own UID, GID, or home directory.
Answer: B,D
QUESTION 139
The development group would like to secure their network with IPsec. The number of
hosts changes frequently, and they do not want to maintain preshared keys manually. The
solution is to use IPsec with IKE and public keys. Which command is used to generate
the IKE public/private key pair?
A. cryptoadm
B. ikecert
C. ipseckey
D. ikeadm
E. ipsecconf
Answer: B
QUESTION 140
A startup company suspects that one of its sales people is accessing confidential research
and development files, which are kept on a Solaris 10 system, and leaking their contents
to the press. Which measure can the system administrator put in place to detect this
activity?
A. Process Accounting
C. Basic Audit and Report Tool (BART)
D. Solaris Auditing
E. File Access Control Lists
Answer: D
QUESTION 141
Which option is used in /etc/vfstab to limit the size of a tmpfs file system to 512MB to
prevent a memory denial of service (DoS)?
310-303
A. size=512m
B. minsize=512
C. swapfs=512mb
D. maxsize=512
Answer: A
QUESTION 142
Due to changes to the security policy of Certkiller .com, access restriction must be applied
to systems. The changes specify that access to systems through the ftp protocol is NOT
allowed according to the Human Resources department, which has the 10.10.10.0/24
address space assigned. TCP wrappers have been enabled for the ftp daemon, and these
files have been configured:
# cat /etc/hosts.allow
in.ftpd: ALL
# cat /etc/hosts.deny
in.ftpd: 10.10.10.0/24
Despite the implemented configuration, Human Resources is still able to access systems
through the ftp protocol. What action must be taken?
A. The ftp daemon must be restarted.
B. The entry in the hosts.deny file is wrong and must be changed.
C. The entry in the hosts.allow file is wrong and must be changed.
D. The inetd daemon must be restarted.
Answer: C
QUESTION 143
Company policy dictates that offsite backups need to be encrypted with 256-bit keys. The
infrastructure is in place, so all the administrator must do is select which algorithm to use
for this operation. Which two algoritms can the administrator choose? (Choose two.)
A. DES
B. MD5
C. arcfour
D. AES
E. 3DES
F. SHA1
Answer: C,D
QUESTION 144
The Solaris 10 cryptographic framework provides user-level commands to encrypt files.
A combination of commands is reported below:
# tar cvf - /data | encrypt -a arcfour -k /tmp/key -o /tmp/backup
310-303
Which two statements are true? (Choose two.)
A. The key can NOT be a file.
B. The /data directory is backed up and encrypted.
C. arcfour is NOT a valid encryption algorithm.
D. The backup will be an encrypted file.
E. The tar command invocation is NOT correct.
Answer: B,D
QUESTION 145
Based on this output from verifying a signed patch, which statement is correct?
A. The patch is correctly signed.

B. The patch signature is invalid, because NOT all files are signed.
C. The patch signature manifest is invalid.
D. The patch signature hash was NOT supplied.
Answer: A
QUESTION 146
Which is a security concern when using IPsec encrypted tunnels?
A. attacker's actions may be concealed
B. data may be encrypted twice
C. compatibility problems with client-side applications
D. incompatible IPsec vendor applications
310-303
Answer: A
QUESTION 147
Two administrators are trying to figure out how to implement encryption within a small
network consisting of five machines. The requirement is to keep all the traffic between
the nodes within that network private. They could not agree on a solution, because they
are not sure what options are available. Which technology will solve their problem?
A. Kerberos
B. SSH
C. IP Filter
D. IPsec
Answer: D
QUESTION 148
Which action can a Certkiller .com system administrator with the
solaris.smf.modify.sendmail authorization execute?
A. svccfg -s sendmail listprop
B. svcadm disable sendmail
C. svcadm refresh sendmail
D. svcadm enable sendmail
Answer: A
QUESTION 149
You decided it was worth maintaining an extremely paranoid policy when configuring
your firewall rules. Therefore, you had your management approve the implementation of
a security policy stance to deny all inbound connection requests to your corporate
network. How is it possible that you still suffer from remote exploits that your
adversaries are using to obtain interactive sessions inside your firewall?
A. Internal software may be vulnerable.
B. TCP splicing is easy to do.
C. ICMP hijacking attacks can still succeed through any firewall.
D. UDP vulnerabilities are well-known and exploited.
Answer: A
QUESTION 150
An adminstrator has designed a system as an Internet proxy server. This system has been
installed with packages that support the proxy software and secure administration. All
other packages have been removed from the system. Which statement describes the
system installation?
310-303
A. This system has been installed using strict minimization.

