Upgrade to Oracle Solaris 11 System Administrator
Question No: 11
View the Exhibit, and review the zpool and ZFS configuration information from your system
The application development team requested an up-to-date copy of the data from the
/prod_data file system. You decide to give the team one of the disk drives containing the data by breaking the mirror, removing the disk c4t1d0 and mounting c4t1 dO under a new mount point named /dev_data. Identify the correct procedure for breaking the mirror, removing c4t1d0. and making the data on that drive accessible under the /dev_data mount point
zfs destroy pooh /prod_data
zfs create pool1/prod_data c4t1d0 zfs create pool1/dev_data c4t1d0
zfs mount -F zfs pool1/dev_data c4t1d0
zpool split pooll pool2 zpool import pool2 zfs set mountpoint=/dev_data pool2/prod_data
zpool split pool1/prod_data -n pool2/dev_data zpool import -o mountpoint=/dev_data pool2/dev_data
3 e zfs split pool1/prod_data -n pool2/dev_data zfs set mountpoint=/dev_data pool2/dev_data
Question No: 12
United States of America export laws include restrictions on cryptography.
Identify the two methods with which these restrictions are accommodated in the Oracle Solaris 11 Cryptographic Framework.
Corporations must utilize signed X.509 v3 certificates.
A third-party provider object must be signed with a certificate issued by Oracle.
Loadable kernel software modules must register using the Cryptographic Framework SPI.
Third-party providers must utilize X.509 v3 certificates signed by trusted Root Certification Authorities.
Systems destined for embargoed countries utilize loadable kernel software modules that restrict encryption to 64 bit keys.
Answer: B,C Explanation:
B: Binary Signatures for Third-Party Software
The elfsign command provides a means to sign providers to be used with the Oracle Solaris Cryptographic Framework. Typically, this command is run by the developer of a provider.
The elfsign command has subcommands to request a certificate from Sun and to sign binaries. Another subcommand verifies the signature. Unsigned binaries cannot be used by the Oracle Solaris Cryptographic Framework. To sign one or more providers requires the certificate from Sun and the private key that was used to request the certificate.
C: Export law in the United States requires that the use of open cryptographic interfaces be restricted. The Oracle Solaris Cryptographic Framework satisfies the current law by requiring that kernel cryptographic providers and PKCS #11 cryptographic providers be signed.
Reference: System Administration Guide: Security Services, Oracle Solaris Cryptographic Framework
Question No: 13
You display the IP Interface information with ipmpstat – i
Which two characteristics are indicated by characters that may be included in the FLAGS column?
IP forwarding enabled
allocated to global zone
unusable due to being inactive
nominated to send/receive IPv4 multicast for its IPMP group
Explanation: The ipmpstat command concisely displays information about the IPMP subsystem. It supports five different output modes, each of which provides a different view of the IPMP subsystem (address, group, interface, probe, and target), described below.
Display IP interface information (“interface” output mode).
Interface mode displays the state of all IP interfaces that are tracked by in.mpathd on the system. The following output field is one of the supported:
Assorted information about the IP interface:
Unusable due to being INACTIVE.
Nominated to send/receive IPv4 multicast for its IPMP group.
Nominated to send/receive IPv4 broadcast for its IPMP group.
Nominated to send/receive IPv6 multicast for its IPMP group.
Unusable due to being down.
Unusable due to being brought OFFLINE by in.mpathd because of a duplicate hardware address.
Reference: man ipmpstat
Question No: 14
When setting up Automated Installer (Al) clients, an interactive tool can be used to generate a custom system configuration profile. The profile will specify the time zone, date and time, user and root accounts, and name services used for an Al client installation. This interactive tool will prompt you to enter the client information and an SC profile (XML file) will be created.
Which interactive tool can be used to generate this custom configuration?
Question No: 15
A non-global zone named testzone is currently running.
Which option would you choose to dynamically set the CPU shares for the zone to two shares?
While logged in to the global zone, enter: prctl -n zone.cpu-shares -v 2 -r -i zone testzone
While logged in to the global zone, enter: zonecfg -z testzone add rctl set name=zone cpu-shares
While logged in to the global zone, enter: prctl -n 2 zone cpu-shares -i zone testzone
While logged in to the global zone, enter: zonecfg -z testzone add rctl set name-zone cpu-shares set value=2
While logged in to testzone, enter:
prctl -n zone.cpu-shares -v 2 -r -i zone testzone
Question No: 16
When you issue the gzip command, the quot;gzip: command not foundquot; message is displayed. You need to install the gzip utility on your system. Which command would you use to check if the gzip utility is available from the default publisher for installation?
pkg info|grep gzip
pkg list SUNWgzip
pkg contents gzip
pkg search gzip
Question No: 17
You execute the command:
usermod -K limitpnv=all,\!file_wnte guest What is the result of this command?