B. This system has been installed using loose minimization.
C. This system has been hardened.
D. This system has a standard installation metacluster.
Answer: A
QUESTION 151
The security administrator has created a Basic Audit and Report Tool (BART) control
manifest for the /etc directory. A test manifest is created about one hour later, and the two
manifests are compared. The administrator checks all attributes for the files in /etc.
Which event will NOT be reported by comparing the two manifests with BART?
A. A file was examined using vi, edited, restored to original, and saved.
B. Permissions on a file were changed.
C. A file link was removed.
D. Permissions on a file were changed and then restored.
E. A file was added to the directory.
Answer: D
QUESTION 152
Which two statements are true when applying the Solaris Security Toolkit software to a
system with non-global zones installed? (Choose two.)
A. Running processes in a non-global zone are included in a global zone Solaris Security
Toolkit audit run.
B. Some Solaris Security Toolkit scripts are NOT relevant to the non-global zone.
C. The Solaris Security Toolkit undo option must be executed from the global zone.
D. Applying Solaris Security Toolkit to a non-global zone has no affect on the global
zone.
E. Solaris Security Toolkit will automatically configure services in the global zone when
applied to the non-global zone.
Answer: B,D
QUESTION 153
The svcs output of a system lists this service:
legacy_run Jan_30 lrc:/etc/rc3_d/S52imq
If the system administrator wants this service to be disabled permanently, which action
needs to be taken?
A. The system administrator needs to inspect the start script and check for a
service-specific way to disable the service.
B. The system administrator can NOT disable any services which are started through
310-303
legacy /etc/init.d scripts.
C. svcadm disable lrc:/etc/rc3_d/S52imq
D. /etc/init.d/imq stop
E. /etc/init.d/imq disable
Answer: A
QUESTION 154
You are administering a consolidated system with many zones, and have been asked to
enable auditing. What must you do, after auditing has been enabled, to be able to
distinguish between the audit events from different zones in the global zone's audit trail?
A. Use the +zonename audit policy in the global zone.
B. Use the +perzone audit policy in the global zone.
C. Start auditd in each local zone.
D. Update audit_control in each local zone to include the zone name.
Answer: A
QUESTION 155
A security administrator has a requirement to help configure and deploy a new server.
What are two security tasks that the security administrator should perform? (Choose
two.)
A. Configure network interfaces and routing information.
B. Configure the server to use LDAP for authentication.
C. Install a DTrace probe to capture the use of privileges.
D. Disable any network services that are NOT being used.
E. Apply software patches to correct security vulnerabilities.
Answer: D,E
QUESTION 156
A security administrator has a requirement to identify that changes have been made to
files under a specific set of directories. This requirement indicates that the control should
check for changes to file ownership, permissions, and content. What would best meet the
needs of the security administrator?
A. Basic Audit and Report Tool (BART)
B. Solaris Security Toolkit
C. File Alteration Monitor
D. Process Accounting
E. Solaris Auditing
Answer: A
310-303
QUESTION 157
How would you configure auditing to identify when an attacker has removed audit
records?
A. Execute the command bsmconv +cnt and reboot.
B. auditconfig -setpolicy +seq should be added to /etc/security/audit_startup.
C. auditconfig -setpolicy +cnt should be added to /etc/security/audit_startup.
D. Audit records already have sequence numbers by default.
Answer: B
QUESTION 158
A web server administrator must configure an Apache 2 web server to start as the user
webservd. The web server administrator has been assigned the "Service Operator" rights
profile. While attempting to set the SMF service property start/user, the web server
administrator receives the following error message:
$ /usr/sbin/svccfg -s svc:/network/http:apache2
svc:/network/http:apache2> setprop start/user = astring: webservd
Permission Denied.
Why does this error occur?
A. The start/user property does NOT exist for the Apache 2 service.
B. The administrator needs the solaris.smf.manage authorization.
C. The Apache 2 web server must be started only as root.
D. Only the superuser is permitted to change SMF property values.
Answer: B
QUESTION 159
You have been asked to let your manager's children run their homework assignments on
one of the servers you administer.
You have been promised that it will not impact the overall performance of the server, but
you aren't sure, so you want to track how many resources they use.
After you have created a new user called kids and assigned a new project called
homework to the user, what do you need to do to gather the resource usage information?
A. Use the poolcfg command to assign the homework project to a resource pool.
B. Use the rctladm command to enable the syslog action for the homework project.
C. Enable Solaris Auditing for the kids user.
D. Use the acctadm command to enable extended accounting for tasks.
Answer: D
QUESTION 160
The Exhibit shows the contents of a file named rule, and the output of a Basic Audit and
310-303
Report Tool (BART) command. The purpose of the command is to create a manifest file
of the directory /opt/SUNWrtvc, but unfortunately the command did not succeed.
What caused the error from BART?
A. BART creates only manifest files for the entire system.

B. The -r rule option has to be removed from the command.
C. The subcommand create has to be removed from the command.
D. The -R /opt option has to be removed from the command.
Answer: D
QUESTION 161
You have taken over administration of a web server which is connected to the Internet.
The server was installed using a minimized installation of Solaris, and has been hardened
using the Solaris Security Toolkit. Which statement is correct?
A. smpatch can be used to apply relevant patches.
B. Only the kernel patch is required, because it has been minimized.
C. Solaris Security Toolkit will apply new patches as required.
D. Regular patching of the system is NOT required, because it has been hardened.
Answer: A
QUESTION 162
After a recent audit, you have been requested to minimize an existing Solaris system
which runs a third party database application. Which two should you do before starting to
minimize the system? (Choose two.)
A. Install the SUNWrnet metacluster.
B. Remove any unneeded packages.
C. Confirm with the vendor of the database software that they support minimization.
D. Back up the system.
E. Remove any unneeded patches.
Answer: C,D
310-303
QUESTION 163
What is the minimum requirement to be able to use Solaris zones?
A. Solaris zones require a network interface.
B. Solaris zones require a SPARC system.
C. Solaris zones require the SUNWCuser metacluster.
D. Solaris zones require the fair share sheduler (FSS).
E. Solaris zones require at least two CPUs (or two cores).
Answer: C
QUESTION 164
Which two are concerned with security threats? (Choose two.)
A. performance
B. confidentiality
C. integrity
D. scalability
Answer: B,C
QUESTION 165
A Certkiller .com system administrator needs to minimize a freshly installed Solaris
system. After verifying that the correct metacluster is installed, the administrator tries to
further minimize the number of installed set-uid binaries. After inspection, the
administrator finds a number of printing related binaries, reviewing the relevant contents
of the /var/sadm/install/contents file.
What is the correct command to remove these set-uid binaries in a supported way?
A. chmod u-s /usr/bin/cancel /usr/bin/lp /usr/bin/lpset /usr/bin/lpstat /usr/bin/lpmove