The guest account cannot write any files.
The guest account can assume any role except the file_write role.
Starting at next login, the guest account will be unable to write any files.
The guest account cannot assume a role that includes file_write privileges.
Unless the guest account assumes the limitpriv role, it cannot write any files
An error message is displayed, indicating that quot;file_wntequot; is not a valid execution attribute
Question No: 18
A change in your company’s security policy now requires an audit trial of all administrators assuming the sysadm role, capturing:
->Executed commands, including options
->Logins and logouts
There are two command necessary to accomplish this change. One is a rolemod command. What is the other?
auditconfig set policy=argv
auditconfig -setpolicy argv
auditconfig -setflags lo, ex sysadm
auditconfig set flags=lo, ex sysadm
Explanation: Audit Significant Events in Addition to Login/Logout (see step 2 below)
Use this procedure to audit administrative commands, attempts to invade the system, and other significant events as specified by your site security policy.
->Audit all uses of privileged commands by users and roles.
For all users and roles, add the AUE_PFEXEC audit event to their preselection mask.
# usermod -K audit_flags=lo,ps:no username
# rolemod -K audit_flags=lo,ps:no rolename
->Record the arguments to audited commands.
# auditconfig -setpolicy argv
3- Record the environment in which audited commands are executed.
# auditconfig -setpolicy arge
Note: [-t] -setpolicy [ |-]policy_flag[,policy_flag …]
Set the kernel audit policy. A policy policy_flag is literal strings that denotes an audit policy. A prefix of adds the policies specified to the current audit policies. A prefix of – removes
the policies specified from the current audit policies. No policies can be set from a local zone unless the perzone policy is first set from the global zone.
Reference: Oracle Solaris 11 Security Guidelines, Audit Significant Events in Addition to Login/Logout
Question No: 19
Which modification needs to be made to the Service Management Facility before you publish a new package to the IPS repository?
The pkg.depotd must be disabled.
The pkg/readonly property for the application/pkg/server service must be set to false
The pkg/writable_root property for the application/pkg/server service must be set to true.
The pkg/image_root property for the application/pkg/server service must be set to the location of the repository.
(astring) The path to the image whose file information will be used as a cache for file data. Reference: man pkg.depotd
Question No: 20
Select the five tasks that need to be performed on the Automated Installer (AI) install server before setting up the client.
Create a local IPS repository on the AI Install server and start the repository server service, the publisher origin to the repository file.
Set up a IP address on the AI install server.
The DHCP server must be enabled on the install server and must provide the DHCP service for the clients.
DHCP must be available on the network for the Install server and the clients, but the install server does not need to be the DHCP server.
Download the AI boot image. The image must be the same version as the Oracle Solaris
OS that you plan to install on the client.
Download the text install image into the IPS repository.
Install the AI installation tools.
Create the AI install service. Specify the path to the AI network boot image ISO file and the path where the AI net image ISO file should be unpacked.
Create the AI install service. Specify the path to the AI network boot image ISO file and the path to the IPS repository.
Explanation: B: Configure the AI install server to use a static IP address and default route.
D: The create-service command can set up DHCP on the AI install server. If you want to set up a separate DHCP server or configure an existing DHCP server for use with AI. The DHCP server must be able to provide DNS information to the systems to be installed.
E: An automated installation of a client over the network consists of the following high-level steps:
The client system boots over the network and gets its network configuration and the location of the install server from the DHCP server.
The install server provides a boot image to the client.
Characteristics of the client determine which installation instructions and which system configuration instructions are used to install the client.
The Oracle Solaris 11 OS is installed on the client, pulling packages from the package repository specified by the installation instructions in the AI install service.
G: Install the AI tool set.
Use the installadm create-service command to create an AI install service. Give the service a meaningful name, and specify the path where you want the service created. Specify the source of the network boot image (net image) package or ISO file.
installadm create-service [-n svcname] [-s FMRI_or_ISO] [-d imagepath]
The imagepath is the location of the new install service. The install-image/solaris-auto- install package is installed to this location, or the specified ISO file is expanded at this location.
Reference: Installing Oracle Solaris 11 Systems, Create an AI Install Service
EnsurePass ExamCollection Testking Lowest Price Guarantee Yes No No Up-to-Dated Yes No No Real Questions Yes No No Explanation Yes No No PDF VCE Yes No No Free VCE Simulator Yes No No Instant Download Yes No No