B. chmod u-x /usr/bin/cancel /usr/bin/lp /usr/bin/lpset /usr/bin/lpstat /usr/bin/lpmove
C. pkgrm SUNWpcu
D. rm /usr/bin/cancel /usr/bin/lp /usr/bin/lpset /usr/bin/lpstat /usr/bin/lpmove
Answer: C
QUESTION 166
Certkiller .com has produced several inhouse applications that have to deal with
310-303
authentication using passwords. The Solaris systems have been reconfigured to use the
password history checking option. What is the impact of this change for their
applications?
A. Only privilege aware applications will benefit from the password history checking.
B. Applications which use the PAM framework will automatically use password history
checking.
C. All applications automatically benefit from the new password history checking.
D. Every application has to be changed to call the new functions for password history
checking.
Answer: B
QUESTION 167
A security administrator needs to configure a Solaris system to act as a firewall between
Certkiller .com's corporate network and the Internet, using Solaris IP Filter software to
control the traffic passing between these two networks. Which is an efficient way to limit
the software that can be run on this system?
A. Use the Solaris Security Toolkit and allow it to automatically minimize the system.
B. Use IPsec to limit execution of non-system binaries.
C. Install Solaris using the Reduced Networking Core System Metacluster and add any
extra required packages.
D. Install Solaris using the Entire Distribution Metacluster, and remove any unneeded
packages.
Answer: C
QUESTION 168
After receiving the results from a recent security compliance evaluation, a security
administrator was told to ensure that every user has to change their password regularly.
After enabling password aging in the /etc/default/passwd file, the security administrator
finds that existing local users are still not being forced to change their password. What is
the reason for this?
A. The password aging capability does NOT apply to local users.
B. Password aging is made active after a user's next password change.
C. Users have disabled password aging for their own accounts.
D. The /etc/default/passwd file is NOT consulted for password aging.
E. The /etc/user_attr file has been configured to prevent password aging.
Answer: B
QUESTION 169
An administrator has applied patch 120543-02 to a server. Unfortunately, this patch is
causing compatibility problems with one of the core applications running on that server.
310-303
The patch needs to be backed out to solve the application problems. Which command
performs the uninstallation of this patch?
A. rm -rf /var/sadm/patch/120543-02
B. smpatch remove -i 120543-02
C. patchremove 120543-02
D. patchadm -d 120543-02
E. pkgrm 120543-02
Answer: B
QUESTION 170
A user that you are investigating is logged in on a system with auditing enabled. The user
is running vi, and you need to log which files the user is accessing. Unfortunately, the fr
class is not audited, so you want to explicitly alter the audit pre-selection mask for this vi
process. Which command allows you to do that?
A. auditconfig
B. audit
C. svccfg
D. bsmconv
Answer: A
QUESTION 171
Which item in the list would be specifically required for a VPN compared to a mode
without encryption?
A. Authentication Header (AH)
B. Encapsulating Security Payload (ESP)
C. Internet Key Exchange (IKE)
D. Streams Control Transmission Protocol (SCTP)
Answer: B
QUESTION 172
The security policy of Certkiller .com specifies that systems have to be hardened. In
which case do systems have to be re-hardened?
A. after a backup
B. after auditing
C. after a reboot
D. after patching
Answer: D
310-303
QUESTION 173
Solaris Auditing supports the selective logging of which two kinds of events? (Choose
two.)
A. selected users making outbound network connections
B. access to selected files by all users
C. file access by selected users
D. password changes which do not meet the system password policy
Answer: A,C
QUESTION 174
Which IPsec mechanism provides confidentiality for network traffic?
A. IKE
B. SKIP
C. AH
D. ESP
Answer: D
QUESTION 175
Given:
<record version="2" event="system booted" modifier="na"
iso8601="2006-06-05 22:52:15.972 +02:00">
<text>booting kernel</text>
</record>
Which feature of Solaris has generated the record?
A. Service Management Facility
B. Basic Audit and Report Tool (BART)
C. Solaris Boot Manager
D. Solaris syslog daemon
E. Solaris Auditing
Answer: E
QUESTION 176
DRAG DROP
You are required to put the Security Toolkit parameters at the appropriate locations.
310-303
Answer:
QUESTION 177
In which location is the signature for a signed binary found?
A. the ELF header
B. a trailer attached to the file
C. created and stored in memory at system boot
D. stored in a system database
E. added to the binary at compile time
Answer: A
QUESTION 178
Certkiller .com has activated auditing on all of their systems. The default destination
directory for the audit trail is /var/audit on each system. In the past few weeks, they had
problems with one of the systems acting as a print server.
A user sent a large print job, which caused /var on the print server to become full. As a
result, auditing was no longer working.
They changed the /etc/security/audit_control file to include a second destination directory
(using the dir: keyword).
When will the audit subsystem switch from the first directory to the second configured
directory?
310-303
A. when the first directory has less than minfree percent free
B. when the first directory is full
C. auditd will use both directories in round-robin and switch after writing a complete
audit event record.
D. depends on the configuration of /etc/logadm.conf
E. after 24 hours
Answer: A
QUESTION 179
You want to know when, by whom, and how privileges are used on one of your systems.
How can you get that information?
A. by enabling Solaris Auditing
B. by adding an audit.debug entry in /etc/syslog.conf
C. by using the ppriv command
D. by creating the file /etc/priv_debug
Answer: A
QUESTION 180
As part of the normal deployment process, a security administrator is required to verify
the security configuration of a new Solaris 10 zone before it can be put into production.
Using the Solaris Security Toolkit, the security administrator will verify the zone's
configuration against the corporate baseline, baseline.driver. Which command line will
the security administrator use to verify the zone named yennov?
A. jass-execute -z yennov -a baseline.driver
B. chroot /export/yennov/root jass-execute -a baseline.driver
C. jass-execute -R /export/yennov/root -a baseline.driver
D. zlogin yennov jass-execute -a baseline.driver
Answer: D
QUESTION 181
Which prints out all world-writable files?
A. find / -perm -a=w -print
B. find / -perm -a=777 -print
C. find / -perm -u=w -print
D. find / -perm -o=w -print
Answer: D
QUESTION 182
In which two ways can a service administrator specify the privilege set of a particular
310-303
service in the Service Management Facility? (Choose two.)
A. Set this using the svcs command.
B. Modify the privilege set using svccfg.
C. Change the privilege set by using svcprop.
D. Import an updated service manifest.
Answer: B,D

310-303 - Scseca - Solaris 10

Загружено:

Сведения о документе

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

310-303 - Scseca - Solaris 10

Загружено:

Авторское право:

Доступные форматы

Exam : 310-303

: Sun Certified Security Administrator

Actualtests.com - The Power of Knowing

Actualtests.com - The Power of Knowing

Actualtests.com - The Power of Knowing

Actualtests.com - The Power of Knowing

Actualtests.com - The Power of Knowing

Actualtests.com - The Power of Knowing

Actualtests.com - The Power of Knowing

A. before the line containing pam_authtok_check.so.1

Actualtests.com - The Power of Knowing

Actualtests.com - The Power of Knowing

Actualtests.com - The Power of Knowing

Actualtests.com - The Power of Knowing

Actualtests.com - The Power of Knowing

Actualtests.com - The Power of Knowing

Actualtests.com - The Power of Knowing

Actualtests.com - The Power of Knowing

Actualtests.com - The Power of Knowing

Actualtests.com - The Power of Knowing

A. User uucp can NOT run cron jobs.

Actualtests.com - The Power of Knowing

A. The certificate is expired.

Actualtests.com - The Power of Knowing

Actualtests.com - The Power of Knowing

A. The patch is correctly signed.

Actualtests.com - The Power of Knowing

A. This system has been installed using strict minimization.

Actualtests.com - The Power of Knowing

A. BART creates only manifest files for the entire system.

A. chmod u-s /usr/bin/cancel /usr/bin/lp /usr/bin/lpset /usr/bin/lpstat /usr/bin/lpmove

Actualtests.com - The Power of Knowing

Actualtests.com - The Power of Knowing

Actualtests.com - The Power of Knowing

Actualtests.com - The Power of Knowing

Вам также может понравиться